If you've got it there, you've got it multiple places. That's a method of injecting code in a way that can escape more common scanning methods.
It's definitely malicious, and cleaning is going to require a fair amount of effort. https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
It doesn’t have to be ugly. You can create pretty, descriptive classes, and then do this in your CSS:
.beautiful-name { @apply text-white bg-black rounded-lg shadow-md hover:bg-blue-700; }
I've repeated the code from above.
Modulus (%) : the first number divided by the second leaving a remainder. 5/3 => ( 1 with 2 remainder ) = 2, 6%3 = 0
It seems like you're starting out, and jumping into code when it doesn't make sense. When things like this happen. Stop, step back a bit with a piece of paper and write out what you want to happen.
row, loopstart, article, article, article, /row, row, article, article, (article?), loopend, /row
You need to place that modulus at the end of the loop. However, what happens if it ends on non-3 row? Or ends on a %3=0 row? Then you'll have row, /row, row did you have added padding on the rows?
Aside: Is this right? Your custom post is "case studies ce"? I think that should have no spaces. Is it saving in the DB like that?
Aside2: You can always look at array_chunk for a better solution.
<div class="row"> <?php $loop = new WP_Query ( array ('post_type' => 'case studies ce', 'orderby' => 'post_id', 'order' => 'DSC' ) ); ?> <?php $row = 0; ?>
<?php if ( $loop->have_posts() ) : ?> <?php while ( $loop->have_posts() ) : $loop->the_post(); ?> <div class="col-md-4">
<?php if ( has_post_thumbnail() ) the_post_thumbnail( array (200,200) ); ?>
<h2><a href="<?php the_permalink();?>"><?php the_title(); ?></a></h2> <?php the_content(); ?>
</div>
<?php $row++; if ( $row % 3 == 0) echo '</div><div class="row">'; ?>
<?php endwhile; ?> <?php endif; ?> <?php wp_reset_query(); ?> </div>
You could try to integrate Cloudinary, a web service for automated image manipulation. It shouldn't be hard task for a php dev because the hard parts are already done by the service, it's only the integration.
I'm not aware of anything that allows you to easily customize the look and feel of ACF fields on admin pages. But I agree - something like this would be super helpful. At my webdev agency, we usually put quite a lot of effort into admin interface UX of the sites we build, but ACF fields have mostly been out of scope so far as it's probably not the easiest task and there are lower hanging fruit in WP admin interface.
As for your second question (ACF vs page builders): in my opinion, if you want your average client to be able to edit the content of the site, then most page builders are not an option. First of all, they are way too complex for the less technical client. Second, they give the client way too many options to fuck up the design. There's probably also various performance and customizability issues, although not sure about that anymore. I've been out of the loop for the last 6 months, so maybe there's something decent available now?
For me, the ideal solution would be something similar to what Voog provides - front-end editing for content only (i.e. no options to tweak margins/spacing/colors/etc). But I haven't found anything that properly solves this and we don't have the capability to build our own (yet).
I usually just like to keep things as lightweight as possible when developing custom themes. Although I can definitely see how integrating a templating engine like Blade would simplify things, I'll try that out on my next project.
I'm currently in the process of rebuilding our website using NextJS and the WordPress API, so I'm always open to new ways to work with WordPress... especially if it makes my life easier.
I've long been a fan of and hardcore supporter/user of Foundation. There's an awesome starter theme based on Foundation 6.4.3 called FoundationPress which includes a bunch of basic templates and functionality surrounding Foundation's components and features.
It's lean and thanks to Foundation's modular approach, very easy to remove unnecessary components/functionality from what's being compiled and output to app.js and app.css simply by commenting out the appropriate lines.
Add in a dash of ACF Pro and you've got a lean, highly-customizable theme with excellent Flexbox support.
If you mean a WordPress.com account, I don't think many freelancers use that. That's the paid WordPress hosting and it's pretty locked down. You can't customizing it much.
Generally we develop for self-hosted WordPress. WordPress is downloaded and hosted on either a managed host (like WP Engine, etc) or an unmanaged server (DigitalOcean, AWS, Google Cloud Platform, etc). If the later then you need to provide the hosting management. Smaller clients usually go for the managed hosts. At $10/mo and up it's not too bad.
Some contracts run their own hosting using a hosting control panel. But this means acting as a sysop. Other contractor resell hosting. WP Engine and others offer a reseller program. But only do this if you want to be in the business of hosting.
I generally prefer my clients to own their own hosting. I always offer that to them, because most of my clients have past experience with unethical freelancers who controlled the code and hosting and held it hostage for years, preventing the client from migrating to a less shitty freelancer.
At the higher end a freelancer might work for 1 or 2 big clients and manage their hosting for them. I do that with my clients, but we are talking websites with around a million hits per month. This is a good path if you offer a full devops package for ongoing development. The hosting accounts are all in the client's name, on the client's credit card, but I have root access and manage everything from servers to support.
After reading some of your replies, it sounds like the database is one of the main bottlenecks. As others have mentioned, Woocommerce isn't the best solution for this volume of products (something custom probably would be), but of you're insistent on using Wordpress for this store, I'd start with:
I have experience monitoring and tuning high traffic web servers with a lot of content for WP, feel free to reply or message me and I can try to elaborate on specifics.
Whenever I had performance issues like this I always use New Relic.
I install wordpress specific reporting, and then analyse the results. I am not sure if you can do that in wordpress.com but kinsta provides it also you can set it up if you are using a cloud host.
​
The details tab, tells a complete background of what is actually taking more time. It will tell you exactly what funtions are time consuming and then you can start working on those.
You can either optmize or cache them to get speed gains.
I’ve always struggled with this. I’m definitely not supporting the “rebrander’s” actions, but isn’t this how the GPL works? Please correct me if I’m wrong, but I always thought the GPL, which WordPress and Drupal are licensed under, is designed to allow someone to modify your code, and redistribute it as they see fit.
So as I understand it, if he bought it and altered the code at all, he can rebrand and sell it.
Read #11 on this page:
The way I have done this is in 2 steps. The first one is to log the hit in a text file. You can either use unique log files in multiple deep directories or save the hits in one log file per day /logs/YYYY/MM/DD/stats_YYYY-MM-DD.log. The file must be locked of course to prevent data corruption.
Then have another cli tool that parses the log files every few hours and does the parsing and saves the data in a database. I'd use SQlite as it's super fast to render info.
If you need to visualize it I'd use a simple js/ajax call to pull that info so the page is not slowed down in any way.
There are other ways of course. You might be able to skip the php logging totally by coming up with a special redirect that uses mod_rewrite to look like as if it's loading a 1x1 pixel.
e.g. /products/product1-slug
then have an image that's prefixed by /cnt/products/product1-slug.gif
then have a log parser that parses the web server logs and does the counting and then saves the stats.
I haven't checked this tool in a long time but it should be possible to use matomo.org and query its data. Maybe set up a VPS just for the stats for your projects.
I will use these ideas when I start working on an affiliate program for my WP SaaS apps.
Slavi
Not sure where that screenshot of the website speed test came from, but when I ran it I got nothing close to 100. Makes me question the rest of the article, I'll be doing further research. https://developers.google.com/speed/pagespeed/insights/?url=https%3A%2F%2Fwp-agents.com&tab=desktop
You'd need to add a custom meta tag to the page. Or place it in the content.
Custom metas would be gotten with:
<a href="<?php echo get_post_meta( get_the_ID(), 'special_link_name', true ); ?>"> … </a>
Did you have Yoast SEO on that site? You could set the page for the post to be a 301 to the other page. It's a hopscotch but gets the job done quicker.
I'd test it with a ternary condition, this might work:
<a href="<?php echo ( $meta = get_post_meta( get_the_ID(), 'special_link_name', true ) ? $meta : '#' ); ?>"> … </a>
Great, ok. I tried emailing but it bounced back.
There is this great server management script for WordPress hosting - WordOps. It's very good, but really only has one person who is the sole maintainer. There are another couple of chaps who seem involved but just the one guy seems to write all the code.
I have been concerned that the project would be abandoned, as have others, so I've been trying to give some support help on the chat channel, just to let it be known that someone is interested in helping out.
Just recently the main guy posted a message saying that he was starting work on the next version. There are a few pull requests sat on the github for a while. Somewhere there is a roadmap of sorts too but it's a bit outdated maybe.
Maybe they would like a decent Python coder with good WordPress experience to get involved. I should be clear that I am not officially involved with the project. I am very keen to support it though.
I'd quite like to improve my Python skills through it too.
Submodules:
mainRepo.git _ WordPress.git (Submodule) _ yourPlugin.git (Submodule) _ yourTheme.git (Submodule)
Then:
git clone mainRepo.git . git submodule init git submodule update
They can be handy but cumbersome if you're not used to working with them.
My desire is to keep WP out of the repo but sometimes it is handy. Often times a client will come back to us and our repo will show what state it was delivered in. Logging into their server and committing everything will show where it is now. And transferring git is faster than FTP. I would not manage WordPress merge conflicts. Since it's not my repo I would just accept all remote.
If the shared host has SSH access then you can install WP-CLI with this tutorial
For getting started with SSH on Windows you can use PuTTY
If you are on a Mac then you can use the built-in Terminal application
In both cases for your first SSH connection you enter your IP, username and then you will be prompted for a password, paste it in and press Enter and you can start running WP-CLI commands
Honestly, personally I've never compared performance between WPML and Polylang as the first one has much more features than the later (but maybe I should do it for some common usage scenarios). :)
If Polylang satisfies you I am not against it :) I have been using it personally too. Just in case you need to migrate one day to WPML, we have a plugin for this :P https://wpml.org/documentation/related-projects/migrate-polylang-wpml/
Easiest way is to use a third party service like pushover. You can write your own code to interact with their API or with pushover you can simply generate a notification by sending an email to a special address.
There are already extensions which auto-save all text you fill in in forms, at least for FireFox. If the number of content editors is limited, that may be a solution. For example: https://addons.mozilla.org/en-US/firefox/addon/textarea-cache/
That's great.
Does "touch points" mean meetings?
Meetings are even better for getting info from people. Probably the best way if there's room in the budget for them and for collating & editing everything afterwards.
Re GDPR yep we are the processor which is why there's a DPA. You still control what data you ask clients to provide, making you the controller. There's some more info here: https://contentsnare.com/gdpr
In the future we plan on doing whatever is necessary to allow sensitive data and maybe even compliance for medical etc but I don't have an ETA on that
Awesome! Great checklist man.
Do you include any instructional material with it for clients?
I can only imagine a client seeing "Facebook Pixel ID" and wondering what they are meant to do to get that.
I get to speak to a lot of people who deal with content delays beacuse we built a tool to help people with content collection (Content Snare).
In the conversations, the biggest difference BY FAR beteween people that struggle getting things on time, and the ones that get it quickly are the instructions. Guiding people through how to write their content goes a long way. Like how long the author bios should be, examples etc
Ok a quick update from my side:
Soon I will plan to move code (themes + plugins) to separate repos and use composer for building it. I want to keep main git repo as light as possible.
For orchestration I want to use buddy.works
It's something along the lines of https://runcloud.io/ , or https://serverpilot.io/, or others like that, but targeted at WordPress. It lets you get your individual VPS, with security hardening, etc, without having to do it all yourself. At the same time, unlike some of those services, you do retain root control, so you can modify things if you know how and would like to.
For me, one of the biggest things (that was a pain for me to manually keep going myself) is making managing keypairs simpler, for various sites. Again, not impossible to do myself, but time consuming.
I don't want to take this on, but I can give you some feedback. I've come across the odd tool that claims to automatically update PHP scripts to be compatible with PHP7+. I've never had to turn to those, so I can't speak on their effectiveness. But here's a starting point in that regard - https://auth0.com/blog/migrating-a-php5-app-to-7-part-three/
Your second point of keeping notes on what gets changed - that's easy enough to do with git. If you store the repository somewhere like GitHub, you'll basically have a permanent record of any little thing that changes.
I’ve been fiddling with Devilbox lately. Seems like a quick and easy way to dive in with docker/docker-compose and it’s multi-platform: http://devilbox.org
Here’s a decent write up for Wordpress, but devilbox can basically accommodate most LAMP-stack projects. https://deliciousbrains.com/devilbox-local-wordpress-development-docker/
I am using Jira Software. Here's the link: https://www.atlassian.com/software/jira
Jira Software is built for every member of your software team to plan, track, and release great software. The ticketing system and commenting with all images links on one ticket just like post thread on forums.
Havent found anything comparable in terms of quality but theres image recaptcha and you could try akismet. More info here
This book really helped me transition from a basic WordPress developer (building the websites) to being able to make almost any customizations necessary:
http://www.amazon.com/Professional-WordPress-Development-Brad-Williams/dp/111844227X
The same publisher also made a book about plugin development that is excellent that I am currently reading as well. Would highly recommend both.