The topics at this months meetup were entitled:
- Handling WP user generated content
- Use WP to find clients
- WP Security
- Cleaner themes.
User generated content
The first talk was by Graham Armfield of Coolfields, who is known as Mr Accessibility. But this month he almost managed to talk about something completely different! Accessibility came in sideways with an aside about captchas vs logic puzzles.
Graham's talk was about handling user generated content - this means input to the website via a form or upload box - without requiring a login. Grahame gave us a run down of the steps needed to take input from a form on a wordpress website, process it, allow an admin to moderate it and then publish the data on a page. He used a gig guide as an example.
If you're interested in learning more, his slides are available here http://www.slideshare.net/coolfields/handling-user-generated-content-in-wordpress
Another useful tip was the the popular Ninjaforms plugin offers a logic puzzle anti-spam test, which is apparently much better from an accessibility point of view.
Using WordPress to find clients
The next talk was from Rob Cubbon and entitled "Using WordPress to find clients". In practice this talk was about optimising your site or online presence to attract and then convert vistors into clients. Rob talked about carefully choosing keywords with buying intent, creating specificity in your pages, not generallity. Example being writing detailed tutorials on how to do something - a subject hopefully you are an expert and authoritative on. Creating a call to action on every page. Adding key phrases to page titles and headlines. He also recommended creating in-depth profiles on social media sites for freelancers as it's likely prosopective clients will research these when selecting somone.
Duncan Stuart gave us all a wake up call with his fascinating talk on WordPress Security. Duncan's company works mostly for government departments or agencies and they spend a lot of time working on security. Duncan began with telling us that the well-known Jetpack plugin, has been suffering from a security weakness that allowed spammers to publish their own content on websites. He then went through a set of examples of types of attack and some well known plugins that have (in the past) had vulnerabilities that have allowed these attacks.
Duncan then gave some advice on improving WordPress security. The first point of call being the Hardening WordPress Codex page. He recommended choosing plugins carefully as these can be a very weak part of the WordPress ecosystem. Look for high numbers of downloads, recent updates and an active support forum.
He wrapped up with tips on writing a good plugin or theme so that our own work does not become part of the problem. His company runs a free resource at https://security.dxw.com/
Persil.co.uk - Cleaner Themes
After a break, the final talk was from Adam Onishi. The company he works for recently built the new iteration of washing powder brand Persil. It was a great insight into a complicated build that spanned 20 countries with many competing requests from different parts of the Persil marketing departments.
Adam's mission was to keep the site management under as tight a control as possible so that updating and changes could be made as simple and straightforward as possible. To this end, the entire global prescence of 35 websites runs from a single WordPress multisite installation.The second vital ingredient was Parent/Child themes. This has allowed extensive localisation of design and content.
Adam went through some code examples, the tools he and his team used to build the site, the most useful plugins that were used, and how he now is working alone on building out the individual country sites.
All videos of WordPress meetups are free to view and can be found here https://www.youtube.com/user/WordPressLondon
Logging to file could also be useful when debugging very visual things (where you don't want extra messages) such as themes. Also background scheduled cron jobs are the same as Ajax calls and run with no user interface so you need to send the messages to file not to the screen.
Although it is possible to configure the logging modes yourself via php.ini or .htaccess, WordPress sets up some constants in the WP_CONFIG.php file which make it simpler to setup debug logging to file.
The setting first is the master control for debugging.
Without this setting nothing will get logged.
The next setting is
This tells WordPress to log everything to the /wp-content/debug.log file, if you want to log to an alternative location do not include this setting and use the settings described in the first reference below.Finally we need to turn off the display of setting to the user (or Ajax call) using the following setting
if you set these three settings then you should have logging to file. It's worth turning this off once your debugging session has finished as the file can get quite large quite quickly.
The WordPress brute-force login attacks show little sign of abating and we recommend all users ensure their sites are secured against this attack.
Since spring 2013, hackers have been calling the WordPress login url with "standard" usernames (like 'admin') and thousands of passwords. In our experience nearly all users have 'admin' as a user account so this makes them especially vulnerable.
Well - not a solution exactly but it should protect your site being hacked.
The solution we propose is to change your username to something only you know about. If you are creating a new WordPress site, don't use the default 'admin'. Choose a new username.
If you have an existing site, you can't simply delete the user 'admin' - therefore there are lot's of free plugins around to change it instead. The one we've been using is called 'Username Changer'. Install it, activate it, change your username and then remove it. It's a one off job.
2020Media can help
Additionally 2020Media would like to see these WordPress attacks stop - realistically this is not going to happen - it's a distributed attack from botnets, and things will change only when it's not worth the hackers while any more.
2020Media are happy to change your login username for you plus we can add additional server-side security which will mitigate the denial-of-service aspects of the attack.
The Managed WordPress service from 2020Media is something anyone not logging in to their WordPress site on a weekly basis should seriously consider. Even if you do, get peace of mind as updates to WordPress, Themes and plugins are done for you. Read more
Two updates within 24 hours.
1. Joomla users should check what version they are using and download and install the latest patch.
Joomla! version 2.5.13 and earlier 2.5.x versions; and version 3.1.4 and earlier 3.x versions has been declared vulnerable to Inadequate filtering leads to the ability to bypass file type upload restrictions. This basically means if you have a upload box on your site, hackers can use it to upload malicious code to your hosting space.
The solution is to upgrade today to the newest Joomla version, Upgrade to version 2.5.14 or 3.1.5 depending on which release you are on.
2. WordPress has released a new version, which fixes 700 bugs and includes a brand new template. The new version is 3.6 and all users are advised to upgrade.
2020Media strongly recommends users make a backup before doing an upgrade. We are also happy to do upgrade for customers on request, free of charge.
Dates have been announced for a WordPress conference in London later this year.
The very first WordCamp London will take place on 23rd & 24th November 2013!
The two day event will have one main conference day and the second day will be a Contribute Day where you can come along, hack, write, support, and contribute to WordPress.
What's a WordCamp?"WordCamps are informal, community-organized events that are put together by WordPress users like you. Everyone from casual users to core developers participate, share ideas, and get to know each other".
The first day will comprise presentations from WordPress experts and enthusiasts from the UK and around the world. The second day will be a Contributor Day – both seasoned and new community members will spend the day working on the project.