Use me or use WIX? Should you Do IT Yourself?


Should you — a small business or understaffed non-profit — be building your own website? There are certainly a lot of do it yourself choices. There’s a discussion taking place on a LinkedIn group for WordPress developers on the topic “How do you compete with DIY drag and drop web builder sites?”.  Here’s what I had to say on that discussion.  

I have a couple of points to discuss with potential clients:

  1. Should you be working on your business or building a website?
  2. Are you trained in writing compelling sales and marketing copy? Do you know what a call to action is and when to use it?
  3. How long do you think it will take you to build a site on WIX (or whatever)? Really? Think more like 12-18 hours, because it’s iterative. Where are you going to find the time and what’s your time worth?

Does this make sense to you?   

Book Review: WordPress 3.7 Complete

WordPress 3.7 Complete link to publisher siteWordPress 3.7 Complete
Authors: Karol Krol, Aaron Hodge Silver
Packt Publishing:

WordPress 3.7 Complete offers, well, a complete explanation of WordPress. The first chapters, directed at WordPress users, is a patient but not “for dummies” walk through what you need to know if you own a WordPress site.

Chapters 1 through 5 are a great introduction to users of WordPress. If you’re a professional WordPress developer, buy your clients a copy of this book and do their training only after they’ve read those chapters.

There is one unfortunate aspect to this book. Almost as soon as it was published, WordPress 3.8 was released. All of the information is still current and directly applicable; the book has lost no value with the update. The only real affect is that some of the illustrations of the WordPress dashboard are no longer what the site’s owner will see. The value is still there. There are also enough links to the WordPress Codex and other the publisher’s own site that the content should be current through the life of 3.8.

The book starts off where we all start off: Terminology and “What is WordPress,” and what’s the deal with and As it gets more into the creation of your first site, I like that it starts with content and worries about theming later. I see way too may people picking a theme then worrying about content. The step by step instructions for posting content will get the most technophobic user posting content fairly quickly.

Differentiating pages and posts waits until Chapter 4, as do menus, headers, and other customization options provided in most themes. This chapter also includes the media library and image galleries. It would be nice if this chapter also included discussion of the video shortcodes; users often seem confused about embedding YouTube and other video content.

Chapter 6 talks about choosing and installing themes and offers some good advice about choosing safe themes and the purpose of themes. “The trick of choosing a theme for your site is to understand its purpose and make your decision …. on the thing you need the theme for…” Excellent advice!

Chapter 7 gets into theme development. It’s a high level view that occasionally swoops down into code. This isn’t the book I’d recommend for serious theme developers, but it offers a good overview for people who want more insight into how WordPress works and why hiring a developer to create a custom theme is not inexpensive. The development focuses on building themes from scratch. I’d have preferred a discussion that talked a bit more about building from starter themes like Underscores ( or one of the standard WP themes like TwentyTwelve. Nonetheless, by the end of the chapter, the reader (who may have glazed over at all the code) has a pretty good idea about the division of work and why things in WordPress work the way they do.

Chapters 8 is a catchall, talking about using WordPress as a podcasting platform, RSS feeds, and offline site tools. I’m not sure why that last bit is in this chapter; it seems to me that it might have fit better earlier when adding content was the topic.

Chapter 9 follows in the path of Chapter 7, getting back to areas of interest to developers. This chapter deals with developing plugins and widgets. It’s a decent overview but the widget development section lacks a discussion of what I think are two essential areas for widgeteers: Managing and storing options “the WordPress way” and providing a clean uninstall for your widget.

Chapter 10 is back to operational considerations: Running a multi-user site and multisite. I think the multi-user discussion is something that more readers will find valuable; the authors delve into questions of process and user management. These are critical areas for multi-user sites and need to be considered sooner rather than later in the development of the site.

Chapters 11 and 12 talk about my bread and butter, “Creating a non-blog website.” WordPress may have started off as a blogging platform. It’s evolving into a fully featured content management system (CMS) that can present any content on the web. The chapters also covers e-commerce, community sites, membership sites, etc. These topics are worth mention but a probably deserving of their own books. Custom post types make their appearances here. I think they might have fit better in Chapter 7 or 9.

In summary: A good book for those just getting into WordPress as users or those wondering about becoming site-builders and developers. An excellent training source for those handed a working site and told “OK, it’s yours. Start adding your content.”

Full Disclosure: I received a free epub copy of the book in exchange for writing this review. The publisher did not review or approve its contents.

In the rush to finish a website, don’t forget these things….

It seems like these things always get pushed to the end of my projects and get done at the last minute. I’m posting here to (1) say it out loud so I get it in my head earlier in the process and (2) see what everyone leaves till the end.

1. 301 Redirects

Typically, we’re rebuilding an old site. Whether it’s converting an old WP site or bringing a site full of .htm and .html files to WordPress, URLs are changing. People have those old URLs bookmarked and Google has them indexed. It’s necessary to redirect old links so they don’t wind up as 404s. I use the plugin “Simple 301 Redirects” ( because it is so simple. It does just one thing and does it well.

2. Favicon / Touch Icon

This is another small thing that makes big difference on a site. A nice favicon helps distinguish a site and it’s amazing what can be done in 256 pixels. It’s also important to have a nice “Apple Touch Icon”, a larger (75px or 150px square) image used for bookmarking a web page on iDevices and other smartphones/tablets. I like “All in One Favicon” ( for putting these on a site.

What’s in your last minute scramble?

Add IE8 support to the WordPress Underscores _s theme


Selection_003_0The developers of the underscores starter theme for WordPress are fairly adamant that the the theme supports only Internet Explorer version 9 and above. Unfortunately, there are still a lot of Windows XP users out there who cannot go beyond IE8. While we can’t provide a lot of the cool features for Internet Explorer 8, we can at least make sure that the basic site lays out in a readable manner. To accomplish this, it’s necessary to add the following content to the file header.php

<!--[if lt IE 9]>>
 var e = ("abbr,article,aside,audio,canvas,datalist,details," +
 "figure,footer,header,hgroup,mark,menu,meter,nav,output," +
 for (var i = 0; i < e.length; i++) {

I typically add this right before the line with

<?php wp_head(); ?>

The Joys of Working From Home, Part 1: The Plumbing

2013-11-07 10.48.12Yesterday afternoon, I heard a funny noise coming from an outlet in the first floor bathroom. It was buzzing. Outlets are not supposed to do that. It appeared that the ground fault interrupter part was blowing out.

No problem. Ran over to Menards and got a new one. Removed the old outlet and saw water dribbling out of the outlet box. That’s not good.  There are different pipes for water and electricity and meet they should not.

Yeah, not good.  I went upstairs to check the bathroom above and found water in the cabinet under the sink. The tube that goes from the cold water valve to the faucet was leaking. You’d think that a 98 cent part would last more than 20 years!  Also, you’d think that the LEFT one would be hot and the right cold.  Not always!  I emptied the cabinet, turned off the water, dried things out and threw out all the stuff that was soaked.

Back downstairs, I put in the new outlet. When I turned the power back on, I noticed a small bubble in the paint on the bathroom ceiling. Uh oh. Poked a hole in it…. and that was the start of about 8 gallons of water flowing out over the next 30 minutes. I think we were about an hour or two away from the ceiling coming down in there.

Stay tuned for my next post: The Joys of Working From Home, Part 2:  Hanging Drywall.

iOS 7 Styles: Flat buttons, skinny fonts

In another few days, we’re all going to be in love with or loathing the new look on our iPhones and iPads. iOS7 brings the end of skeuomorphism, sculpted button, and wide fonts.  For those who’ve don’t follow All Things D and TUAW religiously, this means

  • The end of digital things that look like their real world analogues. The most common examples ar the leather-bound look of the calendar in OS/X and the wood-grained shelves of iBooks.
  • The new iOS and OS/X font is Helvetica Nueu, a redrawn sans-serif font.
  • Buttons and app-launching icons are flat: There’s no shading or lighting effects to simulate 3D.

On the web side of things, we’ll be bringing the same effect to our call-to-action (CTA) buttons.

For example, here’s the oh-so-2012 style button

Old Button

And here’s the iOS7 influenced version

New Button

Hackers, Bots, and Bores

A few minutes ago, I tweeted “It’s fun using #Wordfence to watch bots try to login as ‘admin’ to my #WordPress sites. I auto-block that ID.” And it is, although the ongoing attempts are both annoying and a waste of bandwidth.  This was a big deal a few weeks ago. In fact, the sheer volume of attempts to login as ‘admin’, over and over again with commonly  used passwords, was enough to bring down several shared hosting sites.

As a hosting server, what can you do?  It seems to me that you should monitor http traffic, looking for multiple login attempts with the ID ‘admin’ and use firewall blocks to throttle traffic from those IP addresses.  I chose to say “throttle” rather than “block” because — just maybe — there might be a real user out there struggling to remember his admin password.

As a WordPress site owner, what can you do?  First, don’t have a user named ‘admin’.  They can’t login on an account that’s  not there! Second, install the WordFence plugin.  On the options panel, enable “Login Security” with fairly agressive settings:

If you want to see if it’s effective, enable WordFence’s “Live Traffic View” and on the Live Traffic panel, click on the “Logins and Logouts” tab

If you set up your WordPress site with an ‘admin‘ user, how do you remove it without breaking the site? 

  1. Create a new user on the site that you’ll use for administrative purposes.  Make sure you give it a strong password and don’t forget to assign it the adminstrative role.
  2. Log out and log back in as the user you just created.
  3. Under “users”, select and delete the orginal adminstrative user, ‘admin’.  WordPress will allow you to reassign content posted by this user to another user.

How else do you secure your WordPress sites?



phyMyAdmin, mcrypt, and Centos 6: “mcrypt extension is missing” solved


Installing a current version of phyMyAdmin on Centos 6 turned out to be a grand pain. First, it turns out there are two packages in the rpmforge repo, “phymyadmin” and “phpMyAdmin”, resulting in installations of version 2 and 3, respectively.

Once past that, phpMyAdmin reports “Cannot load mcrypt extension. Please check your PHP configuration“. Well, that should be easy to fix. Just a quick “yum install php-mcrypt”. Nope. After digging around for a while, installing, uninstalling, rebooting, etc, I checked the the file /etc/php.d/mcrypt.ini.

Its contents were

; Enable mcrypt extension module

This is incorrect. I changed it to

; Enable mcrypt extension module

then restarted httpd and the problem went away. It appears that the php-mcrypt rpm, at least as of php-mcrypt-5.3.3-1.el6.rf.i686, incorrectly creates the mcrypt.ini file.

When the Cloud is Offline

By Google Inc. ( [Public domain], via Wikimedia CommonsGoogle Drive apparently went down for a couple of hours this morning.  (I missed it. I was in a meeting.)  This is a good reminder that you need to maintain the ability to work with your documents when the Internet or the cloud service itself is unavailable.  Google has a page about setting up offline access for Google Drive documents.  Do it now while you’re thinking about it.

On the Mac, the Google Drive app created a folder in my home folder containing all of my Drive files with extenions like “.gdoc”, “.gslides” and “.gsheet”.   I presume that offline Google Drive works the same way on Windows.  On Linux, I enabled offline access from the web, then installed a Chrome app.