Tag: WordPress

Custom Code is the Biggest Vulnerability of a WordPress Site

I am in the middle of fixing custom code that caused a fatal error with processing Woo Commerce orders on a client website. It took several days to find enough patterns that allowed diagnosis of the issue. This was followed by examining the error logs and code base to find what was causing the problem and creating a solution to test.

Experience has taught me that the more features (and code) a site has, the greater the chance of a vulnerability. This is doubly true for code written by fellow developers. Greater attention to resources for testing, documentation and QA is essential for keeping a site with custom code stable.

As a consequence, I’ve become frugal with any type of site features that isn’t supported by a third party. Not only does this approach cut down on maintenance, it also makes WordPress websites more stable. Plugins authors spend ample resources on both testing and security, as there are many customers depending on the stability of their software. With custom software, all this must be handled exclusively by the client…

March 21, 2024

Rebuilding the Search Index is much faster with SearchWP4

The annoying part of working with SearchWP on a large site was waiting for the search index to rebuilt. Working on a site with over a thousand Woo Commerce products with often lead to a multi-day rebuilt time for the search index. This made troubleshooting and debugging a slow and expensive process.

After upgrading to SearchWP 4 from SearchWP 3, index rebuilds on the same site takes less than ten minutes. This allows me to make modifications and changes for clients much less frustrating. I expected improvements with the new version though my expectations have really been exceeded.

Along with making work easier, the SearchWP interface has been updated giving a more intuitive layout. Still my whole approach to website creation is to avoid the need for a plugin like SearchWP in the first place. However, with this major update, websites using this SearchWP 4 will see some major improvements.

March 12, 2024

10 important checks for your WordPress site

  1. Is your site running regular backups?
  2. Are all your website themes and plugins maintained and updated regularly?
  3. Is your website login page protected with multi-factor authentication?
  4. Is the loading time of your home page under 3 seconds?
  5. Does your site have any browser console errors?
  6. Do you have a notifications set up for when your site is offline or experiencing a critical error?
  7. Are your contact forms sending out emails after submission?
  8. Is your site using a secure web host running the latest stable version of PHP?
  9. Is your site usable on mobile devices?
  10. Is your site using HTTPS with a current SSL certificate?

March 8, 2024

Effective WordPress design uses the Gutenberg Editor

Designs built around the Gutenberg editor lower the maintenance costs for websites and lead to intuitive editing experiences. Gutenberg is the built-in editor for WordPress and now competes with themes (Astra, Generate Press etc.) and page builder plugins (Divi, Elementor, Beaver Builder etc.). These competing themes and page builders offer advanced features at the cost of an ongoing subscription and a more complicated editing experience.

The default WordPress experience is steadily catching up to the capabilities of competing platforms. Gutenberg has features that make popular page builder plugins redundant or even unnecessary. The growth of these built in features allow website owners to spend time and energy solving other problems such focusing on customer support.

As a WordPress website grows in content and complexity, having a simpler foundation leads to a reduced need for training and expertise when making content updates. Complex sites often wind up with multiple plugin subscriptions and having a few less monthly payments to worry about is welcome by most clients. The decision to incur the additional cost of creating an advanced website design should be left up to website owners rather than the preferences of a web designer.

March 7, 2024

Pull the WordPress database, push the code

Multi-environment (development, staging, production, etc.) WordPress websites can follow a very simple deployment strategy. The database should only be pulled from a production website while code changes should be pushed to a production site. This method uses a technique called “two-way data flow.”

This method breaks from a standard software engineering practice of pushing a website from a development to production environment due to the design (and versatility) of the WordPress database. WordPress plugin authors often use the built in database tables of WordPress rather than making separate tables that can be individually tracked. Thus, many WordPress developers respond by depending on the built in version control of WordPress, manual backups, or import/export functionality to manage content changes. Pull the database.

Code changes, even if created with a code snippet plugin, should always be tested on a copy of a the live site. These changes can be migrated after successful testing. This strategy prevents critical site errors from happening on a production site. Push code.

March 6, 2024

Use the built-in features of WordPress instead of customizing

WordPress is a modern CMS with lots of features for content editing. Developers and designers coming from different platforms often over-engineer or introduce their clients to cumbersome and unnecessary processes. Using and designing for built-in features of WordPress is a great way to keep websites simple and prevent unneeded costs.

Some developers encourage clients to only make changes on a copy of their website commonly known as a staging or development site and then publish those changes to their live site. This workflow doesn’t go work well with the architecture of WordPress and disregards the built in version control for posts and pages. Its much easier to make content changes on the live site and depend on version control and backups for correcting mistakes.

Another common WordPress mistake is creating a custom functionality for design that WordPress isn’t able to accommodate natively. This causes website clients to incur extra expenses on development and plugins. In my opinion is always better to adapt a design to the built-in capabilities of WordPress rather than create custom functionality or use feature plugins.

March 5, 2024

Best Practices for the web don’t transfer to WordPress

Web developers make huge mistakes when bringing best practices in web development to WordPress. This confusion results from not respecting WordPress as a full application and instead seeing it as a web framework akin to something like Laravel. Specific WordPress training and experience is essential for development teams to be successful working with WordPress.

Software engineers often look at WordPress with a disdain and develop an insatiable urge to fix all of its quirks and idiosyncrasies with their own custom project. Then sometime later these same developers find the urge to go rescue some other fumbling software project or chase the latest programming language and end up abandoning all the website owners who became dependent on their software. Rinse and repeat into a cycle of frustrated business owners.

Front-end and back-end development skills are not a substitute for specific training in WordPress. Even the best developers will need to retrain their skills and gain experience and intimately get to know how WordPress works. Underestimation of what it takes to work on a WordPress project is this cause of many late night coding sessions scrambling around support forums trying to fix a critical site error or meet an impending deadline.

March 5, 2024

Versatility, the greatest strength and biggest weakness of WordPress

WordPress does a decent job at just about every web application, but its hard to find any area it excels at. This makes it an easy choice for basic websites, blogs, archives or anything that doesn’t need a high degree of customization. Extending WordPress past the basics requires extensive planning, costly plugins, and frequent maintenance.

Marketing websites, portfolios, and blogs are perfect applications for WordPress. The versatility of WordPress makes it easy to extend with additional features such as a simple media gallery or basic event calendar. Whether organizations are just starting out or long-running in their ventures, WordPress can be a great foundation.

However, the headaches begin as soon as your bite off more than you can chew. Small businesses and development teams working on large WordPress websites get swamped trying to maintain what they thought was a simple and easy to use platform. If your needs are specific it really pays to explore platforms that cater to a specific use case rather than invest in a general purpose application.

March 5, 2024