Season 4 of Ask Me Anything is starting on March 8th. This season we have lots of experienced WordPress professionals ready to share their knowledge. You can get some valuable advice on design, business, development, community involvement, marketing, social media and much more. Don't miss out!
After the Christmas hype, and the New Year celebrations, skiing holidays, and endless afternoons cozied up with a hot chocolate, there is one more thing to look forward to this winter. It’s better than your favorite TV show, it’s season 4 of Ask Me Anything. This season we have a power line-up of business owners, WordPress core contributors, freelancers, designers, social media experts and WordPress enthusiasts. It’s the season of all seasons, and it starts on March 8.
If you want to find out a bit more about the idea of the AMA, and why it’s important, have a look at Get Free Expert Advice From WordPress Influencers. For those who are interested in a deeper behind the scene’s look, this is for you, Ask Me Anything: WordPress Influencers Answering Your Questions. One thing is certain, this season is promising to be the best one yet!
Without further adieu, I want to introduce you to the main protagonists, our lovely contributors. Drum roll please!
Actress, Writer, Web Consultant, Business Coach, Rockstar Teacher. Kristina has lots of work experience and knowledge to share. If you need advice on starting a business, maintaining or creating
Using Caldera Forms just like a one-page checkout is pretty cool. Another great tutorial from the Caldera Team.
Andrew Lima is a Support Specialist and Developer at Caldera Labs. He also works on a handful of other WordPress projects, and is an active member of the community. Andrew is based out of Johannesburg, South Africa. Caldera Forms offers an array of payment gateways that gives you the opportunity to receive payments for memberships, donations, products and much more. Some of the popular gateways for Caldera Forms are PayPal Express, Stripe and Braintree. A couple of users have been curious to accept payments from multiple gateways with Caldera Forms, in this example we will be using the PayPal Express and Stripe add-ons.
Start accepting payments with Caldera Forms
Depending on your payment gateway, you may need to capture additional billing details. In this example, we don’t need to capture any additional data. I have created a simple donation form that a user will be able to donate $5, $10 or $15 through Caldera Forms and either choose PayPal or Stripe as their payment gateway. With this example, you are able to extend it to use all payment gateways that Caldera Forms offer – in this case the form consists of the following fields: name, email, dropdown (with the donation
Disqus Hits Sites with Unwanted Advertising, Plans to Charge Large Publishers a Monthly Fee to Remove Ads
Sarah Gooding reviews the recent announcement by Disqus to start injecting advertising into the comments, which can be removed by a monthly subscription.
Disqus Hits Sites with Unwanted Advertising, Plans to Charge Large Publishers a Monthly Fee to Remove Ads
When Disqus announced it would be releasing new, subscription-based versions later this year, users didn’t expect to have the new advertising model injected into their sites without notice. Disqus CEO Daniel Ha said the company would release finalized pricing and provide more details well in advance of its planned March release, but users are reporting that the advertising has already been forced into their comments without warning. Why did @disqus just add a bunch of ads to my site without my permission? https://t.co/CzXTTuGs67 pic.twitter.com/y2QbFFzM8U
— Harry Campbell (@TheRideShareGuy) February 1, 2017
“We are one of the lucky 5% who now has to pay if we don’t want really irrelevant and horribly spammy links just plopped on our site with zero warning,” BabyCenter Social Media Manager Dina Vernon Freeman said. “Unless our users (mainly millennial parents) should care about overpaying for dentures! We’re looking for other platforms ASAP.”
Brian O’Neill, who manages Slugger O’Toole, a site with more than 70,000 readers, was also hit with unwanted advertising on his site.
“Disqus has started to put ads into our comments
The question that every wordpress admin asks himself from time to time: How many plugins can I have on my website? What is the limit? And what should I keep in mind when installing new plugins.
If you’ve used WordPress for a while, I’m sure someone has told you that you “shouldn’t use too many plugins”. It’s obvious – using too many plugins will slow your WordPress site down, right? But is that actually true? I mean, people tell me I shouldn’t swim after eating, but I’ve done that my whole life and I’m still alive and kicking! So is the common knowledge that “too many plugins is bad” good for WordPress?
In this post, I’m going to attempt to answer that question. So, if your admin sidebar is bursting at the seams with links to plugin settings pages, join me on this adventure into the world of plugin collecting.
Is Having Lots of Plugins Always Bad?
Let’s start at the beginning. I’m not a developer, but in my reading, I’m fairly certain that I’m accurate in saying that there’s nothing inherently wrong with having lots of plugins.
I mean, I remember reading somewhere that Pippin Williamson has over 80 plugins running on some of his sites! Pippin knows a thing or two about plugins, so I’m going to trust him on this one.
In a perfect world populated with perfect developers,
Exciting things are happening while we build Gutenberg UI prototype, I wrote the meeting notes for this week's core-editor team meeting. Have at it!
WordPress community has been actively participating to help make the new editor for WordPress. There’s lots of activity both in Slack and at GitHub. It’s an incredible time to contribute. Here’s the meeting summary for this week’s editor team meeting (agenda here) in #core-editor Slack channel.
Let’s keep working on the UI prototype — Gutenberg UI prototype. Some ideas for improvements discussed in the meeting are mentioned below:
Five of them: I (@mrahmadawais) suggested that we should try to consolidate the multiple toolbars, so there aren’t five.
Text vs. Block: Mel (@melchoyce) also felt that Gutenberg UI prototype does feel heavier, she also suggested that the text shouldn’t feel like a block.
Blocks Or Not: I tend to agree with her considering it’s hard to think about aligning text across multiple blocks — maybe it’s the block feeling. That said, Weston (@westonruter) said that the different toolbars can be contextual to the block being edited.
Accessibility: @iseulde suggested the docked contextual toolbars make more sense from the accessibility point of view.
Ease of Use
This post isn’t about the reasons why someone might need to disable the automatic updates. No, this is about the argument I saw stem from the vulnerability, whereby people said it was proof the REST API should be disabled by default.
WordPress 4.7.1 and 4.7 were vulnerable via the REST API. Any unauthenticated user could modify the content of any post or page on a site. Since the release of the information, a surprisingly large number of users failed to update to 4.7.2 and, thus, were hacked. I say surprisingly because WordPress enabled automatic updates quite a while ago (WordPress 3.7), which will automatically secure your WordPress install. There have been 18 automated releases since then (which is why we have 3.7.18) and the vast majority have addressed security in one way, shape, or form.
But this post isn’t about the reasons why someone might need to disable the automatic updates. No, this is about the argument I saw stem from the vulnerability, whereby people said it was proof the REST API should be disabled by default.
And to them I say “No.”
The REST API Probably Has More Vulnerabilities
Look, I’m not going to lie to you. The odds are high that the REST API, which is a very new feature, probably has some serious issues still. But, as my friend Helen pointed out to those arguing for it to be disabled by default.
Why should this be treated differently from XML-RPC? Have you gone through
Matt Mullenweg, on Medium (!!!), talks about update signing and security in general.
So what if people criticize the way you build websites?
Get more videos like this: http://eepurl.com/f1Dhv She asked about hiding the names of themes & plugins she uses on her client projects, because she's afraid of the "WordPress Police."
"You're doing it the wrong way. You should build it from scratch. Who uses a plugin to do that?!"
We've all heard it, and maybe even said it ourselves. But here's the deal: the market is changing and it's time to adapt. Page builders, and for the most part plugins that make building sites easier, are getting better and better. The companies behind them realize no one likes lag or bloat -- it won't fly -- so they work hard to optimize their software.
Before you know it, WordPress core will have it's own builder-like features (https://make.wordpress.org/design/201...), which will certainly flip that argument on to it's head for naysayers.
In this video, I discuss where the problem *really* stems from, and what consultants AND clients can do to avoid it. Anyway, I'm sure my more seasoned colleagues may disagree, so I'm looking forward to debating in the comments or on Twitter!
Thanks for watching!
-- New version of Conductor Plugin is out! --
Check it out,
A simple tutorial on how to restrict access to a custom post type using roles in WordPress. It shows how to use custom capabilities and add those capabilities to specific roles. It is a bit older, but I found it pretty helpful today.
Custom post types extend the capabilities of WordPress in terms of what types of content can be published and managed, but these days at 3.7 we find ourselves working on projects that need more granular permissions related to custom post types. The most common situation I’ve run into is a particular user (or group of users) needs the ability to manage specific custom post types but shouldn’t have the ability to alter the rest of the site. For example, you may have someone in an organization that needs to manage job listings (a custom post type) but shouldn’t be allowed to edit posts or pages.
For this example, I’ll base the situation off our project management plugin Panorama. Many of our customers need users to manage projects, but don’t want them to have access to any other types of content. There are some good tutorials out there, but many of them are a few years dated and I found a slightly updated approach was necessary to make this work.
What We’re Aiming For
In the case of Panorama, we wanted our “projects” custom post type to be managed by Editors, Administrators and a new role of “Project Managers.” Project Managers
There's (probably) never been a better time to learn WordPress development – here's why I'm relearning it, and how you can too.
Nearly eight years ago I started publishing about WordPress development here on WPShout. I was sixteen at the time, and had just discovered this magical publishing platform called WordPress. With a fair amount of time on my hands, I started to share what I’d learned. When I started, it was a lot easier to run a site about WordPress development. Indeed, fairly quickly WPShout became one of the most popular publishers on WordPress development – full stop – without me really knowing what I was talking about.
That was fine eight years ago; vastly fewer people knew what they were talking about. It was a totally acceptable to publish a (not great) code tutorial and update it when comments and feedback offered better ideas. There’s a lot of truth in Jeff from the WP Tavern’s idea that we were learning together at the time.
Over the years I published hundreds of posts on WPShout. And as I started working more with themes (I even had an ill-fated attempt to launch my own theme shop), I gradually became closer to the development expert I’d positioned myself as all along.
But David & Fred KNOW WordPress Development
As WordPress grew, more people who really
Kids track and "call for speakers for kids" - absolutely amazing ideas, gj Miami!
The event’s organizers usually attempt to get “” by inviting speakers with experience in other platforms to share with attendees. This year’s lineup includes two sessions from members of the Drupal and Joomla communities. Mike Herchel, a front-end web developer at Lullabot, will present a session titled “WordPress & Drupal: Community and Contribution Differences and Lessons.” Aleksander Kuczek, CEO of Perfect Dashboard and a Joomla Extension Directory team member, will be speaking about how Joomla handles plugin contributions.
This is NOT a good enough answer! This is important and should not be pushed under the rug.
Nearly 50K publicly available plugins call the WordPress plugin directory home but once in awhile a few of them seem to disappear. There is usually a good reason for why this happens but the only information available to the public is a page that says the plugin cannot be found. If the plugin is popular enough, concerned users will contact us and ask to investigate what happened. Mika Epstein, Plugin Directory Representative, says there are a number of reasons for why a plugin can end up hidden from view, “The most well-known, but not the most common, is security issues,” Epstein said.
“Plugins are removed and, by default, hidden mostly because we’re on bbPress 1.0 and there is not as granular a control with post statuses when compared to WordPress itself.”
The plugin review team has three options to choose from when altering a plugin’s visibility, active, closed, and disabled. Although rarely used, when a plugin is disabled, it is hidden from view but updates are able to be pushed out.
I asked Epstein why there’s not more detailed information when a plugin is hidden and the answer is complex, “The lack of information is partly technical
If you've ever wanted to learn HTML and CSS to manage your website a little better, make small tweaks, or start a career in web design, this is a great opportunity. On March 6th I will be hosting a live webinar where I go over the basics, and we'll make our own web page. If you can't make it, don't worry! Anyone registered will get the recording.
HTML and CSS are the basis of any website; they are the absolute minimum you need to know to build things on the web. In this 90 minute webinar, I will introduce both HTML and CSS to you by going over the basics and building out a basic web page complete with color scheme, font choices, images, and more.
Even better: the first 21 people to register will get in for just $24.00! That's 50% off the full price.
Last February 2, 2017, Ann Taylor wrote the article 12 Things We Need to See From WordPress Page Builders in 2017 + Who Already Gets It Right in CodeInWP. We’ve been continuously improving Page Builder Sandwich for more than a year now: we do our research, listen to our customers, so we thought Page Builder Sandwich was gonna make it to CodeInWP’s “Who Got it Right” article. We didn’t, though, because of performance. So we asked Ann about it, and she replied:
…I played around with a free version a bit. It shows a lot of promise: lots of modules, pretty intuitive UI, great WYSIWYG experience, everything is dragged around easily. However, when I had around 10 modules on the page, it became hard to continue working with it because of low editing speed…
So according to her, Page Builder Sandwich has performance issues. And since we always listen to feedback, we checked it out.
Testing the Performance
Zao looks back at their year, including the clients we worked with and the WordPress plugins they worked on (and how many were downloaded) in 2016.
Our small team more than doubled, we worked on several amazing projects, and we contributed back to open source, of course. Here’s a rundown of what we did and what we’re excited about moving forward. A 2016 Retrospective
The Zao Team
Team Zao grew considerably in 2016 – we more than doubled our staff size and even found some incredible contractors who have been an integral part of our success.
In February, we hired Mihai Joldis as a full-time developer. Hailing from Romania, he leads the charge with many of our enhancements to WP eCommerce and is an invaluable engineer on many of our client projects as well. To top it all off, he provides excellent support to our growing customer base at wpecommerce.org.
The Other Justin
In May, we hired Justin Sternberg as a lead developer, staff sergeant, managing partner, and all around excellent human being. He leads many of our agency projects; clients pretty much love him the moment they start working with him. After less than a year on our team, we can’t imagine life without him.
Late last year, we had the good fortune of finding Lizz Ehrenpreis. Lizz is the only reason you’re
Starting from March 2017 you'll have to pay $10/m to remove ads from your Disqus comments section.
As of March 2017, Disqus is now going to be charging a monthly fee to remove advertisements from your WordPress comments. This is something that has always been free to disable in this past and is a pretty big change that will affect thousands of businesses and bloggers that rely on Disqus to power their comments. Today we are going to dive into what all this entails, some pros and cons, and some recommendations if you do choose to seek out an alternative comment system. Its important to note that the Disqus ads also affect the performance (speed) of comments on your WordPress site. What is Disqus?
For those of you who might not be familiar with Disqus, it is a service designed to improve web comments and discussions. It was originally developed by Daniel Ha and Jason Yan and launched in 2007. It has actually been around for over a decade now. So when it comes to working with the WordPress comment ecosystem, they are no newcomers.
Many WordPress businesses and blogs use the Disqus WordPress plugin because it extends the feature set of the WordPress native comments. Features such as powerful moderation and admin tools, spam filtering, blacklisting, email notifications, and well designed
Time is money. Two different solutions to easily add beautiful stock photos to your WordPress site without leaving the dashboard.
We realize that many of you wear multiple hats and juggle an almost unprecedented amount of tasks each month. One minute you might be writing a blog post and the next you are on the phone trying to close a deal. Finding a way to speed up certain tasks or automate them can sometimes make all the difference. Time is money as they say, and you should be focusing on the tasks that affect your bottom line. Today we are going to dive into a few services and plugins that allow you to find and add beautiful stock photos to your website without ever leaving the WordPress dashboard. Finding Stock Photos for WordPress
Let’s be honest, nobody really likes stock photos, but for a majority of businesses, blogs, and content creators, stock photos are the only solution. Many don’t have the funds, time, or expertise to create or take their own photos. Thankfully, compared to 5 years ago, there are a lot more places now to find premium stock photos, as well as free stock photos for your WordPress site. And many of them have huge databases of beautiful high-resolution images. Here are a few popular ones that come to mind:
Adobe Stock (premium)
I seriously doubt this will occur. The tiniest changes take years, so this is likely a pipe dream. But dreaming is fun too, right?
Most developers would be very happy to read this changelog. But many also understand that all of this is years into the future. How can we change that?
An ode to WordPress versioning
WordPress 3.7 introduced automatic updates, and while many hardcore developers quickly wanted to find ways to disable them t0 not disrupt finely-tuned deployment systems, there is no doubt that it was a net win in terms of usability and security for the vast majority of people running a WordPress site.
When 3.8 was released, we saw patches to the 3.7 branch to fix vulnerabilities found in 3.8. This is great, as backporting security updates ensures ample
Matt Mullenweg Responds to Security Rant: Digital Signatures for WordPress Updates Are Important but Not a Priority
This article at the Tavern reviews the discussion on adding digital signatures to WordPress updates. It summarizes Scott Arciszewski thoughts and Matt Mullenweg's response.
Matt Mullenweg Responds to Security Rant: Digital Signatures for WordPress Updates Are Important but Not a Priority
Scott Arciszewski, Chief Development Officer for Paragon Initiative Enterprises, who is most widely known for his cryptography engineering work, published a post on Medium criticizing Matt Mullenweg, co-creator of the WordPress open-source software project, for not caring enough about security. Arciszewski has since retracted the post but you can read it via the Wayback Machine. Arciszewski is working on a project known as libsodium, a core extension to PHP 7.2 which allows for encryption, decryption, signatures, password hashing and more. Its goal is to enable developers to build higher-level cryptographic tools.
WordPress’ automatic update system is handled through api.wordpress.org. Since updates do not have a digital signature, if api.wordpress.org were compromised, attackers could send malicious updates to thousands or millions of sites. This scenario was at the forefront of people’s minds late last year after Wordfence published details of a complex security vulnerability that could have compromised the update servers.
Arciszewski suggests offline code signing and elliptic curve cryptography as solutions, “The key that can produce a valid signature for a file
Will the proposed new WordPress plugin tags play an important role? 90% of survey respondents say "we don't care."
According to our small survey, 90% of users say they don’t care if a free plugin they’re getting from the directory is only a limited, “lite” version of the fully-featured PRO. Okay, I might have BuzzFeeded the stats a bit here. The exact question we asked was, “Would you not use a WordPress.org plugin, just because it has a PRO version also available?” Again, 90% said “no.”
“Wait, what is this about anyway?!”
Okay, let’s rewind to the beginning:
What’s up with the new WordPress plugin tags
The whole thing started several months ago when Matt Mullenweg encouraged the WordPress community to brainstorm some ideas on how to improve the way plugins are presented in the official repository:
In short, the main goals:
better indicate if a plugin needs an external service to work,
indicate if there’s a more feature-rich premium (or “PRO”) version of the plugin available.
In today’s WordPress ecosystem, with more than 45,000 plugins in the repo, it gets harder and harder to find the right one, and many of them just don’t live up to the expectations.
And I have to give it to Matt, what he’s
Everything you'll ever need to know about contributing or maintaining to an open source project - this guide greatly done by GitHub. Not directly related to WordPress but if you're an WordPress plugin/theme author- give it a read.
Open source software is made by people just like you. Learn how to launch and grow your project. Want to contribute to open source? A guide to making open source contributions, for first-timers and for veterans.
Building a community that encourages people to use, contribute to, and evangelize your project.
Making your life easier as an open source maintainer, from documenting processes to leveraging your community.
Everything you've ever wondered about the legal side of open source, and a few things you didn't.
Want to make a suggestion? This content is open source. Help us improve it.
A brand new Open Source WordPress API console that you can use w/ WordPress REST API for any website hosted on WordPress.com or using JetPack.
Since the WordPress 4.7 “Vaughan” release, each WordPress installation includes REST API endpoints to access and manipulate its content. These endpoints will be the foundation for the next generation of WordPress websites and applications. Today we’re releasing a brand new Open Source WordPress API console. You can use it to try these endpoints and explore the results. The console works for any website on WordPress.com and also for any self-hosted WordPress installation.
Using the console with WordPress.com APIs
You can use this application today to make read and write requests to the WordPress.com API or the WordPress REST API for any website hosted on WordPress.com or using JetPack. Visit the new version of the application here: https://developer.wordpress.com/docs/api/console/
Using the console with your self-hosted WordPress sites
To use the console with your self-hosted WordPress installation(s), you’ll need to download the application from GitHub, configure it, and run it on your local machine. You’ll also need to install the WP REST API – OAuth 1.0a Server plugin on your WordPress site. The Application Passwords plugin is another option –
Accessible WordPress Components Library from 10up is awesome! Check it out!
We’re proud to introduce the WordPress Component Library: a collection of front-end components constructed with WordPress and accessibility at the forefront. Many of the HTML and CSS components we build for our clients are structurally similar, particularly for prolific features like menus, search forms, posts, and blogrolls. A common starting point offers efficiencies to our clients while simultaneously raising the bar on polish and compliance with standards like accessibility. In evaluating existing libraries, we found that the industry was missing a good, open source project built with WordPress’s often opinionated markup (e.g. menus) and basic layout structure in mind.
Since accessibility is a top priority for many of our clients, and critical to our mission to make the web a better place, each component in the library is WCAG 2.0 accessible. We think that this project will help engineers and clients who value accessibility, but may struggle to budget for it, achieve a higher standard with little-to-no added cost.
We are actively adding to and improving the components. Hosted on GitHub, we welcome feedback, questions, and pull requests.