Use Transient to speed up WordPress

One of the features of WordPress is the ease of applying dropdown menus with access to posts & pages.

Applying menus in the header is a simply matter of including the following lines of code in header.php

wp_nav_menu(array(
‘items_wrap’ => ‘%3$s’,
‘depth’ => 3,
‘theme_location’ => ‘header-menu’,
‘container’ => false ));

However, this simple routine is pretty slow for complex or crowded menus and can result in a bottleneck as the page loads.
One solution is to cache the menus (which we presume chane infrequently), using WordPress’s “transient” command.

Effectively we test to see if we have a copy of the menu or whatever element in the cache.
If not, we add it to the cache, however if it does exist in the cache we grab it from there rather than creating it.

$cached_menu=get_transient(‘the_header_menu’);
if(false === $cached_menu){         
      $cached_menu =  wp_nav_menu(array( ‘items_wrap’ => ‘%3$s’, ‘depth’ => 3, ‘theme_location’ => ‘header-menu’, ‘container’ => false, ‘echo’ => false ));                 
set_transient(‘the_header_menu’, $cached_menu, 3600*5);    

    echo $cached_menu; 

 

How important is https for my website

Google has been heavily promoting the fact that they want website owners to switch from http to the secure https protocol.  They have announced that they will name & shame sites that don’t support https, by displaying a message when clients try to use their online forms or showing a warning icon in the url bar.  
This is scary stuff for website owners.   To use https requires them to obtain an SSL certificate which can cost up to $1,500 a year, although there are actually free versions available.
So, if there are free versions available that Google recognises, one must wonder just how much security an SSL key and https in general offer websites.
The reality appears to be that on Google, should the search engine identify two compositionally identical pages, it will favour the one with the SSL key transmitted over https.
This secure transportation of data happens at a cost of speed, so in theory your superior page may be penalised for speed, then bumped.

My website doesn’t have a form or secure data
For the vast majority of sites, data is not intended to be secure and there is no technical requirement to have an SSL key, other than Googles warning.  

Paypal doesn’t require you to use https to make a payment
If you direct people to PayPal to make a payment you don’t need an SSL key.  The key is only necessary if you have an application that expects PayPal to return data to the application so it can run an event such as automated downloads or membership registration.
Of course, some people may prefer to work with sites that do show SSL certification, but given that you can obtain them online for FREE from sites such as LetsEncrypt, what exactly is their purpose anymore.

But what if you’re using secure PayPal as a payment gateway? Why do you have to wear the derogatory “Scarlet Letter” on your site’s address bar? Why does a site that’s collecting zero information from anyone need an SSL certificate? It makes no sense at all. If your web site doesn’t have financial transactions, why do you need an SSL certificate?
HTTPS  simply doesn’t care what’s transmitted. Infected websites distribute malware. HTTPS doesn’t do anything to ensure displayed information’s integrity. HTTPS will also deliver manipulated information to unsuspecting website visitors. Installing a Secure Socket Layer certificate prevents man-in-the-middle attacks, it doesn’t help if the original data was suspicious.

Conclusion?
Given that you can obtain an SSL key for free, perhaps it’s a good idea to use one.  However, there will be a speed issue and data is encrypted and unencrypted at both end and who knows what Google’s ultimate endgame is.
However, be aware that an SSL makes your website not more secure from an attack that previously.

 

How risky are WordPress plugins

Risky, badly written plugins are the main way that attackers gain access to WordPress sites. Reducing your plugin security risk is one of the most important aspects of protecting your site. There are a number of things you can do to limit this risk.

Use as Few Plugins as Possible

You need to remember that every plugin you add to your site requires you to trust that the unknown person has written secure code, responses quickly to vulnerability reports and keeping your best interests in mind.

Only Download Plugins From Reputable Sites

If possible we recommend that you limit your plugin downloads to the official WordPress.org plugin directory. A great team of volunteers manages it, alongside a large community of users and security researchers helping out.

If you need to download a plugin from another site, you can use these tips to help determine whether the site is reputable:

  • The site should pass the “eye test”: professionally designed and using clear language to describe the plugin.
  • Look for a valid company name in the footer.
  • Terms of service and a privacy policy readily available.

Choose Reputable Plugins

The WordPress.org plugin directory makes it really easy to evaluate plugins by providing a nice summary that gives you almost everything you need. Here’s what we suggest you pay attention to:

  • The more recent the last update, the better.
  • Check the number of active installs the plugin has. Some reliable and useful plugins have low install numbers, but you should still examine a plugin carefully if it has a low install base (below 1,000 active installs). It may not be maintained.
  • It should be compatible with the current version of WordPress, though please note that immediately after a WordPress core release, a lot of reputable plugins will show a “Test up to:” value that is behind, as authors finish testing their plugin with the latest WordPress version.
  • The average plugin rating should be high enough to instill confidence. The higher the rating, the better, obviously.

You should also periodically review your installed plugins to make sure they have maintained their good standing.

Delete Plugins Immediately When You Stop Using Them

We have written at length about the fact that the best way to secure data is to get rid of it. The same concept applies to WordPress plugins: removing plugins reduces your risk.

Keep Your Plugins Up to Date

Security vulnerabilities are constantly being discovered in WordPress plugins. In many cases, the details of the vulnerability will be made public, meaning that the entire world is given the information necessary to exploit the security vulnerability. 

Many plugins like Wordfence include an auto-update feature. You should enable this in as many plugins as you can. For those for which you can’t, you should update to the latest version as soon as possible, especially if it includes a security fix.

Replace Abandoned and Removed Plugins

Have you ever started a project or hobby and gotten bored with it? That happens to WordPress plugin authors, too. In fact, it happens a lot.   Does that mean that they include a security vulnerability? Most likely not. What it does mean is that they represent a much higher risk than actively maintained plugins. We recommend that you not run plugins that haven’t been updated in over 2 years.

 

Modify the admin menu bar in WordPress

Recently we were asked by a client to simplify the presentation of the WordPress menu bar.

There are some nice plugins that you can use to achieve this such as “Admin Menu Editor Pro”.  This wonderful plugin offers lots of functionality, however, some of it’s best features are only available on the paid version of the site.

If you’re not in a position to buy a paid version, he is one way to manipulate the menu.
In this instance, the client had trouble remembering where to find the option to change the order of menu items on the front end of their site.  This is normally located at a submenu item of “appearance”.

We wanted to move it to the main menu so it would be easier to find  (less support for us).
So we added this routine to the “functions.php” file.

Please remember to back up this file before you every modify it, as even the slightest syntax error will cause your website to fail.

function change_menus_position() {

//   remove the menu item from the theme altogether
remove_submenu_page( ‘themes.php’, ‘nav-menus.php’ );

//  add it back to the main menu.
add_menu_page(
     ‘Menus’,
     ‘Menus’,
     ‘edit_theme_options’,
     ‘nav-menus.php’,
     ”,
     ‘dashicons-list-view’,
     68
     );
}

 

Create content that will be read

It’s a sad fact, that four out of five people that visit your page will not your entire article.  The most common reasons people don’t complete reading is  “they don’t have time for reading.” “they mainly scan,” or,  “they just read the headline and move on”.

However, as legitimate as these answers are, there are issues that we, the writers are a part of the problem.  Our pages may be too long or they find the bad design to be awful, the subject matter is too complex or badly written or the writing lacks credibility and trust.

So, if people aren’t reading our content – especially on our landing pages they surely have no interest in navigating to other pages on the site.  If people aren’t reading our content or roaming around our websites we will not be able to promote our products and services….. so what was the point.

So, how can we do it differently,
Basic research indicates that providing content that compresses longer form content into smaller articles results in longer reading time.  People are more likely to spend 10 minutes reading 1,000 word articles than they are spending 5 minutes reading a 10,000 word article (regardless of content quality).
So, we need to be mindful and yes, it’s harder to write complex material in less than 1,000 words, but the reality is that that is our challenge.

If you find that it’s not possible to frame your material in such a short article, we suggest breaking the article into mini-blocks.  Present each mini-block with thoughtful meta-paragraphs which if read in isolation could be a complete article, but each of which offers a “read more” option which allows interested readers to explore particular blocks in more detail.  

 

 

Why upgrade WordPress if it’s working

Lots of customers we work with come to us because they have an outdated website that is based on the WordPress framework, whilst others come to us specifically requesting that we develop their site using WordPress.  Whether the site is an established site or a brand new one.  Making sure you the version of WordPress you’re using is critical to the success of your website.

I’m safe, no one would bother hacking my site.
It’s reasonable for customers to suspect that hackers only target corporate or government websites that handle sensitive financial or customer information such as credit card numbers and personal information. However, this simply is not the case.  Over the years a number of our clients with simple informational websites have been hacked by malicious software. Hackers write code that automatically scans the web and identifies vulnerabilities within websites running older, expired software. 

Sometimes the hackers are only doing it for vanity (look what I can do), other times its so they can use your website to transmit span across the internet using your email accounts. 

In rarer cases, hackers want to hold your website for ransom until you pay them with money – Bitcoin.

If you’re on a shared hosting server, they may be using your site as an indirect access to another site, but causing you disruption in the process

  • Hackers may want access to the server where your website is hosted, and by gaining access to your website, they may be able to extend their hack to the server and all the websites that are hosted on it.
  • Hackers may want to use your web account to send emails or host content hidden from view.
  • Hackers may use your website to promote products or illegal content by hiding links inside your code, even though you can’t see it, it still can boost their content within the web.

What should I do
If you’re using WordPress, it is critical that you keep your core code and plugins up to date. Always update to the newest releases, which often contain security patches.

Of course, this option only works reliably in WordPress as long as any customisation to the website theme or core functions was conducted by a competent WordPress practitioner.  If they simply hacked updated onto your website, upgrading to the latest version of WordPress, without backing up your code could be the worst option.

WordPress is built to alert you when updates to the cored (minor & major) updates are available.  It also provides this advice for its plugins.

Automated Plugins
For some people, being told that an upgrade is available is not enough.  They may be time poor or simply not interested.  Luckily there are free plugins to help with  hate

Easy Update Manager
There is also a very powerful plugin that allows you to automate the backup process.  The plugin lets you choose which plugins you do not want to update automatically.

UpdraftPlus Backups
This free plugin allows you to schedule backups of your website and offers you the opportunity to automatically back up your files and databases locally or externally (Dropbox, Amazon etc…..).

 

WordPress – Why not to use it.

WordPress is the most popular CMS (content management system) in the world with a market share of 20% of all websites on the internet.

However, here are a number of reasons why not use it.

Security & hacks
Because of it’s popularity, WordPress is routinely targetted by hackers.  Often people say that’s not important to because no one would want to hack my site.  But hackers target vulnerabilities in exactly your type of website because they aren’t regularly maintained.  Once compromised, your website is used to send spam across the internet.  WordPress is extremely vunerable unless regularly maintained.

Inconsistent Programming 
WordPress have a very mature development framework, however there is nothing to stop developers adapting their own approach at every level.  This has two negative consequences.  It becomes extremely difficult to manage code if you can’t anticipate where the developer is making their coding updates, especially if you have more than one developer working on a project.  And if developers are not following the established development framework you application is likely to fail after the next major core WordPress update.

Plugins
One of the best features of WordPress is the availability of a massive library of free or commerical plugins.
There are two drawbacks to this.  Not all plugins compliment each other and installing one plugin can disable another, causing significant development time fixing the issues.
Second drawback is that because a free plugin may offer 90% of what you want, people often settle of sub standard solutions without asking what it would cost to have their actual requirement delivered as desired.

Availability of developers
Not all developers are created equally.  WordPress is free, it’s plugins are free and there are tons of tutorials on Youtube to help you get development started.  However at it’s core, WordPress has a mature framework for ‘correctly’ developing applications.
Few ‘competitively priced’ contractors have been trained properly to develop applications using the framework.  The net result is you hire a developer who gets their task done on time and to a low budget.  However, that developer didn’t comply with the framework, so unless you rehire them, the next developer (experience or not) will have to learn what the previous developer did before last time before they can begin to look at your next project.

 

WordPress – 5 reasons why you should use it

Here are some of the top reasons for using WordPress as the Content Management System (CMS) for your next website project.

Popularity
WordPress is the most widely used CMS in the world.  Roughly 20% of all websites build use it’s development platform. As a result, many users are already familiar with the WordPress CMS, requiring less staff training when building a new site.

Open Source (Free)
At the most basic level the product absolutely free.  You don’t even need hosting to get started as it can be hosted on it’s free shared hosting platform.  There are tons of plugins to extend it’s capability for free and there are thousands of free design templates to get you started immediately.

Development Framework
For those who want to dig below the surface and develop their own unique design templates or application, WordPress offers a development approach that if followed correctly, ensures their applications will be speedy and will continue to operate successfully through successive core upgrades.

Simple to use
WordPress was initially designed as a simple blog posting tool.  As such, if all you want to do is post a blog, it’s simple to use straight out of the box.  As the application developed in a CMS that was suited it more complicated projects it’s developers stayed true to the original administration environment.  This means that it’s as easy to use the fully featured rich CMS as it was to use the original simple Blog.

Low maintenance costs
Because it’s a mature product, incremental upgrades are simple to implement.  In fact automated updates can be set up so that the core files are always up to date.  And, because of it’s popularity its easy to find trained designers and developers at competitive prices.

WordPress – Tinymce extra plugins

The text editor for WordPress is based on the open source text editor, TinyMCE.

This is quite adequate for basic projects, allowing you to select for a reasonable variety of fonts and colours and offering you a great deal of formatting errors.

However there are limitations for those more design focused CMS users.  But, all is not lost.  Within the plugin library there are three very useful associated plugins that significantly enhance the functionality of the editor.

TinyMCE Advanced.
This wonderful plugin will add a very impressive array of additional routines to the standard editor.  Once installed and activated you’ll find a range  of new tool buttons on the editor menu as well as a host of additional routines/buttons that you can add as required to make the most of the editor.

One particularly useful feature in TinyMCE Advanced is an option that prevents the editor from stripping out HTML tags such as <P> & </br>.   For anyone who has experienced the frustration of the characteristic of TinyMCE this is a great find.

TinyMCE Custom Styles
The standard range of selectable fonts is impressive, but designers are never happy with standard.  So, if you are using custom or google fonts, how can you allow users in the CMS area the luxury of using these fonts to modify text content.

Well TinyMCE Custom Styles is the answer.  It allows you to work with every style imaginable and all make the styles available from the “format” button on the TinyMCE Advanced menu.

Of course we’re assuming that you have made the font available to be used in the first place.  If not, you need to read about loading custom fonts.

You can create unlimited styles from the “Settings > TinyMCE Custom Styles” menu.
Once you’ve added them, you can access them from the editors button bar, selecting the Formats > Custom Formats option.

TinyMCE Color Picker
So, the colours that come with the TinyMCEs colour picker is limited.  Activate the TinyMCE Color Picker plugin.
Next time you go to use the editors colour picker you’ll find an option to add your own custom colours.

Bootstrap & Less – compile online

If you’re using Bootstrap for projects, including but not exclusive to WordPress, you may come across issues such as pages not responding correctly on devices such as iPad mini.

In my instance I couldn’t get the navbar to collapse correctly in either landscape or portrait mode.   Nothing I tried worked for my “twentyseventeen” based themed project, despite the fact that all other settings I worked with did obey my directives.

I found the solution was to modify the bootstrap file using LESS to apply settings such as “@grid-float-breakpoint”.

Rather than going into a lot of depth regarding LESS and compiling a compiler to set it up, I went to the Bootstrap official website and used their online compiler which generates the customised version of bootstrap.css & bootstrap.min.css

From here you can apply your modificatios and allow it to generate the new file which you download and transfer to your website.

https://getbootstrap.com/docs/3.3/customize/