WordPress News – WP Version 4.9, GDPR, RobotNinja and more

Hello, here are the  notes from the WordPress News section tonight’s WordPress Cambridge meeting (November 13, 2017).

Slides are here (all content is replicated in the post below, so take your pick):

WordPress News slides. Click to open PDF

WordPress News is a new part of the meetup. A quick 10 minute update on all things WordPress. Feel free to give feedback on the presentation.

Top Stories

WordPress 4.9 due to be released tomorrow

For full feature summary see: https://codex.wordpress.org/Version_4.9

New features include:

Save and Schedule Theme Changes in Customizer

WordPress 4.9 will introduce saving theme customizations as draft. Now when you make changes to a theme using the customizer, you will have an option to save your changes as a draft instead of making them live.

This new feature will also allow you to share the preview of changes with a url. You can send this URL to any user, and they will be able to see your website with the changes made in that particular draft.

Want to publish your theme changes at a specific time? WordPress 4.9 will also allow you to schedule changes.

For more information on this see:

http://www.wpbeginner.com/news/whats-coming-in-wordpress-4-9-features-and-screenshots/

https://make.wordpress.org/core/tag/4.9+dev-notes/

Add shortcodes and embedded media into widget areas

WordPress 4.8 brought media widgets including rich text, audio, image, and video. WordPress 4.9 will introduce the new gallery widget, as well as shortcodes and embedded media.

This will allow users to better access to adding content into widget areas. For example sidebars, header and footer areas.

As an example contact form plugins often generate a shortcode which you add to a page or post to display. Now you will be able to also add such a form to a footer on your site.

See: https://wptavern.com/wordpress-4-9-will-support-shortcodes-and-embedded-media-in-the-text-widget

Better user management for activating plugins

It is now possible to manage capabilities for activating and deactivating plugins more granularly through the following new capabilities:

activate_plugin checks whether a user can activate a specific plugin. When checking the capability, it gets passed the plugin file (such as current_user_can( ‘activate_plugin’, ‘my-plugin/my-plugin.php’ )).

deactivate_plugin works similar to activate_plugin, but checks whether a user can deactivate a specific plugin as the name indicates.

deactivate_plugins allows to check whether a user can generally deactivate plugins

See: https://make.wordpress.org/core/2017/10/15/improvements-for-roles-and-capabilities-in-4-9/

WordPress 4.9 Protects Users From Fatal Errors Created in the Theme and Plugin Editors

Over the years, there have been many discussions and debates on whether or not WordPress should have a built-in file editor for themes and plugins. The file editors, while convenient, allow users to easily trigger fatal errors that can be difficult to fix, especially if they don’t have FTP access.

Instead of removing the editors from core, the WordPress development team has enhanced them by adding fatal error protection in WordPress 4.9. When a user accesses the theme or plugin editor for the first time, they’re presented with warnings.

If you try to save changes to a file and WordPress detects a fatal error, the change is not saved and a warning message is displayed that explains where the error occurred

In addition to safety features, the code editors are powered by CodeMirror, an open-source, JavaScript powered text editor that adds features such as line numbers. The plugin editor includes the ability to look up documentation for filters, hooks, and actions with many of the links pointing to the new WordPress Developers Resource site.

See: https://wptavern.com/wordpress-4-9-protects-users-from-fatal-errors-created-in-the-theme-and-plugin-editors

Better mapping for widget areas when switching between themes

Sometimes widget areas and even menus could become ‘lost’ when switching themes, because different themes have different names for menus and widget areas. 4.9 tries to fix this by trying to match up widget and menu areas from one theme to another.

Other news

GDPR for WordPress Project Seeks to Provide a Standard for Plugin Compliance

WordCamp Denmark organizer Kåre Mulvad Steffensen and WP Pusher creator Peter Suhm are working on a GDPR for WordPress project that aims to provide an industry standard for getting plugins compliant with EU General Data Protection Regulation (GDPR) legislation. The deadline for compliance is May 28, 2018, approximately 200 days from now.

See https://www.gdprwp.com/

Woocomerce – Introduces Robot Ninja

A tool to provide continuous testing of your site’s storefront, which provides warning if functionality fails, so you can make quick corrections and avoid a loss of sales

Find out more at https://robotninja.com/blog/introducing-robot-ninja/

Gutenberg Development Advances

Up until the release on October 24, Gutenberg did not support the meta boxes that so many WordPress content creators rely on. The new editor now has initial support for meta boxes as well as a host of other critical features for content creation.

WordPress 4.8.3 Security Release

At the end of October, WordPress 4.8.3 was released containing an important security fix for all previous versions of WordPress. If your WordPress installation has not updated automatically, please update it now to protect your site.

Take the 2017 Annual WordPress User Survey

The annual WordPress User Survey is a great opportunity for you to provide your feedback about how you use WordPress. This year is no exception, as the 2017 WordPress User Survey is out now. See https://wordpressdotorg.polldaddy.com/s/wordpress-2017-survey

October 2017 Meetup: Managing WordPress & WP Transients

Managing WordPress

Steven Watts of Newt Labs talked about WordPress management, which also included a quick introduction to Slack – an instant messaging/support system.

See the slides below:

Click on the image above to see the slide (pdf format)

This is a cut down version of the presentation, for more see https://www.slideshare.net/StevenWatts8/managing-wordpress

Takeaways: where to get help, how to setup a staging site, a backup strategy, quick security wins, eyes on your site, and a better understanding of quality hosting.

Slack – We at WordPress Cambridge have two channels. There are a bunch of UK channels, and also a bunch of international channels. You can stay in contact with the Cambridge group, and get help/support from the UK and internationally.

Newt Labs is a sponsor of our Meetup group. They provide site care for WordPress websites by providing unlimited small fixes, implementing best practices and taking care of ongoing technical tasks. Keeping WordPress sites secure and effective, from £49 a month.

WordPress Transients API

Adam Maltpress of http://maltpress.co.uk/ talked about the WordPress Transients API.

Transients help speed up your site by reducing the number of database queries needed to create a page. We discussed the code needed to start using transients in your theme or plugin as well as looking at a couple of ways of measuring your code’s performance while developing and testing. We also discussed some of the issues around caching content and the compromises involved.

See the slides below:

Transients API presentation cover
Click on the image above to see the slides (PDF format)

Blogging

Several presentations from Dawn, Chris and Jonathan on the theme of blogging for this meeting!

Content ideas for blog posts – Dawn Fisher

First up was Dawn Fisher of Remedial Massage Treatment.co.uk/

Dawn has been using her site to find customers for around 10 years and her blog is an integral part of this. She spoke to us about the way she creates her blog posts.

The first step in a successful blog (and for each successful post) is to work out what the purpose of it is. You should aim to attract (and retain) people who are actively looking for your goods or services. Ask yourself what they might want to know, and write about it.

Using Google Analytics is also important – it helps you find out what search terms are bringing to your site: you can use these to write your blog.

Another useful technique is to ask your past visitors and customers what they found interesting on your site. You should also make note of what your customers ask you most: these are the sorts of questions people will be searching for online.

Dawn keeps a notebook of ideas for blog posts and suggested that, rather than writing brief notes or titles, you should write out as much of the post as soon as you can – short notes might not mean much when you come back to them! These notes might be about the day’s interesting challenges or questions or just topics which come to you in a flash of inspiration. Topics may also come from the things you read. Wherever the topics come from, it’s important to keep everything – even those unfinished posts – so you can revisit them in future if inspiration strikes. Returning to an old post and writing an updated version can also create new content for you!

One part of Dawn’s success is down to keeping a human side to her posts: not just writing technical jargon, but writing for your audience. It’s a hard balance: you need to be technical enough that other experts respect you, and that customers know that you know your subject, but not so technical that you’re not understood by the layman.

Regardless of where your inspiration comes from, make sure you check your spelling and grammar – nothing undermines your point faster than a poorly written post.

Cats and Tags – Chris McMahon

Next up was Chris McMahon of Very Simple Sites

Blog post covering talk – https://verysimplesites.co.uk/categories-tags-wordpress/

Chris talked about categories and tags and how you can use them to organise your blog’s content in WordPress

DISCLAIMER don’t just change cats and tags without adding 301 redirects

Content needs organising just like libraries

Yoast is a good example of cats and tags – easy to see the cats they have and the different content available

Don’t do it for seo so it for your readers

You need to think about and plan your websites structure before you start writing

Use pages and posts accordingly. Pages can be inferior to pages for content that is time based – getting content out there and seen as and when..

Cats can be broad and must be used, they are hierarchical

Tags are flat and optional

Cats is contents page (or umbrella)
Tags is index (or raindrops)

Did a group exercise to see what could be cats and what could be tags. There are actually many possibilities depending on your blogs focus.

Suggestions/best practice

Less is more – limit categories
Put post in one cat but there are reasons when you might put in more
You don’t have to use tags……….
You can have many tags but limit them to not look spammy
Do not have tags that only apply to one post

If you want you can use neither and just rename the default cat form uncategorised to something like general/updates etc
You can noindex the archive page for this term so it’s unused

Archive pages should be used as standalone pages – add an intro, some more info, you can even sticky posts on these pages sometimes depending on theme plugins etc.

Cat and tag pages can be used for seo

Yoast keeps it simple and well organised they use few tags and cats per article

Only a handful of cats for a clean site structure

Don’t forget your category archive pages! Fill out the fields provided by the Yoast seo or other plugin. Make them descriptive and relevant.

In permalink settings you can change your category base i.e. Decade instead of category.

The whys and hows of micro blogging – Jonathan Whiteland

Slides – https://whiteland.net/jonathan/static/presentations/micro_blogging.html

Click on the above and use cursor keys to scroll left and right… or visit https://whiteland.net/jonathan/static/presentations/micro_blogging.html

Last but not least was Jonathan Whiteland

It’s like blogging….. but smaller..

Think social media updates

Why?
Ownership
Independence
Control

How are people going to find it?
A platform like WordPress.com or a
Self hosted WordPress website on micro.blog

WordPress has support for this such as shorter post formats, post categories (separate from your main blog)..

Plugins
Jonathan’s plugin – A few micro blogging tweaks
Another – character count for post content and excerpt

Micro.blog “a new social network for independent micro blogs” micro.blog

Vision is to take feeds from people that have their own micro blogs and combine them (a bit like twitter).

You can cross post with services like twitter using apps like ifttt to push to twitter your micro blogs

Can do via WordPress app on your phone when out and about.

Json feed – similar to rss and atom but in json – check it out! Jsonfeed.com.

Aftermath

Simon talking about potentially moving the wp meetup to the bradfield centre.

Need a sponsor for tea coffee snacks

Security with Tim Nash

Another amazing guest speaker – this time Tim Nash of 34SP.com (and timnash.co.uk).

Tim is the platform lead at 34SP.com for their Managed WordPress product in addition to being the company’s Developer Advocate.

Tim’s presentation managed to be both scary and reassuring about security: making it clear that security is everyone’s responsibility but also that there are plenty of things we can do to make our sites secure.

Tim pointed out that sites are as likely to be hacked if they’re running a security plugin as they are if they’re not! This underlines the fact that plugins only really fix one small part of a larger security process which includes making sure the server is set up correctly, that people are sensible with the way they use passwords, and that site administrators set up users correctly.

It’s important to make sure that users are only given the permissions that they need and that sites have as few administrators as possible. Some site owners have two accounts – an editor and an administrator – and purposefully change their administrator password to something ridiculous so it’s impossible to log in with it unless it’s reset using the site’s database. Others add alerts to their sites which make it really clear when logged in as an administrator and they may have too much power!

In terms of passwords, most have been leaked at some point so it’s important to change them regularly and never use the same password for multiple sites.

Whether you use a password manager or not (see Keypass and Keeweb, password length is far more important that complexity (i.e. combinations of letters, numbers and special characters) so an increasingly popular way of handling passwords is to use pass phrases

Two factor authentication (using a phone app to provide a special login key every time you log in) is another great way to increase your site’s security. There are several plugins which add two-factor authentication to your site. Just make sure you print (and keep safe) your backup codes! The best method is to combine a long pass phrase and two-factor authentication.

Keeping everything up to date is also vitally important – core WordPress, plugins and themes (even if they’re not active) and don’t pirate themes which might not be updateable. Using child themes, as ever, is strongly recommended. Tim pointed out it’s worth updating even if it breaks little things – it’s better to have a secure site.

Site monitoring is a handy tip Tim gave us: use visual regression testing, which takes a visual snapshot of your site (or part of your site) and warns you if it looks different. Visualping.io is one example of a visual regression testing service. Testing backups when you take them is also really important – and it’s handy to automate this as much as you can, if you know how!

Hardening WordPress refers to making sure the server is set up correctly. There’s a great guide at https://codex.wordpress.org/Hardening_WordPress

Finally, use HTTPS on everything! We’ll be covering HTTPS in more depth in a future meetup but in the mean time it’s worth checking the sort of HTTPS/SSL certificate your hosting service can provide you with. You shouldn’t need to pay – there are plenty of free services available now, inlcuding Amazon.

Graphic Design with Mario Prelorentsos

We were very fortunate to be able to welcome Mario Prelorentsos of JDJ Creative to talk to us about graphic design – in particular the use of colour.

In addition to a number of great points of interest (green is the colour of the year 2017, for example!) Mario provided us a number of links to handy sites for stock photography and other design resources:

500px

Unsplash

Death to the Stock Photo

Book: Brainfluence

Smashing Magazine

Abduzeedo

You can see Mario’s presentation here:

JDJ-Colour Presentation

Google Analytics: Enlightening Talks

Time for more lightning talks – this time our topic was Google Analytics.

The presentations covered a lot of material in quite a lot of depth so it’s well worth looking through the slides (and resources they link to).

Graphic Design Goldfish Bowl

In a change to the planned presentation, we ran a “goldfish bowl” group discussion around graphic design – so no slides to share! Thanks to everyone who contributed and we’ll be running more goldfish bowls later in the year.

Hubspot and WordPress comparison

We were very lucky in February to welcome Eric Swain of Equinet Media for an in-depth discussion of Hubspot, the inbound marketing platform.

Hubspot was founded in 2006 in Boston, Mass. and has since gone public. They have around 20,000 customers in 100+ countries, making them an important player in web content and marketing.

Hubspot isn’t primarily a content management system, although it does include one (although they call it a “content optimisation system”). Instead, it’s a series of tools for tracking and identifying potential leads – so, for example, someone who visits your site from a link in an email can be tracked across all their interactions with you as they move from suspect through prospect to customer. As the user visits the site, they’re asked to fill in forms to get hold of more content (white papers and so on).

This tracking allows Hubspot to create a progressive profile of your customers and to present them the content they want to see.

This is the main difference between Hubspot and WordPress is that WordPress is a blogging platform which has evolved into more, while Hubspot is a CRM system which has evolved in to more.

For more details take a look at the Hubspot site, the Equinet Media site, or download Eric’s presentation.

Workflow

The first meetup of 2017 covered the workflow of various developers.

  • Chris O’Dell uses Microsoft’s Visual Studio with a PHP plugin and Team Foundation Server as a code repository. Chris doesn’t version control his WP core files, and is meticulous in keeping version notes and his check in routines.
  • Jonathan Whiteland has rather an esoteric setup working between three different desktop machines, using BBedit for code editing and Git (GitHub) as an analogue of Dropbox – storing working files in Git and deploying to dev and then live as needed.
  • Ben Attenborough uses DesktopServer as a local dev server with Bitbucket for Git storage. Ben also uses Gulp for running tasks like concatenation, SASS pre-processing and so on. Ben pushes changes through Git, rather than FTP. Ben also introduced us to Kint and Whoops, two excellent ways to make PHP var dumps and error messages more useful.
  • Adam Maltpress shared some of the software he uses for work and sanity, including the NetBeans IDE. Adam uses either Git or SVN for version control, and tries to build sites as database agnostically as possible – they should work as well with test content as with real content!
  • Simon Bragg uses Xampp, the Duplicator WordPress plugin, and FileZilla as well as the NetBeans IDE (using its built-in SASS pre-processing). This prompted a big discussion around the PHPStorm IDE.
  • Steven Watts then took us through his infographic on setting up a WordPress site and some of the key plugins he uses.

You can download the presentations for the meetup here.