Some simple code examples that enable developers to show content/features based on user roles.
When building a WordPress website, it’s often useful to provide content or functionality based on a user’s role or capabilities. For example, you may want to display some special content on your site – but only for administrators. That’s just one of many possibilities. It’s quite handy that WordPress has a built-in function to help. The current_user_can() function allows you to check the permissions of logged-in users. Based on that information, you can provide them with whatever special goodies you like. Conversely, you can also turn off certain items as well.
Keeping with the previously mentioned special content example, we’ll dive into a few basic snippets that let us add this functionality.
Example 1: Administrators Only
In this example, we’ll check to see if the logged in user visiting our page is a site administrator. If they are, a little welcome message will be displayed.
Before we go into the code, it’s worth noting that there is more than one way to check a user’s permissions. The WordPress Codex states that we can provide an existing user role inside the current_user_can() function, however, it’s not recommended.
A look at how adapting our behaviors can result in a more secure website.
Web security has grown into one of the most important issues we face – right up there with design and development. And those of us who use an open source content management system such as WordPress are under even more pressure to tighten up security. The unfortunate fact is that, as time goes on, the task is only going to become more difficult. WordPress itself is the target of an array of automated attacks. Bots are attempting brute-force logins, script and database injections, along with a multitude of other malicious activities. But, while preventing bot attacks is vital, they’re far from the only threat that needs dealt with.
Indeed, there are other bases we need to cover. Beyond automated threats, changing human behavior may be an even more important step in securing a WordPress site. With that in mind, here are 5 things we can do right now to improve security.
1. Train Users in Best Practices
Part of a designer’s job description often includes training clients. But while we tend to focus on the basics of managing content, this is also a prime opportunity to talk about security. I know, it sounds like a potentially complicated discussion – but it doesn’t
There are legitimate concerns about Gutenberg - but what do all of these bad reviews really mean?
Perception is everything. And when the perception of your product or service isn’t very positive, it can really throw a monkey-wrench into your plans for success (just ask Windows 8). Frankly, it can be very difficult to shake free from this kind of negativity. At the moment, that’s what we’re seeing with the WordPress Gutenberg editor. As of this writing, the new editing experience hasn’t been merged into WordPress core, but is available in the form of a beta plugin. WordPress 4.9.8 included a call to test the plugin, which led to a huge leap in usage. With that came a flood of reviews – many of them negative.
But how big of a deal are those reviews? This is, after all, a piece of software that is still technically in beta form. Still, it seems like there is pent up frustration when it comes to Gutenberg. One wonders how this bodes for its future.
A Long Time Coming
Since the editor’s first beta plugin release back in June 2017, it seems the whole idea of the Gutenberg project has garnered controversy. Some developers have been miffed by the process for building out the new feature. Others have expressed concern about the effects it will have on
I put Gutenberg to work on a real project to see how it would hold up. The results weren't that bad.
If you’ve been following all the fuss regarding Gutenberg, the new WordPress editor, you know that many users have formed a very strong opinion of it. But, all the drama aside, what’s it like to actually build a website with it? As WordPress 5.0 creeps ever closer, I decided it was time to finally see what Gutenberg is capable of. While I had done a good bit of testing (perhaps better described as playing around), I hadn’t yet included the plugin version of the editor into my standard workflow.
I figured I’d start off fairly small. So, I installed Gutenberg on a brochure-style site that I’m redesigning. Below are a few thoughts on my experiences, while keeping in mind that this is still beta software that has several bugs left to iron out.
A New Way to Work
Having previously seen the Gutenberg UI, there were some basic expectations I had as to what I would be able to accomplish – things that I wouldn’t easily be able to do with the Classic editor:
Easily rearrange content
Create simple multicolumn layouts
Reuse customized content blocks in multiple places
Suffice it to say that I didn’t expect (nor want) a full-blown page builder type
A look at some of the non-Gutenberg beta plugins looking to make their way into WordPress core.
As a platform, WordPress is continually looking to add features that will both keep its existing user base happy as well as attract new recruits. And over the years, that has led to some very popular additions such as Custom Post Types, Custom Fields and Widgets. Each of these examples have become such staples of the WordPress experience that it’s difficult to remember a time when they didn’t exist. But each one started out as just an idea. These days, there are no shortage of potential additions vying to make their way into WordPress core. The neat thing is that you can test out these new features before they become official (provided they get that far in the process). Testing is as simple as installing a beta plugin.
Here are 5 such plugins that, while you haven’t heard much about them yet, may just make their way to the big leagues someday. Please note that it’s recommended you install them on a staging or test site, rather than a live one.
Offering two-factor authentication has become pretty much standard throughout industries like banking and even social media. In a time when we face the reality of compromised data, two-factor provides user accounts with
A look at how WordPress changed the CMS landscape back in the day and how it impacts us today.
There are some outstanding groups out there ready to help with a variety of WordPress related issues.
Part of what makes working with WordPress so much fun is that you get much more than a free, open source CMS. You also become part of a tremendously welcoming and helpful community. Information regarding just about any aspect of the software you want to learn is most likely available for free. And when you have questions or run into trouble, there’s a good chance that someone out there is willing to help. It’s no surprise, then, that Facebook is home to some outstanding groups dedicated to WordPress in one way or another. Some are quite general in nature, while others cater to a specific niche. Here are six groups you’ll want to check out, depending on how you use WordPress.
The Advanced WordPress group is one of the most interesting out there. It boasts over 30,000 members, and the list includes some of the most influential names in the world of WordPress. Like the other groups on this list, membership is closed – meaning a moderator has to approve your request to join. Posts are also subject to moderator approval, which helps to keep the content relevant. And, as its name suggests, you’ll find some very advanced discussions regarding code, design and
Using the Health Check plugin makes troubleshooting a potential theme/plugin conflict easier.
Whether you’re building a new WordPress website or applying updates to an existing one, troubleshooting issues can be a very time-consuming process. It can also be a bit risky – especially if you’re dealing with a live site (one more good reason to set up a staging environment, when possible). In general, pinpointing a problem requires that we take the following steps:
Switch to a default theme, such as Twenty Seventeen;
Disable all plugins and reactivate them, one-by-one;
After activating each plugin, refresh your site on the front end to see if the issue you’re dealing with appears;
These steps are necessary, as they will help you determine if your theme or one of the plugins you’re running is causing the fuss. But to do this on a live site, you’ll need to throw it into maintenance mode or face the prospect of allowing visitors to see your mess.
Fortunately, there is now a way to troubleshoot a site without the side effect of downtime. Thanks to the free Health Check plugin, you can perform the steps above in a manner that is confined to just your specific user account. Here’s how it works:
Let’s Get Healthy
Health Check was developed
Part of a developer's job often involves integrating 3rd party services. But now it looks as though some of those providers are changing the game on us.
For years, web designers have relied on free tools from the likes of Google, Facebook and other large companies to enhance the things we build. We have happily used these offerings to analyze site statistics, serve up fonts and integrate social media. Just about any type of high-end functionality these companies have to offer has been readily available to us – usually without any upfront monetary cost. But things are changing. Google, for one, is now requiring us to add billing information to our accounts if we want to continue to use their Maps API. And the recent revelations of the whole Facebook/Cambridge Analytica scandal have shaken the very foundation of trust when it comes to securing user data.
Of course, those aren’t the only examples of the changing landscape that one can find. But they do represent a sort of bait-and-switch of the ideals that these companies like to preach. And it leaves a sour taste in the mouth of those of us who have helped to spread this technology in our web projects.
There Was Always a Catch
Whether or not we realized it at the time, many of these “free” services we have added to websites had a cost attached to them. The companies
For those times when you really didn't mean to click that button (or when a client can't make up their mind).
It’s happened to all of us at one time or another. We work hard to build a website that is nearly flawless (in our eyes, anyway) and then a client comes along with a “suggestion” that blows it all to bits. Then, there are those times when we ourselves make a boneheaded mistake that means we’re going to have to rip things up and try to piece it back together again. Not so fast. When working with WordPress, there are indeed some built-in features, best practices and plugins available that can help us in these moments. Perhaps they can’t fix everything, but they can at least make the task easier to manage. Here are a few notable selections that you’ll want to check out the next time $#!% happens.
Tips and Tricks
Use Post Revisions
Raise your hand if you’ve ever made a huge mistake while editing a page or post (both of my hands would be up if I weren’t currently typing). The good news is that WordPress Revisions can easily bring back previous versions of a page – leading to a major sigh of relief. One thing to note is that, when creating custom post types, you have the option of whether or not to keep revisions. It might be worth turning
An interview with Aaron Campbell, head of the WordPress Security Team, on his recent WordCamp Lancaster talk.
Our brains are capable of some amazing feats. Yet, they work in different ways that can reflect in our personality. For instance, some of us gain contentment from putting ourselves out there in the crowd, while others prefer a quite room all to themselves. We’re a species of extroverts and introverts. One is not better than the other – just different. However, when running a design business, you might think that being an extrovert is preferable. If you’re predisposed to going out and making new connections, that would seem to be an advantage over those who aren’t as keen on networking. But that’s not necessarily the case.
Consider that some of the world’s most successful people are introverts. We’re talking about the likes of Albert Einstein, Bill Gates and JK Rowling – to name just a few. They’re proof that you don’t have to be extroverted in order to find success.
Recently, I attended a talk at WordCamp Lancaster (US) that really shed some light on the subject. Aaron Campbell gave a fascinating presentation on succeeding as an introvert. Campbell, who leads the WordPress Core Security Team, spoke from the heart – having
My take on the recent issues with malicious code in plugins and the importance of getting the word out to users.
In case you missed it, three widely-used WordPress plugins were recently found to have malicious code included with recent updates. Display Widgets, Fast Secure Contact Form and SI CAPTCHA Anti-Spam were each removed from the official WordPress Plugin Repository due to SEO spam discovered by users. One thing each plugin has in common was that they were all previously trusted and generally considered secure. More recently, they were sold by their original authors to a new developer, who used these popular plugins to spread payday loan spam posts. In fact, security plugin company Wordfence recently reported that up to 9 plugins have been found with malicious code added through various means.
While many web designers and developers have become more proactive in securing their sites against typical threats like brute force attacks, etc. – malicious plugins appear to be a whole new ballgame. We’re used to defending against security holes, but not authors who are intentionally trying to propagate malware. And in the case of the plugins mentioned above, immediately updating to the latest version was the worst thing we could have done since that was how the code was installed.
Some practices that will put you in a bad position as your site ages.
There’s a reason why so many people have turned to WordPress over the years. It’s flexible, relatively easy to use and boasts an amazing community of contributors. That means you can build a website with nearly endless potential in terms of look and functionality. On the downside, it also leaves a lot of opportunities for future problems. The truth is that it’s incredibly easy to set yourself up for disaster – especially when you’re first starting out. Because WordPress essentially puts the world at your fingertips, there is great temptation to add mass quantities of plugins or even click that “Update” button without first thinking of the consequences. That, along with a host of other actions, can blow up in your face down the road.
Below are some of the most important things for designers and site owners to avoid when it comes to building and maintaining a WordPress website.
1. Use Plugins to Solve Every Problem
The sheer amounts of WordPress plugins we have to choose from can make us feel like the proverbial kid in a candy store. There are plugins for virtually any type of functionality you can think of – both major and minor.
Some thoughts on how freelancers can leverage Gutenberg to make a little extra money this year.
Part of being a successful web designer is taking advantage of new opportunities. Some we have to hunt for, while others sort of fall into our laps. With the new Gutenberg editor for WordPress, due to be released as part of WordPress 5.0, we find one of those golden opportunities coming our way (although, some may see it more like an oncoming freight train). This is a big change in how content is created and managed. And with an enormous user base about to be affected, there is going to be a need for experts to step in and help out. While we’re at it, we might as well make a little cash as well. Let’s look at some Gutenberg-centric ways to boost your revenue.
Train Clients in the Ways of Gutenberg
While web professionals are quite aware of Gutenberg, many of the average WordPress users out there are not. It’s safe to say that these folks are in for a bit of culture shock once they lay eyes on this very different way of doing things. This is where you come in to be that knight in shining armor.
Offer to train your clients either individually or as a group. It could be done through a webinar or in person. Show them the basics of what Gutenberg can do and how they can
We'll see how the execution of the release goes. But what Gutenberg represents has grown on me quite a bit.
Those of us who work with WordPress on a daily basis have been keeping close tabs on Gutenberg, the completely revamped editor scheduled to be released with version 5.0 of the world’s most popular CMS. It looks like it will be a monumental change to the way we create and edit our web content. And, that of course has led to a ton of concern about existing sites breaking – either due to an unsupported plugin or some other code gremlin that feasts on our hard work.
But the optimist in me (sometimes I have to dig really far down to find it) is actually excited for this change – or, at least what it represents. Here’s why:
WordPress Needs More Layout Flexibility
I’m very much into customizing WordPress through various methods, with custom fields being my favorite. I also refuse to use a page builder plugin because of the (perceived) bloat. That leaves me between a rock and a hard place when trying to do something more than a standard one column layout.
Doing this with custom fields works well enough. But there is some setup involved that takes time away from other tasks on my to-do list. It’s a process of setting up the fields and then adding code to my
I seriously need to be able to clone TIME itself so I can keep up with everything.
As the importance of the web has grown over the past couple of decades, so have the responsibilities of web designers. It used to be that we had relatively little to worry about, save for making sure our creations looked good and worked properly. But those days appear to be just a distant memory. These days, it seems like our worry list has grown exponentially. From major software upgrades to privacy battles – we’re in the thick of it. While designers aren’t always directly involved in these issues, we certainly are affected by them in one way or another.
Let’s take a look at the five biggest issues (in no particular order) that give us a case of the night sweats.
1. The WordPress Gutenberg Editor
I’ve written extensively about Gutenberg, which is slated to be released as part of WordPress 5.0. It’s generated a lot of buzz and a whole lot of debate in the developer community. And with WordPress powering about 30% of all websites, it’s going to have an effect on a whole lot of website owners and web professionals.
There is some understandable panic about what this completely new editing experience will do to existing websites. The paranoid thoughts
A look at the pros and cons of various types of staging environments, along with some resources to build them.
It’s no secret that WordPress websites are becoming more complex by the day. With each plugin we install, another layer of intricacy is added. This, of course, boosts our chances of running into problems when performing routine software updates. This is part of the open source bargain we accept with WordPress. You get a magnificent collection of plugins that do all sorts of things. But they all come from different developers. With that, the chance that two disparate parts won’t play nicely together is always in the back of your mind.
That’s what makes a staging site such a great resource. It’s an exact copy of your WordPress website that runs independently from your “live” version. This allows you to test updates and other changes to your site without disrupting availability.
Different Ways to Build a Staging Site
Staging sites can be built and utilized using a number of methods. But not everyone has access to the same tools. So which flavor you choose may be more a matter of what resources are readily available, rather than simply going with the easiest solution.
There is no shortage of ways to get the job done, but here is a sampling of some of
Some tips on how to build a WooCommerce site with future flexibility and security in mind.
WooCommerce has become the de facto solution for running an ecommerce website with WordPress. This is especially so since Automattic (the company of WordPress co-founder Matt Mullenweg) took over the wildly popular plugin in 2015. The fact that WooCommerce is free (with the option to use free extensions or buy commercial ones) and fairly easy to set up is very attractive to those looking to sell online without breaking their budget. It’s possible to build an online shop that looks and functions similarly to the upper echelon of online retailers.
But this particular path of ecommerce has its own requirements and challenges. WooCommerce is a different animal than the likes of Shopify, Miva or other SaaS providers. There are things you need to be aware of in order to make the most out of your site, along with maintaining security and stability.
Let’s take a look at some of the hidden secrets to winning with Woo:
Test Updates on a Development Site First
Because your WooCommerce shop could also be running alongside any number of different WordPress plugins, updates aren’t always a smooth process. Bugs not only show up in new releases of Woo, but conflicts can arise with
Mr. Schoppe's recent commentary has created a bit of a stir. He was kind enough to speak with me about Gutenberg (he actually likes the idea).
Within the WordPress community, it’s been hard to ignore all of the hype surrounding Gutenberg – the new content editor being developed for the world’s most used CMS. Currently available in plugin form and scheduled for inclusion in WordPress 5.0, the first thing you notice about this newfangled way of creating a page or post is that it provides a very different experience from what we’re used to. Needless to say, the reaction has been mixed. That’s to be expected whenever such a dramatic change is made to a venerable piece of software like WordPress. With so many designers and developers making a living off of working their magic with it, there’s no way something this big was going to go unnoticed.
The whole situation has already been written about ad nauseam, but we wanted to bring the perspective of someone who brings specific concerns to the table. Today, we’ll introduce you to one developer whose commentary touched a nerve within the community, along with some within the WordPress development team.
His name is Greg Schoppe, a Vermont-based WordPress developer. His post, entitled “You called it Gutenberg for a Reason.. That Doesn’t
A look at some of the mistakes I've made (and hopefully cleaned up) when building custom themes.
WordPress is known for being incredibly flexible, especially when it comes to theme and plugin development. If you ever want to see proof, just ask a group of developers how they’d implement a specific feature. Chances are that you’ll receive several different methods for accomplishing the same result. Support forums are littered with these kinds of examples. But with that flexibility also is the reality that it’s easy to do things the “wrong” way. Now, in this case “wrong” means that something is either inefficient or a bit of a pain to maintain down the road. While it may work in the sense of being functional, there are usually better ways to get things done.
Let’s have a look at five of the more common mistakes found in theme development, along with alternatives that will save you future headaches.
1. Using Absolute URLs in Templates
If you’ve ever looked at the HTML code a WordPress page or post produces, you’ll notice that both images and internal links use absolute (full) URLs. But this isn’t the best way to get things done when adding code to your theme templates.
As an example, let’s say you are developing
A look at how plugin developers handle support and deal with the inevitable conflicts that arise.
It takes a whole lot of talent and skill to create a functioning WordPress plugin. Most of us will probably never fully grasp the amount of work and dedication that goes into the process. From development to maintenance to support, it’s a pretty massive undertaking. But beyond the programming skills, releasing a piece of software that anyone in the world can use also requires some courage. When you think about it, there’s a tremendous amount of responsibility that goes along with making your work available to the public.
For instance, could you imagine releasing an update that ends up breaking a user’s website? Or the amount of support you might find yourself having to provide for free? Even though a good number of plugins are written as side projects, the upkeep of a popular title could be similar to a full-time job.
I wanted to dig in and find out how some real-world plugin developers handle it all. So, I sat down with two very talented gentlemen who were kind enough to share their philosophies and experiences.
Meet the Developers
Matt Cromwell is the Head of Support and Community Outreach at WordImpress. They are the developers of Give, a popular plugin that helps
While we'd all like to believe that we can create a bulletproof site, the truth is that eventually, something's going to break.
I know – the headline sounds dire. And, to some degree, it is. But I’ve been thinking about this a lot lately and I feel like we, as designers and developers, should have an open dialogue. Recently, after a spate of websites I maintain faced a variety of problems, I came to a stark realization: Every website I’ve ever worked on is probably going to break at some point.
We’ll get into the reasons why in a second. But, let that last statement just sink in for a moment. Now, do you get that sinking feeling in your stomach, too?
Is it true? How can this happen?
Sadly, I do believe it’s true. And I actually wonder why it took me so long to figure it out. Maybe you were a bit more on-the-ball and realized it long before I did.
As to why a website is going to break – there are a number of reasons for that. Just a few of the possibilities include:
CMS Core/Plugin/Theme Conflicts
Any website that is built on a content management system like WordPress, Drupal or Joomla! are bound to run into a mischievous software update sooner or later. Different parts could then conflict with each other – resulting in anything from a small display issue to an inaccessible
Specifically tackling the question of whether or not WordPress needs to appeal to non-designers.
A fiery debate is raging on about Gutenberg – the new WordPress editor set to appear in version 5.0. It’s been both defended by founder Matt Mullenweg and derided by some developers. Even I chimed in with my own (very early) take. It’s by far the most controversial topic in the world of WordPress. If you’re wondering why a rebuilt editor is causing such a stir, it’s because this project has evolved to take on a much larger scope. Rather than change just the editor, the process for creating, displaying and customizing content is up in the air. Changes to custom meta boxes are included in the project and that has a lot of people (especially those of us who do lots of customization work) a bit nervous. Designers and developers alike are waiting with baited breath and hoping that changes don’t lead to a bloody trail of broken websites.
The most logical thinking here says that there’s no way the folks working hard on Gutenberg will allow that to happen. So it’s unlikely that everyone’s customized back end is going to cease to work when 5.0 drops.
To me, the bigger debate is some of the reasoning behind Gutenberg and what it says about
An ode to my experiences at WC Baltimore, and how WordPress benefits from diversity.
Recently, I attended WordCamp Baltimore. It provided me with a chance to get out of the house and spend some time in the big city. More importantly, I had the opportunity to learn from and connect with an incredibly diverse group of people. It’s refreshing in a couple of ways. First, it just feels good to get out of my own personal bubble. I spend many hours alone, sitting at this desk with a couple of needy (but loveable) pets as my main source of company. In that way, just walking amongst the masses is good therapy.
Secondly, the state of the world sometimes makes it feel like it’s impossible for different people to come together for just about any reason. For me, the experience was sort of a reaffirmation of humanity.
Not only is this good for everyone who attended the event, it’s also an amazing asset for the WordPress community as a whole.
Exchanging Ideas, Creating New Solutions
One of the fascinating aspects of WordPress is that there are usually several paths you can take to achieve any particular goal. For better or worse, nobody has to do things any one way. In an environment like a WordCamp, that means you may learn to approach things with a whole other