WordPress Cambridge Meetup

The WordPress Cambridge Meetup is a monthly get together for developers and users of WordPress, held at The Boathouse usually on the second, or third Monday of the month.

You can usually expect to see 2-3 talks and an open Q&A session, followed by drinks in the pub.

Find out more about WordPress, whether you’re trying to decide if you should use it, or if you’re an expert that wants to keep on top of the latest features, or anywhere in between – everyone is welcome.

So come along to see how WordPress can benefit your organisation, and get specific advise on any WordPress questions you may have.

If you’re interested in coming along, please let us know at our Meetup page.

Subscribe to our Mailing list/Google group
Follow us on Twitter
Like our Facebook page
Subscribe to us on Youtube

See you at the WPCBG Meetup!


Guten Tips!

Gutenberg is the new WordPress editor and it went live at the end of 2018. We’ve now had a few months to explore it and so some of us are sharing what we have learnt. Our previous blog post about the introduction of Gutenberg has some useful links you may wish to check out.

Lightning talks on Gutenberg by members of WordPress Cambridge

Our speakers on 11 February 2019 include:

  • David Thorne on the ‘Basics of Using Gutenberg as a sitebuilder’
  • Jonathan Whiteland is giving a few simple examples of how they’re beginning to successfully use Gutenberg at YTKO now; and show some of the more hair-raising things Gutenberg can cope with; then finish with talking briefly about how they plan to use Gutenberg going forwards
  • Chris O’Dell introducing the coding languages that developers need  (link opens a PowerPoint presentation) to starting learning to thrive in the ‘Gutenberg environment’:  React, JavaScript Frameworks & jsx
  • Elisabeth Klaar with a live demo/overview of Gutenberg from a ‘user’ (rather than developer) point of view

Some useful links

Elisabeth shares an excellent page featuring a compare/contrast between the old editor and the new editor (great if you find you’re stuck trying to do something  in Gutenberg that you used to do easily/fast in the Classic Editor). And another super useful overview of all the blocks with explanations of how they work and tutorials on how to use each different kind.


WordPress as a Marketing Portal

Thanks to Chris O’Dell and Simon Ellington for giving great talks at our January 2019 meetup.

Chris spoke on using WordPress to create a Minimum Viable Product to test the market. His quick approach to get a service/product to market  was inspiring. Chris’s full presentation is available for you to look through.

Simon spoke about how to use plugins in a super clever way to patch together a site offering a complex product. For reasons of client confidentiality he has shared a redacted version of his talk.



Gutenberg – new way to edit WordPress

Gutenberg (or WordPress 5.0) is now live…

December 6, 2018, will update the core of WordPress with the new editor, ‘Gutenberg’.

It’s a little controversial and makes some big changes to how the ‘back end’ of your WordPress site will look once you have updated WordPress. Your hosting company may delay updating the new version of WordPress until later (often predicted to be January 2019) to give the various people and organisation in the WordPress community a chance to debug it. So, you may find it’s the same for a bit and then changes in a few months, depending on the hosting you use.

We’ve rounded up some helpful links so you can get some background, find some tutorials and prepare yourself. We’ll also be running some meetups about this in 2019 – so join WordPress Cambridge Meetup and get notified of all our meetings.

Some links that may help you

Disabling Gutenberg while you learn a bit more…

If you want to wait a bit longer and learn a bit more about it before taking the plunge you can disable Gutenberg and stick with the old-style editor by using a plugin

WordPress Cambridge – learn more at our meetups

WordPress Cambridge has a forthcoming meeting where you can bring your own questions, concerns, and ask other people who are there – or you can be someone who gets up and answers or makes suggestions to others! It’s on December 10 2018 at the Bradfield Centre and you can see details on our site.

WordPress Cambridge members chip in…

Simon Jones from Cambridge-based Studio24 wrote a blog post on Gutenberg and says:

Personally I would strongly not recommend people update to this straight away. Most commercial hosting companies are likely to wait until they update sites (I’ve been told WP Engine don’t plan to roll out 5.0 until Jan). By mid-Jan there will be bug releases and plugins like ACF (which is not currently 100% compatible) should be stable.

He provides the following useful links for background:

Yoast on how Gutenberg isn’t ready quite yet… And a post by esteemed plugin authors, ACF (Advanced Custom Fields) on a similar note.

Though they have also both published some useful blogs recently:
Yoast on the question of whether you should update to Gutenberg (also known as WordPress 5.0) and Yoast on ‘pressing questions’ that remain about Gutenberg. In addition, ACF produced a blog ‘the night before’ Gutenberg giving their most recent views.

And don’t forget to check out Simon Jones’ own blog post.

Jonathan Whiteland of YTKO, and an active member of WordPress Cambridge, is proceeding cautiously too – scaling back the eagerness of his nightly auto-updating scripts and looking out for plugin problems too.

We’ll add more links – get in touch via WordPress Cambridge Meetup if you have something to contribute.


What to shove up your .htaccess

Simon Bragg of website and design agency Sibra gave a talk on Monday about the .htaccess file. This file is found in the root directory of websites running on Apache web servers (so check what server software you are using if the htaccess is missing). It controls access to pages on the site, handles redirects and can be used for security and optimisations.

You can see Simon’s slides here:

What to shove up your htaccess presentation by Simon Bragg of Sibra
What to shove up your htaccess presentation by Simon Bragg of Sibra (click to open)

Here’s a written version of the presentation:

What to shove up your .htaccess

Simon Bragg

Cambridge WordPress Meetup August 2018

The .htaccess file

.htaccess files enable:

  • Configuration changes to directory and sub-directory;
  • Without accessing httpd.conf,
  • Usually allowed;
  • Short commands:
  • key value pair.

If you screw it up syntax, you get:

Error 500 internal server error

What you can do

  • Browser caching
  • gzip compression for file transfer
  • Keep alive
  • Regex for redirects
  • Security enhancements

Browser caching


<IfModule mod_expires.c>

ExpiresActive On
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType text/css "access plus 1 year"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresByType text/javascript "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/javascript "access 1 month"
ExpiresByType application/x-javascript "access 1 month"
ExpiresByType application/json "access 1 month"
ExpiresByType application/ "access plus 1 year"
ExpiresByType application/x-font-ttf "access plus 1 year"
ExpiresByType application/x-font-opentype "access plus 1 year"
ExpiresByType application/x-font-woff "access plus 1 year"
ExpiresByType image/svg+xml "access plus 1 year"
ExpiresDefault "access plus 2 days"



This can make a dramatic difference:

Speed check caching before
Speed check caching before
Speed check caching after
Speed check caching after htaccess changes

Compress transfer: gzip

Place this code AFTER WordPress stuff:

<IfModule mod_filter.c>

AddOutputFilterByType DEFLATE "application/atom+xml" \
"application/javascript" \
"application/json" \
"application/ld+json" \
"application/manifest+json" \
"application/rdf+xml" \
"application/rss+xml" \
"application/schema+json" \
"application/vnd.geo+json" \
"application/" \
"application/x-font-ttf" \
"application/x-javascript" \
"application/x-web-app-manifest+json" \
"application/xhtml+xml" \
"application/xml" \
"font/eot" \
"font/opentype" \
"image/bmp" \
"image/svg+xml" \
"image/" \
"image/x-icon" \
"text/cache-manifest" \
"text/css" \
"text/html" \
"text/javascript" \
"text/plain" \
"text/vcard" \
"text/vnd.rim.location.xloc" \
"text/vtt" \
"text/x-component" \
Speed check gzip compression after
Speed check gzip compression after

Keep alive, if allowed by host

At end of .htaccess file


<ifModule mod_headers.c>

Header set Connection keep-alive



But cheapo host doesn’t allow this.

RedirectMatch for Regex redirects

Have mod_rewrite.c enabled for #Begin WordPress stuff.

So can use Regex to redirect multiple pages in one line. Some Examples:

Perhaps for tweaking URL structure:

.* means anything, (.*) means whatever, and repeat in $1

RedirectMatch 301 .*/employment/employee-shares/(.*)$1

^ means start of string, (/D) means 1 non digit character.

RedirectMatch 301 ^/share(\D)options$

Use of OR for multiple redirects to one page:

RedirectMatch 301 ((/introducing-thepod/)

http to https

When have http site and converting to https, add in bold

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# BEGIN WordPress
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

Bits of code

1. Protect important files, deny access to them:

<FilesMatch "^.*(error_log|wp
Order deny,allow
Deny from all

Check php.ini, is php.ini

2. Prevent directory browsing /wp-content/uploads/

Options All –Indexes

3. Block unauthorized execution of PHP files.

Most hackers upload backdoors to /uploads folder

<Directory "/var/www/wp-content/uploads/">
<Files "*.php">
Order Deny,Allow
Deny from All

4. Protect against Script injections

Hackers change WordPress GLOBALS & REQUEST variables, so:

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

5. Secure wp-includes directory

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]

6. Prevent username enumeration

Visitor who enters finds username. One less thing to guess. Just needs the password. So:

RewriteCond %{QUERY_STRING} author=d
RewriteRule ^ /? [L,R=301]

7. Prevent hot linking

Most hackers upload backdoors to /uploads folder

RewriteEngine On RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER}
!^http://(www\.)?*$ [NC] RewriteRule \.(gif|jpg)$ [R,L]Directory "/var/www/wpcontent/uploads/">

And replace with image url you want to protect

xmlrpc.php blocking?

Xmlrpc : remote procedure call using XML to encode, and http for transport

Enables you to:

Post using weblog clients e.g. Windows Live Writer, IFTTT

Was a security concern, although not any more.

If want to block:

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
allow from

Thanks to Simon for his excellent talk!


Varying Vagrant Vagrants – What the heck? By Adam Maltpress

Adam Maltpress gave a presentation last night about Varying Vagrant Vagrants. This is an open source local development tool for developing with WordPress. You can see the presentation here:

Varying Vagrant Vagrants presentation by Adam Maltpress (click to view)
Varying Vagrant Vagrants presentation by Adam Maltpress (click to view)

A summary of the slides above follows:

Varying Vagrant Vagrants

VVV – what the heck?

  • “An open source Vagrant configuration for developing with WordPress”
  • Where Vagrant is “…a tool for building and managing virtual machine
  • environments in a single workflow”
  • Eh?
  • Run a virtual server on your computer to do WP development
  • Manage settings with a simple config file
  • Get a load of tools specific to, or helpful for, WordPress

What do you get?

  • Ubuntu 14.04, nginx, PHP fpm 7.0.x, memcached, all the PHP extensions you need to run WP – hosting gubbins
  • MariaDB, PHPMyAdmin – database thingies
  • PHPUnit, ack-grep, Git, subversion, grunt, node, Composer, – and other workflow and development do-dahs
  • WordPress current version and WordPress development version as well as WP-CLI – WordPressy whatsits.
  • Everything you need to run WP on a local machine

Awesome. How do I get it?

Done all that. Now what?

Woohoo! Bring me the WordPress

  • Go to http://local.wordpress.test for current production WordPress
  • Go to http://src.wordpress-develop.test for the development branch of
  • WordPress (not yet Gutenbergy)
  • Add your own sites by editing the file vvv-custom.yml in the main VVV folder:
  • See
  • Be careful with tabs and spaces in yml files – tabs bad, spaces good
  • Edit the files the normal way on your local machine
  • Use PHPMyAdmin as normal
  • When you change things, run
vagrant reload --provision

on the command line

So what’s it good for?

  • Contributing to WP core
  • Building a theme you’re going to release
  • Building a plugin you’re going to release
  • Quickly getting a new, fresh WP installation running
  • Learning WP-CLI
  • Quickly changing PHP version to test things

What’s it bad for?

  • Working with existing sites you’ve pulled down from a server
  • Any sites with weird/custom folder structures
  • Anything you’re moving from an existing development setup
  • Beginners
  • Speed of provisioning

What are the alternatives?

  • Wamp
  • Xampp
  • Mamp
  • Docker
  • Plain virtual box
  • Actual server

Do you recommend it then?

  • Not really.



Local Development and Child Themes

Ben Attenborough and Zuzana Kunckova gave a presentation last night on Local Development and Child Themes. Here are the slides (click to open):

Local Development and Child Themes presentation, click to open
Click to open

Local Development

Here are some resources to help you with local development:

Good blog post from wpmudev:

Local development software:

Feel free to suggest alternatives!

Child themes

First checkout the official WordPress Codex documentation on child themes.

Also checkout:

The plugin we used to do create child themes automatically was Child Theme Configurator bLilaea Media

Starter themes

Here’s a list of well-known starter themes:

Wrapping up

If anyone has any questions or suggestions feel free to say!


Writing for the Web with Simon Bragg

Simon Bragg from Sibra gave a presentation last night on Writing for the Web.

Once again the presentation was very insightful and prompted lots of debate. Thanks Simon!

You can see the presentation by clicking on the image below:

Writing for the Web presentation by Simon Bragg


How to Drive Traffic to your Website with Penni Stanton

Penni Stanton (@kabocreative) from Kabo Creative gave a presentation on “How to drive traffic to your website”.

With an estimated 140,000 new websites launched every day, you need a long term plan to drive consistent website traffic. Penni gave her top tips for driving consistent traffic, including:

  • Contact forms & conversion measurement
  • On-site SEO
  • Being helpful on social media
  • Blogging for your customers’ pain points

It was a very interesting talk which prompted lots of conversations both during and afterwards. Thanks Penni!

You can see the presentation by clicking on the image below:


Practical WordPress Security with Tim Nash

Tim Nash (@tnash) from 34SP joined us on Monday 14 May to share his knowledge of WordPress security.

Tim Nash

You can see slides from Tim’s recent talks on security here

Tim’s said:

Thanks folks who came to my Practical Security talk at WP Cambridge last night.

Today it’s time to take action we covered a lot of stuff so where to start?

Here are 3 things to do right now.

2. Remove all admin roles and replace with editors
3. test your backups



The Gutenberg Block What I Wrote

Lightening talk given by me (Ben Attenborough) at the WordPress Cambridge meeting on 14 May 2018. Slides below:

Click on image to open pdf


Code on github:

Zac Gordon’s Gutenberg course:

Code Mirror

See also:

Gutenberg Code Editor component