Why upgrade WordPress if it’s working

Lots of customers we work with come to us because they have an outdated website that is based on the WordPress framework, whilst others come to us specifically requesting that we develop their site using WordPress.  Whether the site is an established site or a brand new one.  Making sure you the version of WordPress you’re using is critical to the success of your website.

I’m safe, no one would bother hacking my site.
It’s reasonable for customers to suspect that hackers only target corporate or government websites that handle sensitive financial or customer information such as credit card numbers and personal information. However, this simply is not the case.  Over the years a number of our clients with simple informational websites have been hacked by malicious software. Hackers write code that automatically scans the web and identifies vulnerabilities within websites running older, expired software. 

Sometimes the hackers are only doing it for vanity (look what I can do), other times its so they can use your website to transmit span across the internet using your email accounts. 

In rarer cases, hackers want to hold your website for ransom until you pay them with money – Bitcoin.

If you’re on a shared hosting server, they may be using your site as an indirect access to another site, but causing you disruption in the process

  • Hackers may want access to the server where your website is hosted, and by gaining access to your website, they may be able to extend their hack to the server and all the websites that are hosted on it.
  • Hackers may want to use your web account to send emails or host content hidden from view.
  • Hackers may use your website to promote products or illegal content by hiding links inside your code, even though you can’t see it, it still can boost their content within the web.

What should I do
If you’re using WordPress, it is critical that you keep your core code and plugins up to date. Always update to the newest releases, which often contain security patches.

Of course, this option only works reliably in WordPress as long as any customisation to the website theme or core functions was conducted by a competent WordPress practitioner.  If they simply hacked updated onto your website, upgrading to the latest version of WordPress, without backing up your code could be the worst option.

WordPress is built to alert you when updates to the cored (minor & major) updates are available.  It also provides this advice for its plugins.

Automated Plugins
For some people, being told that an upgrade is available is not enough.  They may be time poor or simply not interested.  Luckily there are free plugins to help with  hate

Easy Update Manager
There is also a very powerful plugin that allows you to automate the backup process.  The plugin lets you choose which plugins you do not want to update automatically.

UpdraftPlus Backups
This free plugin allows you to schedule backups of your website and offers you the opportunity to automatically back up your files and databases locally or externally (Dropbox, Amazon etc…..).

 

WordPress – Tinymce extra plugins

The text editor for WordPress is based on the open source text editor, TinyMCE.

This is quite adequate for basic projects, allowing you to select for a reasonable variety of fonts and colours and offering you a great deal of formatting errors.

However there are limitations for those more design focused CMS users.  But, all is not lost.  Within the plugin library there are three very useful associated plugins that significantly enhance the functionality of the editor.

TinyMCE Advanced.
This wonderful plugin will add a very impressive array of additional routines to the standard editor.  Once installed and activated you’ll find a range  of new tool buttons on the editor menu as well as a host of additional routines/buttons that you can add as required to make the most of the editor.

One particularly useful feature in TinyMCE Advanced is an option that prevents the editor from stripping out HTML tags such as <P> & </br>.   For anyone who has experienced the frustration of the characteristic of TinyMCE this is a great find.

TinyMCE Custom Styles
The standard range of selectable fonts is impressive, but designers are never happy with standard.  So, if you are using custom or google fonts, how can you allow users in the CMS area the luxury of using these fonts to modify text content.

Well TinyMCE Custom Styles is the answer.  It allows you to work with every style imaginable and all make the styles available from the “format” button on the TinyMCE Advanced menu.

Of course we’re assuming that you have made the font available to be used in the first place.  If not, you need to read about loading custom fonts.

You can create unlimited styles from the “Settings > TinyMCE Custom Styles” menu.
Once you’ve added them, you can access them from the editors button bar, selecting the Formats > Custom Formats option.

TinyMCE Color Picker
So, the colours that come with the TinyMCEs colour picker is limited.  Activate the TinyMCE Color Picker plugin.
Next time you go to use the editors colour picker you’ll find an option to add your own custom colours.

WordPress – what plugins should developers use

WordPress is an excellent CMS engine and has lots of plugins that extend the range and functionality of the application.

As a developer, what plugins are most useful to developers.   Any list is open to debate and new tools are allows coming online.  In the most part this list is made up of free tools.

Coming Soon Page & Maintenance Mode
this is a very handy plugin to let people know your site is under construction or redevelopment.

Query Monitor
Accessible from the admin menubar, this tool enables you to see what is happening under the hood.  This has saved me hours of debugging.

Error Log Monitor
This has been brilliant for helping find out what is happening with my PHP code and database calls.

Email Log
The free version doesn’t show a lot of information, but it does confirm if emails from your application are getting sent or not.

Advanced Custom Fields   ( & Pro)
Unless you want to really get into the code, ACF is a fantastic tool to  allow you to create posts with unique data that can be presented in the front end.
The Pro version really builds on the free version.  But the free version is fantastic.

Custom Post Types
Another great tool to allow developers to very quickly modify the basic post type and give you a easy means to categorise groups of data.

There are heaps and heaps of tools, but this simple set of plugins will get you a long way to developing a custom type or application.

My custom Functions
This excellent plugin allows you to add php routines to your theme without having to modify the “functions.php” file.

One added benefit of this plugin is the fact that if you have PHP syntax errors in your code, you will not kill your theme as happens when you make mistakes in the functions.php file.

WordPress working with ACF Pro

One of the best features of the WordPress plugin “Advanced Custom Field (ACF)” is the ability not just to add custom fields, but by extension the abilty to create field type called ‘repeat’.
This lets editors add rows of content that is associated with a field  (in a crude way it’s like having relational data).

So, having created the field and poplated it with data (for example, adding multiple images to a post to are presented in a  table)

<?php
// test if the ACF field has rows

if( have_rows(‘image_sliders’) ):
   // run through the rows to get elements in each row

    while ( have_rows(‘image_sliders’) ) : the_row();
      //  get_sub_field is the key

        $theImage=get_sub_field(‘slider_image’);
        $theImg=$theImage[‘url’];
       $theLink=get_sub_field(‘slider_image_url’);
       echo “<div class=’imagecon’><a href=”.$theLink.”><img src=”.$theImg.”></a></div>”;
   endwhile;
   else :
endif;

// clear query after use
wp_reset_query();

?>