Guidelines for Plugins that Include Company and/or Product Names in the Plugin Name

When submitting plugins to the repository, there are a number of guidelines for what is and is not acceptable. One of those guidelines has to do with the name of your plugin, especially when it includes the name of a company, trademark, or product.

If you have submitted a plugin and received a rejection email that started with something like the quote below, it means you need to adjust the name of your plugin.

We’re no longer accepting plugins that include a trademarked product name or term as the name or slug of a plugin. Nor are we accepting plugins that include the name of another plugin at the beginning of the name/slug.

Before you submit your plugin for review, take the name of your plugin into consideration and try and pick a name that will not be rejected. To help you choose a better name, here are a few guidelines to keep in mind.

Your plugin includes the name of a company, trademark, or product

Take WooCommerce as an example.

The following names will be rejected:

  • WooCommerce – Product Add Ons
  • WooCommerce – Better Stats

We will, however, accept the following (if not already taken):

  • Product Add Ons for WooCommerce
  • Better Stats in WooCommerce

One of the key points is that your plugin’s name cannot start with the company/trademark/product name.

Here’s another example. Stripe Payments will be rejected. Payment Form for Stripe will be accepted (if available).

You work for the company whose product’s name you are using

You are permitted to submit plugins that include the company/trademark/product name If you work for the company owns it.

For example, if you work for PayPal, you may submit a plugin named PayPal Payments.

In order to have your plugin approved, you must submit the plugin from an official company account. This usually means the email address on the account is {yourname}@{company}.com If you submit it from a non-company account, your plugin will be rejected.

You do not work for the company but you have permission to use the company/product/trademark in your plugin’s name

In this case, we will ask you for proof of written permission from the company that explicitly states you have permission to use the name.

For example, if you wish to submit a plugin called Gravity Forms – CSV Exporter, you must have proof of written permission from Rocket Genius, Inc. to include Gravity Forms in the name.

Please provide proof with your initial submission, otherwise it will be rejected.

Questions, Feedback, Comments

If any of this is unclear or you have comments or questions, feel free to leave them below. User Experience

I’m embellishing a bit here, and experienced WordPress users may think the Admin Dashboard is obvious, but try to imagine how this process feels to someone who’s never used WordPress? How would they know that customize isn’t the website editor? How would they know they needed to find the Admin Dashboard?

My wife is always so frustrated with the authoring experience on and this review reminded me of how bad it actually is.

Never lose a single business lead or enquiry again! Get my latest plugin Storage for Contact Form 7 now!

Buy now for only $18 →

General Recommendations for GlotPress WordPress Plugins

At the GlotPress weekly chat last week and this week, a group from the community decided to work on an experimental plugin that moves GlotPress code into a WordPress plugin. In doing so, they expect that there will be future WordPress plugins that are meant solely for integrating with the GlotPress plugin.

During the chat, a couple of recommendations were proposed:

  1. WordPress plugins built solely for GlotPress should use “gp” at the start of their plugin slug for easier identification.
  2. Similarly, these plugins should add the “glotpress” tag to their Readme file for easier discovery.

Again, these are just recommendations and not requirements for any plugin in the directory. If you’re a plugin developer that’s interested in GlotPress-the-plugin, read through the summary and get involved!

Protocol Relative Enqueues

With the http/2 and https features of WordPress on the future plan, it’s time for a reminder about how to enqueue things. If you haven’t read John’s post about https configurations, please do. We want to make things work well for everyone and future proof your code :)

A common method to enqueue fonts is to use the CSS url like this:

wp_enqueue_style( 'my_awesome_css', '' );

The problem with this, as we move to more and more of an https world, is that will cause errors with people who want that beautiful green padlock. In order to make their life easier, please use protocol relative URLs in your enqueues:

wp_enqueue_style( 'my_awesome_css', '//' );

It’s really that simple. The future will thank you.

Edit: Yes, if a url has HTTPS and you can use it, use it. Eventually we’ll all be https and none of this will matter, but hard coding in http is making life difficult :)

The Web Won’t Forget Alex King

If you use a WordPress site, either as a visitor or owner, you’re using code that Alex King, one of the original developers of WordPress, worked on.

He passed away after fighting cancer for 2 years but his online presence lives on in the form of his blog with it’s deep archive of posts going back years, and in so much code that it’s humbling to look at his projects page. Looking through the svn log of WordPress trunk shows he still had a hand in helping the WordPress project until relatively recently:

trunk$ svn log|grep alexkingorg
props alexkingorg for the initial, long-suffering patch.
props alexkingorg. fixes #24162.
Props alexkingorg
`` instead of just `media`. props alexkingorg, see #22676.
Add $post_ID context to the pre_ping filter. props alexkingorg, devesine. fixes #18506.
Add filter so the users can select custom image sizes added by themes and plugins, props alexkingorg, fixes #18520
esc_textarea() and application for obvious textarea escaping. props alexkingorg. fixes #15454
Escape links by default. Props alexkingorg. see #13051
Safely include class-json.php, class-simplepie.php and class-snoopy.php, props alexkingorg, fixes #11827
Fix user creation from admin after changes for #10751. Fixes #10811 props alexkingorg.
Hooks needed to allow alternate category admin inteface. Props alexkingorg. fixes #3408
Wrap cat name in CDATA. props alexkingorg. fixes #3252

I’m sorry I never met Alex, however I remember working virtually with him and Adam Tow on AllThingsD which seems like a lifetime away now. Adam has a great article on Alex on his blog, as does Matt who went into detail about Alex’s involvement with WordPress going back to the days of b2. I had completely forgotten the CSS competition he mentioned!

Alex, your legacy lives on.

Related Posts

WordPress 4.4 Removes the View Post and Get Shortlink Buttons From the Post Editor

In WordPress 4.4, the View Post button in the post editor is disappearing in favor of a clickable permalink. Four years ago, Scribu, who is a former WordPress contributor, created ticket #18306. In the ticket, Scribu explains that the View Post button is redundant functionality and suggests that it be removed in favor of a clickable permalink.

Here are two screenshots of the post editor. The first is WordPress 4.3 and the second is WordPress 4.4. Clicking the permalink allows you to preview the post in its current state. Notice the slug part of the URL is in bold. You need to click the Edit button to edit the permalink.

WordPress 4.3 Post Editor
WordPress 4.3 Post Editor
WordPress 4.4 Post Editor
WordPress 4.4 Post Editor

Not only does this change remove redundant functionality, it removes a UI element from the page. Enhancements like these are a huge win for WordPress because it makes the interface simpler without permanently removing the button’s purpose.

In addition to the View Post button, the Get Shortlink button is also removed. The button shows up if you’re using a custom shortlink and can be re-enabled using code or a plugin. For most users, the Edit button is the only one they’ll see between the post title and content box.

I expect some users will be frustrated as they go through the process of changing their workflow but overall, I think it’s a great improvement. What do you think?

If you’re using the WordPress beta testing plugin by Peter Westwood, I encourage you to set it to bleeding edge nightlies and update your site. You’ll be able to test this change and others during the WordPress 4.4 development cycle.

How to Add Content Upgrades in WordPress and Grow Your Email List

Recently when our founder Syed Balkhi shared his 14-point pre-publish blog post checklist, many of you asked about how did he add the bonus download offer. That’s called a Content Upgrade, and it helps you get significantly more email subscribers. In this article, we will show you how to add content upgrades in WordPress and grow your email list.

Content Upgrades in WordPress

What is a Content Upgrade?

Content upgrade is a technique where you offer your readers a chance to get exclusive bonus content by signing up to your email list. This additional premium content offered for completing an action is also known as content bribe.

Some different type of content upgrades:

  • eBooks
  • Checklists
  • Excel Worksheets
  • Downloadable PDF version of your blog post
  • Exclusive video interview related to the post
  • Bonus how-to’s for the article

Basically content upgrades have to be highly relevant to the post you’re offering it on. For example, on a post about content upgrade, we should offer a content upgrade checklist because readers of this post will find that highly useful.

Human psychology plays an important role in the effectiveness of content upgrades. The psychology principle known as Zeigarnik Effect states that people are most likely to complete a task if they initiate it themselves.

For content upgrades, it works because users initiate it by clicking on a link or an image. This makes them more likely to complete the task by finishing the sign up.

Sounds too good to be true, right?

See these stats from Syed’s website comparing a regular popup and a MonsterLinks content upgrade.

Comparison of regular popup and a MonsterLink content upgrade

The generic popup was running across the site and was seen by nearly 26000 users, out of which 744 signed up.

On the other hand, the targeted MonsterLink was placed on a single page. It was viewed by 270 people and 74 users signed up. That’s an insane conversion all from a single page without running any split-tests!

Here’s an example of what content upgrades look like:

Exclusive Bonus: Download The Content Upgrade Checklist for a step-by-step guide on how to boost your conversions with content upgrades.

Now that you know what is a content upgrade, let’s see how you can use it on your own website to get more email subscribers.

How to Add Content Upgrades in WordPress?

Content upgrades can be added to any web page using MonsterLinks feature in OptinMonster.

OptinMonster is the best conversion optimization software in the market. It allows you to add beautiful opt in forms like lightbox popups, scroll-triggered slide-in forms, floating bars, sidebar optins, below the content forms, etc.

It is super fast and works beautifully with WordPress powered websites.

Syed started OptinMonster to use on WPBeginner, and we increased our email subscribers by 600%.

Note: if you don’t have an email list, then check out our guide on why you should start building your email list right away.

Step 1: Setting up OptinMonster

First you will need to install and activate the OptinMonster plugin on your WordPress site.

Upon activation, click on OptinMonster menu item in your WordPress admin bar. You will be asked to provide your OptinMonster API username and key (the basic plan of OptinMonster is sufficient for offering content upgrades).

OptinMonster API Credentials

You can find the API information under your account on the OptinMonster website. Simply login and then click on the API link.

OptinMonster API Keys

Next, copy and paste API username and key into OptinMonster plugin page and then click on connect to OptinMonster button.

Step 2: Create a New Popup Optin

Once you are successfully connected, you need to click on the create new optin button.

Create new optin

This will take you to the OptinMonster website. You need to give your optin a title and select your website from the drop down menu. Next, choose lightbox as your optin design.

You will see previews of all the different themes. You can select any one of them as your starter theme.

This will bring you to the OptinMonster’s form builder where you can totally customize the appearance of your popup.

Designing your optin in OptinMonster

For content upgrades, you will need to click on the configuration tab and select “Load on Manual Trigger” option.

Load on manual trigger option

After you’re done with the customization, click on the save button before exiting the optin editor.

Step 3: Enable MonsterLink Optin on Your Site

Visit the OptinMonster plugin page on your WordPress site and click on the Optins tab. You will see your new optins listed there.

If you cannot see it there, then you should click on the refresh optins button. When you see your optin, click on the edit output settings link below your optin.

Optin output settings link

This will bring you to the optin output settings page where you need to check the box next to enable optin on this site option.

You will also need to select the post or page where you want to load this optin.

If you want to load this optin globally on any page or post, then you can check ‘Load optin globally’ option.

Optin output settings

Don’t forget to click on the save settings button to save your changes.

Step 4: Get Your Optin Slug

Return to the Optins page and copy the string next to your optin title. You will need this string in the next step.

Get optin slug

Step 5: Add Your Monster Link in a WordPress Post or Page

Adding your MonsterLink in WordPress is very simple. Switch to the text editor and add the link like this:

<a href="#" class="manual-optin-trigger" data-optin-slug="h95qqg9sqx9atrsl">Click me!</a>

You will need to replace the data-optin-slug value with the slug of your own optin.

This code will show plain link to the users however it won’t really stand out.

So how do you make it stand out? You can add a box around it like this:

<p style="background: none repeat scroll 0 0 #fffecf; clear: both; margin-bottom: 18px; overflow: hidden; border: 1px solid #e5e597; padding: 13px;">

<strong>Exclusive Bonus:</strong> <a class="manual-optin-trigger" href="#" data-optin-slug="mohlwy2grsxcvmcw">Download The Blog Post Checklist</a> to use before you hit publish.


MonsterLink displayed in a yellow box

You can also create a shortcode to make the box styling easy for future.

Simply add this code in your theme’s functions.php file or in a site-specific plugin:

function wpb_make_yellowbox($atts, $content = null) {
   return '<p style="background: none repeat scroll 0 0 #fffecf; clear: both; margin-bottom: 18px; overflow: hidden; border: 1px solid #e5e597; padding: 13px;">' . do_shortcode($content) . '</p>';
add_shortcode('yellowbox', 'wpb_make_yellowbox');

You can now add your content upgrade link in your WordPress posts using the shortcode like this:


<strong>Exclusive Bonus:</strong> <a class="manual-optin-trigger" href="#" data-optin-slug="mohlwy2grsxcvmcw">Download The Blog Post Checklist</a> to use before you hit publish.


You can also show the link with an image. This way you can make it much more prominent and attractive.

Here is how you can add the image with MonsterLink in WordPress.

<a class="manual-optin-trigger" href="#" data-optin-slug="mohlwy2grsxcvmcw"><img src="" alt="ebook download" /></a>

MonsterLink around an image will make it look more prominent

Step 5: Delivering Content Upgrade

Now we need to take a look at how to deliver the content upgrade that we promised to the user.

Your content upgrade could be anything. Syed used a checklist document in his experiment. You can use PDF, video, audio, or any other kind of content.

Once users enter their email address, you can provide them the promised content upgrade. There are multiple ways to do this:

Show Download Link as Success Message

You can show a download link as a success message inside your popup. Simply click on the edit design link under your popup.

Relaunch optin designer to configure content upgrade delivery

This will take you to the OptinMonster’s designer. Under the configuration tab, you will see the option to add success message.

Deliver content upgrade as success message

Redirect to Thank You or Download Page

You can also redirect users to a thank you page that has the link to download the file. You will find the option to redirect users under the configuration tab in the optin builder.

Redirect users upon successful signup to a download page

Send as an Email

Most email service providers offer autoresponder features where you can send welcome emails to new users. You can use it to send the download link to the user.

You will have to check your email service provider’s documentation section for instructions on how to do this.


Content upgrades are going to be the NEXT BIG thing when it comes to lead-generation. Smart marketers are already starting to use it on their sites.

Brian Dean from Backlinko, Bryan Harris from Videofruit, Neil Patel from QuickSprout, Pat Flynn from SPI, and ofcourse our own Syed Balkhi has seen phenomenal results from using content upgrades.

If you want to grow your email list, then you should definitely try out content upgrades. It will take you anywhere from 30 minutes to 1.5 hours to build and add a content upgrade to your post, but it’s totally worth it.

We have created a checklist that shows you how to identify which posts are worthy of content upgrades, and the exact steps.

Exclusive Bonus: Download The Content Upgrade Checklist for a step-by-step guide on how to boost your conversions with content upgrades.

We hope this article helped you add content upgrades in WordPress to grow your email list. Want to learn another way to boost your email list? See our guide on how to create a welcome gate in WordPress.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

To leave a comment please visit How to Add Content Upgrades in WordPress and Grow Your Email List on WPBeginner.

Bulgaria PHP Conference – Day 2 Recap

Today was the last day of the Bulgaria PHP Conference and after my Day 1 review, here’s my recap post from Day 2.

First off, I’d like to thank the organizers for the splendid event – great organization, incredible speakers list, solid WiFi, several areas for hanging out and a great atmosphere – looking forward to the 2016 version!

Drupal 8: The Crash Course

Larry Garfield gave a great talk explaining the transition from their handcrafted code built until Drupal 7 to their current code base in Drupal 8 based on a lot of open source libraries and tools. His Drupal 8: The Crash Course session explained the main concepts behind Symfony – one of the most heavily integrated suites with numerous components from version 2 of the framework now living in Drupal’s Core as well.

Drupal 8 is hardly recognizable if you’re used to the D6 or D7 architecture and syntax as compared to what lives in D8 now. Various components and core modules are removed in favor of the renewed system, including the PHPTemplate as announced by Dries today:

Another important announcement from the Drupal camp (pun intended) is bumping up the minimum PHP version – 5.5.9 or higher. Their new architecture allows for offloading configuration outside of the database to yml files or other sources, and defining data sources for different components. Additionally, Drupal can also run on PostgreSQL, MSSQL, Oracle and even with MongoDB!

Larry’s talk was essentially a complete tutorial, and includes a step-by-step guide for building a simple module with forms, database options and a simple frontend layer for displaying a multilingual template in the public area of a Drupal site. Plugins are available now for extensibility by defining and interface and a manager class in order to hook it to the core.

Some of the latest guidelines for D8 include:

  • Building smaller classes and smaller methods
  • Defining thin controllers
  • Moving logic to services
  • Avoiding direct database calls (now possible)
  • Make components unit-testable

Your Code are My Test! (Testing Legacy Code)

Michelangelo van Dam is one of the most influential figures in the PHP community, with tons of background in PHP (and Zend Framework), extensive knowledge in various areas and experience with other programming languages as well. Beyond his endless involvement with Open Source software, he’s the co-founder of PHPBenelux, the PHP user group in Belgium, Netherlands and Luxembourg.

Michelangelo touched on the painful problems when Testing Legacy Code and the standard excuses with no time or budget for tests:

He introduced the Pizza principle – the dough is the code, the topping are the unit tests, and the box is the documentation. After all, what help is a rough dough without topping and a box?

The main benefits of testing outlined by van Dam are:

  • Direct feedback when a test fails
  • Ongoing and growing base of tests adding up
  • Protection when refactoring existing code
  • Ability to debug easily having tests in place
  • High confidence and less uncertainty

There were numerous use cases discussed with systems failing due to the lack of unit tests, or saved after a unit test confirms that the problem is in a 3rd party service (a payment gateway).

Another real case scenario covered building unit tests for a random GitHub project – EPESI in this case, with a poorly coded architecture. Following a step by step approach, Michelangelo built a small group of tests covering different use cases in a bloated method and finding loopholes in the code as well in the form of a non-executable code. He reminded the group that certain scenarios could be tackled through reflection, such as private constructors or other fields and methods not exposed to the public.

One of the smart takeaways for me from the talk was the suggestion of adding a logger to a bloated method and logging specific variables, then tapping into the logger and asserting the logged entries. This is fairly bulletproof regression-wise and adds a separate layer for both logging and testability.

Mentoring: Change the World One Hour at a Time

I have discussed mentoring with Beth Tucker Long on Friday which was the reason I attended the talk today. Beth explained the general idea behind mentorships and the benefits for both mentees, and mentors.

Beth is a PHP developer and consultant and a User group leader, actively engaged with mentoring and apprenticeship. She explained the process from defining a problem, outlining the required steps, looking for a mentor, building the relationship, establishing some goals and targets, and ending the mentorship relationship (one way or the other). It is important to establish specific and measurable goals, clarify the type of mentorship (in terms of pace and communication style) and following up on the assignments in question.

Setting the expectations upfront is paramount for both parties, and this is the basis of a mentorship relationship. Someone from the audience touched on the friendship (or acquaintance) contact for mentors, and a quick discussion touched on the challenges of keeping the mentor hours from hanging out, as well as keeping both types of relationship separately instead of ruining them altogether in case of a problem.

PHP mentors are offering their services at so if you are a mentor or someone looking for one, go ahead and sign up there.

Shifting gears with Gearman

I wasn’t acquainted with Gearman which is why I attended the talk given by Srdjan Vranac.

Quoting Gearman’s website:

Gearman provides a generic application framework to farm out work to other machines or processes that are better suited to do the work. It allows you to do work in parallel, to load balance processing, and to call functions between languages. It can be used in a variety of applications, from high-availability web sites to the transport of database replication events.

Srdjan shared his experience with a project where he was assigned to migrate 30,000,000 products within 12 hours which would have required 695 migrations per second with a single instance. Using 600 nodes was a feasible way to migrate 1.1 products per second which is an easily achievable target.

Gearman is available in the package repositories of Debian/Ubuntu and RHEL/Fedora which makes it easier to set up. He elaborated on the challenges with running a large number of processes and dealing with memory and process management, and shared that the official manual is well documented and fairly useful. Srdjan reminded about possible failure vectors (network, database, I/O operations etc) and different possible concurrency issues, the paradigm behind the messaging queue and various ways to monitor as much as possible in order to prevent system failures (and everyone’s favorite segmentation fault errors).

During the Q&A Samantha and Michelangelo discussed some project specifics and raised some valid questions, including the fact that Gearman hasn’t been updated for over a year. RabbitMQ is probably a better alternative in that case.

Automation with Gulp and Bower

Michelle Sanver presented about Automating and optimizing the frontend workflow using Bower and Gulp. She is a backend developer who has been exposed to frontend-related projects which led her play with frontend dependency controls and automating repetitive manual tasks throughout Gulp.

Sanver introduced the audience to both tools and provided various examples for the entire workflow – installing them locally (and globally), introducing and pulling some dependencies and automating different operations – such as minification and combining of styles and scripts and compiling Sass files to CSS.

Down the Rabbit Hole

Cal Evans is one of the most visible and influential (as in “influencer”) people in the PHP community. Cal has been actively involved with the PHP and MySQL for 13 years now, and has been involved with numerous multi-million web applications built on top of PHP. His motivational and development talks have inspired a whole generation of developers and led to his active participation and engagement with other communities and reputable positions, up to his current title as a Technical Manager, Training and Certification at Zend Technologies.

It’s incredibly hard to describe a motivational talk, so it will suffice to say that the talk ended up with standing ovation. Cal guided us through his first days with technology and his first local meetup back in the days, his first role model in his family and a series of role models in the PHP community, his involvement with other languages, platforms, experience working with teams and recognizing the excitement of his team members attending conferences. He shared several personal stories attending different conferences and building a network of friendly professionals in a warm and welcoming community.

Cal Evans stressed on the fact that there are 5,000,000 PHP developers which help one another and support the community as a whole. I’m really grateful for the fact that he explicitly mentioned WordPress as one of the strong communities within the PHP world, given it’s bad rap amongst the broad PHP ecosystem.


As someone who has attended over a hundred conferences over the years – some business or marketing, some specialized in other industries, as well as technical conferences for Java, .NET, JavaScript, Open Source, Drupal and, of course, WordPress communities, my first PHP-oriented conference was truly inspirational. It was an honor to meet some of the titans of the PHP community in person, interact with the PHP community attending the event, discussing different tools, libraries, paradigms and solutions with other experienced professionals.

The post Bulgaria PHP Conference – Day 2 Recap appeared first on Mario Peshev on WordPress Development.

WordPress 4.4 to Possibly Rearrange Fields to the Comment Form

WordPress plugin and theme developers need to take note of an important change in WordPress 4.4 that rearranges the comment form. In WordPress 4.4, the comment form is arranged so that the text area is displayed first followed by the name, email, and website fields.

Comment Text Area is First
Comment Text Area is First

According to Aaron Jorbin, WordPress core developer, the change improves navigation when using the keyboard to toggle through fields. It also makes it easier for users to leave comments.

Since the change requires filters and actions to run in a different order, the HTML output by comment_form will be different. Jorbin explains that if developers use any of the hooks inside comment_form, especially comment_form_field_comment and comment_form_after_fields, developers should test their themes and plugins using WordPress 4.4 nightlies.

If you run into any problems or inconsistencies, please report them to ticket #29974. What do you think of the change? Do you think readers want to write their comment first instead of filling out the other three fields?

Bulgaria PHP Conference – Day 1 Recap

Bulgaria is hosting its first official Bulgaria PHP Conference this weekend and I was honored to attend and present my WordPress Core Architecture talk today.

I usually don’t do recaps here – mostly because lots of my readers attend WordCamps with me, watch the talks on, follow Twitter hashtags and so forth, or I go to other conferences that focus on different areas unrelated to what I tend to blog about here. PHP, however, is the core of the WordPress platform, and the line-up this year is magnificent, which is why I feel obliged to share a quick overview about some of the talks I’ve attended.

Business Logic Security

Ilia Alshanetsky is a PHP Core Developer since 2001, and a Release Master of PHP 4.3, 5.1 and 5.2 among other titles and accomplishments. He presented about security – but not the day-to-day security talks that you’re used to listening to covering the OWASP top 10’s vulnerabilities and standard best practices such as nonces or prepared statements (somewhat beaten to death). Instead, Ilia covered various attack vectors closer to social engineering and different strategies used by hackers to get access to a given system, or brute force different accounts even after they’re locked out of a certain username 5 failed attempts later.

The business logic talk touched on the rationale behind late night hacks – the fact that the server load is lower and monitors aren’t triggered even after hacker attempts since they don’t add up to the standard load, system administrators are usually asleep, and AWS’s CPU usage costs are lower at night.

Ilia suggested different ways to prevent brute force attacks, or slightly tighten the process by displaying captcha, or introducing 2FA after a few failed attempts; avoiding the standard ‘login’ and ‘password’ field names in HTML, and proposed different ways to autogenerate form field names and validate them with sessions.

Click-jacking was discussed as well, together with transport security policies, session security (less applicable in WP but still), ACL management strategies and transactional operations. Best practices for log auditing and analysis were also mentioned.


MVC is a hot topic in the web development world since the majority of the web frameworks are MVC-based, and various libraries and framework stress on their innovative architecture whenever they are MTV (Model-Template-View), MV, MVVM or HMVC. And SOLID are the five popular software engineering principles covering Single Responsibility, Open-Closed, Liskov Substitution, Interface Segregation and Dependency Inversion.

Those are not unfamiliar terms for anyone working in the web development world, but Stefan Priebsch – the co-founder of The PHP Consulting Company and a scalability expert – took an unpopular approach while reviewing them today.

What Stefan did in his SOLID MVC talk was introducing a broken MVC controller defining a number of actions and refactoring it in a series of steps by applying popular methodologies complying with the best practices in the software design world.

This was a pretty solid (pun intended) talk discussing the flaws of a common software application built on top of an MVC framework and the SOLID violations occurring in most applications. Funnily enough, most use-cases lead to either over-abstractionism, or purely using the wrong tool for a job.

Yet, a good quote about MVC :)


Stefan challenged the significance and design paradigms behind some frameworks, and trapped everyone in the room by stating that migrating to another framework is “doing it wrong”, because a well-separated business logic would be easier to maintain and wouldn’t require a framework switch. He mentioned several warning signs that would hint a developer for a need of major refactoring.

Beyond PHP : it’s not (just) about the code

Wim Godden and I had to swap our slots since he had a personal event to attend later today, and we had a great chat with him during the Speakers Dinner on Friday. Wim is a great guy who joined the PHP world in 1997 and is the author of OpenX (now Revive Adserver that we’re using with clients) and PHPCompatibility. Well, and a few other great projects of course.

In his Beyond PHP talk Wim shares his experience scaling massive projects on different layers – code, infrastructure, networks, databases and more, and stresses on the fact that code is not the only bottleneck for a project (despite of the fact that it often leads to problems).

We went over several scenarios with tricky SQL queries lacking indices, or iterating with for loops through database inserts by multiplying a project’s queries per page view 50 times. Standard logging approaches such as the slow_query_log were mentioned, SQL’s EXPLAIN for analyzing queries, together with the pt-query-digest toolkit. For high-scale applications Wim reminded that enabling the general log and forgetting to disable it quickly may lead to tens of GBs (or more) of logs, blocking I/O operations, disturbance in the Force or crashing the entire server altogether.

Master-Slave replication gotchas were discussed with real world examples, delays transferring data, network bottlenecks, bandwidth exhaustion, concurrency issues and other goodies during the talk.

Going Crazy with Caching

I missed half of David Buchmann’s talk, but we discussed that the night before and it’s a great topic. In “Going Crazy with Caching” David talks about the concept of reverse proxies and Varnish in general. He gets into details about the flow of a request going through Varnish, the receiving request, hits and misses, and dealing with responses.

He mentioned most of the challenges that we’ve had with cookies and sessions and trying to cache those requests which seem to be a common issue within this context. Going through the slides I found a lot of the VCL rules that we’ve used for our SaaS applications in order to handle caching for authenticated users or deal with advertising cookies or analytics data.

Additionally, David digs into ESI or the so called “fragment caching”, which seems to be supported in Symfony out of the box (he is a famous Symfony developer working at Liip). He did provide sample snippets for implementing fragment caching with AJAX as well.

WordPress Code Architecture

I’ll blog about my talk separately once the videos are up, slides are available at

Shift Left – Find Bugs As Early As Possible

Emanuil Slavov gave both an entertaining and educational talk about QA, testing automation, and various steps that could be integrated with a Continuous Integration server.

One of Emanuil’s main points in “Shift Left – find Bugs As Early As Possible” was the fact that humans’ time is expensive and machines are meant to support our efforts and assist us whenever possible. That reminded me of the 90s when hardware (especially servers) was way more expensive and development efforts were mostly focused on optimization – in terms of speed and memory. Since technical debt is becoming a significant problem nowadays when things live on a cloud and you can expand resources infinitely in order to save development time, being able to automate different processes and solve problems is an important task in a development team.

Emanuil explained the QA pyramid with three layers – static analysis, unit tests and black box tests. He provided various examples with Linter, older versions of HHVM, PHPMD and their own PHP Reaper for static analysis, PHP Unit for unit testing, and different strategies around implementing API tests on top of that. Slavov reminded that 100% code coverage is not a guarantee of a stable code and issues could arise at all times, on higher levels of the hierarchy.

Their target in Komfo is running all automated tests in the CI for under 5 minutes, which seems to be working fine. We’ll need to match that since our Jenkins CI setup with PHP Code Sniffer, phpmd, some linters, custom unit tests and a few more automated tools takes a bit longer so that’s a good goal to match.

Eating ElePHPants

The keynote session “Eating ElePHPants” was led by Larry Garfield, Senior Architect at, a Drupal 8 Web Services Lead and Rep, and honorable PHP-FIG lead member.

Since Drupal is the closest cousin of WordPress, I’ve been following their development for a while. I spoke at a Drupal Camp in 2011 and shared my first experience with Drupal 4 over a podcast recorded for Acquia. Since Drupal 8 has been in development for 5 years now, Larry shared numerous important lessons of their journey, decisions that had to be made and challenges they’ve faced over the years.

Larry noted that this is an ongoing process that should be taken one bite at a time, with friends. He has provided a large number of examples for architectural decisions they’ve made in the Drupal community, and how was the leadership organized and aligned in a way that allows for moving forward.

I was aware of the fact that they’re embracing Symfony and integrating some components, but today I learned that they have integrated multiple Symfony2 components: HttpFoundation, HttpKernel, DependencyInjection, EventDispatcher, Routing, Serializer, Validator, Yaml. They’ve embraced other components and libraries such as Zend Feed, Doctrine Annotations, Twig and Guzzle, which is a great way to support and collaborate with other communities, invite framework and library developers to a more specific community and improve the overall quality of the end platform.

After a long day of talks and plenty of notes, I’m looking forward to several presentations tomorrow as well, and the grande keynote by Cal Evans himself.

Looking for Day 2 Recap?

The post Bulgaria PHP Conference – Day 1 Recap appeared first on Mario Peshev on WordPress Development.

WP Super Cache 1.4.5

WP Super Cache is a fast caching plugin for WordPress. It will help your site run faster and serve more traffic.

This is a security and bugfix release.

  • Some servers display a directory index when no index.html is found in a directory. That may reveal the filenames of cache files.
  • There were issues in the settings page that might allow an attacker to browse or delete files named index.html.
  • PHP Object Injection could occur if an attacker managed to inject malicious code into the legacy cache meta files.

When you upgrade, your “legacy cache” files for logged in users will be deleted. This may have an impact on your site:

  • If your site is slow at generating new pages.
  • If you have many known users (logged in users or people who comment).

Your site will suddenly have to generate new cache files for all visiting known users.

Relying on caching like this is not recommended for these types of users as it’s very inefficient. Each user has a separate cache file that must be checked whenever the plugin does administration work like cleaning up stale cache files.

If most of your traffic is anonymous users who don’t comment you don’t need to worry about this.

Directory Listings

If a server is configured to show directory listings it will show files and directories in the cache directory to visitors who access those directories directly through their browser. This might reveal private posts, and in the case where legacy caching is enabled for known users the login cookie was stored in “.meta” files that could be downloaded.


Files named “index.html” were added to the main cache directories to stop remote users viewing the contents of the cache directories. Unfortunately it’s not possible to add empty index.html files to the supercache directories because those files could be served by accident to legitimate visitors of the site. However, the plugin will also add a directive that disables directory listings to the file cache/.htaccess. You can now also change the location of the cache directory on the Advanced Settings page of the plugin. If you can’t disable directory indexing on your server and you have private posts you should change this location and use PHP mode to serve cache files.


If a directory index is found in the cache directory it will show a warning like this to administrators:

index.html warnings

Clicking the logout link will log everyone out, except the user who clicks it, but it guarantees that the login cookies are updated, just in case someone has copied the cookie from an old meta file.

Directory Traversal and File Deletion

User input in the settings page wasn’t properly sanitised. The code that sanitised directory paths when deleting cache files wasn’t secure and might allow an attacker to view or delete files named index.html. Deletes are protected by a nonce, limiting the useful lifetime of the URL however.

PHP Object Injection

The plugin used serialize and unserialize to store data in “legacy cache” meta files. This might be used to perform a PHP object injection attack. Serialised data is now stored as JSON data.

The format of legacy cached files has changed. The files in the meta directory no longer have a .meta extension. They are .php files now and each file has a “die()” command to stop anyone loading them.
The data stored in those files is now stored as JSON serialised data. The login cookie is an MD5 hash now as well.
When you upgrade the plugin your existing legacy cache files will be deleted and regenerated as visitors use your site.

Apart from those security fixes there have been a number of enhancements and bugfixes:

  • Disabling the plugin no longer deletes the configuration file. Uninstalling will do that however.
  • Enhancement: Only preload public post types. Props webaware.
  • It’s now possible to deactivate the plugin without visiting the settings page.
  • Fixed the cache rebuild system. Rebuild files were deleted immediately but now survive up to 10 seconds longer than the request that generate them.
  • Minor optimisations: prune_super_cache() exits immediately if the file doesn’t exist.
  • The output of wp_cache_get_cookies_values() is now cached per visit.
  • Added PHP pid to the debug log to aid debugging.
  • Various small bug fixes.
  • Fixed reset of expiry time and GC settings when updating advanced settings.
  • Removed CacheMeta class to avoid APC errors. It’s not used any more.
  • Fixed reset of advanced settings when using “easy” settings page.

This release wouldn’t be possible without the help of Brandon Kraft, Dane Odekirk, Ben Bidner, Jouko Pynnönen and Scrutinizer. Thank you all!

Related Posts

WordPress Monthly Roundup: August and September

Over the years, WordPress has been a very vital part of most bloggers’ lives. It is a platform that lets users tweak and enhance their blogs without having that much difficulty and hassle. With this in point, bloggers have appreciated their craft more. WordPress is more than just a tool; it has also become a way of life.

If you run a blog using WordPress, then you are most likely aware that themes and plugins do a great deal for it. They help in gaining site views and improving online visibility. This is why it is important to apply the ones that would be most suitable for your blog, as this ensures its viability over the Internet.

Trends may come and go, but when it is WordPress that we are talking about, these are here to stay. Here are the latest plugins and themes you should watch out for—these will surely spice up your blog like never before!

WordPress Themes

Corpobox Lite


If you are into minimal designs, then this theme is perfect for you! The Corpobox Lite design exhibits simplicity that is well-played, but not overpowering at the same time. It also allows infinite scrolling plus it has a grid layout for easier site navigation. The rounded header image adds to the theme’s uniqueness and online functionality.

Woodley WordPress Theme

screenshot (1)

The Woodley WordPress theme does not fail to deliver as well as far as minimalist designs are concerned. The monochromatic and neutral color palette combination of the theme will make your blog easy to the eyes, and the two-column layout will make it more reader-friendly and content-focused.


screenshot (2)

From simple and muted designs, let’s proceed to brighter and more colorful ones. The Wallstreet theme, created by Webriti, allows you to experiment with hues and patterns. Who said clean can’t be fun? With its translucent description effects, hover-twisting feature and full-page header and image display, this theme is guaranteed to bring out the spunky artist in you!


screenshot (3)

Themes that incorporate plainness with elegance just never go out of style. The Longform theme is one example of this; its header grid layout and opaque image design make it perfect for those who want to stick to a modern and vibrant appearance. This theme also has a single column post layout that comes with pagination


screenshot (4)

Included in the most popular WordPress themes based on user downloads is the Spacious theme, which is quite literally spacious in terms of layout. This theme, though, is a hit for many bloggers mainly because of the flexibility of its appearance.

Blogs of various natures like business, travel, personal, and others can use this theme. Your content will stand out because there is much strategic space made available. You have the freedom to choose whatever colors that would match the overall concept of your website, and it has a vast array of templates and widget areas that you can put on your blog. Moreover, have I already mentioned the amazing slider that comes with it?


screenshot (5)

If your blog is business-like in nature, and you want to use a magazine-type design for it, then the Ample theme would be the best one to use. It has a full-width slider at the top portion of the page which will leave your readers entranced.

What makes this theme a superb find is the parallax effect that you can use on different sections of the theme. You can even customize the sizes of the widgets and other page elements according to your preference. Truly, this theme is the ultimate go-to if you want your website to convey a professional image to your readers.


screenshot (6)

As far as blogging is concerned, it is not enough to just write, publish, and wait for the world to discover your entries. Apparently, there is a WordPress theme that helps you optimize your site and increase the chances of your blog having a certain number of readers and page visits. The SEO-friendly CSS framework of this theme lets search engines locate your priority content. This theme also supports many widgets and plugins without crashing in the process. This theme also uses the minimalistic design and light colors, which you can change just by purchasing their premium add-on plug-in.

WordPress Plugins


WordPress › Favicon by RealFaviconGenerator « WordPress Plugins

Developed by RealFaviconGenerator, this plugin will help you install a favicon on almost all operating systems for both computers and mobile phones. It will make your life easier by quickly generating multiple favicons upon launching instead of just one so that users can view the right icon on any device.


WordPress › Sidekick « WordPress Plugins

It would be great to have an instant “sidekick” while treading on uncharted territory in WordPress, wouldn’t it? Fortunately, the Sidekick plugin was developed for this same purpose! It gives you access to many tutorials about Dashboard basics, as well as integral writing and publishing processes. Moreover, you do not get the usual video tutorial experience—you will learn through a guided narration that will interactively explain the concepts to you as you look around WordPress.

Master Slider

WordPress › Master Slider   Responsive Touch Slider « WordPress Plugins

Touch devices and the Master Slider is a match made in blog heaven. This type of responsive touch slider promotes ease of access and makes swipe gestures and drag-and-drop easier. This plugin would be convenient for users who prefer to blog on portable touch devices, and transfer or alter images and elements from one site to another. The Master Slider is very much SEO-friendly and users can tweak its appearance.

Easy Facebook Like Box

WordPress › Easy Facebook Like Box « WordPress Plugins

Facebook junkies need not worry about complicated page elements on this widely popular social networking hub. The Easy Facebook Likes plugin lets users see posts from their fan pages, the like button itself, and their connections, all in a single box. This plugin is highly customizable, simple, and of course, free!

OnePress Image Elevator

WordPress › OnePress Image Elevator « WordPress Plugins

When writing a blog entry, you have to click the ‘Add Media’ button and click on a lot more other options before you can get that desired image displayed on your work area. The OnePress Image Elevator saves you from all that hassle. Through this plugin, you can now directly paste images from your clipboard onto your WordPress editor. It is easy to set up and helps you save time in writing and editing your blog entry. You do not have to look further around for the files that you need—just copy, paste, and you are good to go!

Cookie Notice

WordPress › Cookie Notice by dFactory « WordPress Plugins

Site inform visitors whether or not it uses cookies—and this is where we see what this plugin’s role is. The Cookie Notice plugin displays a message that will let visitors know the site uses cookies without ruining the overall appeal of the page. Its goal is to be subtle in getting the announcement across while maintaining the design of your website. You can also customize how the plugin would look like on your page, and change the message whenever you feel the need to do so.

CMS Commander Client

WordPress › CMS Commander Client « WordPress Plugins

When you are running several sites all at once, your database would have the tendency to clog up and slow down. The CMS Commander Client plugin lets you manage many sites simultaneously without affecting your system’s performance. You can create posts, install updates, and see how your sites are doing; everything is in one place. Moreover, with a plugin as amazing as this, who would think that this is free of charge? Yep, convenience certainly wouldn’t cost you a dime.

The themes and plugins I have listed above are just some of the newest ones that are proven to give you a fantastic WordPress experience, whether you are a newbie or already an expert at blogging. It just all comes down to looking for reliable ones so you could make the most out of WordPress!

Tips to Keep WordPress Secure

With each passing day, strong security becomes more important. This article explains some ways to keep WordPress secure while improving the overall security of your WordPress-powered site. Most of the tips provided here are practice-based security steps that require no plugins or hacks. The idea here is that you don't need to make changes to any code, or modify WordPress in any way in order to maintain strong security. These are security steps that most any WordPress user can use to help protect their site and keep WordPress safe and secure.


The WordPress REST API Is One Major Step Closer to Being Merged Into Core

After more than three years of development, the WordPress REST API is one major step closer to getting merged into core. Ryan McCue, a lead contributor to the project, published the first official proposal to merge the API into WordPress. The proposal explains what the REST API is, why it’s needed, an integration plan, and what happens after the merge. The plan is to integrate the API in two stages, infrastructure and endpoints.

Two Part Plan

The infrastructure is the code responsible for routing requests and handling the meta layer of the API, including JSON serialization/deserialization, linking, embedding, and REST best practices. Merging the infrastructure first allows developers to start building upon it and to migrate from existing custom code. The plan is to merge the infrastructure portion of the API in WordPress 4.4.

Endpoints are considered the more complex of the two as they’re responsible for mapping data from the external JSON format to the internal data structures and vice versa. In other words, endpoints are the bridges of communication between WordPress and external applications. To provide more time for core committers to review the code, endpoints will be merged in WordPress 4.5.

Development of the API takes place on GitHub but core WordPress development takes place on Subversion and Trac. When the API is merged into core, it will no longer be developed as a separate project. McCue proposes that the best of GitHub and Trac be integrated so developers comfortable with GitHub can continue to contribute to the project:

Given the team’s experience with GitHub as well as Trac, we can bring the best of both worlds by helping integrate the two. This would also improve contributions to WordPress as a whole, and benefit the whole community. This will be especially important as we encourage more contributions from the wider community (client authors, for example). We think we can make good progress here, and we’d love to try to help improve the process.

Although there’s a GitHub repository for WordPress that’s synced to its Subversion counterpart, it does not accept pull requests. If integrating GitHub and Trac proves to be successful, it could open the door for WordPress to accept pull requests or contributions through GitHub.

The plan to merge the API into core is not finalized and the team needs your comments, questions, and opinions. I encourage you to read the full proposal and the comments as McCue answers additional questions related to the merge. How happy are you to see this merge proposal?

WordPress Installs in Root and Subfolder With nginx

We’ve been hosting various WordPress installs on the same server, as well as subdomain and subfolder multisites on nginx, but I had to fix a new subsite on a WordPress install that included another WordPress instance as a subfolder.

The scenario was related to a large WordPress setup with bbPress that had to be split up for performance and security reasons, including a redesign of the main site. The forums install was left untouched in terms of UX, the main site was drastically improved – with a new theme and hundreds of thousands of post entries down thanks to bbPress install moved to /forums instead. After a benchmark and a code/database review we noticed tens of thousands of transients autoloaded on each requests (forum entries available for edits stored as transients) which also improved the load time by getting rid of those on the main site.

I spent some time trying to enable the forums/ subfolder and resolve it as a separate site, but ended up with various nginx errors, such as:

rewrite or internal redirection cycle while internally redirecting to “/index.php

FastCGI sent in stderr: “Primary script unknown”

I played with different try_files rules, moving the index and root in and out of locations, and testing different location rules as well. I switched the php fastcgi params rules for php files, but no luck.

Turned out that server_name could be a subfolder, so a possible solution is simply creating two separate nginx conf files in sites-available/ symlinked to sites-enabled/ with two different servers for each of the sites.

Parent site:

server {
        listen         80;

        root /var/www/;
        index index.php index.html index.htm;

        location / {
	    index index.html index.php;
            try_files $uri $uri/ /index.php?q=$uri&$args;
            #try_files $uri $uri/ /index.php?q=$uri&$args;
        rewrite /wp-admin$ $scheme://$host$uri/ permanent;
            location ~* .(js|css|png|jpg|jpeg|gif|ico)$ {
            expires 24h;
            log_not_found off;

        if ($uri !~ wp-content/plugins) {
            rewrite /files/(.+)$ /wp-includes/ms-files.php?file=$1 last;
        if (!-e $request_filename) {
            rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;
            rewrite ^/[_0-9a-zA-Z-]+.*(/wp-admin/.*.php)$ $1 last;
            rewrite ^/[_0-9a-zA-Z-]+(/.*.php)$ $1 last;

	location ~ .php$ {
                try_files $uri /index.php;
                autoindex on;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                #fastcgi_pass_header Set-Cookie;
                include fastcgi_params;

Subfolder (the second instance with bbPress):

server {
        listen         80;

        root /var/www/;
        index index.php index.html index.htm;

        location / {
		index index.html index.php;
                try_files $uri $uri/ /index.php?q=$uri&$args;
                #try_files $uri $uri/ /index.php?q=$uri&$args;
        rewrite /wp-admin$ $scheme://$host$uri/ permanent;
	location ~* .(js|css|png|jpg|jpeg|gif|ico)$ {
            expires 24h;
            log_not_found off;

        if ($uri !~ wp-content/plugins) {
            rewrite /files/(.+)$ /wp-includes/ms-files.php?file=$1 last;

	if (!-e $request_filename) {
            rewrite ^/[_0-9a-zA-Z-]+(/wp-.*) $1 last;
            rewrite ^/[_0-9a-zA-Z-]+.*(/wp-admin/.*.php)$ $1 last;
            rewrite ^/[_0-9a-zA-Z-]+(/.*.php)$ $1 last;
	location ~ .php$ {
                try_files $uri /index.php;
                autoindex on;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                #fastcgi_pass_header Set-Cookie;
                include fastcgi_params;

The post WordPress Installs in Root and Subfolder With nginx appeared first on Mario Peshev on WordPress Development.

How to Easily Add Snapchat Snapcode in WordPress

Do you want to increase your Snapchat followers using your WordPress site? Recently one of our readers asked if it was possible to add Snapchat follow button on the site. Snapchat offers snapcodes which other Snapchat users can scan to follow you. In this article, we will show you how to add Snapchat snapcode in WordPress.

First thing you need to do is to visit Snapchat Snapcodes website. You will need to login using your Snapchat username and password. Upon login, click on the download button to download your Snapcodes.

Download your snapcode

Snapchat will download a zip file which you need to extract. Inside, you will find two image files snapcode.png and snapcode.svg.

These image files are QR codes that users can scan using Snapchat on their phones. See our guide on how to generate and add QR codes in WordPress to learn more about QR codes.

Now that we have our snapcode, the next step is to upload it to your WordPress site. We will show you two methods to add snapcode to your WordPress site.

Manually Upload and Add Snapcode to WordPress

The snapcode is just an image file, and you can add it to your WordPress site like you would add any other image file.

You can simply upload it by visiting Media » Add New page and then add the image in a sidebar widget. You can also use the Image Widget plugin to do that.

See our tutorial on how to add an image in WordPress sidebar widget for detailed instructions.

You can also add this snacode in your post or pages as well.

Using Snapchat Snapcode Widget

If the first method doesn’t work for you, then you can install and activate Snapchat Snapcode Widget plugin.

Upon activation, simply go to Appearance » Widgets page and locate Snapchat snapcode widget under the list of available widgets.

Next, you need to drag it to a sidebar or widget-ready area.

Snapchat snapcode widget settings

The widget will now appear in the sidebar column, and you should be able to see its settings. Simply click on the upload snapcode button to upload your snapcode.png file. You can also provide your snapchat username if you like. Click on the save button to store your widget settings.

That’s all you can now view your website, and you will see the snapcode in your WordPress sidebar.

We hope this article helped you add Snapchat snapcode in your WordPress blog. You may also want to see our list of best social media monitoring tools for WordPress users.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

To leave a comment please visit How to Easily Add Snapchat Snapcode in WordPress on WPBeginner.

On WordPress Development Retainers

With over 15 people working at DevriX right now, we have revised our service solutions and focused on promoting a type of service that combines our recurring revenue goal with iterative development solutions for some of our clients.

While we do provide maintenance services, we realized that a development retainer would be incredibly useful for most of our leads. This month we’ve started a new WordPress development retainer and signed a discovery session for another large one coming next month. There are a few more in our pipeline which our sales rep is looking into, sharing our process with our prospects and getting some valuable feedback for our plans.

I spent a few hours on a call with one of my partners discussing our approach, and at he was genuinely excited about selling this model in the long run.

Since our WordPress Development retainers are something that we now recommend every time a fixed budget proposal is on the table, here are the main reasons why we stick to this model.

Estimating Development Work


Estimating WordPress development services is often a tedious task that is not profitable for one of the parties, if not for both at the same time. I wrote about estimates and what are the main challenges quoting projects, and the truth is that estimates always go out of order – be it budget, time frame, or something else.

Customers try to get quotes on their project specifications and compare different companies based on budgets and delivery dates. I’ve always found that to be a comparison between apples and cucumbers.

Unlike selling products (such as cars), custom development services are not equal. There are thousands of different ways to build a solution. Low-cost ones could involve a cheap premium theme and several plugins, resembling the required features – with various compromises on quality, speed, security and attention to detail. High-end ones focus on details, with hundreds of thousands of lines of custom code, and weeks (or even months) spent on optimizing the platform for speed, security, or user experience.

And this is barely scratching the surface.

The Challenges With Scope

Scoping a project requires a certain level of spirituality. Or being able to travel in time – in future, in various dimensions, assessing the different possible outcomes with time, based on their quality.

Most people are still unable to transcend through time and space, therefore they compare on cash and time.

Fixed-fee projects are based on assumptions. Even if you spend an entire week or two discussing details, you won’t be able to cover every single bit of your project. I’ve seen specifications over the years defining each data type, its fields, even the field limitations in a programming language or a database column constraints.

And yet, that’s usually not what a customer needs at the end.

Miscommunication and Frustration

Sometimes miscommunication is inevitable.
Sometimes miscommunication is inevitable.

Clear communication is one of the biggest challenges in life for the majority of the people. That’s the main reason for failed businesses, personal relationships, friendships and even car accidents on the road. People assume that there are general rules that everyone obeys and agrees with, and everything else should start from there.

And it’s normal. When communicating with people, we expect them to demonstrate common sense. This includes the established moral values within a family, how to behave in public, general appreciation of life, respect to elders, helping people with disabilities on the street, mutual respect to other people, basic philanthropy urges and so on. Certain regions may have other cultural commonalities – sharing religious beliefs or political views, commitment to the local sports team etc.

Deviating from the common base of values is perceived in different nuances – from odd through strange up to outrageous. Which is why people tend to join communities, or “packs” with their friends, since there tends to be less pressure, fewer unexpected surprises and… well, things work way better when everyone is on the same page.

Common Sense in Business

Unlike other fields in life, business is dynamic. You meet new people all the time, reach out to clients around the world, partner up with freelancers or hire new personnel. There is not enough time to get to know each other well enough, and ensure that both parties are a good fit and share the same business values that would bring the project to life in the best possible manner.

Which is why people have to rely on their own understanding of life, label various qualities into groups, and assume. A lot. And since business hides infinite opportunities and challenges, it’s impossible for one to know it all, and people have grown to be successful using different strategies.

And often that’s the reason why business relationships fail. CEOs get fired, employees get frustrated by their managers, business partners part ways due to lack of common values, and the majority of the waterfall projects fail.

WordPress Business Expectations

Communication for the win.
Communication for the win.

Often there is no one to blame here. People have different expectations and different experience.

For example, if I estimate a project for $20K and my prospect expected a $2K quote, that doesn’t necessarily make any of us wrong. Our projects tend to be between $10K and $50K or more. What our client was used to so far has always been low-quality work or not a custom build which resulted in $1500 – $2000 “lego” projects. He is not acquainted with our industry and the difference between custom platform and random bundling of plugins, and can’t make a difference. Or he probably doesn’t want a custom project in the first place – either building something for a business that doesn’t get any traction whatsoever (think 100 visits per month), or not appreciating the quality of good work.

Value Costs Money

Recently I had several conversations with businesses that contacted us for development services. I kept hearing repetitively the word “value“. Providing value, bringing value, delivering value.

Their budgets were nowhere near what we charge for, and they either looked for something custom that would cost us 8-10 times more than they expect, or something “patched” and “quickly bundled together with some premium theme and plugins”. Either way, this is not something that we offer. This violates our entire idea and model of “quality” and “real value” and we operate with a completely different set of definitions for that same term. And there are probably hundreds of thousands of non-technical people able to build the “lego”, and even a DIY customer can drag and drop these as long as they are aware of operating with FTP.

WordPress development experts

Speaking of terms, I blogged about WordPress talent shortage and also discussed in details the fact that the WordPress industry is just like the others. Same goes for misusing development titles and their righteous definitions as seen in every single programming platform, language, framework, library, whatever out there.

I usually review 20-30 job applications for WordPress people every month. We train new people for some of our clients, or manage new support staff for their applications, or simply grow our own team.

Out of 25 jobs applications on average, approximately 20 are from people who rate themselves 4 out of 5 on PHP development skills and 4/5 or 5/5 on WordPress development. 18 out of those 20 have either never written code at all in their entire life, or have slightly modified WordPress page templates for their clients.

The “senior backend developers” that often reach out to us have a portfolio of about 10 sites running Avada, Divi or another random theme, with no custom code. Best case scenario – a custom theme.

Developers for Everything

Experts Everywhere

I digress, but it is a complicated matter that cannot be judged lightly. As someone working on high-end technical projects and coming from the enterprise world (I started as a Java programmer a while ago), I have switched technologies, clients, frameworks, and occasionally find myself building test applications with a random framework out there over the weekend, studying the paradigms of a new language on the go.

I know what the “developer” term means and I truly believe that the aforementioned services by freelancers can’t be further from the skill. I decided to take it a step further and did a “Wix” search on Elance, and there we go – “WiX developer” and “Wix Pro Guru” in the first 10 results. At least the Squarespace search didn’t list any “developers”, just “professionals” which is less misleading.

Which is why I also joined the WP Developers Club as an advisor – I’m fully aware of the state of the WordPress ecosystem, and I am passionate about helping new WordPress developers starting with a solid base and know-how in all of the relevant fields required for day-to-day development work.

Retainers For New Customers

We have a number of awesome clients looking for high quality development services. But we receive requests all the time from small business owners looking for theme installations or minor modifications.

I wrote about blogging for helping customers that are not aware of the cost of labor. Regardless, more and more prospects contact us and want complete redesigns, building intranets, large membership websites or social networks for hundreds of dollars, despite of our minimum budget requirements and hourly rates available on our website.

In order to reduce the communication overhead, avoid ongoing frustrations or misaligned expectations, we have implemented the following 2 models:

  1. $10K minimum project cost (regular gigs are normally in the $20K – $40K range with some in the higher 5-figures or $100K+)
  2. If budget is unknown or scope is unclear, we start with a development retainer

Internally we handle most of the work the Agile way, regardless of the approach. If we land a waterfall-driven model, I make sure that the requirements are listed in our backlog and we break them into weekly iterations. The only difference there is that we have spare resources (both in time and manpower) that we could inject into a project in case of a challenging integration or another bottleneck that we stumble upon while building the project.

Retainers have been the preferred way for building web development applications by some of our customers. In addition to solving our own problems (avoiding scope creep, planning with approximation when it comes to unknown APIs or services and booking a ballpark of hours on a monthly basis), we do address several important issues raised by our clients during a discovery call. For example:

  1. Design is built iteratively – we work closely with the client until they’re fully satisfied
  2. We can provide an MVP to be used by testers whenever we built the key features
  3. We could start with some plugins or a premium theme first in order to test the model, before rebuilding some of those from scratch
  4. Budget is not set in stone, which means that the client decides what’s worth reiterating or building further and which features are ready to use
  5. Server setup is scalable, so we can start with a low cost package and grow it gradually as the traffic and user base grows

A good amount of our work is something that we haven’t done before – integrating proprietary APIs, connecting different company services to the new platform, or working together with client’s employees on UX, marketing, sales issues. Since each company is unique and we don’t want to limit our interactions, a retainer based on hours is a great fit for both parties. Customers requiring less calls or reviews will get more work done in a shorter time frame, or we could spend extra time on R&D and meetings when needed. Some of our clients require an outstanding design while others focus on the feature set.

A retainer helps with satisfying everyone, regardless of their communication and management style or preferences. We don’t place artificial constraints and don’t overbudget for features that are not essential to a project.

Agile is the preferred way to go by many successful startups – even may of the Unicorns. So why not implement it in your WordPress workflow as well?

The post On WordPress Development Retainers appeared first on Mario Peshev on WordPress Development.

s2Member vs. Easy Digital Downloads

s2Member vs. Easy Digital Downloads s2Member (s2) and Easy Digital Downloads (EDD) are two of the top eCommerce plugins for WordPress. I’ve been using both plugins for quite awhile now and would like to explain some of their main differences. Both plugins are awesome in their own right, but there are some clear distinctions that could make one or the other an ideal choice depending on the scope and goals of your project. Hopefully the following comparison will help anyone out there arrive at the best possible choice for their specific needs.

Before getting into it, let me just say that I use and enjoy both of these plugins. It’s not a battle, rather it’s just a matter of finding the best-suited plugin for the project at hand. Each plugin has its own set of pros and cons, which I hope to elucidate in the following post. In my experience, the key to choosing the best plugin for the job is understanding what each one can (or can’t) do. This post attempts to fill in the blanks with some differences (and similarities) between the two popular e-commerce plugins, s2Member (s2) and Easy Digital Downloads (EDD).

Note that I am not an expert with either of these plugins, so if I get something wrong don’t hesitate to provide more accurate infos via the comments section below. Thanks!

About the plugins

For those who are unfamiliar with either of these plugins, here is a quick summary of their core functionality:


s2 pitches itself as a “membership plugin for WordPress”. Features include:

  • Protect members only content with roles/capabilities
  • Integrates with PayPal Website Payments Standard
  • Sell “Buy Now” or Membership access to your site
  • Restrict access to Roles, Capabilities, Posts, Pages, or anything else
  • Protect downloadable files and streaming audio/video

As far as getting things set up, s2 is powered almost entirely by WordPress shortcodes. So you activate the plugin, configure a bunch of settings and then use shortcodes to display “buy-now” forms on any Post or Page. Then based on your settings, each form will enable users to access specific Posts, Pages, Tags, files, etc.

With s2, it’s all about “membership levels”. By default there are four levels. You can define each level to allow access to any number of items (e.g., Posts, Pages, Feeds, Categories, et al). For example, any purchase made via a Level-1 form could allow the user to access all posts tagged as “Music”. Likewise, any purchase made via a Level-2 form could allow access to the “Members” Page and several downloadable items.

Easy Digital Downloads

EDD pitches itself as a “downloads management plugin”. Features include:

  • Cart system for purchasing multiple downloads at once
  • Complete promotional code system
  • Complete payment history
  • Multiple price options per product
  • Bundled products

To get things set up with EDD, you configure the plugin settings, define your downloadable items, and then add purchase buttons to any Post or Page. Each purchase button corresponds to a particular download. When the user clicks the button, they are taken to a centralized checkout page where they can enter their information, edit their cart, enter coupon codes, and so forth. Once the checkout form is complete, the user is taken to the specified gateway to complete purchase.

For example, musicians could define a download for each of their songs. Then on the front-end, purchase buttons for each song are displayed on various pages, so users can click on any button to add whichever songs to their cart.

Bottom line: To get a better idea of the main difference between these plugins, s2Member is more about enabling you to sell access to specific parts of your site, such as Posts or Pages. EDD is more about enabling you to sell access to downloadable files, such as audio, video, or any other type of file. To illustrate, I use s2Member for .htaccess made easy to sell access to the “Member’s Area”, where registered users may download copies of my book. Similarly, I use EDD at Plugin Planet to sell access to downloadable plugin files.

You can learn more and download s2Member and Easy Digital Downloads from the WordPress Plugin Directory.

Free + Pro

s2Member provides both free and pro versions of their software. Easy Digital Downloads provides only the free version. So with s2, the Pro version includes features that are not available in the free version, such as:

  • Pro forms can do one-step registration/checkout
  • Integration with Stripe, PayPal Pro, and other gateways
  • Unlimited membership levels
  • Coupon codes
  • ..and much more, check out for a complete list

While with EDD there is only a free version, so you get the same core features regardless. All extra functionality is parceled out via premium plugins. For example:

  • Password Meter extension
  • Software Licensing extension
  • Manual Purchases extension
  • PDF Invoices extension
  • ..and many other useful extensions available at

Bottom line: The free versions of either plugin are quite capable and sufficient for a wide variety of projects. If needed, you can add much more functionality by purchasing the pro version (if using s2) or purchasing extensions (if using EDD).

Another way to look at the difference between the two plugins is that you get ALL of the extra functionality (even if not needed) when upgrading to s2 Pro. With EDD, however, you get only the functionality that is included in whichever extension you are purchasing. So a bit more granular control over functionality with EDD, but the price can add up if you need a lot of extensions to do the job.



The free version of s2Member is free (obviously). And then current prices for s2Member Pro are as follows:

  • Single-site license is $89 USD (non-recurring)
  • Unlimited-site license is $189 USD (non-recurring)

That gets you the plugin AND updates for life, but only one year of support (which is renewable). According to the site, refunds are provided for 30 days, but only after the support team has tried and is unable to resolve any issue.

Easy Digital Downloads

The free version of EDD is free (of course), and there is no Pro version to purchase. Instead, you can upgrade the base functionality by purchasing any number of extensions (also called “add-ons”). Here are a few examples to give you an idea of the costs involved with upgrading the free version of EDD:

  • Add Stripe Payment gateway = $49.00 per site, per year
  • Add PayPal Pro gateway = $49.00 per site, per year
  • Recurring payments = $83.00 per site, per year

With EDD, these features would be purchased separately as add-ons, whereas with s2Member they are all included in the Pro version. So a bit of a pricing difference in that regard, depending on your goals. As with s2Member, you can get a refund on EDD extensions for up to 30 days after purchase, granted the support team has had a chance to resolve any issue.

Bottom line for s2: To get everything that s2Member has to offer for one site is gonna cost you $89.00, one-shot deal. That includes all updates for the life of the product.

Bottom line for EDD: With EDD, you have complete control over any added functionality via separate EDD extensions. This gives you more flexibility (there are a LOT of extensions), but your total investment could quickly surpass the $89 cost of s2Member. Plus, with EDD, you have to pay every year in order to stay current. Purchase gets you only one year of updates.

Plugin Updates

As mentioned, the free version of either plugin includes free updates for the life of the plugin. Upgrading from there, you get free updates for life with s2Member Pro, but have to renew every year to get updates for any EDD add-ons (e.g., PDF Invoices, Password Meter, et al). I can tell you from experience that it is more expensive to stay current with EDD than it is with s2Member.

Bottom line: If staying current is important and you don’t want to fork out more cash every year for updates, you’re gonna want to check out s2Member.

Upgrade Frequency

In my experience, both plugins are updated frequently enough. Seems like about every four months or so, on average. There are some pros and cons to consider in this department:

  • EDD auto-updates work very well, so upgrading any EDD add-ons via the WP Admin Area can help save a lot of time.
  • Each EDD add-on is updated periodically, so the more EDD ad-ons you have, the more time you’ll spend updating things.
  • The auto-update feature for s2Member Pro does not always work properly, so to upgrade you’ve got to manually delete/upload all files via (S)FTP.
  • s2Member Pro upgrades involve updating the free and pro plugin files and that’s it. No need to keep a bunch of add-ons updated.

Bottom line: In my experience, updating s2 is a big chore that happens several times per year. Updating EDD is much easier but can be time-consuming depending on the number of add-ons.


This gets at the functionality of each plugin, which already has been touched on in this article. Basically with s2Member you get the base functionality with the free version, and then can upgrade to everything with Pro. s2Member Pro includes a lot of sweet features, but not nearly as many as made possible by EDD’s army of add-ons. With EDD, there is no “pro” or “premium” version; rather, additional functionality is added as needed by installing any number of EDD extensions.

Let’s compare s2 Pro features with those available via EDD add-ons:

s2Member Pro Features

Here are the main features provided by s2Member Pro:

  • One-Step Registration/Checkout
  • Unlimited Paid Membership Levels
  • Pro-Form Shortcodes
  • Free Registration Pro-Forms
  • Anti-spam Security Measures
  • Simultaneous Login Monitoring
  • Content Dripping Shortcodes
  • Import/Export Tools
  • Pro Login Widget/Summary
  • Coupon Code Configurations
  • Gift/Redemption Codes
  • Multisite Network Support (with Unlimited-site license)
  • Customizable Pro-Form Templates
  • Remote Operations API

These features currently are not included in the free version of s2Member, but some of them are included in the free version of EDD. For example, out of the box, EDD can do Coupon Codes and provides Import/Export Tools. Likewise, the free versions of either plugin can do things that the other cannot. You can get a better idea by reading the documentation and/or installing the free versions of either plugin and checking them out.

Easy Digital Downloads

As explained, there is no “pro” version of EDD, but you can purchase over 250 extensions to add just about any functionality desired. Here are a few of the more popular EDD extensions to give you an idea of what’s possible:

  • Acquisition Survey
  • Cross-sell and Upsell
  • Discounts Pro
  • Advanced Reports
  • Commissions
  • EDD Invoices
  • Amazon S3
  • Checkout Fields Manager
  • Manual Purchases
  • PDF Invoices
  • Dropbox File Store
  • Social Discounts
  • Compare Products
  • Purchase Limit

Plus many more, check ’em out.

Bottom line: If you need an all-in-one solution that doesn’t require a bunch of add-ons, check out s2Member. Or if you are more interested in building a store with your own set of custom features, check out Easy Digital Downloads.

Settings, Options, and the WP Backend

Both s2 and EDD provide plenty of settings, such that most of their functionality may be configured via plugin options. Each plugin also equips the WP Admin Area with extra functionality. Here is a summary of how each plugin is integrated into the WordPress backend.


  • All plugin settings housed under the menu, “s2Member (Pro)”
  • Plugin settings organized into sections such as “MultiSite”, “General Options”, “Restriction Options”, “Download Options”, “PayPal Options”, “API” settings, et al.
  • s2 modifies each User Profile page with extra fields for transaction details, security infos, notes and more.
  • s2 automatically “locks” user registration (if instructed to do so via the plugin settings).
  • s2 automatically “locks” your membership page, as defined in the plugin settings.
  • s2 displays plugin settings using its own funky design patterns, so the UI may seem a little “weird” compared to the default WordPress UI.

Easy Digital Downloads

  • All plugin settings housed under the menu, “Downloads”
  • Plugin settings organized into sections such as “All Downloads”, “Categories”, “Tags”, “Payment History”, “Customers”, “Discount Codes”, “Reports”, “Settings”, “Tools”, et al.
  • Auto-creates pages such as “Checkout”, “Purchase Confirmation”, “Purchase History”, and “Transaction Failed”.
  • Adds an “Insert Download” button to each “Edit Post” and “Edit Page” screen.
  • Any additional settings added via EDD extensions are included under “Downloads” > “Settings” > “Extensions” (tab).
  • EDD does an excellent job of using the WP API to display all plugin settings, no weird colors or bizarre layouts to deal with.

It also should be noted that EDD provides 100% support for SSL/HTTPS in the Admin Area, whereas s2 does not (s2’s settings pages include images from non-SSL sources, so you get the “mixed-content” warning that not all page items are secure).

Bottom line: Both s2 and EDD provide plenty of settings, which makes it easy to configure all of the main features and functionality as desired. Both plugins also modify other aspects of the Admin Area, with s2 adding some useful additional fields to User Profile screens, and EDD auto-creating all required pages.


I’ve been running both plugins for some time now and never have had any problem with the security of either. That is, I trust that each of these plugins is secure and have not yet experienced anything to suggest otherwise. There are, however, a couple of s2 things that should be noted:

  • s2Member Pro reports anonymous usage information (see this article).
  • s2Member provides some sweet built-in security features like brute-force login protection (free and pro version), unique-IP enforcement (free and pro version), and simultaneous login restrictions (pro version).

Bottom line: In my experience both s2 and EDD are very secure and can be trusted to keep your data safe. s2 provides some additional built-in security measures that can prove very useful in protecting your site against malicious users.


Both s2 and EDD are consistent for the most part, however with EDD I get a significant number of payments that never go through (they just stay marked as “pending”). I and numerous others have reported this issue to the EDD team, but as of yet none of the suggested workarounds or proposed solutions have done the trick. To better understand what I’m referring to, try searching online for this query.

Bottom line: If completing every attempted purchase is important to you, be advised of the “payments stay marked as pending” issue with EDD. I’ve been using s2 for years now and never have experienced any similar problem; that is, with s2Member all payments/purchases always go through clean the first time.


As with security, the performance of any plugin is a significant factor in determining its usefulness. With s2 and EDD, the overall performance is good, but there are some things to be aware of, such as:

  • With either plugin, you can notice a difference in loading time in the Admin Area when the plugin is enabled.
  • s2 tries to be all things to all users, so you may end up with some bloat unless you’re using all of the features.
  • s2 employs the most overwrought attributes and convoluted markup that I’ve ever seen in my 15+ years working online. Makes it very difficult to work with and customize.
  • s2’s heavy-handed markup adds unnecessary weight to pages, which can slow things down a bit on the front-end.
  • Both plugins may include CSS and JavaScript assets on every page, even when not required.

Note: to improve performance with s2, you can enable its “Lazy Loading” feature, which attempts to load CSS and JS assets only on pages where they are required. That feature works in most cases, but you may need to do some further tweaking to get the right scripts to load when needed depending on the page. Likewise with EDD, you can add code snippets to your site that will disable scripts and styles where they are not necessary.

Bottom line: I would say that s2 and EDD roughly are equivalent in terms of overall performance, but there are some details that may need tending to depending on the performance goals set for your site.


Both plugins provide proper documentation, with s2Member providing copious (arguably too much) documentation inline within the plugin settings and also on their website. EDD provides solid documentation on the EDD website and also on various plugin screens via the contextual “Help” tab.

FWIW, in my opinion s2 should move their inline documentation from within the plugin settings to the Help tab for each screen. Would really help clean things up, IMO.

One big plus for s2Member is the detailed changelog that’s included with each plugin update. Very thorough and super informative.

Bottom line: Both s2 and EDD provide solid documentation, with plenty of inline and online documentation for many relevant topics.

Customer Invoices

Just want to take this opportunity to point out a MAJOR difference between s2Member and Easy Digital Downloads: s2Member does not provide any sort of customer invoice system at all. If you want to provide invoices for your customers, you have to roll your own. And that’s easier said than done.

With EDD, you can purchase the PDF Invoice extension, configure some settings and done. They may also have other invoice-related extensions available.

Bottom line: EDD can do customer invoices with an add-on. s2Member does not provide any invoice functionality whatsoever.


Both plugins have moved support behind a private wall, such that you need to jump through hoops in order to get any official help from either support team. In the past, both plugins had open, searchable forums where users could post questions and get help that would benefit others as well. The process required only logging in, so it was fast and super-useful for all involved.

Since then, support for either plugin now requires logging in, answering a bunch of questions, uploading required files, and then waiting for someone to respond via email (which can get caught/lost in spam filters). Walled support may be great for support teams, but it kinda sucks for users.

Beyond that, the major downside of moving support behind a private wall is that the responses no longer are searchable by other users of the plugin. So it kind of kills the whole “online community” aspect of the plugin.

That said, although both plugin teams ultimately provide good support, in my experience I seem to get quicker responses from the folks at s2Member. As in hours as opposed to days (or longer) with EDD.

Bottom line: For official support for either plugin, you’re gonna need to log into your account and jump through some hoops. BUT it also may be possible to get help via either plugin’s support forums at

Not guaranteed a response in them there forums, but it could be worth a shot for minor issues or general questions, etc.

Miscellaneous Details

I’ve tried to keep this comparison post as organized as possible, but there remain a few items that just didn’t fit neatly into any of the previous sections. So I’m dumping them all here and calling it good.


List of miscellaneous pros and cons for s2:

  • Pro — Provides a super-handy “notes” field on each User Profile screen. Great for keeping track of customer details.
  • Pro — Provides excellent granular control over each type of email template (e.g., welcome user, upgrade account, et al).
  • Pro — s2 “feels” like a more mature plugin. Subjective I know, but also makes sense if s2 has been around longer.
  • Con — can’t use the site homepage as the s2 “options page” (a required setting). So you have to create a superfluous options page just to satisfy s2’s otherwise arbitrary settings requirements.

I’ll add more pros and cons to this list as I discover/remember them, or as they are pointed out by others.

Easy Digital Downloads

List of miscellaneous pros and cons for EDD:

  • Pro — (or con, depending on perspective) — User information is contained in numerous places, including the Users menu, Payment History, and Customers screen.
  • Pro — Provides sales report summaries via graphical UI (available under “Reports”).
  • Con — Users are registered before purchase, so if/when the transaction fails, you’ve got a user account that is not attached to any purchase (i.e., loose ends).
  • Con — Not all bugs are fixed. I’ve reported several significant bugs for various EDD extentions. As time goes on, I continue to wonder if they ever will be resolved.

I’ll add more pros and cons to this list as I discover/remember them, or as they are pointed out by others.

Bottom line: Every plugin brings its own set of pros and cons, and these plugins are no exception.


Hopefully this post helps others to understand some of the differences, pros and cons between s2Member and EDD. Again, each plugin is awesome in its own right, but one or the other is going to be better suited for the job depending on your goals and requirements.

The good news is that both plugins provide a free version that enables you to check things out and see how they work before making any long-term commitments and/or investments. So if either one sounds like it will fit the bill, grab the free version and give it a try. And as always, if you have any experience or insight regarding of these great plugins, feel free to share via the comments or leave feedback via email. redesigned

As you can see, our redesign is now live! This summer we worked hard to complete it and we’re extremely proud of the result. Of course, we changed our design for a reason. Years ago, was “just” a blog, now it’s much more and our new design reflects all the sides of our business better. As soon as you enter our homepage you can see we do a lot more than just write informative blog posts. Watch my video below to learn more about the most important changes and why they happened:

New site structure

This redesign didn’t just change the design and visual appearance of our site. Our site structure got a complete overhaul as well. This is most obvious in our menu. You can find two new items in our top navigation: Academy and Software.


We’ve already announced Yoast Academy, so if you’re a regular reader, this shouldn’t come as a surprise. This is the section where you can find our eBooks and courses (the first of which will be launched October 12!).

The redesign means we now have two different kinds of blogs, as I mentioned in the video: we have an SEO Blog (which is where 90% of our old content lives)  and a Dev Blog. The SEO blog will be a part of the Academy section. This blog will be the blog where we write our “usual” blog posts about Usability and Conversion, General SEO, Analytics etc.


This is a new top-section that houses sub sections like our WordPress Plugins page. Since we’ll also have a Drupal module (and probably others ;) ) and are not focusing solely WordPress anymore, this has changed to Software. Here you can find all our WordPress plugins and our Drupal module.

Alongside our modules and plugins, this is also the place where you can find the new Dev Blog. This is a blog where you’ll be seeing a lot of Omar, Rarst and others. It’ll be much more technical, we’ve moved some of our recent posts, like the recent API breaking changes post, into that blog.

No more publications

In the redesign, we’ve removed our Publications section. We’ve concluded that our articles (such as our WordPress SEO article), were nothing more than must-read blog posts. And that’s exactly what we’ve made them, in order to improve the structure and logic of our site. This new “class” of must read articles will appear at certain sections and pages within the site.

New functionality

There’s one bit of new functionality that I wanted to highlight, especially because it’s been requested so many times:

Yoast shopping cart

We now have a functioning shopping cart on! This means that you’re able to add products to your cart, continue browsing and easily find your way back to complete your purchase.

New artwork

And last, but most certainly not least, we have new artwork. Most of you have probably already seen screenshots of what to expect, but as of today you can admire Erwin’s work live. We have several huge illustrations, like on our homepage, software page and academy page. We also have icons for each of our plugins now. You’ll see more and more new images and icons appear in the coming months. This artwork replaces our avatars, or mostly, my own avatar that was shown in various shapes through the site. Yoast is much more than just me now, employing 30+ people. We felt showing my head on every page was no longer an accurate reflection of who we are, hence this change.

No more WordPress themes

This new design also lacks a particular menu item: we no longer sell WordPress themes. Our themes were never a big part of our business, and we’ve decided we should focus elsewhere. Everyone who has bought a theme and needs support will of course get support for the coming years.

Have fun exploring!

That’s all we have to tell you. Make yourselves at home and start exploring the new site. Have fun!


This post first appeared as redesigned on Yoast. Whoopity Doo!

13 Plugins and Tips to Improve WordPress Admin Area

Want to customize WordPress admin area? Perhaps you want to change the default color scheme, add your own branding, or even add new help section for clients? In this article, we will share 13 plugins and tips to improve your WordPress admin area.

1. Change Your Admin Color Scheme

Tired of looking at the same default colors of WordPress admin area? You can change them by visiting Users » Your Profile page. Non-admin users with access to the admin area can also personalize their experience by visiting the Profile page.

Changing the color scheme of WordPress admin area

WordPress comes with 8 built-in color schemes to choose from. For detailed instructions see our guide on how to change the admin color scheme in WordPress.

2. Create Your Own Custom Admin Color Schemes

Don’t like any of the default color schemes? No worries, you can create your own custom color schemes without writing any code. Simply install and activate Admin Color Schemer and visit Tools » Admin Colors page. You can choose colors and create your own custom admin color schemes to use.

Creating your own custom admin color schemes

For detailed instructions you may want to checkout our tutorial on how to create custom admin color schemes in WordPress.

3. Set a Default Admin Color Scheme for All Users in WordPress

If you want to provide a consistent user experience for all users on your site, then you can set a default admin color scheme in WordPress. Simply add this little code snippet into your theme’s functions.php file or in a site-specific plugin.

function set_default_admin_color($user_id) {
	$args = array(
		'ID' => $user_id,
		'admin_color' => 'sunrise'
	wp_update_user( $args );
add_action('user_register', 'set_default_admin_color');

You can also stop users from changing their WordPress admin color scheme. For detailed instructions take a look at our tutorial on how to set default admin color scheme for new users in WordPress.

4. Free Admin Themes and Plugins

Admin color schemes only change the colors of WordPress admin area. If you want to completely transform the appearance of the admin area, then try out one of the many WordPress admin theme plugins. These themes modify the WordPress admin area making several changes into the overall appearance of the administration screens.

A WordPress Admin Theme Preview

Take a look at our hand-picked list of 7 free WordPress admin themes for WordPress that you can try right away.

5. Hide Unnecessary Items from Admin Area

Don’t want your users to see all the admin menus? Well you can hide them based on user roles.

If you build sites for clients, then you can hide menu items where you feel that clients could break the site. For multi-author sites, you may want to hide menus that users don’t need.

Simply install and activate the Adminimize plugin. Visit Setting » Adminimize page to configure the plugin.

Adminimize Menu

Adminimize is a powerful plugin with lots of options. Take a look at our tutorial on how to hide unnecessary items from WordPress admin with Adminimize for detailed instructions.

6. Add Custom Links to WordPress Toolbar

The WordPress toolbar or admin bar is the menu that appears on the top of your admin area. This toolbar contains useful shortcuts to different admin screens in WordPress. You can customize it to add your own custom shortcuts in the toolbar for easy access.

Simply add the links to your toolbar by adding this code snippet into functions.php file or a site specific plugin.

// add a link to the WP Toolbar
function custom_toolbar_link($wp_admin_bar) {
	$args = array(
		'id' => 'wpbeginner',
		'title' => 'Search WPBeginner', 
		'href' => '', 
		'meta' => array(
			'class' => 'wpbeginner', 
			'title' => 'Search WPBeginner Tutorials'
add_action('admin_bar_menu', 'custom_toolbar_link', 999);

This sample link shortcut would add a custom WPBeginner Search link, so you can easily search the tutorials.

Don’t forget to replace all arguments with your own link. For more detailed instructions checkout our tutorial on how to add custom shortcut links to WordPress toolbar.

7. Limit Dashboard Access in WordPress

By default, all your users on your WordPress site can access the admin area. Obviously, they can only do as much as their user role allows them to do, but it is a bit unnecessary to give users access to admin area if they have nothing to do there.

Simply install and activate Remove Dashboard Access plugin. Visit Settings » Dashboard Access to configure the plugin.

Limit dashboard access

For detailed instructions take a look at our tutorial on how to limit dashboard access in WordPress.

8. The Secret Options Page in WordPress Admin

WordPress stores a lot of settings in the database. Some of these settings can be changed by visiting different sections under the Settings menu of your admin area. However, there are still a large number of options stored in your database by plugins, themes, and WordPress. The reason you cannot normally edit those options from the admin area is that you are not supposed to change them manually.

WordPress has a secret options page hidden from admin menu which will show you all the stored options for your site. Simply visit:

Replace with your own domain name. You will see a long list of options on this secret page.

The hidden all options page in WordPress

To learn more about this page, visit our guide on the hidden secret options panel in your WordPress admin area

9. Change The Admin Footer Text

By default, the footer area in WordPress admin shows a text ‘Thank you for creating with WordPress’ and your WordPress version. You can easily reclaim this space and put your own branding there. Simply copy and paste this code in your theme’s functions.php file or a site-specific plugin.

function remove_footer_admin () {
echo 'Powered by <a href="" target="_blank">WordPress</a> | Built by <a href="" target="_blank">Syed Balkhi</a>';
add_filter('admin_footer_text', 'remove_footer_admin');

Take a look at our tutorial on how to change the footer in your WordPress admin panel for more information.

10. Featured Image Column in Admin Area

WordPress allows you to add featured images to your blog posts. However, when you are looking at the posts screen, it is unclear which posts have featured image and which posts don’t have them.

You can solve this problem by simply installing the Featured Image Column plugin. Upon activation, the plugin will simply add a featured image column on Posts screen.

Featured Image Column

For more information, you may want to visit our tutorial on how to add a featured image column to your WordPress admin area.

11. Show or Hide WordPress Dashboard Widgets

The default WordPress dashboard screen comes with several widgets. Some of this information is probably not important for you. That’s why you can hide those sections by simply clicking on the Screen Options button and unchecking the box next to each option.

Hide dashboard widgets in WordPress

For more details visit our tutotrial on how to customize WordPress admin area dashboard.

More advanced users who want to completely disable dashboard widgets for all their users can take a look at out guide on how to remove WordPress dashboard widgets.

12. Add a Help Section in WordPress Admin Area

If you build websites for clients or run multi-user sites, then you are probably tired of answering the same questions again and again. Wouldn’t it be nice if you can add a help section, so that users can find the answers themselves?

First you need to install and activatre WP Help plugin. Upon activation, you can configure the plugin to create your own customized help/resource center.

For details you may want to check out our tutorial on how to add a help/resource section in WordPress admin.

13. How to Remove Links from Toolbar

WordPress toolbar displays a menu of links under the WordPress logo. If you are customizing your admin area and want to remove this menu and WordPress logo, then simply add this code in your theme’s functions.php file:

add_action( 'admin_bar_menu', 'remove_wp_logo', 999 );

function remove_wp_logo( $wp_admin_bar ) {
	$wp_admin_bar->remove_node( 'wp-logo' );

Removing WordPress logo and links from admin toolbar

We hope these plugins and tips helped you improve your WordPress admin area. You may also want to check out our list of 9 best WordPress SEO plugins and tools that you should use.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

To leave a comment please visit 13 Plugins and Tips to Improve WordPress Admin Area on WPBeginner.

The Art of Troubleshooting WordPress

The Art of Troubleshooting If you are new to WordPress, or even if you have some experience, it may seem impossible to figure out why something isn’t working as expected. It would be nice if we could just wave a magic wand and have everything “fixed” automatically, but reality requires a bit more effort to diagnose and resolve issues. It would be impossible to describe troubleshooting steps for every possible issue, so this post stays focused on troubleshooting things in general. The goal here is not to explain how to fix all of your problems, but rather to guide you through the basic process of troubleshooting stuff in WordPress. Remember: troubleshooting is more of an art than a science, but there are proven strategies and steps to take if and when you get stuck.

Table of Contents

The essentials

Successful troubleshooting in WordPress begins with the following steps.

Understand what you’re doing

WordPress has made things easy. Arguably too easy. So there’s a lot of folks just jumping in without having any idea what they are doing. You wouldn’t drive a car without first understanding the basics. Like how to accelerate, brake, shift, turn, and so forth.

Likewise with WordPress, it is mission critical to understand at least the basics of the software. A solid understanding of WordPress just makes everything easier, including troubleshooting. And the good news is that there are millions of ways to go about learning WordPress basics. So take the time to research online and put everything together yourself, or just grab a copy of my book, The Tao of WordPress, where I bring it all together in clear, concise fashion.

Read the documentation

Always read the readme.txt and/or documentation for all themes and plugins. In my years working with WordPress, most of the questions I’ve received are plainly explained in the associated readme.txt. Most every plugin or theme hosted at must include a descriptive, well-defined readme.txt file.

As with many things, the best way to resolve issues is to avoid them in the first place. By always reading the readme.txt and/or other available documentation, you’re equipping yourself with the information needed to avoid errors while operating the plugin or theme successfully. So crack open the documentation — the solution may be right there waiting for you.

Check the Help tab

Use the “Help” tab in the Admin Area to get contextual information anytime. On most every screen in the WP Admin Area, there is a Help tab in the upper-right corner of the page. Clicking it reveals useful information that may help answer any questions. Good plugins also equip their pages with healthy Help menus, very useful for learning how things work and configuring stuff.

Check the WP Codex

Another useful source of information is the WordPress Codex. It provides detailed information about most every aspect of WordPress. If you get stuck with something, or plan on doing something where you might get stuck, take some time to research the relevant pages at the Codex. Hard to go wrong with the official documentation.

Search for clues

Getting a handle on some tricksy bug or problem can seem like an overwhelming task. Especially if you’re new to the game and are unfamiliar with whatever script or issue you are dealing with. To get a solution going, try searching for any related information. There is an abundance of useful WordPress information online, and chances are that someone already has been there, done that, and posted about it online. I mean seriously, WordPress powers over 20% of the entire Web, so odds are good that you’ll find some sort of useful infos via search engine. So pick a few relevant keywords that are related to your issue and see if anyone else out there has posted a solution, clues, or anything that will help.

Clear all browser data

Browsers remember a lot of stuff about the pages and resources that you visit. In order to make sure that you are testing the latest code, make sure to clear your browser’s cookies, cache, form data, and/or anything else you are working with. I like to use multiple browsers, with several kept in perpetual “clean” mode with absolutely no stored history or data whatsoever.

Update WordPress

Make sure you are running the latest version of WordPress and all plugins. It’s the best way to rule out issues related to incompatibility due to running outdated versions.

Keep backups

Always make sure you are keeping tested and complete backups for your site. Backups should include files and the database. It doesn’t matter how you get there, as long as you have backups to restore previous functionality as needed. Remember, it’s not enough to back up your site — you have to test the backups themselves to ensure that they are complete and working properly.

Again, these are the essential things that you should be doing regardless of bugs or problems. Just good advice in general. Once you’ve covered these bases, read on to learn more troubleshooting techniques, tricks and tips.

Think logically

S’chn T’gai Spock (wearing visor) Whenever troubleshooting, be like Spock and try to think logically about the issue at hand. Remember, ultimately you’re dealing with scripted logic, so theoretically it always is possible to determine the cause of an issue.

In general, troubleshooting involves defining and replicating the issue, eliminating extraneous variables, and performing sufficient tests to verify the hypothesis. Here is a quick summary of each of these concepts, which are useful in breaking down problems and identifying potential solutions.


In order to understand what you are trying to fix, it is helpful to be able to describe or define it. For example, saying “Oh noes! WordPress is not working!” essentially is useless information. A step better would be something specific like, “My homepage is not loading.” Even better would be like, “My homepage is not loading the correct theme template.” Continuing this logic, eventually the definition of the issue would pretty much point to a solution, for example:

“My homepage is not loading the correct theme template when my Reading settings are set to display a static posts page for the front page.”

In this scenario, the definition itself begs the solution, which would involve ensuring that the theme includes the proper template file. The more succinctly you can define an issue, the better equipped you are to resolve it.


In order to determine any sort of solution, it must be possible to consistently replicate the issue. Once an issue can be replicated, it can be tested and observed. For example, let’s say that you are using an e-commerce plugin that fails to process certain transactions. It works some of the time, but not all of the time. Sure you could begin changing settings and tweaking codes in hopes that something will click. But it would be much better to be able to replicate a failed transaction and limit your testing to that particular case. Replication ensures that the actions you are taking are being applied to the correct outcome.


In order to isolate and determine the issue, it is important to eliminate as many extraneous variables as possible. For example, let’s say that you have just activated 50 plugins all at once (yikes!). And now your pages are not loading on the front-end. In order to determine which (if any) plugin is causing the issue, you can begin by eliminating as many variables (i.e., plugins) as possible.

Disabling all plugins and trying again to load the homepage will tell you immediately if the issue is caused by one or more or your many plugins. If the homepage suddenly loads again, then you can begin re-enabling plugins one at a time until the culprit is found. The process of elimination is a powerful tool for troubleshooting just about anything.


With these strategies, you are equipped to begin testing potential hypotheses for validation. Essentially, when you get into the art of troubleshooting stuff, you are working with the same principles and concepts as are employed in scientific research: studying current conditions, defining a hypothesis, performing tests, analyzing data, and arriving at a conclusion. For more serious learning in this arena, queue up any beginner literature on the scientific method. It’s good stuff, and a lot of fun too :)

Things to avoid

Just as there is a list of “essential” things that will make your WordPress-powered life easier, there also is a list of things that will make your life more difficult:

Bulk plugin activation

Don’t activate a bunch of plugins all at the same time. I see this over and over again. People install fistfuls of plugins and then activate them all at once, expecting everything to just “work” perfectly. Rarely is that the case, so it’s recommended to take the time to activate one plugin at a time. That way you can configure the plugin and verify proper functionality in clean, systematic fashion. Otherwise if you just mass activate a whole pile of plugins and there is some error or conflict, you’ll have no idea which plugin is the culprit, and will have to waste a bunch of time trying to figure it out.

Shady plugins and themes

Whenever possible get your plugins and themes from If you must go to a 3rd-party site, make sure that it is reputable and trustworthy. Anything less and you are taking a big risk. Malicious code commonly is found in plugins and themes shared on “warez” and “pirate” type “sharing” sites.

In general it’s just always a bad idea to download illegal copies of anything involving code (or illegal copies of anything, for that matter). It’s way too easy and tempting for ignorant people to inject scummy exploit scripts and other malicious nonsense. Steering clear of shady sites and sticking with the official source is gonna help keep your site safe and give you piece of mind.

Running a zillion plugins

So many times I’ve logged into someone’s site to try and help resolve some issue, only to discover the nightmare scenario of “WAAYY TOOO MANNY PLUGINZZ!!!”. Seriously, I can understand 10-20 WordPress plugins to get the job done, but 50 plugins?!?! 100 plugins?!?

Ranting aside, I encourage people to go with a more moderate approach and install only those plugins that absolutely are necessary. Unless you are careful about it, activating crazy numbers of plugins will only complicate things, increase maintenance load, and waste precious resources like bandwidth, memory, and time. More plugins = more liability.

3rd-party services

Okay so in general it’s fine and safe to use third-party services and integrate them with your WordPress-powered site. BUT it is important to be mindful of the potential downsides and consequences of doing so. Make sure you fully understand what any 3rd-party functionality is doing before granting open access to your database and files.

For example, if you are having issues with something and can’t figure it out, double-check to see if any 3rd-party scripts or plugins are involved and possibly doing something unexpected. It’s one thing to keep tabs on everything that you are doing with your site, but it can be difficult to know exactly what changes, say, Facebook is making to their API, widgets, and so forth. APIs change constantly, so if you plug into one, make sure to be mindful of what it’s doing.

Modifying the core

When working with WordPress, never make changes to the core files. Same goes for plugins and themes. Don’t modify the core files in any way. Doing so invites more problems and should not be considered a solution for whatever bug or issue you are trying to resolve. If you need to make changes to core functionality, use a plugin or the theme’s functions.php file. That is, after all, why they exist in the first place.

Check the basics

When in doubt, it’s always a good idea to go through all of the basic troubleshooting steps:

Check the documentation

Always check the theme or plugin documentation for important information. Often, known bugs will be reported with possible workarounds and solutions. Repeat: always read the documentation. I can’t emphasize this enough.

Inspect all settings

Before using a plugin or theme, take the time to inspect all of its settings and options. Many times there will be some obscure (or obvious) setting that is changing the way the plugin operates. So if you are trying to diagnose and resolve an issue, going through each plugin setting may reveal a simple, one-click solution.

Check the error logs

Every site should have some sort of error-logging and access-logging mechanism in place. Error and access logs enable you to investigate what, when, where, and why errors and other issues may be happening on the server. They provide a goldmine of information and really are indispensible tools for anyone working online. If you are not sure about your own site’s access/error logs, ask your host — they should be more than happy to help you find them.

Check functions.php

If you are trying to diagnose some theme-related issue, check any custom scripts that may be added via the theme’s functions.php file. Check any newly added functions or use the halving method to determine if any code in functions.php is at issue.

Check for syntax errors

How many times have you traced an issue back to some obvious syntax error? It’s happened to me countless times. Whenever troubleshooting, take a fresh look at whatever code you are working with and look for any subtle typos or other coding mistakes. Maybe take a break before doing so in order to refresh your eyeballs and look at the code from a fresh perspective, or ask a fellow developer to take a look. Hopefully whatever code-editing software you are using does syntax highlighting and makes it easy to spot any errors.

Other details

Additionally, when troubleshooting remember to check the following:

  • Custom directives in wp-config.php
  • Custom directives in php.ini
  • Custom directives in any .htaccess file(s)
  • Settings/directives set via your server control panel

If any of these items are in play, they could be at issue. Investigate thoroughly!

Roll back

If you get stuck while working on your site, try stepping back through your previous actions. In web development this is referred to as “rolling back” to a previous verion or build. For example, if you’ve just updated some awesome plugin and the latest version is causing problems, you may want to roll back to the previous version, at least until the error can be reported to the developer and resolved (i.e., don’t stick with an old version).

Similarly, if you are making changes to your site and something stops working properly, try “undoing” whatever prior steps were taken. You know, go back to the last known working state and try again from there. Often doing so will reveal any missteps or incompatibilities.

Debug mode

Another great way to troubleshoot is to run WordPress in “debug” mode. Debug mode provides errors, warnings, and notices that can reveal priceless information regarding what is happening (or not happening) under the hood. As explained in the WP Codex, you can enable debug mode by setting WP_DEBUG to true in the wp-config.php file, like so:

define('WP_DEBUG', true); // enable debug mode

Once you’re finished checking things, change true back to false (without the quotes) to disable debug mode. Refer to the WP Codex for all the details. In addition to WordPress’ built-in debugging functionality, there are some excellent plugins available at the Plugin Directory:

Debugging code is an important part of the development process, so if the authors of your themes and plugins are doing their part, debugging should reveal that everything is squeaky clean, or as close to it as possible. If you do discover a bug in a theme or plugin, contact the developer. If you discover a bug in the WordPress core, follow the steps outlined in the Reporting Bugs guide at the WordPress Codex.

Tip: When it comes to PHP, there is a distinct difference between Notices, Warnings, and Errors. Seeing Errors and Warnings in your error log is not a good thing, but Notices are nothing to worry about 99.9% of the time; rather, Notices exist to communicate information to developers about best practices and related information.

So if you’re seeing Notices and feel the need to complain, take a moment and check yourself: Notices are completely harmless. If you don’t like seeing them, disable debug mode or change the PHP error-reporting level on your server.

Set up a default WP install

If some plugin or theme is not working on your current WordPress site, try setting up a default installation of WordPress for testing. The logic here is that most themes and plugins are tested at least on a default WordPress setup, so replicating that environment will give you a baseline and enable you to verify that things are working as expected. It also enables you to compare the differences between the default WordPress site and the site for which the theme or plugin is not working.

The default installation should be exactly as installed out of the box with no changes to anything. Do not modify any of the settings, plugins, or themes. This gives you a suitable platform for testing proper functionality for themes and plugins.

For example, let’s say that you are building a WordPress site and have customized things quite a bit. Then you install a new plugin and something breaks or the plugin does not work as advertised. Having a default installation of WordPress available makes it easy to determine if the plugin works in the first place. Just install and activate it on the default WP install and see if it works. If it does work, then you can begin troubleshooting the differences between your site and the test site.

Going further, you can begin recreating your site on the test site, testing after each step to see if the plugin (or whatever script) stops working. That will tell you exactly which aspect of your setup is conflicting with the plugin.

On the other hand, if the plugin doesn’t work on default WordPress, then you should seek support of the plugin developer.

Reset the database

If you’re working on a new site that doesn’t yet house any content, you may want to try resetting the database to resolve any issues. There are some good plugins available for doing this (see links below) and of course it’s also possible to do it manually by simply deleting the old database and visiting the installation file, /wp-admin/install.php, in your browser. Doing so will initiate the installation process and recreate the database anew.

Tip: Even if there are no issues with your site, resetting the database after experimenting with a bunch of new themes and plugins is a great way to clean up any leftover data before finalizing configuration and customization for production.

Explore the Plugin Directory for other options and tools for working the WordPress database.

Start over

If all else fails and things are too complicated to troubleshoot or reverse engineer the issue, try setting up a fresh installation of WordPress and recreating your site piece by piece. Yes it takes some time to set up another database and install WordPress, but doing so enables you to discover the issue as it occurs in the timeline of your site’s development. In fact, in some cases the issue may be resolved simply by resetting the database and uploading a fresh set of files. Starting over may be just the ticket when things get too complicated.

Troubleshooting plugins

If you activate or update a plugin or theme and something stops working, it’s most likely the plugin or theme that’s causing the issue. This is why it’s a good idea to install and configure plugins one at a time, verifying proper functionality for each one along the way. If you’re not sure which plugin or theme is causing the issue, there is a proven strategy for diagnosing which one is at fault. Here is the general process:

  1. Some functionality is not working properly
  2. To diagnose the issue, temporarily disable all plugins
  3. Then reactivate each plugin, one at a time, testing for proper functionality after each

If you are troubleshooting a specific plugin, then you would disable all plugins except for that particular plugin. The whole idea here is to eminate variables in order to determine exactly which plugin (if any) is causing the issue. Here is a graphic to help visualize the process:

Troubleshooting WordPress Plugins
Troubleshooting WordPress Plugins (click image for larger view)

I’ve used this method countless times to isolate problem plugins on client sites where many plugins are in use. If your site is running a lot of plugins, it may be easier to set up a test WordPress installation.

Note: Before disabling any plugins, you may want to implement “maintenance mode”. This is easiest to do with a plugin, but that doesn’t make sense if you’re disabling plugins to diagnose issues. Fortunately, maintenance mode is easy to do with .htaccess.

Troubleshooting themes

Basically the same idea as troubleshooting plugins, only using themes instead. For example, to determine whether or not your theme is responsible for some tricksy bug, try switching to one of the default WordPress themes. If the bug persists, the issue is not with your theme. If the bug disappears, the issue is with your theme.

Examples of troubleshooting specific issues

These specific examples show some troubleshooting steps that can be taken to diagnose specific issues. Following the logic behind each step should give you a better idea of how to apply such strategy to troubleshooting issues in general.

Shortcode not working

A great example that illustrates the troubleshooting process can be seen with a help request that I received a while ago. The request was to help figure out why some shortcode was not working on site. Here is the gist of my reply, which explains some logical steps to take in order to rule out extraneous variables and determine the cause of the issue:

  • Try creating a gallery in any post to see if WordPress shortcodes are working
  • Try any other 3rd-party shortcode to see if theme/plugin shortcodes are working
  • Try placing the shortcode on a different Post or Page to rule out location as the issue
  • Try placing the shortcode in any widgetized sidebar to rule out location as the issue
  • Try putting the shortcode in the WP text widget to see if there is any issue
  • Try<?php echo do_shortcode('[shortcode]'); ?> in theme template
  • Try the shortcode in the default WordPress theme to rule out any theme-related issue
  • Try disabling plugins to rule out any conflicts in that department

This is not a comprehensive list of things to check when troubleshooting shortcodes, but it was enough to help the person sort things out and resolve the issue.

Email not working

So you are having issues with email not working in WordPress (or anywhere else for that matter). Perhaps it seems like WordPress is not sending the emails. Or maybe the emails are sent but not received. Or not received only at Hotmail or other specific service(s). When you are experiencing email issues, keep in mind that there are many factors involved, including:

  • WordPress
  • Active WP theme
  • Plugins
  • Custom scripts
  • Server software
  • Hosting rules/policy
  • DNS/domain protocols
  • Network functionality
  • Spam-blocking scripts
  • 3rd-party services like Gmail, Hotmail, et al
  • Email headers
  • Ad nauseam..

All of these factors makes email one of the most difficult things to troubleshoot. There is a plugin that may help rule out a few of these items, called Check Email. You can begin there and continue investigating until the issue can be determined. The check-email plugin lets you know if the issue is with WordPress or elsewhere. Unfortunately resolving email issues requires a fair amount of investigation, so roll up your sleeves and get to work ;)

Updates not working

When it comes to automatic/one-click updates, there are numerous factors that should be investigated:

  • Check the site’s error log for any revealing errors
  • Troubleshoot plugins (security plugins, firewall plugins, et al)
  • Troubleshoot active theme (custom scripts in functions.php, etc.)
  • Check any custom code included in wp-config.php
  • Check any relevant .htaccess directives
  • Check any firewall or interfering rules set up on the server
  • Check any firewall or interfering rules set up by the web host

For a more detailed look into various factors that could cause this issue, check out What to do when Auto-Update Fails at Plus, here are a few additional resources that may be useful when diagnosing outbound HTTP requests:

Getting help with WordPress

There are many good places to get help with WordPress. Of course, the quickest way to find exactly what you’re looking for is to do a few quick searches with your favorite search engine. For example, if you’re having issues with a specific plugin, search the Web for the plugin’s name plus any relevant keywords. If nothing useful turns up, here are some general resources for getting help:

Familiarizing yourself with these resources may prove useful as you go further with WordPress. If you’re adept at searching, you should be able to find just about anything. If nothing useful is found, you may need to contact a developer.

Before asking for support

After exhausting all possible troubleshooting steps, you may want to contact a developer or other support venue for help. Here are some things to include in your support request:

  • A clear, succinct description of the issue and how to replicate it
  • Any relevant screenshots showing what’s happening
  • The name and description of any related error messages
  • The URL of your site and/or any relevant posts or pages
  • The name(s) of any relevant plugin or theme
  • Any steps or potential solutions that you’ve already tried

Additionally, it’s wise to not bomb your developer with a bunch of requests at the same time. Much better to get help with one issue at a time. Doing so can be respectful and helps to keep communication organized and on track.

Keep it real

Troubleshooting is a fundamental aspect of working online. Bugs and issues are an intrinsic part of what we do. Experienced developers have well-established debug and troubleshooting routines in place, and beginners should practice their skills as much as possible. The next time you get stuck, use this guide to help diagnose and resolve the issue. Doing your own troubleshooting is a priceless skill to have, and can save a lot of time in the long run.

References and Resources

A Look Inside the Offices of 16 People Who Work With WordPress on a Daily Basis

In a remote worker environment, people have the choice to work from home or wherever it’s convenient. Syed Waseem Abbas published a guest post on Torquemag, that looks at the offices of 16 people who work with WordPress on a daily basis.

Some of the offices are classy while others are small. Many of the people featured in the post use one or more Apple products. If you’re curious as to what my setup looks like, here you go.

My Home Office
My Home Office

Most of the work I do is on a Windows 7 Professional 64bit desktop PC with two 23-inch monitors. When I work remotely, I use a fully loaded 15-inch MacBook Pro with retina display from 2013. As a devoted Windows user, I feel like I’m part of a dying breed, especially within the WordPress ecosystem.

For WordPress Weekly, I use a Samson CO1U USB powered condenser microphone connected to a Rode PSA1 swivel mount with a boom arm.

I predominantly work in a sitting position which is why I’m in the market for a standing desk where the height can be easily adjusted. I’m also looking for a new office chair where the arm rests don’t disintegrate within the first year of use.

If you have any suggestions, let me know in the comments. Also, if you need inspiration to create the perfect office environment, check out Office Today. Office Today features remote offices and locations from across the world used by Automattic employees.

How to Remove NoFollow From WordPress Comments

By default WordPress automatically adds a nofollow tag to all links in the comments. Recently one of our readers asked if it was possible to remove the nofollow from WordPress comments? In this article, we will show you how to remove nofollow from WordPress comment links and explain the pros and cons of doing so.

What is NoFollow?

In 2005, Google introduced rel=”nofollow” attribute for links. This attribute simply instructs search engines that you do not endorse the mentioned links.

<a href="" rel="nofollow">Example Link</a>

nofollow tag in WordPress comment links

Why is NoFollow Automatically Added in WordPress Comments?

In the earlier days, one of the easiest ways to build backlinks and manipulate SEO was to comment on blogs for backlinks. This increased the number of spam comments.

The purpose of nofollow tag was to make blog comments less effective for SEO manipulation.

Since the main motivation for comment spam was to get backlinks, the nofollow would demotivate spammers.

That’s why WordPress implemented rel=nofollow to be automatically added to all links in the comments.

Good or Bad?

Adding nofollow to all outgoing links in comments provided blog owners some peace of mind. Now if a spam comment accidentally gets published, it will automatically be nofollow.

However, nofollow attribute did not get rid of comment spam altogether. Spammers simply didn’t care, and they assumed that even a nofollow link is worth something.

On the other hand, it discouraged some bloggers and readers from commenting because they felt they weren’t getting any value for contributing to your article.

Should You Disable NoFollow in WordPress Comments?

The reason why some site owners may want to disable nofollow is because they want to encourage more comments.

Making links dofollow may increase the number of comments, but it will also increase comment spam.

WordPress runs a PHP script when someone submits a comment. More comments means more instances of PHP script running on your server. This could also slow down your website, and your WordPress hosting provider may not be able to handle the load.

Most comment spam is submitted by spambots and can be easily caught with Akismet. However with nofollow disabled, you will get a lot more low quality comments submitted by actual human users.

You will be spending more time moderating comments than writing actual content on your site.

We recommend against turning off nofollow for blog comments. As a matter of fact, we recommend that you even add nofollow to external links from your blog posts that you do not endorse (see how to add title and nofollow to insert link popup in WordPress).

Should you still want to proceed and want to remove nofollow from WordPress comments, here is how you can do it.

Disabling Nofollow in WordPress Comments

First thing you need to do is install and activate the Remove Nofollow plugin. Upon activation, you need to visit Settings » Remove Nofollow to configure plugin settings.

Nofollow plugin settings

Remove Nofollow plugin allows you to remove nofollow from entire comments or just from comment author link. You can also dofollow both options.

Once you have made your selection, click on the update options button to save your settings.

You can now test this by going to your website and using the inspect element tool on any comment.

A dofollow link in WordPress comments

We hope this article helped you learn how to remove nofollow from WordPress comments. You may also want to see our list of 12 vital tips and tools to combat comment spam in WordPress.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

To leave a comment please visit How to Remove NoFollow From WordPress Comments on WPBeginner.