Introducing Cache Buddy: a companion for your WordPress page caching solution

WordPress is, by default, completely dynamic. On every page load, a bunch of “work” happens. Cookies are read. A database is queried. Content is transformed. All of this makes WordPress very powerful and flexible. But for sites that get a lot of traffic and mostly just need to crank out the same pages for everyone, this dynamic nature can become a challenge.

The common solution to this is to layer a page cache on top of WordPress. Batcache, W3 Total Cache, and WP Super Cache are examples of page caches built as WordPress plugins. Varnish, Nginx fastcgi caching, and CDNs like Akamai or Cloudflare are examples of page caching that happens outside of the WordPress layer. They store the HTML that WordPress generates for a given URL and then store it for later, so that when people request that URL in the future, they can just get the cached version, for little or no work on WordPress’ part.

But these page caching solutions all share the same downside: they can’t cache pages for logged-in WordPress users or users with WordPress comment cookies. Why not? Well, because WordPress looks at these cookies and alters the page based on them. A logged in user will see the WordPress toolbar at the top, which is customized to them. Users with more privileges might see “edit” links next to content that they can edit. And returning commenters will see their name, e-mail, and URL helpfully filled in to comment forms. All these things change the output of the page, such that it wouldn’t be worth it for a page cache to hold on to that page — it would only be of use to the individual visitor who triggered it. So all of these page caching solutions have rules that make them “skip” the page cache if a user has a WordPress comment cookie, or a WordPress user account cookie (and also a post password cookie, though this is an infrequently used feature). If a site has an active commenting community or has open registration (or required registration), this means that a much smaller percentage of page views can be cache hits. Instead, they are the dreaded cache miss, and they fall back to having WordPress generate a dynamic page.

The difference between a cache miss and a cache hit is not small. A cache hit takes minimal effort for the server, and can be delivered to the user much faster. It can be the difference between 1 second and 0.002 seconds. Five hundred times slower. Dynamic views keep the server connection open for longer, and take up CPU cycles. This can snowball under heavy load. Pages start taking longer, and because they start taking longer, less CPU is available. Eventually they can time out, or the server can run out of connections. Not good. You want cache hits, during a situation like this, but if the traffic isn’t anonymous (non-comment-cookie, non-logged-in-cookie), the available caching solutions just give up.

I’ve been solving this issue for years with custom caching solutions that strip the customizations from the page, so that the cache can be configured to serve one static page to everyone. Now, I’ve moved these techniques into a plugin, and I’m calling it Cache Buddy.

Cache Buddy works by doing the following:

  1. Changes what paths logged-in cookies are set for (so they work in the WordPress backend, but don’t exist on the front of the site).
  2. Sets custom cookies with relevant information about the logged-in user, on the front of the site, making these cookies JavaScript-readable.
  3. Sets custom cookies for commenters (again, JavaScript-readable), and doesn’t set the normal WordPress comment cookies.
  4. Uses the information from these JavaScript cookies, plus some comment form magic, to recreate the comment form experience users would get from a dynamic page.

This means that you can log in to WordPress, and then go a view a post’s comment form, and see “You are logged in as Mark. Log out?”. Or you can be a non-account-having commenter who has commented, and your information will be filled in. Or maybe the site requires registration, and you’re not signed in. You’ll see the normal prompt to sign in. But here’s the kicker: all of these pages are the same page, and will be cached by page caching solutions. The customizations are all done in JavaScript, using the custom (and unknown to WordPress-optimized page caches) cookies that Cache Buddy sets.

What about the toolbar?

Well, by default, Subscriber and Contributor users won’t see it. But it honestly isn’t very useful to them anyway. But Authors, Editors and Administrators (who should be a very small percentage of viewers) will still get dynamic page views like they do now, and they’ll see the toolbar.

What about BuddyPress?

Good luck. Some plugins customize the page so much that all views really do need to be dynamic. Object Caching is your friend, for these cases.

Is this for every site?

No. If you have a BuddyPress site or an e-commerce site, you may honestly need WordPress logged-in cookies available on the front of your site. But if you’re just running a blog/CMS site with a significant number of commenters and logged-in Subscribers, this plugin could massively speed up your site, because requests that had to always be dynamic before, can now be served from a page cache.

What about the “Meta” widget?

Not currently supported, but I’m hoping to add support for it.

What about other logged-in site customizations?

The user will appear to by an anonymous visitor. But you could recreate them in JS by reading the cookies that Cache Buddy sets.

Auto Activating WordPress Plugins is the right choice

During the WordPress 4.2 cycle, one of the goals was to do some work aimed at improving the experience of users when updating and installing plugins.  While the decision was ultimately made to scale back to just updating for this release, the code that installed plugins also automatically activated plugins when a user installs them.  This generated a lot of controversy, but is ultimately what we should be doing for users.

The End User

Most end users of WordPress doesn’t have a staging site, doesn’t keep there site in version control, and doesn’t install plugins to activate them later on. When they install a plugin, they start using it right away. When they install a plugin, they want to either play with it to see if it works for them, or they set it up and start using it.

One of WordPress’s biggest strengths are it’s philosophies. One of them is that WordPress designs for the majority:

Many end users of WordPress are non-technically minded. They don’t know what AJAX is, nor do they care about which version of PHP they are using. The average WordPress user simply wants to be able to write without problems or interruption. These are the users that we design the software for as they are ultimately the ones who are going to spend the most time using it for what it was built for.

By following this philosophy, it is really easy for see that auto activation is the right path.

How about an option?

Some of the comments about this is that it should be a checkbox.  People think that the solution to a complicated and controversial decision is to add an option.  The WordPress philosophies once again guide us to say that an option shouldn’t be our default answer. We need to make smart decisions instead.

When making decisions these are the users we consider first. A great example of this consideration is software options. Every time you give a user an option, you are asking them to make a decision. When a user doesn’t care or understand the option this ultimately leads to frustration. As developers we sometimes feel that providing options for everything is a good thing, you can never have too many choices, right? Ultimately these choices end up being technical ones, choices that the average end user has no interest in. It’s our duty as developers to make smart design decisions and avoid putting the weight of technical choices on our end users.

Yes, there are right times to add options. Andy Adams points this out when he wrote:

Instead of making a theme either fully-customizable or configuration-free, I’ve realized that the ultimate goal is to add “just the right options” to make the user experience more pleasant

There are absolutely use cases for not auto activating.  Some developers like to use the UI to do installs locally and then check out the code before deciding to install a plugin.  There are also plugins such as ones that enable a maintenance mode or help with debugging that you want easily available, but not necessarily activated.  These are the exception though, not the rule.

Why Installs are not a part of 4.2

This leads us to now.  Despite auto activating being the right decision, the decision was made to remove auto installs in large part do to auto activation.  This is a decision I ultimately advocated for taking.  The problem wasn’t the activation, it was the experience of what happens after activating.  The UX needs to be cleaned up there.  We need to make it possible for some plugins to opt-out and we need to make it easier for users to take action right after installing a plugin.

Shiny installs will be back, and when they come back I fully intend to advocate for auto activation. This may change with more information, but right now it is the right choice.

Enhanced Plugin Installs Axed From WordPress 4.2

A few days ago, we highlighted how WordPress 4.2 radically improves the installation and update process for plugins. Several readers commented on the article expressing that automatically activating plugins after installation is a bad idea. A decision was made during the March 25th, WordPress core developer chat to remove enhanced plugin installs from WordPress 4.2 and punt it to a future release. However, enhanced plugin updates will remain in WordPress 4.2.

New Plugin Update Routine
New Plugin Update Routine

It’s uncommon for functionality to be removed from WordPress this late in the development cycle. Drew Jaynes, who is leading the 4.2 release cycle, explains that the feature just isn’t ready.

Prudence demands that we decide whether to do things now vs do things right. In this case, we want to make sure we handle the user experience of activating plugins after installation the right way for most use cases. So we still have ‘Shiny Updates’, but we’re going to have to fall back and regroup on ‘Shiny Installs’.

On the Make WordPress core blog, Aaron Jorbin outlined three issues caused by auto activating plugins.

  1. Plugins that require after activation steps (such as connecting to Jetpack or Google Analytics, updating permalinks for BuddyPress, etc) aren’t obvious. We need a way for plugins to provide a notice upon activation that shows what to do next.
  2. Since the menu isn’t updated, users still need to do a page refresh in order for the changes to actually go in effect and for them to use the features of many plugins.
  3. There are plugins such as maintenance mode ones that users will not want to be activated right away.

The idea of installing plugins inline is sound, but until the user experience issues are addressed, the plugin install process will remain the same.

On Working Remotely, Cofficing And Creativity

I’ve been an advocate on working remotely for over 15 years now.

My first two HTML sites that I built for clients as a student were in 1999. In 2001 I was fixing computers and reinstalling OS and software apps, part of that was done from home or with Remote Desktop. In 2002 I started writing a weekly security bulletin for IDG, and 2003 was my half-time job from home for a media outlet working on two of their websites.

Since 2008 I’ve been working remotely full-time, and I’ve been through all phases of remote work: freelancer, consultant, part of a semi-distributed or 100% distributed team, and over the past 5 years I’ve been leading my distributed WordPress development agency DevriX.

Why Remote?

Other than the usual advocating that remote work is better, I had a few good reasons to switch to a remote work model.


In 2005-2007 I used to commute for about 3 hours a day. In 2007 I had to work on a project at the office while both my clients and bosses were in other countries. My clients were in South America while I was doing 9-to-6 hours at the office, and most of my work was actually supposed to happen in the evening, even though I didn’t have company access through a VPN (or anything else other than an email).

It was a waste of time.

I tried to discuss the remote work opportunity with my managers and our CTO since they let me do 30 hr/week, but they claimed that this will affect the office moral among the other workers.

80% of office workers complain re: temperature

80% of office workers complain re: temperature

I was also in a constant fight with the other two guys in my room on casual things like the room temperature, light or humidity. We had different preferences and none of us was effective when it was too bright or cold, but we couldn’t find a good balance.

To avoid the evening traffic, I got used to watch a movie after work since leaving at 6:15pm led to reaching my home at 8pm, and leaving at 8pm – after peak hours – I was getting back home before 8:30pm.

Travelling with my car did not allow me to read books or educate myself better since I was busy, you know, driving. And smartphones and mobile Internet weren’t advanced enough for online streaming, the latest audio books and such.

80% of office workers complain about their office temperature #remote #work
Click To Tweet

And that’s how I switched to full-time freelancing.

Learning Remote

Working for myself was obviously way different than what I expected it to be. Every aspiring freelancer believes that clients are great, work is just waiting for you once you change your LinkedIn title, the project management comes naturally and you are completely comfortable with completing every single project within the agreed budget and time frame.

Working remotely myths on Oatmeal

Working remotely myths on Oatmeal

Biggest lie ever.

I started to read a dozen blogs on freelancing, educating myself on running a one man show and managing everything. There was a lot to learn though – 9-to-6 is a boring model, but your work is waiting for you when you enter the office, and you’re done after the clock ticks 6pm. You don’t bother directly with clients (most of the time), care about company financials or deal with the operations and logistics. It’s different than running an actual business and covering the monthly costs.

Freelance Folder was one of my first resources together with Freelance Switch (that got acquired and partially killed by Envato). I got into various resources on client negotiations, personal time management, financial stuff and more that was new to me.

Later on I bought dozens of books covering freelancing and working remotely. The last two books that I tend to recommend when it comes to remote working are Remote and The Year Without Pants. I got into monitoring everything related to remote working from Automattic, GitHub, 37signals, Buffer and other startups and innovative companies embracing the remote working model.

I have given several talks on working remotely, running remote teams, freelancing and working productively. My last talk was on Saturday for a conference in the mountains, where I gave my session over Google Hangouts on Air and I set up an IRC client on my blog for questions after the talk. I used to run the local Freelance community for a while and in 2011 we did a great conference with over 130 freelancers and a full day of various talks on freelancing.

It’s been a long journey and I’m just as passionate about working remotely as I was back then. I meet other freelancers, consultants and agency owners all the time at coffee shops, and we often collaborate on amazing projects together or brainstorm on business topics.

Energy And Productivity Management

I had to experiment with different ways to work remotely and measure my creativity. I spent months trying Polyphasic Sleep and other sleeping regimes, Pomodoro and other time management structures, and different working environments.

Freelance Freedom's comics about the real life

Freelance Freedom’s comics about the real life

I figured out that I can do a 16-hour work day if I sleep for an hour or two in the afternoon. I was efficient between 2pm and 5pm and after 10pm. I experimented with sport/exercises and different food habits as well, sorting out my most productive hours, my “energy supplements”, my nap schedule and more.

I even spent two years reading more on psychology and NLP, which helped me immensely with my client communication skills, training abilities and overall control over my own mind.

Working remotely allows you to study your mind and body and triple your productivity.
Click To Tweet

In a year or two I knew myself well enough to plan my time properly, work whenever I’m most productive, schedule calls and meetings without interrupting my work flow, and still manage to keep myself productive when there’s overtime and tough deadlines, combining some food supplements, exercises or naps when needed.

Nowadays, having to manage over a dozen people and deal with clients, planning, deadlines and finances, I can still catch up with everything and make myself available when needed without harming my productivity levels too much. I am aware whenever I feel fully charged and when I’m tired, I know when I can multitask or it’s better to focus on one thing, and I’d rather close my lid for an hour and watch the sky than discuss something important while being exhausted.

One of the worst problems for a freelancer (or a general worker) is burnout. If you don’t know yourself well enough and can’t figure out when you’re burning out, that could lead to months of ineffective work, or even complete inability to touch a keyboard. I know a few people who had to spend 6-9 months being unable to work, until they can recover from their burnout. They had to quit jobs and just do nothing for a while – unemployed, as their minds refused to compute anything related to work. They were unable to complete even trivial tasks or understand basic concepts, something that even a junior can easily grasp and tackle.

Part of Our Open Source Culture

Working remotely is a natural model that fits the Open Source culture. A good number of open source projects have started with contributors around the globe, or at least working from different cities. They were playing with a project together until it got traction and other remote folks got involved with it.

Often those projects are ran by people from different teams, companies, even jobs. A good example is WordPress itself, with Matt Mullenweg in the US and Mike Little from the UK working together, with other contributors joining them from other parts of the world.

In December Matt mentioned a post by Paul Graham ranting against the anti-immigration policy. Since about 95% of the work force is outside of the US, Paul is struggling with finding talent and asking for changes in the visa process and work policies.

However, Matt responds with a common solution for our work style:

I agree that the US deserves dramatically better immigration policies, but in the meantime I’m confused with the head-in-the-sand approach most tech companies are taking simultaneously complaining that there are lots of great people they can’t bring into the US, but being stubborn on keeping a company culture that requires people to be physically co-located.

Matt runs Automattic, a fully-distributed company with 310 employees working from all over the world and building products such as, one of the top 10 most visited sites in the US. When I say distributed, the folks have team members in numerous countries and over a hundred cities:


Remote workers are evaluated in a different way than people in an office environment. Instead of forcing the 9-to-5 model, we – remote managers – establish Results-Only Work Environments. We value results, not time spend. We respect creativity, and not just presence. We realize that the global world is available 24/7, and solving problems is what matters, not just filling in a room with people.

Scott Berkun, the author of “The Year Without Pants” hired by Automattic to lead a team and write a book about their work style, wrote a long overview on “Why Isn’t Remote Work More Popular?” While brainstorming over the state of business in the States, he makes a logical observation on the type of work that most people do at the office:

How much of your daily work is done through a computer screen? 30%? 50%? At any moment you are working through a screen, you could be anywhere in the world while you’re doing it. Whatever benefits there are of being in the same office, when working strictly through a screen those benefits are neutralized.

Every mobile device and laptop is by definition a remote working tool.

Most of us spend the majority of our time on a laptop, or on the phone, writing, designing or doing anything else that does not depend on other people. There is no reason to stay at the office. Most people argue that meetings are essential, even though the majority of the studies prove that 70%+ of the employees hate these and consider meetings as a waste of time.

In my guest post for WP Elevation Distributed Team – Embrace The Globe, I shared the profit report by Cisco when they switched to telecommuting model, and another very important research study that we should remember:

75% of the heart attacks and strokes happen between 5am and 8am.  People are so stressed about waking up and heading to the office before the next traffic jam that their health is put at serious risk.

An hour long meeting with 10 people is 10 lost hours. It could probably fit in about 10 minutes, or discussed in a project management system, or announced via email, or even a Google Hangouts that does not expect you to be in the same room. And there is no need to schedule meetings every two or three hours, or expect people to drive in the morning and take unnecessary risks since they’re afraid of missing (or being late for) a meeting.

Sean covered some major problems for people failing to embrace the remote work style for Harvard Business Review and it’s clear that some companies are unable to adjust their management model for effective communication and collaboration, or understand the cultural differences around the world. There is no secret sauce really, it’s all about priorities and making it work while following the best practices for leading remote teams.


After trying to work from home for a while, visit my friends’ offices or working from co-working spaces, I found a few coffices where I was incredibly productive.

cofficing-bar-nargileWorking remotely is all about self-management and being able to focus completely on work, isolating everything else around you. Spending a week or two at home was tough for me – cooking lunch, doing some laundry, even watching a movie during the lunch break. Meeting family members in the evening or doing other house work led to spending less focused time on work.

Working with other people around me was often distracting for me as well. I was constantly alert and in standby mode, waiting for people to ask me any questions, show their progress or anything else that would interrupt my work. Unless I’ve allocated a time slot for that, I wasn’t as productive as I wanted to be.

Cofficing is my passion since it combines the best of both worlds. There is no way for me to do some work at home or watch a movie, and while there are other people working around me, none of them is going to come and ask me anything. I was on my own, doing whatever I have to do for the day.

Cofficing turned out to be a whole movement, with a solid and incredible community, similarly to the one in the Open Source world. As I shared with The Coffice for my latest interview:

I distrust the office environment and 9-to-5 business hours. It’s counter-productive and inefficient. Most jobs nowadays are creative, and working from different Coffices can boost imagination and stimulate creativity. Also, working from Coffices a few days a week can provide a feeling of belonging and professional camaraderie. is one of the new websites for Cofficers, and Sam’s taking interviews from different folks working remotely. The site is actually a map for coffices – coffee shops where people tend to work on a regular basis, and it accepts contributions for coffee shops in different countries. I’m sure that it will grow to be a solid database of coffices all around the world, helping people to discover great places around them, or work while they are traveling.

Lisa Evans wrote a great article on Entrepreneur – “The Best Places to Work Aren’t In the Office“. I did mention some tips there, and other entrepreneurs shared their secrets for working in the car, the library or the train, being productive and efficient without working from the office.


About two years ago I wrote a short book called “The Coffice Resort” that includes my guide for working from coffices. If you’re interested in trying out the Cofficer life style, I’ve shared what I’m looking for in a coffice, and different gadgets and techniques that would help you to be productive from your closest Starbucks or local coffee shop.

Bottom Line

While cofficing is not for everyone, you need to spend at least two weeks working remotely in order to get used to the culture. If you get an extra week in the summer working on a pet project, or traveling for a month while having to work in the meantime, give it a shot and see how it goes.

And if you’d like to know more about productive cofficing, read the Coffice Resort and tell me how does it work for you. I’ll answer your comments here and hopefully you’ll become a fellow Cofficer too!

P.S. I have given other interviews on cofficing for Bulgarian media outlets like Capital or Vesti if you’re into Google Translate and automated translations.

The post On Working Remotely, Cofficing And Creativity appeared first on Mario Peshev on WordPress Development.

WordPress SEO 2.0: focus on what matters

We’re proud to announce the availability of WordPress SEO 2.0. This release adds new features for Google’s Knowledge Graph and improves the design, layout & usability of the WordPress SEO plugins admin screens in many ways.

Google Knowledge Graph

Google recently introduced new features for their knowledge graph, allowing you to highlight yourself in the search results as either a company or a person. This includes you or your company’s name, if your site is for a company, the logo:

google knowledge graph info

And it includes your social profiles (this is the list of social networks Google supports in their social markup):

Social Profiles tab in WordPress SEO 2.0

If Google has picked this all up and shows a Knowledge Graph block for you or your company (note that we can’t force it to do that), it would look like this:

Google Knowledge Graph example

Simplified the admin menus

We’ve decided to move several admin pages under one “Advanced” page, and several tools to a new “Tools” page. This makes our entire admin structure a lot cleaner (note the screenshots are for WordPress SEO premium), compare the old (left) versus the new (right):

wordpress seo admin menu changes

While this might seem mostly a superficial change, it’s very important in how we think you should perceive our plugin. The most important thing you can do in SEO is write good content; the most important section of the plugin is thus the metabox on the edit post / pages. While the features hidden under the Advanced menu are very useful, they’re not going to make your ranking go from poor to awesome. By moving them all to one advanced page, we hope to make that emphasis more obvious.

WordPress SEO Premium changes

Speed improvement

Not a feature, but a very welcome change: we’ve made WordPress SEO Premium much, much faster in this release. You’ll notice this in the admin of your site almost immediately.

Updated videos

Because we’ve changed all the admin screens, all the videos had to be redone, so in WordPress SEO Premium 2.0 you’ll find a completely new set of 13 videos made by Shawn Hesketh of WP101. This is the first of these 13 videos you’ll get with WordPress SEO Premium:

Version number changes

With this release we’ve also made the version number of WordPress SEO and WordPress SEO premium the same. They’re both called 2.0. We will keep them the same throughout future releases, so we only have to communicate one version number.

Go update!

Go update your WordPress SEO and let us know what you think!

This post first appeared as WordPress SEO 2.0: focus on what matters on Yoast. Whoopity Doo!

Shortcake Is Now a WordPress Feature Plugin

photo credit: kendiala - cc
photo credit: kendialacc

Shortcake, a plugin that adds a UI to make shortcodes more user friendly, is now an official WordPress feature plugin. The project is led by Daniel Bachhuber, currently the interim director of engineering at Fusion, the company where Shortcake originated.

The plugin is being developed on GitHub but is also now available for download on Developers who want to utilize Shortcake can register a UI for their shortcodes alongside add_shortcode, which will expose Shortcake’s user-friendly interface.

Shortcake transforms your ordinary shortcode to render a preview in a TinyMCE view:


It also supplies a user-friendly UI to add shortcodes via the “Add Media” button. After selecting your shortcode, you’ll have the ability to edit its content and attributes.


Version 0.2.0 enhances the post element interface in the following ways:

  • Shortcodes are sorted alphabetically, making it easier to skim and find shortcodes.
  • Shortcodes can be filtered by name using the “Search” field, reducing complexity when a site has many dozens of shortcodes.
  • The “Insert Element” button is disabled until a post element is selected, providing a visual cue to the user.

This release also makes a number of significant changes to the structure of the plugin. It has been retooled using an MVC architecture that relies on Browserify. Shortcake contributor Jitendra Harpalani explains the reasons behind the changes:

Specifically, we decided to use Browserify. It’s much easier to compartmentalize models, views, and controllers into different directories and then simply “require” them into your main JavaScript file, rather than having to create a self-contained and fully-fledged Backbone app.

Fortunately, WordPress core already uses Browserify to split apart the media library JavaScript, so it doesn’t introduce a new dependency.

Does Shortcake have a chance to make it into WordPress core?

Although shortcodes make it easy to insert and structure complex content, they’re an eyesore in the post editor. Including multiple shortcodes the old fashioned way can quickly become messy.

Shortcake is a well-conceived solution that brings new life to shortcodes and makes them significantly less confusing to implement. Contributors on the project believe in it enough to start working on the steps necessary to make the feature plugin ready to be proposed for core.

If it does land in core someday, it will be interesting to see how well the feature is adopted. If some developers register a UI for their shortcodes and others don’t, it could be confusing to know which shortcodes are available if they don’t show up on the “Insert Element” screen. Then again, that problem already exists without Shortcake. Without the help of an additional plugin, there’s no easy way to know which shortcodes are available.

If you think Shortcake has potential and want to get involved, follow the updates on and join the development team for a meeting on Slack.

WP REST API Plugin Version 1.2 Released


The WordPress REST API plugin version 1.2 was released today after roughly nine months of development. Version 1.1 was released in June 2014 with the addition of taxonomies and terms routes and a focus on increasing test coverage for all endpoints.

Version 1.2 has test coverage for taxonomies and terms at 98%. Meta is 87% and all others are above 50% (Comments: 67%, Users: 60%, Posts: 54%). According to Rachel Baker, one of the lead developers on the project, said the team is shooting for >80% on the ‘develop’ branch.

Version 1.2 adds handling for Cross-Origin Resource Sharing (CORS) OPTIONS requests, request hijacking, better errors, and a slew of bug fixes. This release received contributions from 29 people, and the full changelog for 1.2 is available on GitHub.

If you’re a developer who is currently using the WP REST API in one of your projects, you may be wondering about compatibility for updating to 1.2.

“Some internal functions were deprecated, but compatibility impact is really minor,” Baker said. All of these changes are noted in the changelog under “Deprecation warning” or “Compatibility warning.”

What’s Next for Version 2.0 of the WP REST API?

Version 1.2 is the last stop on the 1.x branch of the plugin. “We’ve been working hard over the past four months, with the aim of releasing a beta for version 2.0 next month,” Baker said in her release post.

“For existing code written for version 1.x we will issue a final 1.x release as a compatibility shim to seamlessly connect existing code to version 2.0.”

Developers are eager to find out when the WP REST API will land in WordPress core. There’s no set timeline, but the next release cycle of the plugin is geared toward polishing it up for prime time.

“The #1 goal of v2.0 is to merge into WP core,” Baker told the Tavern. In reply to a commenter inquiring about the time table, she said, “The timeline for that is ‘sometime in 2015.’ Our goal is to make the WP REST API too impressive to refuse.”

Version 2.0 development will focus on the following highlights:

  • Route versioning and namespacing (for future core updates and plugins)
  • Reducing the code to create custom endpoints
  • Overall implementing feedback we received on version 1.0

The WP REST API team has outlined a Core Merging Plan for the API. Follow the checklist on GitHub to stay informed on the progress.

WordPress 4.2 Radically Improves The Plugin Install and Update Process

One of the features I’m looking forward to in WordPress 4.2 is the improved plugin install and update process. Gary Pendergast and a team of volunteers have spent the last six months collaborating on shiny updates.

When you update or install a plugin in WordPress 4.1, you’re taken to a screen that shows its progress. When it’s done, you can either activate it or navigate back to the plugins screen.

Old Plugin Update Routine
Old Plugin Update Routine

Here’s what it looks like when you update a plugin in WordPress 4.2.

New Plugin Update Routine
New Plugin Update Routine

Last but not least, here’s what it looks like when you install plugins in WordPress 4.2. It’s important to note that when a plugin is installed, it’s automatically activated.

New Plugin Install Routine
New Plugin Install Routine

At the March 11th developer chat, the team decided to scale back shiny updates to focus on plugins for 4.2. Fancy updates for themes will be added in a future release and will continue to use the classic update/install routine. You can follow the progress by watching tickets 31529 and 31530.

During testing, I was able to install 10 plugins in under a minute. Removing friction from the update and install process not only saves mouse clicks, but it’s a great user experience. In fact, the process is so quick, it might make sense to add a visual indicator that tells the user a plugin is installed. For instance, when a plugin is installed, a notification model window would pop up and fade away.

If you’d like to try shiny updates for yourself, install WordPress 4.2 beta 2 on a test site. If you encounter any bugs with shiny updates or a different part of WordPress, post them to the Alpha/Beta area in the support forums.

14 Common Misconceptions About Email – Gmail’s Toolkit

Slack is Killing email“, “5 reasons Slack will change the workplace“, “Slack, the office messaging app that may finally sink e-mail“.

For some odd reason the media is eager to bury down the idea of email, and put an end to its usage for the entire world. Whether it’s Slack, HipChat, Skype, social network or some project management tool, media outlets are impatient to sink email as an official method of communication.

In the meantime, marketers are celebrating their success with the best ROI results for email:



According to GetResponse, email’s ROI is $41 per dollar spend:

Email remains unbeaten, with ROI still almost $41 per dollar spent. It has maintained its dominant position in relation to other Internet channels, which remain far behind in their ROI results: mobile – $10.51, social media – $12.71, display – $19.72 and search – $22.24.

At DevriX everyone uses email for everything – most of us rely on Gmail since it’s incredibly useful, flexible and integrates with tons of other services. It’s the central hub for our communication channels – our project management notifications, shared Google docs (with their comments), internal blog posts and comments, recap and overview emails or chats, planning and more. Even if we use other systems, it makes more sense to us to follow a single stream of data that aggregates the other channels in a way that it’s the only thing you need, and you can reply to everything via email if you don’t want to switch your communication medium.

While a number of people are tired of using email and look for exciting experience with the next communication app, here are our 14 misconceptions that we disagree with while using email.

1. There Are Better Tools Than Email For Communication

While other communication tools may be more effective than email, you can easily stream your communication through your email as well.

Even if you use Slack, HipChat or anything else, you still need to combine other tools for your version control system, CRM, project management tool or document management. At least part of your staff has to use a bunch of online services in order to manage their workflow properly.

Think of it as an RSS client, including the outgoing support as well. Instead of monitoring 30 websites daily and refreshing for new entries every 30 minutes, you can set up your RSS client, add the feeds to your list and set an automated update so that you can fetch the latest entries from all sites in the same dashboard.

Your email could serve the same purpose, and on top of that you can often reply back and work without leaving the main screen of your email account.

2. Email Is Hard To Use and Deal With

It’s easy to get lost in the large pool of emails coming your way. But let’s be serious about it: every popular device has an integrated email client where you can even add several email accounts and manage your work properly. Services like Gmail will let you integrate all of your emails into one account, receive all of the messages in a central email profile, and respond with the right account based on your incoming message.

Also, every major tool has some email integration, whether it’s a project management system, Slack or something else. Different email services provide a different workflow and level of flexibility, so you could sign up for a powerful and extensible email service, or a simple and minimalist one.

3. Email Is No Longer Actively Used



As we revealed earlier, email has the highest conversion rate so far. Even if you believe that Twitter or Facebook is a better medium for you, email has higher ROI. Despite of the growing social media presence for most people, official communication is better assimilated coming from business-related channels like LinkedIn or email, and people won’t normally read their entire Twitter or Facebook stream the way they will do with their email.

The latest Twitter research for Oscar’s activity in the social media states that The Oscars’ Most Social Moments Dominate an Average of 3.4 Minutes on Twitter:

With today’s average attention span lasting a mere 8 seconds, knowing when to get into a conversation is paramount to brands and media alike. In analyzing the top ten moments, we found that the average amount of time that passed from the engagement volume peak to valley was 3.4 minutes, with the longest span lasting 6 minutes. Essentially, this means that they were able to rise to the top Oscars Twitter chatter for this amount of time.

Compare that to $41 per dollar spent ROI.

4. Facebook Has 1.4 Billion Active Users So It’s More Popular

While Facebook reports 1.4 billion users interacting at least once a month, that doesn’t make the email numbers lower.

Email is required for all sorts of services. What do you use to sign up for Facebook, Twitter, LinkedIn, your PM tool or any other online service? While some offer an optional integration with social networks, the former require email signup as well. Almost every single person on the planet who has been connected to the Internet has an email account, and reads their email on a somewhat regular basis.

Also, how many of these 1.4 billion users are actually interested in doing business on Facebook? There are tens of millions of students, and hundreds of millions of people who use Facebook to look at their friends’ photos, play games or change their status with a photo of a cat or their baby.

There are lots of niches that need that user base for their services – online games businesses, sites like 9gag and such, but it’s not the global domination channel with the highest conversion rate. And it requires an email to join the party.

5. Everyone Is Reachable Via Social Media

Business cards usually include phone and email

Business cards usually include phone and email

How many business cards have you received that have a social media account as the primary method of contact? Email and phone number are still mandatory for business communication, and business owners often delegate the management of their social media accounts to their marketing staff.

In addition to that, reaching out to someone with a business proposal via social media may be tough. Lots of business owners are too busy dealing with actual work to check their social media accounts regularly. Twitter requires them to follow you so that you can send them a private message. LinkedIn requires you to have a premium account in order to send them an InMail if you haven’t worked with them before. Other mediums are often considered as an entertainment channel that is not suitable for business communication.

6. Email Is Cluttered With Spam And Irrelevant News

The fact that email is targeted by spammers is another proof of the effectiveness of the communication channel. Think about it: hackers and spammers target the most actively used channels since it’s their best bet to make a buck out of their efforts.

You can easily organize your email with categories, labels, tags or other mechanisms that would sort and filter your incoming email. Services like Gmail support a powerful search engine that allows you to search for complex terms, for example:

Email by John that is in my priority inbox, includes the term X and has an attachment

You can even filter by file size, people in cc or bcc, starred emails, email lists and more – check out the Advanced Gmail Search guide by Google.

As for Spam, most service providers implement complex Spam filters to prevent annoying and disturbing messages from hitting your Inbox. I receive about 250-300 emails a day in Gmail, and I get a single unwanted email every few days. And it’s usually a contact from someone that found my email for service that works, but I don’t really need it.

7. Email Is Yet Another Thing I Have To Use

By John Atkinson

By John Atkinson

If you are already working with several tools on your laptop and have a dozen apps installed on your phone, you can consider the alternative – a single tool open that has it all.

Before I start a presentation at a conference, I have to make sure that there will be no nagging and unexpected popups during my demo. Since I use a browser for my slides, it’s likely that a tool will try to bother me during my talk. For example:

  • Twitter notifications from most web or desktop clients
  • Facebook chat popup
  • Memos from a project management system
  • Skype/IRC notifications
  • Slack popups (especially the @channel global message)
  • My RSS client

Most tools and services integrate a Notifications API so you’ll have to deal with a bunch of them. If everything is managed via email, you can receive all notifications at once and switch to productive mode by closing a single tab.

Also, given the short battery life of most smartphones, consider how much faster and long-lasting your device will be if your native Gmail or Inbox app is the only communication tool that you use.

Most project management, ticketing or communication systems allow for replying via email, attaching files and organizing your emails via different criteria.

8. I Trust My Commercial Service Provider

When you rely on a closed service provider, you trust them with your data and your future. If you are using a small free business CRM for your business, you have no control over their future.

  • How long is it going to be free?
  • Will I be able to afford it once it gets premium?
  • What if their business model is no longer sustainable and they close the service?

In this digital era of social media communications there are plenty of free services and social networks that own your data. Even if you close your Facebook account now, your data will still be available on their backup storage or even on their official server – just not accessible by you.

There are lots of public discussions and people are suspicious about the privacy of their data, and the probability of it being sold to the highest paying bidder on the black market. That could be the national security agencies or the large corporations able to afford it, and we can never know for sure. This data is private, stays on the corporate servers, and we have no control over it. What happens behind the scenes is unknown.

When Skype was acquired by Microsoft and they switched to a client-server model, that raised legitimate concerns for large corporations – especially Microsoft’s competitors. Some of them moved away from Skype in order to keep their data in a safe medium.

Email is an open protocol. Even if you don’t like Gmail, Yahoo Mail or any of the other popular email vendors, you can set up an email server on your own machine and run your communications in a safe manner. Your data will be safe as long as you keep your server up and running. And tools like SecureGmail can encrypt your communication which would keep it safe and visible only for your recipient.

I’ve started with Gmail in 2004 while it was in closed (invite-only) beta and I’ve been managing my email there ever since. However, I use my other email accounts that receive the email and forward it to my Gmail account, so I keep my data on my servers in case I decide to switch away.

9. Students Now Use Twitter Instead


The Times and The Telegraph report that Email is dead for today’s students who prefer Twitter:

Professor Sir Steve Smith, the vice-chancellor of Exeter University, said most students no longer checked their emails regularly and were choosing to tweet for help rather than wait for a response in their inbox.

“There is no point in emailing students any more,” he told The Times. “They get in touch with us by social media, especially Twitter, and we’ve had to employ people to reply that way.

While that’s valid for some college and university students, it’s worth mentioning that they’re not really busy with actual work.

Twitter has a limit of 140 characters for communication – less than a SMS. You cannot attach company documents, manage different channels and folders, and there is a limit of direct messages that an account has access to. You cannot manage milestones or company tasks, assign them to people or share some relevant links since Twitter blocks some domains for spam protection reasons.

10. Project Management And Social Media Tools Are Safer

Due to the Spam emails and other factors, some people consider the email unsafe and prefer other tools for sanity reasons.

There are plenty of services implemented with security in mind, but a lot of service providers are not able to (or interested in) investing in top-notch security. Even sensitive services that deal with payments such as PayPal are considered highly insecure – a security issue with their 2-factor authentication was found last year, and Naoki reported how he lost his @N username worth $50,000 due to GoDaddy and PayPal security policy idiocy.

Most reliable email providers implement several security layers, 2-factor authentication, second phone number for security token management, and other ways to keep you safe and still able to restore your password in case of a security issue. Also, owning your own data by setting up your own email server makes you the sole owner of the hardware and software stack which means that you can restore your data at any time.

11. You Cannot Track Email Opens Or Clicks

While emails don’t offer the same experience as a “Read” or “Seen” message in other communication channels, that’s not a common functionality for most project management or CRM systems either, or even sending messages from Twitter or LinkedIn.

For example, I found out that there is the “Other” Facebook Inbox that keeps messages sent by people that are not in my friend list. I did not receive notifications for the Other inbox so when I found it, I had messages that were two years old from random people trying to reach out.

Had they contacted me via email or from my contact forms, that would not have happened.

Bananatag screenshot by

Bananatag screenshot by

Also, email newsletter services, apps for proposals and contracts and even tools like Bananatag let you add a tracking script that informs you when your email was open or a link was clicked. They also integrate with Gmail or Outlook.

12. Email Usage Is Limited

People use different tools and platforms in order to get different results. That’s why platforms like Slack get popularity, and Facebook innovates by adding other services that would keep their users longer on their site.

Since Email is the most popular and highly converting method, everything includes services that integrate with your email.

Android, being a Google-driven platform, comes with the full stack of Google applications, including Gmail, Calendar, Drive, Hangouts and a lot more. Gmail’s dashboard allows you to turn your tab into a complete organization management platform.

  • You can manage your email and compose several messages at a time while browsing old email archives or previous messages for some details as well
  • You can organize your email in different labels (with different colors that stand out), priority inbox, add stars, create categories and integrate the Labs experience that Google provides with various add-ons that would improve your experience.
  • Google Docs can be previewed and edited directly from your email – read the email, check out the doc, close the popup and continue replying back
  • You can utilize Tasks and add emails to tasks, as a simple personal project management system
  • Social media can be integrated with various widgets for your dashboard – Twitter, Facebook, Flickr and more
  • There is a Calendar view with your coming events – that you could add directly from your email and receive notifications prior to them
  • Hangouts is integrated with a sidebar view in your Gmail dashboard so you could reach out to your clients or colleagues without leaving your screen
  • You can actually call them or do a video conference through Hangouts without leaving your dashboard
  • Turn on Gmail’s Offline mode and you’ll still be able to read old emails, compose emails and organize your email inbox that will sync everything as soon as you get back online
  • Contacts are also saved in your Google Contacts online address book that can be synchronized with your smartphone – call a new client and sync it back to Contacts, and never lose your contacts when you upgrade to another phone. With Rapportive you can pull the social media accounts for each contact and organize a CRM-alike functionality without spending any time researching or entering data manually.

There are thousands of email-specific services and tips that would integrate seamlessly and improve your workflow, which is doubtedly the case with most proprietary tools and services. Gmail includes some default add-ons in it’s Labs component (part of the email system) including an incredible keyboard shortcuts system.

13. Emails Can’t Be Scheduled For Later


People using tools like Buffer for social media management often rant against being unable to schedule emails for later, or tracking them properly. I also use Buffer to schedule posts to my social media accounts, but I can’t complain from the email capabilities in that direction either.

Boomerang is a popular way to schedule emails from within your Gmail dashboard. Your composer view gets equipped with a Send Later button so that when you write an email over the weekend, you can still schedule it on Monday morning.

Not only is that a great add-on for your inbox, but you can activate reminders for follow-up emails. Get a reminder if your email got no reply? No problem. Archive your messages and keep your inbox clear while also getting notifications that you have to follow-up on an email later on, which is the perfect way to keep your inbox organized, track your emails and never miss an opportunity.

Oh by the way, it’s Android-friendly too.

14. My Project Management System Is Better For Business Management

Project Management tools are meant to be used for business, and some of them are usable and flexible when it comes to data management. That doesn’t necessarily rule out your email though.

  • With the integration of Google Docs, Tasks, Calendar and other Google services you can run a significant part of your business within your Gmail dashboard
  • Your PM system likely sends you email notifications for assigned or commented tasks, and you can reply back from your email
  • You can sign contracts and proposals with services like HelloSign directly from your email view
  • Email is available on any device so you can run your business without being reliable on mobile applications or flexible web views
  • You can prepare canned responses for support, enable “Undo Send” for sending emails by mistake, get a reminder if you mentioned “attachment” without actually attaching a file, or if you’re sending an email late in the evening (against tired employees working overtime)
  • There is a Priority Inbox feature that automatically suggests the important emails that you need to answer first. It’s a complex algorithm by Google that filters your priority emails, and you can adjust it and rearrange the filters so that your time is well spent
  • You can integrate your email with TripIt and organize your business trips, import airplane and hotel tickets and seamlessly manage your travel info from one place
  • Use hashtags inside of your emails for deep labeling
  • Make use of forwarding filters that would redirect your incoming email from specific customers, services or payment invoices to other people in your organization
  • Manage different emails with bulk actions to your inbox – forward, assign labels, archive or more, with the assistance of the powerful advanced search
  • Display multiple inboxes on your dashboard – just like managing different projects, but in the same view

There are plenty of services that would help your business or provide better user experience for you. But email is not dead, on the contrary – it’s getting more advanced and feature-rich with every single day.

What are your productivity tips for managing your email communication?

The post 14 Common Misconceptions About Email – Gmail’s Toolkit appeared first on Mario Peshev on WordPress Development.

New Adventures with 10up

It’s such a weird feeling. Since I began this blog in 2004, I’ve been able to say I was truly hired exactly one time. That day was Jan 9, 2013. In 2004, I was employed by Northrop Grumman. In 2006, I left NG to pursue the startup world, I took up residence at b5media as […]

How to Add a WordPress Site’s Pageview and Visitor Count to The iOS Notification Center

If you use the WordPress for iOS mobile app, you can easily add a site’s pageviews and visitor stats to the iOS notification center. To add WordPress to the notification center, perform a top to bottom swipe on the iPhone’s home screen. Scroll to the bottom and tap the Edit button.

Notification Center Edit Button
Click the edit button

You should see the WordPress app in the Do Not Include section. Click the green plus symbol next to WordPress to add it to the Today summary. When viewing the Today summary, you’ll see visitor and pageview statistics.

Adding WordPress to The Notifcation Center Website stats in the notification center

If you manage multiple sites through the app and want to display a different site’s statistics, open the WordPress mobile app and select the site you want to display.

Tap the stats link, then tap on the Today link in to the top right portion of the screen where an alert explains that statistics will display in the notification center. Keep in mind that you can only display statistics of one site.

WP Tavern's statistics Selecting Use This Site will add its stats to the Notification center

I’d like to see this feature expanded so that I can add multiple sites to the notification center where I can view stats for different sites by swiping left or right. I’d also like to configure which two statistics are displayed. Despite these caveats, it’s a quick and convenient way to view a site’s visitor and pageview count without having to load the WordPress mobile app.

The WordPress Industry Is Just As Every Other Field

After I shared my thoughts on WordPress job titles and skills and wrote about various problems with various WordPress estimates, I keep reading comments about our industry and other fields – different IT specialties, automobile mechanics, doctors and more.

In general, whilst WordPress is a fairly unique and great platform with a powerful community behind it, it’s no different – business-wise – from any other field. This is one of the reasons why we don’t have to educate our customers on things that are common sense and applicable for each industry out there.

Asking For Discounts

Asking for Discounts

One of my favorite stories is when a client asks for a discount. It’s happened a few times, same story all over again.

The client sends a specification for a web solution. We estimate it and send back a quote for $15,000. The client replies back that they have a $6K budget and they’ll sign with another provider.

Fast-forward three months later and we receive the following message:


We tried the other agency that quoted $2,000 and it didn’t work out. Since we’re left with $4,000, how would you like to go forward within this budget?

That’s a common problem that we discussed on Twitter with other contractors and agency owners.

Expectations in Web Development

Before I move full-time to WordPress, I spent years in the Java community. Also, both companies that I worked at had mixed teams – Java and .NET engineers, and we spent all of our lunch breaks (and some late nights) going over complex problems, common architectural patterns in Java and .NET, and various database specifics that we had to deal with in both teams.

All of us were involved with these problems, and aware of the technical challenges. Regardless of our platform differences, we were all Java developers or .NET developers. All of us were experienced in building desktop solutions with Swing or Windows Forms, web applications with GWT/JSF or ASP.NET, and database management with MySQL, Oracle or MSSQL.

Building a web application requires a certain set of skills. You cannot be a marketing person who builds a web application with database queries – it doesn’t work this way. If you have a marketing degree and are able to build a similar app, congrats – you can apply for a developer, that’s what mots developers do on a daily basis.

Using a CMS For a Website

Image credit:

Image credit:

Using a CMS is a bit different than doing development – mostly because you can accomplish the end goal – delivering a website, without actually touching code. At least the basics.

Most CMS outside of the PHP community also define the development role well enough. There are administrators or other people who do the basic install. And then there are developers who implement the custom features, set up servers and do the actual coding work. Drupal is no different – I know over a hundred Drupal developers and they are either frontend Drupal developers – building themes and JavaScript libraries, or backend Drupal devs dealing with module development, automation and server management.

For some reason 99% of the WordPress community (or at least a frightening majority of it) feels confident that development is no different from installing WordPress and adding a few plugins. Again, there is a number of agencies and freelancers that know their stuff, but it’s shocking how many people claim to be WordPress developers and can’t read a single line of PHP.

HTML/CSS Experts

Almost got it.

Almost got it.

I saw a post in one of the Facebook WordPress groups from someone asking for a way to add two logos in the header in a multilingual website. Everything else is set, there’s a multilingual plugin, the site is translated and the URLs are in tact – there’s simply no logo image in the header pointing to the second language.

Some of the WP folks replied with several ways to accomplish that, and the post author replied:

It doesn’t seem to work with that PHP thing that you shared, and I have no idea how to do that with CSS. I’m just completing the site as the original developer is unavailable.

Other than using some ancient multilingual plugin that is pretty shady, the guy had no clue how to implement a simple operation that requires a line or two of code. The second response of his was even more entertaining:

Look, I’m not an HTML/CSS specialist, I’m just finishing up the final bits for the website.

The logical questions here are:

  1. Why would an agency hire someone who doesn’t have an idea of HTML/CSS, not to mention actual programming experience or WordPress knowledge?
  2. Why does a non-developer work on a website and change code that looks jibberish to him?

I have absolutely no idea. Yet, it happens EVERY SINGLE DAY.

Experts In New Fields of IT and Business

When I started to grow DevriX in a way that wasn’t limited to our development department, I realized that I need to find new talent – experts who specialize in other areas of the business life cycle, such as marketing, sales and PR. However,  I was unable to identify any of the roles myself.

What is a brand manager? What does “outbound sales” mean? Is “inbound marketing” a different thing? Should I expect a social media marketing expert to deal with my AdWords?

There are so many job titles available. The Internet world is constantly growing, and that forms new niches, fields for experts to fill in and work in a given direction. Which is why it’s essential to work with the right people.

Good luck figuring out the job descriptions

Good luck figuring out the job descriptions

I had various conversations and paid consultations in addition to reading several books and hundreds of articles until I was able to figure out who does what exactly, what strategies are available and what would be a good fit for my needs. I spent thousands of dollars and several months on self-education and planning.

And it was worth it. Had I ignored that, I would have ended up with a terrible strategy leading to complete chaos.

Hiring The Right People

Of course, that was an investment in my own business. And I could have spent time and money on educating myself (which I did), pay a mentor/consultant to help me with specific questions and dilemmas, or pay someone who can replace me as a CEO (or several people dealing with marketing, sales, management or whatever).

You can certainly hire a branding expert for sales, or a social media person for advertising, but it’s probably a terrible idea. And if you don’t have educated expectations, you will end up paying for work that doesn’t satisfy your requirements. In fact you won’t be able to identify the actual problem of throwing money away and getting no result at the end.

In this case it is purely your fault for hiring the wrong people for the job. Spending money on something is your business decision as a business owner, and you’re the one to blame for being ignorant and not familiar with the process, making the wrong decisions.

Auto Mechanics And Other Experts

Do you ask your auto mechanic for discounts of cheaper parts for your car?

Driving with cheap tires will make your car unstable when it’s raining or snowing outside. A cheap update to your braking system can increase the braking distance which may be fatal on the road.

A cheap engine oil will likely ruin your engine, and you don’t want to be on a highway while that happens.

I can go on and on, and a similar analogy can be made with doctors or lawyers.

The point is that a professional service costs money. If you ask for discounts, you’ll miss your opportunity to work with an expert, or get a lower quality of service.

The main reason for most people to look for a new website is money. Some hobbyist are looking for pet projects or some family website to upload their photos, but most projects are focused on money.

  • A speaker’s portfolio website can land more gigs at conferences or company training courses
  • An advertising company’s website can showcase the best ads, and attract new leads
  • A good car rental website can handle the entire catalog of rental cars, display them in a nice way and be usable enough so that people hesitate less and are willing to pay your company
  • A law firm can prove trust and position itself better than the local competitors with the right online solution

If you want to charge good money, you need to invest in your presence.

Don’t blame the Internet for your website failure. It’s all on you.
Click To Tweet

What Great Companies Do?

Google's office at Tel Aviv

Google’s office at Tel Aviv

The large and popular companies have fancy offices. They throw money away on parties and team buildings. They sponsor events. Their CEOs drive nice cars, or even have planes.

That’s a proven marketing strategy for building a reputation. Being able to afford these means that you’re financially stable. That suggests that your business is successful, and you can afford those benefits. And you probably work with incredible clients if things are going so well for you.

That means that other great clients will reach out to you. And since your backlog is filling in, you’ll easily get more people on board since everyone would love to work for you.

Let this sink in. Think about Automattic. Check out their VIP list of hosted clients. Then see how many incredible engineers, designers, support folks work for them. Then imagine receiving a nice paycheck each month, get to travel all the time, receive some other benefits for a co-working space, new laptop or anything else.

That’s what I’m talking about.

And I’m not saying that you should take a loan and start throwing loud parties. But if you’re not willing to invest in your business, you can’t expect the big brands to be interested in you. That process takes time, but all smart entrepreneurs and business owners reinvest their income back in their company.

You can also lose your best talent. And this can irreversibly harm your business or even bankrupt it.

Paying for a terrible site is often worse than being offline. And being offline in 2015 is terrible if you’re running a business.

Paying for a terrible site is often worse than being offline. Especially in 2015.
Click To Tweet

Is It Too Expensive?

There’s one key problem when it comes to pricing a website. And it’s the total cost.

Imagine if you’re looking for a content marketing person or a someone to do outbound sales calls for you.

What’s the difference between a $20/hr copywriter and $200/hr guy? Which one would convert more readers to customers? When you see a copy, can you honestly tell which one will convert better?

Salesmanship is even trickier. Most good sales that I know either work solely on a percentage of the closed deals, or a flat fee + percentage.

So, how does $40/hr guy compare to $250/hr one or the guy asking for $60/hr flat plus 15% of each closed deal by him?

You probably have absolutely no idea.

Because a certain piece of copy can lead to 40% conversion rate against 0.01% conversion for an ugly one.

A great salesman can close 70% of the deals, a mediocre one – less than 5% of them.

These are arbitrary numbers, but they’re fairly legitimate when it comes to random people that you don’t know and can’t evaluate. And even if you try – the fact that a salesman can do 30 calls in one hours doesn’t mean that he will bring more business than the guy who does 10 calls. A longer call is likely needed to warm up the lead, but someone proficient in selling and human psychology can make the best use of their time and convert better based on the given situation.

Hey, it’s also worth mentioning that cost doesn’t mean anything. A $50/hr marketer can be twice as good as a $150/hr one. There are other factors that matter, too.

The same analogy is applicable for the web development world. And while we rant against clients with ridiculous websites or undervaluing our services, sometimes they don’t know better.

Certainly, there is a good percentage of them looking for the cheapest solution possible. We don’t want to work with them.

But there’s another group having no idea what to do. They can’t assess the skills of a developer, and have no idea how much does a web solution cost. Nor can we tell out of the blue – an hourly rate doesn’t co-relate to the number of hours, and a fixed fee can’t be estimated without spending a lot of time on R&D (which should be paid by the client upfront).

How To Find A WordPress Developer?

The four most important factors to assess a developer are:

  • Trust
  • Quality
  • Cost
  • Time

Trust is essential for any business relationship. If you have doubts, this would affect the project. I often refuse to work with customers who are hesitant – we’re either on the same page, or it will get ugly somewhere in the process.

Quality is the end result – does your solution follow the standards, is the user experience taken into account, is the server reliable and so on.

Cost is the final budget for the project and Time is the estimated time of delivery.

Back to the auto mechanic analogy for a bit, a friend was working with a random low-cost mechanic who managed to ruin his car in a way that costed him thousands of dollars extra to get it to the initial point before the mechanic’s interference.

Here’s what NOT to do when looking for a WordPress developer or an agency:

  1. Gamble. Don’t randomly pick someone without being qualified enough to “read” all of their qualities.
  2. Trust other non-technical people. Referrals are always great, but don’t trust referrals by non-technical people. While some solution may look good on the outside, you don’t have a proof that it’s built in an elegant manner that’s stable, secure and follows the quality standards. It may as well break the day after you’ve discussed that with a friend.

And that’s what you could do in order to find the best talent:

  1. Get a recommendation by experts in this industry. Even if they’re busy or too expensive, you can get a quick free advise or a review of your applicants, or a quality consulting session that brings your expectations and wishes to a specification that includes rough time and budget estimates.
  2. Purchase a discovery session by a company or two that seem legit. Pay the experts that you’ve been recommended to do the initial meetings and requirement analysis with you, and get a real quote that includes everything you need and the services that you would be implemented.
  3. Hire an expert who would deal with that in the long run. If you’re serious about your business, it’s likely that you’ll grow your platform, optimize it, add new features and more. You may hire a technical expert dealing with the process, or a business consultant who would oversee the work, vet agencies and monitor the process to the best of his/her abilities.
  4. Educate yourself. If you’re interested in the technical or marketing perspective and would like to spend more time, then start reading about WordPress, web development, and all relevant niches for your business success.

Either way, you will have to spend time and money on your success. There is no free lunch, but if you want to work with great clients and make a multi-million dollar business (or even more), then you need to act as a serious business owner yourself and invest back in your success.

The post The WordPress Industry Is Just As Every Other Field appeared first on Mario Peshev on WordPress Development.

GA plugin security update & more

It’s been quite the week here at Yoast. Our release of a security update to WordPress SEO was followed by several other major plugins uncovering similar issues and a renewed interest among security researchers into big WordPress plugins. Turns out we had another issue to patch, so today we released an update to our Google Analytics plugin (both free and premium) too.

How serious are these issues?

One of the things we should have probably communicated better is the severity of the issues at hand. Some of the news outlets made it seem as though someone could walk straight into your site because of these issues, which is not even close to true. Our partners at Sucuri did a post this week on how to understand WordPress plugin vulnerabilities that’s a good read.

If you’ve read that post you’ll learn about the DREAD score, both the WordPress SEO issue and todays Google Analytics by Yoast issue were assigned a DREAD score of 5. That’s “Low”, but unfortunately, it’s still an issue, so you’re advised to updated immediately.

What was the issue in GA by Yoast?

The issue we fixed was another compound issue where an unauthenticated user could change the list of profiles in Google Analytics (he couldn’t change the active UA code, so he couldn’t impact your tracking directly). This list of profiles could be made malicious because Google Analytics allows property names that have JavaScript code in them. At that point an admin visiting the settings page could suffer from a stored XSS attack because we didn’t properly escape the property names on output. This is not something a hacker could easily automate, hence the low DREAD score, but if someone wanted to seriously target your site, he could.

We are thankful to Jouko Pynnönen for responsibly disclosing this issue to us.

Note that the fact that it’s responsibly disclosed to us means that we have not seen this issue being actively used by hackers yet. We’re fixing the hole before anyone is using it. Because we do that publicly, someone might start looking for this issue though, so please, please: update.

Are you done with those security issues yet?

I can thoroughly imagine that you’re done with these security issues. Trust me, so are we. But bugs happen, all we can do is fix them as soon as possible when we figure them out and inform you when they do. We’ve just started another review cycle with our partners at Sucuri, who will once again review all our major plugins for security issues. We work hard to prevent issues like this but sometimes we too make mistakes. For that, we apologize.

For now: update!

If you use the free version of our Google Analytics plugin, update to version 5.3.3. If you use Google Analytics by Yoast Premium, you should update to version 1.2.2, if you don’t know how, read our knowledge base article on updating premium plugins.

This post first appeared as GA plugin security update & more on Yoast. Whoopity Doo!

Now offering professional theme reviews


A couple of months ago, Emil Uzelac launched a theme review service. After finding out that I had talked about doing this a few years ago, he asked me to join.

I pretty much immediately accepted his offer.

It was a no-brainer. We’re both admin/senior reviewers for the theme repository and have years of experience explaining issues to developers. I also just happen to think it’s an awesome idea for a service. There’s never been a piece of software in the world that wouldn’t benefit from a second pair of eyes (or even a third pair in our case).

What is the service?

What we do is charge developers a fee for a full code and security audit of their theme. We tell you what needs fixing, what can be removed, and offer as much advice as we can on the various elements of theme development. We then follow up with you if you have any questions.

What makes this cool to me is that it’s all handed via GitHub’s issue tracker (or BitBucket if you prefer). This allows all of us to stay on the same page and keep the lines of communication open.

You also get two reviewers on each project. Both Emil and I will each take a turn at reviewing your theme, so we can each catch issues that the other may have overlooked. This actually works really well because both Emil and I have different development backgrounds.

Who needs the service?

If you’re developing themes professionally, whether it’s for a theme shop or a private client, you probably want to deliver the best code you can possibly deliver. It always sucks pushing out a version 1.0 only to realize you’re breaking a bunch of sites over a minor code issue.

And, let’s face it. Theme development is drastically different today than it was 5 years ago. There’s so many more possible issues that you need to account for that it’s easy to overlook some.

If you’re making a living developing themes, the service is right up your alley.

Teaming up with StudioPress and Envato Studio

A month ago we got in touch with Brian Gardner and quickly set the groundwork to review Genesis child themes. Working with Genesis is a good first step. I already had some familiarity with it when doing some client work in the past. Not to mention, it’s a beautifully-coded parent theme that allows for a lot of possibilities.

Today, we launched our service on Envato Studio under the expert feedback category. It’s no secret that I’ve been vocal about the code quality coming from ThemeForest, so I’m happy that Envato is teaming up with us to bring our service to all ThemeForest authors and others. I also want to give a huge shout-out to Will Herring, Ben Fornarino, and Stephen Cronin for all the work they’ve done to make this possible. is still a young business, and I’m sure we’ll be learning a lot in the coming months. The one thing I can promise you is that Emil and I will put everything we have into helping all of you make better themes. Stop by the site and sign up. I look forward to working with you all.

The post Now offering professional theme reviews appeared first on Justin Tadlock.

How to Create a Wiki Knowledge Base Using WordPress

Are you looking to add a support / documentation section to your site? Want to know the best way to add a wiki knowledge base to your WordPress site? In this article, we will show you how to create a wiki knowledge base in WordPress.

Business Learning and Support

There are three different ways you can build a wiki site within WordPress:

  • You can use a dedicated WordPress wiki theme to build your knowledge base.
  • You can use a dedicated WordPress wiki plugin to build your knowledge base.
  • You can use some custom code snippets to build your knowledge base.

Now there are pros and cons to each method. But don’t worry, we will explain each of them, so you can make the right choice.

WordPress Wiki & Knowledge Base Theme Method

KnowHow - WordPress Knowledge Base Theme

One of the easiest way to build a wiki is to use a WordPress wiki knowledge base theme. There are tons of them available, but we recommend KnowHow Theme.

The best way to setup is to install WordPress on a subdomain or directory like or

Once done, you just need to install and activate the KnowHow theme and it will work out of the box.

KnowHow Preview

The biggest downside of using any WordPress Wiki & Knowledge Base theme is that you cannot use them on your main site. You have to do the setup on a subdomain or directory because these themes do not really match your branding, and you definitely do not want your homepage to be a wiki.

However many sites have their knowledge base on a subdomain, so this is not as bad as it sounds. The decision really comes down to your preference.

WordPress Wiki & Knowledge Base Plugin Method

Knowledge Base Plugin

If you want to add a wiki knowledge base to your existing WordPress site, then the easiest way to do it is by using a WordPress wiki knowledge base plugin. There are several plugins available, but we recommend Knowledge Base by PressApps (Live Demo available).

All you have to do is install and activate the plugin. Once activated, it adds a Knowledge Base tab in your WordPress admin area.

Knowledge Base Admin

Knowledge Base is it’s own custom post type with categories and tags which allows you to organize your documentation.

The best part about this is that you can add it on your main site, and it will match your brand style / formatting for the most part. It also comes with public / member only voting system, custom widgets, drag-drop functionality, etc. The downside is that it costs $20.

In our next method, we will show you how you can accomplish all of this for free, but it does involve code.

WordPress Wiki & Knowledge Base Code Snippet Method

Another way to add a wiki knowledge base to your existing WordPress site or even create a dedicated wiki site is to use the code snippet method.

The downside is that you have to copy/paste a little bit of code which can be scary for beginners. The upside is that it gives you more freedom, and it’s completely free unlike the first two options.

We will do our best to give step by step instructions.

Note: Before you start, please create a complete backup of your WordPress site.

First thing you need to do is install and activate the Knowledgebase CPT plugin. This simple plugin creates a custom post type called knowledge_base and a taxonomy called section.

This allows you to easily add your wiki articles and organize them into sections.

Adding knowledge base articles and sections

Once you have a few articles and sections, you would need to display them on your website. This is where you need to deal with a little bit of code.

Start by adding this code snippet into your theme’s functions.php file or a site-specific plugin.

function wpb_knowledgebase() {
	// Get Knowledge Base Sections
	$kb_sections = get_terms('section','orderby=name&hide_empty=0');
	// For each knowledge base section
	foreach ($kb_sections as $section) :
	$return .= '<div class="kb_section">';
	// Display Section Name
	$return .= '<h4 class="kb-section-name"><a href="'. get_term_link( $section ) .'" title="'. $section->name .'" >'. $section->name .'</a></h4><ul class="kb-articles-list">';
	// Fetch posts in the section
	$kb_args = array(
		'post_type' => 'knowledge_base',
		'tax_query' => array(
				'taxonomy' => 'section',
				'terms'    => $section,
			)		,
	$the_query = new WP_Query( $kb_args );
		if ( $the_query->have_posts() ) : 
			while ( $the_query->have_posts() ) : $the_query->the_post(); 
				$return .=  '<li class="kb-article-name">';
				$return .=  '<a href="'. get_permalink( $the_post->ID ) .'" rel="bookmark" title="'. get_the_title( $the_post->ID ) .'">'. get_the_title( $the_post->ID ) .'</a>';
				$return .=  '</li>';
		 else : 
	 			$return .= '<p>No Articles Found</p>';
	$return .=  '</ul></div>';
	return $return;
// Create shortcode 
add_shortcode('knowledgebase', 'wpb_knowledgebase');

This code lists all the knowledge base articles under the section they were filed in.

Next all you need to do is create a new WordPress page and add [knowledgebase] shortcode inside it. Save your page and preview it.

Plain knowledge base section with no CSS

It looks very plain right now, but we can add some styling to it. You can use this CSS as starting point and then continue editing to match your own colors.

Paste the following code in your theme’s style.css file.

.kb_section {
float: left;
width: 280px;
max-width: 280px;
margin: 10px;
background-color: #f5f5f5;
border: 1px solid #eee;
h4.kb-section-name {
background-color: #eee;
margin: 0;
padding: 5px;
ul.kb-section-list {
list-style-type: none;
list-style: none;
display: inline;
li.kb-section-name {
list-style-type: none;
display: inline;
ul.kb-article-list {
list-style-type: none;
list-style: none;
li.kb-article-name {
list-style-type: none;
div.kb_section:nth-of-type(3n+1) {clear:left;}
div.kb_section:nth-of-type(3n+3) {}

This how it looked on our demo site where we are using Twenty Twelve theme.

Styled knowledge base page in WordPress

By default, your sections will be displayed in alphabetical order. However if you want to change the order of sections, then you can do that by installing Custom Taxonomy Order NE plugin. This will allow you to drag-drop your sections in the right order.

That’s all, we hope this article helped you add a Wiki knowledge base section on your WordPress site. You may also want to check out our tutorial on how to add a FAQs section in WordPress.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Google+.

To leave a comment please visit How to Create a Wiki Knowledge Base Using WordPress on WPBeginner.

PDX Writers and Bloggers: Join Me at Press Publish WordPress Event March 28 in Portland

Press Publish is a one-day conference in Portland, Oregon, and Phoenix, Arizona, described as “featuring inspiring WordPress bloggers and the people behind I’d rename it to “Rocking Your World with Inspired Authors and Web Publishers on WordPress in the Pacific Northwest!” I will be attending the Portland event on March 28, 2015, and the […]

The Problem With Having To Educate Your Customers

John Locke wrote an article named “There are no Clients from Hell” referring to the popular site for freelancers – Clients From Hell. I’ve been following the site for some time and there are plenty of educational stories, both for freelancers and clients.

What John says in his post is:

This site encourages the idea that clients who make non-constructive requests or unreasonable demands deserve to be lambasted and mocked online. This reinforces the fallacy that the designer is always right, and that clients are better seen and not heard.

I find this false sense of smug superiority to be quite disgusting. Designers who ridicule your clients — are you ready for an uncomfortable truth?

It’s an interesting point of view really. In theory there should be that vetting process when you decide whether this would be a good working relationship. While it’s always good to start with something small at first and spend some time getting to know each other, it may not be possible. Especially if you’re running a distributed team or just work remotely with your clients, being unable to meet them in person.

The Other Perspective

I admit that there are some publications revealing the incompetence of a customer in a funny way, where customers have to be educated instead. And it’s normal – every niche has its own specifics, and only experts in the field know (almost) everything about it. It’s different on the outside.

Respect people who are not experts in your field.
Click To Tweet

For instance, not knowing the right name of a color, or asking for Comic Sans for their site, aren’t hilarious in the general business world. It’s a lack of understanding of the terms and the niche specifics, which is a different story than being unable to recognize some generic business concepts at all.

Business Vs. Niche

Business Etiquette for DummiesEvery niche/field has its own specifics. Processes, terms, best and worst practices and such. But there are tons of commonalities that are applicable for almost any business out there.

Let’s start with the basics.

  1. Each business relies on money, since we live in a world where rent, food and various goods are acquirable in exchange for cash
  2. Each product costs money. The main percentage of the cost is related to the cost of the product itself, or an extrapolation of the time for building it/acquiring it, plus some external costs for transportation, or other business-relevant expenses, and marketing efforts
  3. Each service requires a certain amount of time for completing a task/project
  4. Every business relationship depends on solid communication, defining clear requirements and respecting all parties involved in a project
  5. There are common laws in physics and biology that cannot be invented – at all, or at least with the entire common knowledge of the human population

We can continue listing the axioms for building any business, but these are some good foundations to start with. I sincerely doubt that there are 100% free services since people should live somewhere and eat, which requires a source of income that comes from somewhere. Even if there’s something that you can get for free, the entire business model is based on some revenue stream.

There are common business rules for every niche out there.
Click To Tweet

Let’s review some Clients From Hell examples that violate the axioms above.

CLIENT: (upon reviewing his site) Why didn’t you use any of my company pictures on here?

ME: Did you send me any pictures?

CLIENT: No. [source]

Not providing any clear requirements and deliverables required for the project makes it impossible to guess, or at least hardly probable.

I want you to divide this page into 3 identical sections, making the center one the largest. [source]

“Identical” and “larger” for undefined boxes don’t play together nicely.

ME: Here’s the presentation.

CLIENT: I like it!

Two months and five invoice reminders later:

CLIENT: I never really liked it. It’s not what I expected. It’s not worth the money. [source]

False expectations, lack of feedback and not paying on time are not the best example of a professional business relationship.

“I would love your friends and family rate, as this is coming straight from my pockets.”

— From someone who is hiring me for a professional service that benefits the small business they run. [source]

There are certain rates available for the general public. Trying to get a discount is usually an insulting request, especially when trying to make a living off something and devaluing the services of your partners/contractors at the same time.

CLIENT: We really, really, really need this done by 4:30.

ME: No problem. Once I get the feedback I’ll jump right on it.

Feedback doesn’t come in until 4:25.

ME: So, is the deadline pushed then?

CLIENT: Why would it be? [source]

When a service requires a certain amount of time, focus, iterations and at least a pinch of creativity, trying to force a process despite of your delay is hardly professional.

We would very much like it if you did the work for free, but if not, we can pay you $20. [source]

Asking a random contractor to do work for free is not something that you would like your clients to ask you to do either.

CLIENT: How long will the next round of changes take?

ME: I haven’t received the next round of changes.

CLIENT: Yes we wanted to know how long they would take before we gave them to you. [source]

Asking for an estimate of a completely unknown project is like asking for the price of a real estate, without defining any other parameters at all.

We need you to re-create eBay for us and we need it done by 5pm today. [source]

eBay’s market cap is around $71,000,000,000. Other than not providing any specific requirements of what should be recreated exactly, cloning a billion-dollar business in a few hours is hardly doable.

I’ve heard most of the quotes above myself, in different context. Without pointing fingers, I do believe that they all violate the general principles of a business communication, and these would be equally ridiculous and insulting in any other business environment outside of the IT world as well.

Don’t let your clients disrespect you and your skills – say “No” a lot.
Click To Tweet

Business Consultancy


Leaving the general business rules aside, there are niche-specific questions that are not obvious to most customers.

For example:

  • What is the average hourly rate for service X?
  • What is the average price of Y?
  • What does the process of building Z include?

There are some public numbers provided by different agencies that serve as an example. But there is lots of work happening behind the scenes that’s not transparent, or the end service includes a different set of things.

In the web development industry, there are a few things that a reasonable client would do, for example:

  • Spend a few days browsing the competition, ask peers for some numbers, check for some quotes or research some authoritative resources on pricing in the industry
  • Pick a company – based on browsing online, portfolio, or recommendations – and be prepared to pay as much as needed
  • Hire a business consultant or pay a given agency for a discovery meeting that narrows down the requirements and sets some rough estimate of the amount of work and the project cost

Unfortunately, business owners often skip that process and come with false expectations. They ask for numbers without requirements. They compare apples to oranges. They require enormous platforms for unrealistic time frames and budgets. At the end, they embarrass themselves and waste contractors’ time.

Asking for a custom rearrangement for your home usually involves an interior designer. Legal consultations with lawyers are usually charged by the hour, and involve other compensations when needed. Approaching a doctor for a medical procedure involves some tests and examinations, which is either paid by you, or by the country (again from your taxes), or both.

There are plenty of relevant examples around us that prove that point. Ignoring the global business rules for a certain niche does not make sense. Contractors and agencies should spend a lot of time on education.

Problems With Educating Your Customers

There is nothing wrong in educating your customers. It’s a normal part of a business relationship, and it usually leads to a successful project. However, setting the wrong example and violating various business rules is not healthy for anyone.

1. Education Costs Money

Educating a customer takes time. And defining the initial requirements may be a long process, that involves various iterations and going over the A and B in the IT world.

If you are looking for a professional solution, you need a certain level of understanding in that field. We have started a free email course for web development basics in order to cover those for our prospects and customers, since there’s a lot involved with building a website that they are not aware of.

So you should either spend months on educating yourself on everything, or pay a business consultant or an agency representative to go over every single bit of the project for you. It’s not free.

2. It’s Adding Up

A project requires a certain level of communication as the development goes, but with the large number of customers who believe that installing a WordPress with a premium theme makes a complete web solution, that communication is adding up. Big time.

If you are not aware of the general process, you can expect the price to go up. More calls, additional surprises for external costs and more back and forth is going to add up if you don’t invest in a proper training or consulting with an expert from the field.

3. Respect Isn’t Taught

People are impatient by default. They don’t like wasting time and they get nervous when they are not familiar with a given field.

However, respect is mandatory. If you expect to work with another professional, respecting their experience and portfolio is required if you want to build a great project. Trying to navigate the project yourself against the recommendations of your agency means that you’re either failing the rules of a business relationship, or work with the wrong contractor.

4. Your Current Solution May Be Broken

I wrote about the slippery slope of WordPress customizations, and Andy covered the 90% completion of most projects looking for extra help.

Building a professional solution requires a certain process and covering a long list of requirements in order to ensure the high quality on every level. The fact that you’ve used a few free solutions to build your Lego that does 90% of the work doesn’t mean that the other 10% are possible at all, or would be quick to accomplish. Way too often customizing an impossible combination of random plugins will be more expensive than starting from scratch the right way.

5. Experience Takes Forever To Gain

Installing WordPress is not development. It doesn’t rank you as the first result in Google either. It doesn’t automatically bring a large user base to your site at all.

All of those skills take years to learn and excel. And all of that education comes at a cost. If a certain task requires 5 hours to accomplish, it likely took an expert years to learn how to do it the right way so that it’s technically correct, doesn’t affect the high level of security or speed of the project, is designed beautifully and will increase the chance that your visitors would like you. If you are willing to spend many years on learning the ins and outs of the craft, that’s fine, but otherwise don’t question the experience of a reputable expert.

6. There Are Other Costs Involved

If you are looking for a complete solution, that doesn’t end up with setting up a site. That’s a lot of effort when it comes to clean design, usability, SEO, marketing efforts, and other services related to the hosting infrastructure, tools that automate your publications or posting, different analytics tools and tracking engines that monitor your servers, and so on.

7. It’s a Long-Term Commitment

Building a website requires a long-term commitment, often by both parties. An abandoned website does no good to your business.

For example, Amazon has over 800 internal teams working on different bits of the Amazon experience. Building a business takes time, requires maintenance, additional features, content, optimizations and what not for you to be on top of your niche.

It’s great that there are plenty of services that allow you to create a website online for free, or at a low cost. Don’t make the wrong assumption that this will automatically make your business successful. And don’t blame the Internet for not bringing any leads to your business if you haven’t invested enough in it.

Internet is not to blame for not receiving traffic to your website – it’s you.
Click To Tweet

The post The Problem With Having To Educate Your Customers appeared first on Mario Peshev on WordPress Development.

Whitelist & Blacklist Plugins for BBQ

BBQ Whitelist/Blacklist BBQ (Block Bad Queries) is a simple script that protects your website against malicious URL requests. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like eval( and base64_. The plugin is ultra minimal, so there are no options to configure which strings are blocked or allowed — it’s basically a “set-it-and-forget-it” type plugin. To give the plugin more flexibility, here are two plugins that enable you to whitelist or blacklist your own custom strings.

BBQ Whitelist

If you’re running BBQ and discover that it’s blocking some page, you can “whitelist” the offending string to restore access. Let’s look at an example.

Let’s say that BBQ is blocking a page located at the following URL:

This URL is blocked by BBQ because of the colon :, which is a reserved character.

To resolve the issue, we can install the BBQ Whitelist plugin and remove the matching pattern from $request_uri_array. To do so, open the BBQ Whitelist plugin and edit the “whitelist items” like so:

$bbq_whitelist_request_uri_items  = array('/http:', '://');

Here we have added two items to the whitelist array, /http: and ://. Save, upload, and done. BBQ now will ignore the specified patterns and thus restore access to the page.

BBQ Blacklist

On the other side of the coin, let’s say that you have some string that you would like BBQ to block. For example, the infamous fckeditor seems to be a perpetual target for malicious scanning and wannabe exploits. So let’s block once and for all by adding it to BBQ.

To do so, first install the BBQ Blacklist plugin and edit the “blacklist items” like so:

$bbq_blacklist_request_uri_items  = array('fckeditor');
$bbq_blacklist_query_string_items = array('fckeditor');
$bbq_blacklist_user_agent_items   = array('fckeditor');

Here we have added the offending string to each of the three blacklist arrays, so we’re covered if the string appears in the URL, query string, and/or user agent. Then save, upload, and done. BBQ now will block the pesky fckeditor string wherever it’s found.

Note that BBQ Whitelist/Blacklist requires BBQ version 20150314 or better.


WP Plugin - BBQ Whitelist – Version 20150314 (1 kB zip)

WP Plugin - BBQ Blacklist – Version 20150314 (1 kB zip)

Automatic Plugin Security Updates

The security and plugin review teams have recently been working together to push automatic security updates for plugins to fix critical vulnerabilities. These updates are supported by WordPress 3.7+.

Andrew Nacin, a fellow lead developer of WordPress who helped write this post, wrote this after WordPress 3.7 was released:

“The automatic updater also supports themes and plugins on an opt-in basis. And by default, translations (for themes, plugins, and eventually core) are updated automatically. At some point in the future, the plugin security team will be able to suggest that installs automatically update malicious or dangerously insecure plugins. That’s a huge win for a safer web.”

Some have interpreted this as the end-user is required to opt-in, but it’s always been the case that it could be opt-in by either the site administrator, or by the security team if we deemed an issue severe enough to warrant it.

Back in April of 2014, the security team was contacted by Automattic with the details of a security issue affecting Jetpack, looking for help to get the update out to affected users as fast as possible (you can read more about that release over on the Jetpack Blog).

The team ultimately decided that leveraging our ability to issue a background update was the best option for the security of any WordPress site running the plugin. This decision was not made lightly, as it was the first time we would use the functionality.

A situation where we would have used automatic plugin updates was the security incident in July of 2011 where accounts of three plugin authors were breached and malicious updates were released. We were able to confirm that no other plugins were affected, as a precaution we reset the passwords of all users, but tens of thousands of sites were updated to a malicious version during a narrow window.

Unfortunately we weren’t so lucky back then, as we didn’t have automatic updates available to us. Thankfully, the malicious updates were detected quickly. But if a plugin author’s account is ever compromised again in the future, we’ll be able to remove the malicious update, and then push a security update for any site affected ASAP.

Since WordPress 3.7 was released, many sites have used the plugin automatic updates functionality, either by opting in directly through filters, or by using one of the many remote management services for WordPress that are available. We’ve had very few bug reports from those early users of the automatic plugin update functionality.

What is the process for the security team to push an update for a plugin?

The security team has only recently started to push more of these updates, only a handful of plugins have received the treatment, with vulnerability severity ranging from major to critical, affecting anywhere from 10,000 active installs to more than a million (Such as the WordPress SEO plugin this past week).

The process of approving a plugin for an automatic update, and rolling it out to WordPress users, is highly manual. The security team reviews all code changes in the release, verifies the issue and the fix, and confirms the plugin is safe to trigger an update. Rolling out an automatic update requires modification and deployment of the API code. This is the same standard and process for a core security release.

Because the process of pushing these updates is relatively recent, we haven’t previously formulated any guidelines as to when these pushes happen. We’re still iterating on them, but the current criteria we take into consideration for a security push is a simple list:

  1. Has the security team been made aware of the issue?
  2. How severe is the issue? What impact would it have on the security of a WordPress install, and the greater internet?
  3. Is the fix for the issue self-contained or does it add significant extra superfluous code?
  4. If multiple branches of the plugin are affected, has a release per branch been prepared?
  5. Can the update be safely installed automatically?

These requirements are defined in a way that anyone should be able to tick each box. (If a plugin author needs help, we’ll help them to make that happen.)

The first criterion — making the security team aware of the issue — is critical. Since it’s a tightly controlled process, the WordPress security team needs to be notified as early as possible. Letting us know is as simple as emailing us at with the details. If you’re not the plugin author, we’ll put you in touch with the plugin author and help coordinate the fix.

We’ll work with the plugin author (and the reporter, if different) to study the vulnerability and its exact exposure, verify the proposed fix, and determine what versions will be released and when.

As with WordPress core security releases, we prefer to see plugin releases which fix only the security issue, with minimal code changes and with no unrelated changes. It allows us to review the changes quickly and to be far more confident in them.

If a plugin has a security vulnerability in versions 2.0–2.1.1, and 2.1 introduced several new features but 2.1.1 only fixed a few minor bugs, we’d enable an automatic update for 2.1.x to 2.1.2 but not for 2.0.x to 2.1.2. If a significant amount of installs still used 2.0, we’d ask for a 2.0.x release to be made, which 2.0.x users would be updated to, securing their installations, but without significantly changing the plugin they run. (For Jetpack’s release, release packages were generated from 11 different branches.)

We want code changes to be minimal. The plugin shouldn’t require additional assistance during the update process in the form of user interaction or an upgrade routine — we want the process to “just work” every time.

Millions have received automatic updates for security releases of WordPress core. We want automatic plugin updates to be as safe, and as trusted.

We hope this clarifies why and when we’ll push automatic plugin security releases. It isn’t a decision we make lightly. The security and plugins teams only want to make the web a safer place for you and your visitors.



Q: Why did plugin A get a automatic update, but plugin B didn’t?

It’s not bias from, it’s just a throwback to the manual process we’ve been using. If we’re alerted to an issue, we’ll work to handle it. If we find out several days later, the window of opportunity to get the fix rolled out has usually passed and it won’t be as effective.

If any plugin authors reading this have recently issued a security update and would like us to consider pushing an automatic update for the remaining users, please get in touch with us and we’ll do whatever we can to help.

Q: I keep my plugins updated already and don’t wish to have plugin security updates pushed automatically. How can I disable them?

There are several options to disable this functionality. The previous article for disabling core automatic updates applies here. Anything that disables all automatic update functionality will prevent plugin updates.
If you only wish to disable plugin updates, whether for all plugins or a single plugin, you can do so with a single filter call. See this Codex article for more.

Q: If I discover a security issue in my plugin, what should I do?

Email to seek support from us. We’re here to help you. You should start working on a fix for the issue, and share a patch of the changes for review before you release it if you want us to review the change or if you think an automatic update could be needed.

Q: Will you ever push an automatic theme update?

One day, perhaps — but not until we can do this safely. This is a complicated problem to solve. We don’t currently have a way to verify whether a theme was edited to customize a site. We never want an update to break a site or lose customizations.

You can always enable automatic theme updates using the filters outlined in this Codex article. Also, the theme review team catches most issues long before the theme is available for download, making theme updates far less likely to be needed.

Q: How can I get involved with the plugins review team?

As the plugins team deals with very sensitive issues, it’s a small group of well-known, highly trusted community members. It’s grinding work with a seemingly never-ending queue. If you’re interested, email

Q: How can the WordPress security team trigger a background update for a plugin?

The auto_update_plugin filter is run on a flag present in the plugins update API response. By default, the flag is false, but it can be specifically enabled for a plugin. Core and translation background updates use the exact same mechanism, the only difference being their API responses have the flag enabled by default.

WordPress Plugin: SES Pro

[ SES Pro ] SES Pro is a premium email newsletter plugin for WordPress. It is 100% shortcode-based with Ajax-powered signup forms that can be displayed anywhere. There are no monthly fees or limits on the number of subscribers, how many emails you can send, or anything else. It’s just a lightweight yet full-featured email-signup plugin that’s super-easy to use.

Unlimited Forms

SES Pro is designed for smaller-scale, DIY admins who want full control over email subscribers without relying on a 3rd-party service. Perfect for building your own lists of subscribers, create awesome emails with the visual editor, and send them for free. Here’s a quick screenshot of the included form designs:

SES Pro - Unlimited Signup Forms

SES Pro ships with 10 predefined form styles that are fully customizable via live CSS editor, so you can fine-tune or roll your own. Each form style may be used with any number of forms, displayed anywhere via shortcode, like so:


Drop that into any Post or Page and presto — instant signup form action. There’s also a template tag if that’s your thing: <?php ses_pro(); ?>

Easy to Customize

SES Pro is easy to customize by adding attributes to the [ses_pro] shortcode. Here are some examples to give you an idea of what it can do:

  • [ses_pro form_id="ses"] – create a new campaign
  • [ses_pro double_optin="true"] – enable double opt-in
  • [ses_pro enable_popup="300,3000"] – enable popup form
  • [ses_pro enable_slide="300,3000"] – enable slide-in form
  • [ses_pro display_cf1="true"] – display first custom field

And of course you can mix and match any of the many SES shortcode attributes to dial in the perfect signup forms.

Ajax Powered

All SES Pro forms are 100% Ajax-powered, so visitors can signup easily while staying on the page. And if Ajax isn’t your thing, it can be disabled with a click.

SES Forms - Ajax-Powered Signup Forms

Live Previews

Customize any form style in the comfort of the WP Admin Area. SES Pro gives you a live preview of each form style, so you can customize and fine-tune every detail of your signup forms. Visit SES Pro’s “Form Styles” screen to customize each form’s shortcode, JavaScript, and CSS — all in real-time.

SES Pro - Live Form Previews

Subscriber Management

Manage your subscriber data in style with SES Pro’s streamlined Subscribers control panel. Display any number of subscribers per page, sort and search results by specific fields, edit and delete selected items, and more. SES Pro makes subscriber management a breeze, just a few clicks and done.

SES Pro - Streamlined Subscriber Management

Visual Email Editor

Compose your email in style with SES Pro’s visual/rich-text editor. While creating your messages, you can easily format text, add markup, insert media, and preview email content before sending. There you also may specify the email format (plain-text or SMTP), email protocol (Mail or SMTP), custom CC/BCC recipients, attachments, and much more.

SES Pro - Visual Email Editor

Send Email Like a Pro

Sending email with SES Pro is as easy as 1, 2, 3. Just visit “Send Email”, choose your email and subscribers, and click the send button. SES Pro automatically sends out email and keeps track of which emails have been sent. That way, if something interrupts sending, you can simply repeat the process and SES Pro will automatically continue sending where it left off.

SES Pro - Send Email Like a Pro

Awesome Features

SES Pro gives you freedom from fees and full control over your email campaigns. Additional plugin features include:

  • Easy setup, no coding required
  • No restrictions on anything
  • Display unlimited signup forms
  • Slide-in and pop-up forms
  • Single or double opt-in
  • Import and export subscribers
  • Supports 3 custom form fields

Check the plugin launch page for more features, and check out the SES Pro Homepage to learn more and get the plugin :)

Special Offer: Use discount code SES10 during checkout to save $10.00 on SES Pro!

SES Pro – Ajax Powered Email Signup Forms

SES Pro is a premium email newsletter plugin for WordPress. It is 100% shortcode-based with Ajax-powered signup forms that can be displayed anywhere. There are no monthly fees or limits on the number of subscribers, how many emails you can send, or anything else. It’s just a lightweight yet full-featured email-signup plugin that's super-easy to use.


WordPress 4.2 Beta 1 Now Available for Testing

WordPress 4.2 beta 1 is now available for early testers to download. It’s “pencils down” time for core contributors as far as new feature requests are concerned. This is the point in the release cycle where contributors are focusing their efforts on bug fixes and inline documentation.

Drew Jaynes, the 4.2 release lead, posted the beta release announcement and summarized the main features that could use further testing. The Press This bookmarklet feature has been totally redeigned to be more intuitive and mobile-friendly. If you want to test it out, install the beta and then navigate to the Tools screen in the admin.


Jaynes also encourages users to test drive the new theme browsing and switching capabilities that are now built into the customizer. “We’re especially interested to know if this helps streamline the process of setting up your site,” he said.

The customizer theme switcher is one of the more controversial additions to this release. The new feature was met with a significant amount of resistance from our commenters when it was approved for merge into WordPress 4.2.


The installation and update process for plugins has been beautifully re-tooled to provide a smoother, more convenient experience where users can perform these actions without leaving the Plugins screen. Feel free to leave any feedback on the corresponding ticket for this improvement.

WordPress 4.2 also expands core support for emoji. Jaynes suggested that users go to town on testing it everywhere.

“If you felt like emoji were starkly missing from your content toolbox, worry no more,” he said. “We’ve added emoji support nearly everywhere, even post slugs.”

According to the current 4.2 project schedule, the official release is targeted for the week of April 22nd. A series of betas and at least one release candidate are likely to precede the official release during the course of the next month.

Introverts Are Great In Sales And Marketing

Despite of my tendency to get involved with public speaking at conferences and universities and being a band member, I tend to define myself as an introvert. I don’t enjoy large crowds and clubs full of people, and I have a small circle of people that I stay in touch with on a daily basis. Plus, different tests and studies define me as mainly introvert (since there’s no definitive black or white for anything).

Introverts are often having a hard time selling their services. Extroverts are being more vocal, and also able to connect to prospects at conferences, call random leads and knock on doors if needed. You can partner with an extrovert and grow your business faster, but make no mistake – everyone in your team should sell. The owner of a business is the most reputable person who must be able to sell their services and convey trust.

Networking Is Essential For Business

One of the things I learned the hard way is that networking is essential for business. According to Small Business Trends, 85% of small businesses get customers through word of mouth. To be more specific:

By far the most common way customers learn about a business is from word of mouth, according to the small businesses in the survey.  Eighty-five percent of the small businesses surveyed said customers learn about them through word of mouth.  The chart above shows all the responses.  As you can see, no other type of marketing or advertising even comes close.  Search engines come in a distant second at 59%.  Everything else is far behind.

The good news here is that there are different types of networking. Extroverts tend to surround themselves with as many people as possible, and interact with a large crowd. While this may be logical math-wise, that doesn’t necessarily mean that it’s efficient or they actually reach to large audience.

Compare the following two scenarios:

  1. You run a mass mail campaign reaching out to 1000 people with a generic email.
  2. You contact 20 leads with a personal note, doing some research on their business needs and expectations

What would lead to more prospects at the end?

It depends on numerous factors, but one study quoted by Salesforce states that the email marketing response rate is 0.03%. Again, it’s an arbitrary number per se, but based on that study you’ll probably not get a single prospect out of your mass email.

On the other hand, reaching out to a specific lead (or 20) having done your homework can drastically increase your business chance of bringing more business to the table. Also, this is email – we’re not talking about bonding at conferences or even calls, since text is the friendliest medium for an introvert.

Introverts and Extroverts in Business

HouseHunt have designed a nice infographic covering that question in details:


While it’s a fact that the closer the contact is and the better the rapport is in a conversation, the higher the chance for a successful relationship is, there are quite a few strategies to build your business without being an extrovert yourself. Introverts are shy and are often afraid to present their ideas before the public, but they are terrific in listening to the customer needs and offering the best solution possible to their problems.

Owning a business that solves problems and being an introvert can help you a lot. If you believe in your ideals and are fully focused on helping your customers, you can genuinely promote your solutions for the great deal, and make some bucks on the way. There’s nothing wrong in making a living and making sure that you’re fully covered so that you can spend your time helping your prospects. Selling is not a crime as long as you provide value.

In fact one of the latest trends in Internet Marketing is focusing on Inbound Marketing:

Inbound marketing is promoting a company through blogs, podcasts, video, eBooks, enewsletters, whitepapers, SEO, social media marketing, and other forms of content marketing which serve to attract customers. In contrast, buying attention, cold-calling, direct paper mail, radio, TV advertisements, sales flyers, spam, telemarketing and traditional advertising are considered “outbound marketing”. Inbound marketing refers to marketing activities that bring visitors in, rather than marketers having to go out to get prospects’ attention. Inbound marketing earns the attention of customers, makes the company easy to be found, and draws customers to the website by producing interesting content.

Why Introverts Make the Best Sales People

Another post by Lifehack explains why introverts make the best sales people. Trent Hand covers his overview on providing value to their customers, and also elaborates on the wrong perception of sales people out there:

When most people hear the word “salesman” , they picture a flashy, overly-smiley guy with smooth words and lots of charm.  He will chat with you for hours about anything and everything, and if he’s really good, he’ll have you handing over your credit card before you even understand what he’s sold you. He’ll collect his nice commission check and move on to the next customer, forgetting all about you.

This doesn’t really describe a true salesperson—this is the description of a con-artist. Sales is really the art of influence and assistance. As a salesman, I help people solve problems that my products or services address. If the potential customer doesn’t have a problem I can address, he’s not someone I will sell to. It’s that simple.

 Sales is really the art of influence and assistance.
Click To Tweet

There is certainly nothing wrong in being an extrovert, or being involved with the sales process in general. The problem comes from the broad idea of a shady automobile salesperson figure, or the people calling you every week and offering you services that you don’t need. The fact that they often focus solely on their profits and not their needs doesn’t define the salesmanship at whole, but shifts the perspective in a certain way.

That’s where introverts can shine.

As an introvert, you are usually passionate and empathetic. You can ignore all distractions and fully commit to your conversation, listen to your customers and find the best way to improve your product or service in order to make the best out of the situation.

Some Promotional Ideas For Introverts

While word of mouth is great, you can hardly grow a business relying entirely on your small network. There is one more serious problem with that approach – seasonality of your business.

I’ve noticed over the last 7 years that there are certain moments when we don’t get leads. It’s usually fairly quiet over the Summer here since small business owners are planning their holidays or saving for their trips, and large corporations can’t gather when there are a dozen people responsible for a given project. December and January area also slow due to the holidays, people off skiing or snowboarding, and generally away during with their families. is a great way to start your inbound marketing journey, since it’s one of the largest communities for inbound marketers. Dozens of valuable articles are published every day from experts in the industry, including HubSpot. Their detailed inbound methodology is available on their site, and that’s the process you need to follow:



In order to fill in your time during the quiet months and make sure that the work load is enough, here there are several aspects that you could focus on in order to improve your online presence, increase the traffic to your site and generate a list of prospects for your business:

Content Marketing / Blogging

Sharing your expertise is a great way to establish trust and become reputable in your niche. Find out what your target audience is and what are they main problems and start blogging about them. List the available solutions, curate other helpful resources, build some list in order to make it easier for them. The more quality content you have, the more followers and regular visitors you will get.

Search Engine Optimization

While improving your SEO is something that you should do on a regular basis, you can spend more time when you’re not fully booked with work. Fine tune your existing content or republish some of your old articles, research your competition, and generate new blogging idea based on your incoming leads from search engines and social media.

Social Media Engagement

There are plenty of tools that could automate the social media management for you. You can easily schedule tweets with TweetDeck or automate your publishing process with Buffer, but spending more time with your followers, post some polls or quizzes and prepare some promotional campaigns could increase the visibility of your brand and connect you with more prospects.

User Experience and Conversion Rates

Analyzing the user experience of your website and improving it could lead to more conversions. Set up some unique landing pages for your specific services and rank them separately than your home page. Add more call to action sections and make it easier for your users to learn the key selling points of your business and contact you.

Build Some Freebies

Whatever your business is, you can prepare some free resources that would be helpful to your clients. Design a set of beautiful wallpapers or logos, build a nice and useful infographic, create a free ebook answering the common questions in your industry, or build an email course for your leads. These would lead to more shares in the social networks, some new followers, or even a decent traffic from Google for a popular page or post of yours.

Email Marketing and Lead Management

As your audience is growing, you can reach out to your customers – your most active people in your comments or the social media. Add them to your CRM or grow your email list. Start an email campaign sharing your business tips or create an automated email series with some insights for your service process.

Introverts have various ways to spend their time without getting out of their comfort zone, and help their business at the same time. Even if you have to jump on a call with any of your prospects coming from your website, these are no longer strangers – you’re talking to people who have been following your blog and social network accounts for a while, and they already know you. The sales process is lean and pleasant, and there is no aggressive selling on the way.

Focus on your strengths and grow your business, regardless of your human personality.
Click To Tweet

The post Introverts Are Great In Sales And Marketing appeared first on Mario Peshev on WordPress Development.

WordPress SEO Security release

This morning we released an update to our WordPress SEO plugin (both free and premium) that fixes a security issue. A bit more details follow below, but the short version of this post is simple: update. Now. Although you might find your WordPress install has already updated for you.

What did we fix?

We fixed a CSRF issue that allowed blind SQL injection. The one sentence explanation for the not so technical: by having a logged-in author, editor or admin visit a malformed URL a malicious hacker could change your database. While this does not allow mass hacking of installs using this hole, it does allow direct targeting of a user on a website. This is a serious issue, which is why we immediately set to work to fix it when we were notified of the issue.

Why we didn’t catch it? Well… Long story. It should have been caught in one of our regular security reviews. The values were escaped using esc_sql, which one would expect would prevent SQL injection. It does not. You’ll need far stricter sanitization. Not an excuse but it’s a good lesson to learn for other developers.

Responsible disclosure

We were notified of this issue by Ryan Dewhurst of the WPScan team, who waited for us to release an update before publishing his find to the public, for which we thank him! This type of responsible disclosure is what keeps us all safe, but it only does so if you update.

Forced automatic update

Because of the severity of the issue, the team put out a forced automatic update (thanks!). If you didn’t specifically disable those and you were:

  • running on 1.7 or higher, you’ll have been auto-updated to 1.7.4.
  • If you were running on 1.6.*, you’ll have been updated to 1.6.4.
  • If you were running on 1.5.*, you’ll have been updated to 1.5.7.

If you are on an older version, we can’t auto-update you, but you should really update for tons of reasons. Of course you should really move to 1.7.4 as soon as you can anyway.

Note: If you’re using WordPress SEO Premium, you should immediately update to version 1.5.3. You can find the how-to in our knowledge base.

This post first appeared as WordPress SEO Security release on Yoast. Whoopity Doo!