Disqusting

A Sponsored Comment can use all types of media to get the point across, just like any other Disqus comment. But they’re not part of the discussion happening on that page. Comments to the ad are driven to a separate landing page just for that ad. This keeps the core commenting experience uninterrupted and publisher communities just as they were. That’s the best of both worlds.

So Disqus, one of the larger comment plugins used on many sites, just added sponsored comments to their product. Yuck. Not only that, but the replies to said comments – which I bet are going to be a cruel and negative cesspool – will live in their own little bubble.

How quaint. from their website, “Everything you need to build a community, turn down the noise and turn up new revenue.” You had me at community, and lost me immediately after.

I have to agree with Matt,

“I was just reading some comments the other day and thinking how it’d be great to see some sponsored brand content there instead of users, like there already was on the rest of the page. Glad there’s a solution for that on a global basis now.”

This is probably a good time to highlight other, non creepy, solutions for comments on your site. Say Jetpack or Discourse?

Matt Mullenweg on the “State of the Word 2014”

The mission of WordPress is to democratize publishing, which means access for everyone regardless of language, geography, gender, wealth, ability, religion, creed, or anything else people might be born with. To do that we need our community to be inclusive and welcoming. There is beauty in our differences, and they’re as important as the principles that bring us together, like the GPL.

There are thousands of reasons why a person might pick one technology over another. Cost, support, growth, platform, user interface, etc.

The biggest one to me, and one that I’m happy to say WordPress embodies well, is the culture and community around such technology. After watching Matt Mullenweg give his State of the Word presentation at our WordCamp San Francisco Viewing Party, I’m glad to have aligned myself with such an awesome community. I want to work to use technology like WordPress to make other’s lives more rich. To improve my own knowledge of technology. To better myself as a person and be more including and welcoming.

Here’s to the future growth of WordPress, and all those who make it what it is. Grand.

Matt Mullenweg on holding “Auditions”

“…every final candidate to work with us for three to eight weeks on a contract basis. Candidates do real tasks alongside the people they would actually be working with if they had the job…The goal is not to have them finish a product or do a set amount of work; it’s to allow us to quickly and efficiently assess whether this would be a mutually beneficial relationship. They can size up Automattic while we evaluate them.

http://hbr.org/2014/04/the-ceo-of-automattic-on-holding-auditions-to-build-a-strong-team/ar/pr

Automattic seems like a cool place to work.

Responsive WordPress Theme and Advanced Custom Fields

This is a rather simple little hack, but came in handy with a site I recently I built.

By default, editing theme options are limited to Administrator accounts in WordPress. For themes like Responsive this means that you must have all your clients logging in as administrators. The admin-level dashboard clutters the navigation with many things most clients should never touch. Another solution would be to modify permissions and create custom permission levels to access those theme options.

Neither seemed very elegant to me. After training with the client, she asked why couldn’t they edit the “Home” page under Pages. Which makes sense. If you manage all of your other pages there, why not the home page!?

Here’s a quick tutorial on how you can use the very awesome Advanced Custom Fields in conjunction with the default Responsive home page layout to manage your homepage content.

First, install ACF if you haven’t already.

Second, create a new page and call it Home.

Because you’re using a child theme you’ll want to copy front-page.php from the Responsive theme into your child theme directory.

Open it up in your favorite editor and look for this section:

<div id="featured" class="grid col-940">
	
		<div class="grid col-460">




			<h1 class="featured-title"><?php echo $responsive_options['home_headline']; ?></h1>
			
			<h2 class="featured-subtitle"><?php echo $responsive_options['home_subheadline']; ?></h2>
			
			<p><?php echo $responsive_options['home_content_area']; ?></p>
			
			<?php if ($responsive_options['cta_button'] == 0): ?> &nbsp;
&nbsp; &nbsp;
				<div class="call-to-action">




					<a href="<?php echo $responsive_options['cta_url']; ?>" class="blue button">
						<?php echo $responsive_options['cta_text']; ?>
					</a>
				
				</div><!-- end of .call-to-action -->




			<?php endif; ?> &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;
			
		</div><!-- end of .col-460 -->




		<div id="featured-image" class="grid col-460 fit">&nbsp;
							
			<?php echo do_shortcode( $responsive_options['featured_content'] ); ?>
									
		</div><!-- end of #featured-image -->&nbsp;
	
	</div><!-- end of #featured -->

Notice all those echo $responsive_options calls? Those are the hooks the Responsive theme uses to pull the information you put on the homepage under Appearance->Theme Options->Home Page. We want to move those to the page called Home along side all of our other pages.

What we’ll do is create a Field Group in ACF for all the fields on the homepage.

  • Title
  • Subtitle
  • Content
  • Video Link
  • Call to Action Button Text
  • Call to Action Button Link

Here’s and example of what your field group should look like.

Screen Shot 2013-04-04 at 2.09.34 PM

Make sure you also set this field group to show up only on the Home page you created earlier.

Screen Shot 2013-04-04 at 2.18.34 PM

Depending on your preferences you might also hide other fields on the screen – such as the Content Editor, Discussion and Comments.

Now from here you simply replace the responsive_option references with calls to your new ACF fields.

For example:

<?php echo $responsive_options['home_headline']; ?>

becomes

<?php the_field('home_title'); ?>

and

<?php echo $responsive_options['cta_url']; ?>

becomes

<?php the_field('home_call_to_action_button_link'); ?>

The end result is something that looks like this:

<div id="featured" class="grid col-940">
	
		<div class="grid col-460">




			<h1 class="featured-title"><?php the_field('home_title'); ?></h1>
			
			<h2 class="featured-subtitle"><?php the_field('home_subtitle'); ?></h2>
			
			<p><?php the_field('home_content'); ?></p>
			
			<?php if ($responsive_options['cta_button'] == 0): ?> &nbsp;
&nbsp; &nbsp;
				<div class="call-to-action">




					<a href="<?php the_field('home_call_to_action_button_link'); ?>" class="blue button">
						<?php the_field('home_call_to_action_button_text'); ?>
					</a>
				
				</div><!-- end of .call-to-action -->




			<?php endif; ?> &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;
			
		</div><!-- end of .col-460 -->




		<div id="featured-image" class="grid col-460 fit">&nbsp;
							
			<?php&nbsp;
				
				$video_url = get_field('home_video_link');
				echo wp_oembed_get( $video_url, array( 'width' => 440, 'height' => 440 ) );
				
			?>
												
		</div><!-- end of #featured-image -->&nbsp;
	
	</div><!-- end of #featured -->

You’ll notice that I’m also using WordPress’ wp_oembed_get function to embed the YouTube URL in the featured image section. This way all the folks managing content have to do is insert the YouTube URL and WordPress handles the rest.

Once you’re done all you have to do is visit your Home page and update the fields!

Screen Shot 2013-04-04 at 2.28.22 PM

WordPress & Security Notes From The St. Louis WordPress Developers Meetup

This week at the The St. Louis WordPress Developers Meetup we discussed tips and tricks on how to ensure your WordPress installations are as secure as possible. I’ve collected my notes below.

For further reading, check out Eric Juden’s notes as well.

Things you can do “Out of the Box”

  • Check the Codex for some general tips on Hardening WordPress.
  • Check your file permissions to make sure they are as secure as possible.
  • Change default “wp_” prefix to something unique. This is used by MySQL injections that search specifically for “wp_” (As Ken Johnson points out in the comments of the WordPress Meetup, this is probably only a good idea on new installations!)
  • Delete Default Admin account. You should never post from admin as it looks dorky and gives away that you’re using WordPress.
  • Use strong passwords! Don’t give clients the same lame password over and over. Be unique.
  • Delete unused themes and plugins. They just take up space and are yet another vector for attacks.
  • Use Akismet for managing comment spam. Not exactly security, but part of decreasing the amount of time you dedicate to meddlesome maintenance.
  • Hide your version number and change the readme.html file to something random. Nefarious people are looking for easy targets, changing things up a bit makes these automated attacks more difficult to pull off.
function remove_wp_version() {
     return '';
}
add_filter('the_generator 'remove_wp_version');

 

  • Change Salts often – you can even use this handy tool to generate new ones – https://api.wordpress.org/secret-key/1.1/salt/
  • Move wp_config.php to the directory above public_html. If they can’t get to it via the web, they can’t see your database username/password or salts.
  • Update your stuff. Here’ a list of security fixes just in 3.5.1 alone!
    • Server-side request forgery (SSRF) and remote port scanning via pingbacks. Fixed by the WordPress security team.
    • Cross-site scripting (XSS) via shortcodes and post content. Discovered by Jon Cave of the WordPress security team.
    • Cross-site scripting (XSS) in the external library Plupload. Plupload 1.5.5 was released to address this issue.
  • Find a good, respectable host! someone who keeps up with new version of PHP, MySQL, etc. – not GoDaddy.
  • When all else fails, having a good backup will be your last line. Test your backup regularly.

 

Extra Things You Can Do

Some useful plugins that can help give a piece of mind or help with managing WordPress.

 

Further Reading

http://www.netmagazine.com/tutorials/protect-your-wordpress-site-htaccess

http://wpsecure.net/secure-wordpress-advanced/

 

Themes Mentioned During the Chat

 

Join Us

If you’re thinking about attending one of the meetings I encourage you to do so. The diversity of knowledge and skill sets almost guarantees that there’s something new to learn. Everyone is approachable and there to share and grow together.