Securing WordPress

Contrary to some belief WordPress itself is very secure. Vulnerabilities are introduced by poorly written or malicious themes or plugins that users install.

I have compiled a list of extra steps you can take to harden your WordPress installation.

Stay Updated

WordPress has updates on a near daily basis. If a security vulnerability is ever found it is usually patched within hours and pushed out to the millions of WordPress installations around the globe. But, if you don’t accept automatic updates, or don’t manually update often, then you will be left vulnerable.

It doesn’t just go for WordPress itself. Plugins, especially the more popular ones, are updated often, and can often have security vulnerabilites of their own. Keep them updated!

Be conservative with plugins

Plugins are great, they extend the functionality of your website in just a few clicks. But is that all they do? Plugins can become vulnerable, especially…

The Correct Size for a WordPress Theme Screenshot is 880×660

I see misinformation on this far too often.

The WordPress screenshot is shown at 387×290.  But, the recommended size is 880×660.  This information is freely available on the WordPress Codex.

Why 880×660?  Because certain devices have high pixel density displays (HiDPI) which, in a nutshell, will show more pixels in the same space to provide a crisper image.  By making your WordPress theme screenshot 880×660 you are allowing for these high pixel density displays.

Web Dev Weekly – Well received

Back in March I launched Web Dev Weekly, a weekly email newsletter that tries to combine the week’s latest news and releases from the industry.  I find the newsletter itself quite easy to write as I check industry news websites and articles regularly, so it is simply a case of making a note of the best articles and creating a small write up on them.

I was initially surprised at the interest Web Dev Weekly got, especially on Twitter, and subscribers came in their hundreds.

Getting subscribers is actually quite easy if you don’t care about the quality of them, but I do.  I would much rather have a few hundred people who genuinely find my newsletter interesting and want to read it than hundreds of thousands of people who never open it, or even worse, mark it as spam.

The Figures

My newsletter is sent out using…

Magento Go is no more

Magento Go

Magento, the e-commerce platform owned by eBay, has a hosted version of its software, called Magento Go.  Magento is notoriously difficult to host due to its fragmented architecture, and a hosting solution, even for a relatively low traffic Magento website can often cost in the hundreds of pounds per month.  That makes Magento Go very appealing to some store owners, as that headache is taken away – you just pay your monthly fee and forget about it.

It does come with some down sides though.  You’re highly limited as to what you can do with Magento Go.  There are only 17 extensions available to extend the functionality, most of which aren’t free.  Compare that to the tens of thousands of extensions available for Magento CE (the free, self-hosted version), many of which are free, and you can see how this could be limiting, especially for larger…

The new PHP will be called PHP 7

The title says it all.  In a recent post I spoke about how I voted for the next version of PHP to be called PHP 7 over PHP 6.

In summary, the current brand of PHP is PHP 5.x, so the most logical next version would be PHP 6.x.  However, PHP 6 once existed, although it was never formerly released.  There are articles, blogs, and books available about PHP 6 and the then proposed changes.  PHP 6 exists, but the release never happened – but it does exist.  And that is what I based my vote on.

The vote has now closed and PHP 7 won, with a ratio of 58 votes for PHP 7 to 24 for PHP 6.

The PHP 6 RFC has the full vote breakdown.

Why I voted for PHP 7

The next iteration of PHP is getting closer, and the conversation currently hitting the internals mailing list is what that next iteration actually is; PHP 6 or PHP 7.

It sounds a little bizarre.  The current version is 5, so surely the next version is 6, right?  Well, here lies the problem.

Some background

PHP 6 was attempted some time ago.  There were numerous features pegged, but the big problem was Unicode support.  Cutting a (very) long story short; there were too many hurdles and it didn’t happen.  PHP 6 was shelved and many of the useful features already developed were merged into the 5.x branch.

PHP 5.3 was released in June 2009 and was a huge step forward.

So why 7?

There are a number of reasons:

6 existed.  It may not have been formally released, but it existed.  The next version of PHP is not…

Why you should use JetPack

I’ve made a lot of WordPress websites over the years, both for clients and myself.  They pretty much all require work out-of-the-box to get right, exclusive of applying a theme and styling.

These tweaks include:

Installing a contact form plugin (usually Gravity Forms or Contact Form 7) Configuring Akismet Installing and configuring an analytics package (Google Analytics or similar) Social plugins (I used to do this as part of the theme though, admittedly) Replace comments with Disqus or Facebook Comments (or remove entirely) And, depending on the site, integrate automatic social posting (eg. post to my social media profile when I make a new post)

So, wouldn’t it be great if you could skip all of this and just install one plugin?  Yes, it would, and that’s why JetPack exists.

JetPack is a set of solid plugins and addons…

How to stay motivated and finish a project

One of the biggest problems facing people of all kinds, not just developers, who start a personal project is the inability to stay motivated from start to finish.  We get bored, we hit problems that cause delays, we lose interest in the project, or something better comes along: we get demotivated.

I was asked recently how I manage to stay motivated in order to get a project finished.  How I don’t just get bored and give up.  Why I see things through to the end.  It got me thinking, and here is a list of things that work well for me:

1.  Give yourself an ultimatum
Most people don’t want to go to work every day, but they do.  Why?  Because there are consequences if you don’t (you’ll lose your job), and those consequences are worse than just going to work.  Set yourself an ultimatum and make yourself believe…