A great article indeed. Makes a lot of sense for communities like ours.
I’m going to ask you two questions. Pause for a minute and think deeply about your answers before reading further:
What are the best software companies in the world?
Who are the best software engineers in the world?
Did you come up with a list of names? If so, how many names are on that list? Three? Five? Maybe ten, at most? There are thousands of software companies and software engineers doing incredible things, but when I ask you for the best, I bet only a select few names pop into your head. Why these names and not others?
It’s because these companies and developers not only do great work, but also spend time telling you that they do great work. I’d bet that for every company and programmer on your list, you’ve read their writing (e.g., blogs, papers, books), seen their presentations (e.g., talks, conferences, meetups), and/or used their code (e.g., open source).
For example, if your list of programmers included Linus Torvalds, it’s probably because you’re familiar with Linux or Git, both of which he developed as free, open source projects. If you had Dennis Ritchie on your list, it’s probably because he was one of the people responsible
May 27th is the anniversary of the fork created by Matt and Mike. Thank you, and big thanks to all WordPress contributors over the years for making it a great platform for everyone!
Matt: "We now have 5-7 years of awkwardness and incredible growth to look forward to."
Jetpack by WordPress.com 4.0.3 May 26th, 2016 Important security update. Please upgrade immediately.
Couldn't find any more information on this, but figured it was important enough to share what little info I had.
Jetpack by WordPress.com 4.0.3 May 26th, 2016 Important security update. Please upgrade immediately.
Important security update. Please upgrade immediately. Release date: April 21st, 2016
Addresses an issue where Jetpack 4.0 caused a fatal error on sites with specific configurations.
Release date: April 20th, 2016
Protect: the routine that verifies your site is protected from brute-force attacks got some love and is more efficient.
Contact Forms: cleaning the database of spam form submission records is more efficient.
VideoPress: edit your VideoPress shortcode in the editor with a fancy new modal options window.
Custom Content Types are now classier: a new CSS class on Testimonial featured images — has-testimonial-thumbnail — allows you to customize Jetpack custom post types as you see fit.
Sharing: social icons are now placed under the "add to cart” singular product views in WooCommerce, making it easier for customers to share your products on social media.
Theme Tools: search engines will now have an easier time knowing what page they are on, and how that page relates to the other pages in your site hierarchy with improved schema.org microdata for breadcrumbs.
Widget Visibility: now you can select widgets
This article resonates strongly with me. I also run a small business that I'd like to grow... and stay the same.
Balancing a lifestyle business — and trying to grow it — can be tricky, when you’re not willing to give up your lifestyle for that growth. There are ways to grow your business without giving up the lifestyle you began it all for, right? Editor’s Note: This is a guest post by Nate Wright. Nate is a WordPress developer and solopreneur. He runs Theme of The Crop, a niche WordPress theme company geared toward restaurant websites. You can learn more about Nate on his Post Status profile and follow him on Twitter.
Here’s a scenario you’re probably familiar with: a friend or family member, not terribly tech-savvy, approaches you with an idea. Why don’t you build Facebook for clowns? What about Uber for sandwiches?
Their ideas are often a little better than these. Sometimes they’re worse. But in my case the conversation always gets to the same point in the end.
You can build stuff on the internet. Why aren’t you shooting for the stars? Don’t you want to be rich like Zuckerberg?
Right now some of you may be thinking: yes I do! This post isn’t for you.
This is for those of you who cringe at the thought of your days filling up with
Highly recommended. This is a great overview and explanation of the components and steps involved in serving up a WordPress page as well as the various points at which the process can be optimized. Although it focuses on WordPress and PHP, the article would be of benefit to anyone involved in developing, running, or maintaining websites.
Editor’s Note: Today marks a special day for WordPress. Powering many websites (and yes, Smashing Magazine is one of them), it celebrates its 13th birthday today. Happy birthday, dear WordPress! Here’s to many more! Do you remember when you could run a “fast” WordPress website with just an Apache server and PHP? Yeah, those were the days! Things were a lot less complicated back then.
Now, everything has to load lightning-fast! Visitors don’t have the same expectations about loading times as they used to. A slow website can have serious implications for you or your client.
Consequently, the WordPress server stack has had to evolve over the years to keep up with this need for speed. As part of this evolution, a few gears have had to be added to its engine. Some of the older gears have had to change as well.
The result is that the WordPress server stack looks quite different today than it did a few years ago. To better understand it, we’re going to explore this new stack in detail. You’ll see how the various pieces fit together to make a WordPress website fast.
Before diving in, let’s zoom out and look at the big picture. What does this new
Pretty sure all of us have made at least one of these mistakes in our time. Good to be reminded that we aren't alone.
The first product I created and launched was a WordPress theme for fitness professionals. I had worked for a fitness company as their in-house designer for a few years, and learned a lot about the fitness world. I was still in contact with my former boss, and he agreed to help me promote the theme to his (fairly large) audience as an affiliate.
We launched the product and it did well. I can’t remember the exact numbers, but it was a 4-figure per month product for years after that. Not bad!
I went on to launch other products with varying success, including more than one that completely fell flat. I have also launched 2 SaaS products and multiple plugins, obviously including AppPresser.
I’m not a product launch expert, but I’ve done it enough times to know a few things. I’ve certainly made my fair share of mistakes.
If you are launching a product for the first time, I can almost guarantee you will make one of these mistakes. Even if you read this article – and 10 other better articles – and tell me you learned all of these mistakes and you won’t make them…you’ll still make at least one of them.
I know because I’m guilty of it
New version out for the WP Rocket plugin (2.8) - best performance plugin out there. WP Rocket adds sitemap preloading and database optimisation.
It’s May, so we’re in the throes of spring with new life bursting forth all around! And the labs of WP Rocket are no different. We have hatched a new baby, and that baby is WP Rocket 2.8, A.K.A “Ilum”. The development of WP Rocket is a team effort, but special mention goes to Rocket scientist Remy, who has been working particularly hard on this major new release and deserves many props!
Let’s have a look at the mouth-watering new features of 2.8:
While most WP Rocket features, like page caching and minification, focus on front end optimizations, a bloated database on the backend will also have an impact on your overall site speed.
Now you can trim the fat from your database right within WP Rocket. If you’ve been using the plugin WP -Optimize, you can now use this instead. Look for the new “Database” tab:
This is huge!
We’ve implemented a brand new way you can warm your cache, with greater control and less impact on your server. The normal preload for new content, and the homepage crawl are still available, but if you have an XML sitemap on your site, WP Rocket can now preload all those URLs for
This is an incredible SEO copywriting guide for beginners and it is written by Joost de Valk's wife.
SEO copywriting is both a key element and a challenge in every SEO strategy. As search engines spider texts, the content of your website should be fine-tuned to the (ever-changing) algorithms of search engines. On top of that, your text should be written in such a way that your audience enjoys and understands your writing. In this complete guide to SEO copywriting, I’ll talk you through the process of keyword research and the 3 stages of the writing process. This guide should help you to write the SEO-friendly and readable articles you need on your website!
This guide to SEO copywriting covers:
At Yoast, we profess what we call ‘holistic SEO’. In our view, your primary goal should be to build and maintain THE BEST website. Ranking in Google will come automatically if your website is of extremely high quality.
Google wants to serve their customers. Their mission is: to index all the world’s information and make it universally accessible. Of course, Google also wants to make some money, but if they want to make the world’s information accessible, they’ll have to show people results that fit their wishes. People would otherwise stop wanting to use Google.
The potential of any project is always exciting, but it shouldn’t cloud our judgement. There are many pitfalls to avoid during the initial conversations about a potential project. This article will highlight those as well as how to avoid them.
There will come a point in every freelancer’s life where they will be faced with some hard sells. If you haven’t encountered this yet, let me set the scene for you. You get this email from an owner with the initial requirements of what seems to be a fun and exciting project. The tone of the email is exciting, ambitious, and eager to be working with you. Towards the end of that email there’s the tease of “and if this works out, it could turn into more work.”
You start to get really excited because it’s a fairly well known company, the project seems like a great one to be a part of, and the idea of more work sounds perfect!
So you reply back and set up a time to talk or meet.
The only thing with this project is that it doesn’t fit perfectly within your service offering. However it’s still very much doable.
You get to the meeting and have some initial casual chit chat before getting into the meat of the project. You both talk about the paths you took to get to where you are right now.
The prospect starts talking about the project that was mentioned in the email. Saying all the right things that seem to be exciting and interesting about the
I interviewed Mike McAlister of Array.is on how he launched and successfully pivoted his theme shop over the years.
With so many WordPress themes available on the market, it might sound crazy to even try and start a business selling your own. There are super-huge, multi-purpose themes selling $100k worth a week with option panels the size of their revenue charts, others with big passionate communities supporting them, and countless other shops just as successful in their own right. How can you compete? What would make someone choose you over anyone else?
And that’s the rub, isn’t it? What makes you different? As you will find out in this episode with Mike McAlister of Array.is, that’s the key ingredient in today’s theme market. It’s not just your theme’s code, your support, or even your price point — give your customer a new reason to choose you over their never ending suite of choices.
If I haven’t scared you off by now, let’s dive into how to start a theme business.
Interview with Mike McAlister of Array.is
Mike McAlister of Array.is
I’ve been a big fan of Mike’s work for a long time. In fact, I’m using one of his themes for my new podcast, PluggedIn Radio — but more on that later.
There’s a short list of theme
What makes a successful plugin business, and some examples of such businesses in the WP industry.
Welcome to Episode 15 of Mastermind.fm! Today our resident masterminds Jean and James tackle the topic of having a successful WordPress plugin: from zero to success. Join them today and take a tour through the major attributes that a plugin business needs to become successful, from a pair of entrepreneurs who know the drill firsthand. We’ll outline them below, but tune in for the full story! Mastermind.fm is proudly sponsored by
Nobody wants to use your plugin. They use it to solve a problem!
Attributes of a successful plugin business:
Solve a problem
Ooze quality in the way your plugin is built and coded
Get the word out
Reviews & Relationships
Point 1 and 2: Solve a problem, but make it as pleasurable of an experience for the user as you can. Nobody wakes up in the morning excited to build a form for their website, but they shouldn’t dread having to do it either! Style your plugin so that it is tasteful and comfortable within WordPress. It doesn’t have to be a WordPress UI clone though- sometimes you have to think outside the box to solve your users’ problems.
Point 3: Is there a need to fill, and is there anyone filling the need
The latest improvement for the WordPress themes directory is here and it comes with new tags, which should make filtering themes just a little bit better.
It’s been nearly a year since we got all the results from the theme directory survey. One of the things that the team believed to be low-hanging fruit was an overhaul of the theme tags system to something a bit more modern and useful for today’s WordPress users. After several rounds of discussion here on the blog and Slack, we came up with a proposal to overhaul the tags used.
Today, I’m happy to announce that we’re rolling out new and updated tags, which should make filtering themes just a little bit better.
On the theme tags page, we have a working draft of all the new tags.
What does this mean for theme authors?
Theme authors should start updating their themes with the new tags. In particular, we have some awesome new subject tags to better categorize what types of themes y’all are building.
Take a look at the tags that have been removed and the tags that have been added in the lists below. You’ll want to remove the “removed” tags from your theme’s style.css and add any new tags that are relevant to your theme.
This is the header in your theme’s style.css that looks like this:
Tags: one-column, featured-images, microformats,
This week I write about my personal love for PhpStorm, Xdebug and how at Delicious Brains we push each other to be better developers.
Since I started working at Delicious Brains, it seems we have been hiring pretty much constantly. Prospective new hires go through a few weeks trial where they work on our products alongside the team. We have a couple of guides on our internal wiki that indicate our expectations for new developers, such as coding standards and GitHub workflow, but a recent conversation about Xdebug made me consider if, as a team, we should be more explicit about a minimum set of requirements for developers – both new and existing. The Power of Xdebug
Jeff and a new guy on trial were digging into an issue that was hard to track down. I piped up on the Slack channel: “xdebug?”. Jeff’s response was solid gold:
Nobody knows how to use xdebug, Lain
‘Lain’ is my email support pseudonym where people don’t quite realise my name (Iain) is spelled with a capital ‘i’ when sans-serif fonts are used. It doesn’t bother me at ALL. After I stopped laughing, I needed to get to the bottom of this – I thought everyone used Xdebug?! I had even written about it on the blog before!
Turns out it really is one of those things you know you should set up, but
I wrote about WordPress and security in general for beginners. A few tips for both on site and off-site security.
This is a contribution by Ahmad Awais. I’ve seen many website owners nagging about the security of WordPress. The opinion is that an open source script is vulnerable to all sorts of attacks. But that is mostly not true – sometimes it’s the other way around. Or, okay, let’s say that it’s partially true, but even then you shouldn’t blame WordPress.
Why? Because it’s usually your fault that your site got hacked. There are some responsibilities that you have to take care of as a website owner. So the key question is always, what are *you* doing to save your site from being hacked?
Today, I plan to discuss quite a few simple tricks that can help you secure your WordPress website:
Part (a): Secure the login page and prevent brute force attacks
Everyone knows the standard WordPress login page URL. The backend of the website is accessed from there, and that is the reason why people try to brute force their way in. Just add /wp-login.php or /wp-admin/ at the end of your domain name and there you go.
What I recommend is to customize the login page URL and even the page’s interaction. That’s the first thing I do when I start securing my website.
I built a new plugin to integrate Facebook Quotes plugin with WordPress. Handy little plugin.
FB Quote Plugin For WP lets people select text on your page and add it to their share on FB, so they can tell a more expressive story. What is a Facebook Quote Plugin?
The quote plugin lets people select text on your page and add it to their share, so they can tell a more expressive story. Note that you do not need to implement Facebook login or request any additional permissions through app review in order to use this plugin.. For example, someone who liked your article can share a specific sentence or paragraph at their Facebook timeline, of course with a link to your article.
Quote to Facebook from Posts
Quote to Facebook from Pages
Quote to Facebook from Pages with shortcode [fbq]
FB Save Button Shortcode
You can use [fbq] shortcode to add fb save button anywhere you want.
Example Usage: [fbq]
Wherever this shortcode gets included, users will be able to share the content of that area to Facebook with FB Quote Plugin. It can be used inside the content area wherever the shortcodes .
WP REST API data privacy fix is here; update your sites.
WP REST API Versions 2.0 Beta 12.1 and 2.0 Beta 13.1 are security releases to address a data privacy issue with the Users endpoint. Given certain parameters, private user data such as email addresses may be exposed to unauthenticated users. This release was coordinated by the REST API team and the WordPress core security team. The security team is pushing automatic updates, but do not wait or rely on the automatic update process. We recommend sites or plugins that are using either 2.0 Beta 12 or 2.0 Beta 13 to update the plugin immediately. Download your respective version from WordPress.org or Github.
Thanks to James Kettle (PortSwigger Web Security) via HackerOne for reporting this issue to the team responsibly, and to David Remer (websupporter) for inadvertently fixing this issue on Github.
If you believe you have discovered a potential security vulnerability with the WP REST API, please disclose it to us privately by sending an email to firstname.lastname@example.org. Security issues can also be reported via HackerOne.
Scary story on nulled WordPress Plugin or Themes. This story tracks down the real culprit behind all of this and dig really deep.
If you have been following our blog for some time, you know that we regularly warn about risks associated with the use of third-party software on your site. A benign plugin may sneakingly inject ads into your site which cause malvertising problems for the site visitors (e.g. SweetCaptcha). Other plugins may be hijacked by hackers or black hat freelancers too (remember the epic story of Wooranker?). Another common issue is the use of so-called “nulled” premium themes and plugins that usually come with backdoors, hidden links, unwanted ads and even pure malware (e.g CryptoPHP or fake jquery scripts). This time I’ll tell you one more story that combines all the above mentioned problems: nulled plugins, black hat SEO, malvertising, and a software development company that turned to the dark side.
Suspicious gma_footer Code
Recently the lead of our remediation team, Bruno Zanelato, cleaned a site and found this piece of code in one premium WordPress plugin:
Suspicious gma_footer code
The encrypted part decodes to hxxp://cdn .gomafia[.]com. As you might expect, he investigated what’s going on there.
That gma_footer function was hooked to the wp_footer action. As a result,
Chris Lema on giving the freedom for your team to make mistakes allows them to be better innovators in the long run.
Employee innovation isn’t simply a by-product of a great innovation program or company culture. It’s also the removal or reduction of one key key dynamic. Stop this if you want more employee innovation
Peter Drucker once said, “If you want something new, you have to stop doing something old.”
Most people writing about innovation focus on the culture and dynamics that encourage it. While much of that writing is useful, I find Drucker’s quote most useful. It’s not simply that you want a team to come up with new ideas. That’s the new thing.
You also want to eliminate any issues that stop your team from innovating.
The one thing that stops employee innovation is blame. Blame is the constraining factor you have to control if you want people to take the risk of trying something new.
The Consequences of Blame
When risks don’t result in home runs you can either learn from it, or blame someone. The natural consequence of being a leader is that people what what you do more than what you say. And if you find yourself looking for someone to blame, your team will follow that model and start blaming each other as well.
The consequences of a blame-driven
The ultimate answer to #1 question about WordPress: how much does a WordPress website can cost? How about an e-commerce based on WordPress? Check this out!
I've been using WordPress for 10 years now and there's one question that never stopped popping up while talking with friends or professionals from outer markets. If you think about it for a couple of seconds I'm sure you'd be able to picture THAT question. Just to clear the air here: I'm talking about the often-asked, never-thought-through-enough, so-wide-to-answer-extensively question many people who need a professional website ask about WordPress:
How much is a WordPress website going to cost me? More than often it comes with its buddy-question: How much does an e-commerce will cost me?
Today we're publishing something that anybody looking for numbers, prices, and costs related to building up a WordPress website and/or an online shop based on WooCommerce is going to love.
I introduce you to our latest infographic: WordPress Pricing Debunked, a pretty neat useful resource with real business examples and also info/experiences from other professionals.
Want to share it with your followers immediately? Go for it: tweet this infographic!
If you'd like to embed the above infographic just copy-paste the following code:
Need help enhancing your WordPress website? Want to build up your e-commerce?
Recently tried Let's Encrypt SSL and loving it. Here's a guide to doing it yourself.
What's Let's Encrypt? For years, purchasing, renewing, installing and managing SSL certificates overwhelmed me with expense and complexity. Now, Let's Encrypt makes it fairly simple and free.
Let’s Encrypt is an emerging, free, automated, and open certificate authority brought to you by a California public benefit corporation called the Internet Security Research Group—it also has nonprofit status.
Its goal is to make HTTPS become the default Internet browser protocol to ensure greater privacy and security on the web. Mozilla and the Electronic Frontier Foundation are two of its platinum sponsors:
Let's Encrypt entered public beta in December, so I can now easily guide you through exploring its services.
In this tutorial, I'll walk you through installing Let's Encrypt on a few of my websites, including my WordPress consulting website, http://lookahead.io, soon to be https://.
Before we get started, please remember, I do try to participate in the discussions below. If you have a question or topic suggestion, please post a comment below or contact me on Twitter @reifman.
Let's Encrypt Feature Summary
Let’s Encrypt runs on Python working with Apache to automate certificate
Nice! Manage your forms and do some other fancy things w/ Gravity Forms via WP-CLI.
The Gravity Forms CLI Add-On allows WP-CLI users to manage forms and entries on the command line. Getting started
wp help gf
wp help gf form
wp help gf field
wp help gf entry
wp help gf tool
wp gf form [command]
create - Creates a new form.
delete - Deletes a form.
duplicate - Duplicates a form.
edit - Launch system editor to edit the Form configuration.
export - Exports forms to a Gravity Forms Form export file.
form_list - Lists the forms with entry count and view counts.
get - Returns the form JSON.
import - Imports forms from a Gravity Forms Form export file.
update - Updates a form.
wp gf field [command]
create - Creates a field and adds it to a form.
delete - Deletes a field.
duplicate - Duplicates a field.
edit - Launch system editor to edit the Field configuration.
get - Returns the JSON representation of a field.
list - Displays a list of fields for a form.
update - Updates a field.
wp gf entry [command]
create - Creates a new entry from either a JSON string with the raw entry or from field-value pairs.
delete - Deletes an entry.
duplicate - Duplicates an entry
edit - Launch system editor to edit the JSON representation
Today marks the 13th Birthday of WordPress! Here are some fun facts! # 26.4% of the whole World Wide Web is made in WordPress! # 50,000+ new WordPress sites made daily! # 20,000+ people make money from WordPress daily!
WordPress hit the internet by storm 13 years ago, and you will definitely shout from the rooftop that it is the best-in-class Content Management System (CMS). WordPress is the undisputed king when it comes to setting up a website and having complete control over it. Happy Birthday WordPress!Let’s discuss some interesting statistics about WordPress which has over the years, evolved to be our favorite. Matt Mullenweg and Mike Little launched WordPress in 2003 and now it has grown to power 76.5 million websites on the internet. Premium users of WordPress include Facebook Newsroom, BBC America, Sony Music, eBay Inc., The New York Times, to name a few. WordPress is known for its easy installation and top notch customization options. Anyone can wake up to the thought of installing WordPress and make it functional, regardless of his/her coding ability.
Over the last 13 years, WordPress has developed over 44000 Plugins, 120 Languages and way back in 2014, the number of theme downloads from WordPress.org was 123,498,018 (imagine what that number will be now).
All these numbers indicate that there is absolutely no stopping now for WordPress and this infographic will tell you exactly why!
Quick guide on why using Contact Form 7 is still a good idea and how to create a contact page with form for your WP site.
Contact Form 7 A contact form is one of the most essential elements of any website. It enables your visitors to contact you directly, helps you gain further insight into your audience and makes your site look credible.
Bearing in mind the importance of said contact form, it is vital that your form is up to scratch. Contact Form 7 is a powerful free WordPress plugin that allows you to add contact forms to your website.
An extremely flexible and versatile plugin, Contact Form 7 is suitable for all. From the eCommerce giant to the humble blogger, from the WordPress coder to the complete novice, this feature-rich plugin caters for everyone’s needs.
Why Your Website Needs a Contact Form
There are many reasons why your website needs a contact form. It opens a direct channel of communication between you and your readers, allowing them to ask questions, provide feedback and even offers you inspiration for new blog posts.
If you have a product or service to sell, then a contact form is an invaluable way for your visitors to find out about what you have to offer, moving them closer towards a purchase.
Contact Form 7 enables you to create multiple contact forms and individually customize