WordPress Security isn’t the sexiest topic, but with a little chastity belt reference and some hot security tips I plan on changing that! Security is a major concern for all website administrators and WordPress powered websites are no different.
Imagine losing all of your content, including posts, media, and comments. Even worse imagine spam links hiding in your content destroying your search engine ranking. Keeping your website safe from hackers and bots should be a top priority for anyone running their own website. In this presentation I’ll cover the essential WordPress Security tips that ALL WordPress administrators should use to keep your website safe and secure.
Is your WordPress website as secure as it can be? Do you have spam links hidden in your site? How many of these tips do you follow? You’ll have to attend my presentation to find out!
I’ve been developing for the CUNY Academic Commons, a social network and collaboration site for the faculty, staff and graduate students of the City University of New York, for about six months now – a period not coincidentally coterminous with my history as a WordPress developer! During that time we’ve envisioned the Commons as a site built around individual scholars and students. BuddyPress has been a natural fit for this kind of project.
Our concept is for BuddyPress profiles and groups to act as hubs for the collaboration that happens on the Commons. Individuals flesh out their profiles with their research and teaching interests. Based on this information, groups form around common interests and projects. With only a small amount of development time – see, for instance, this hack that allows users to identify their interests in a more fine-grained way – BuddyPress excels at this kind of community building.
It’s at the next stage where the real development work begins. Groups that form in BuddyPress need spaces to work. And since the CUNY Academic Commons caters to such a wide audience – tenured professors to first-year graduate students, chemists to laywers to philosophers to creative writers – our goal has been to provide different kinds of collaborative spaces for different academic purposes.
Blogs are a no-brainer. It goes without saying that the integration between BuddyPress and WordPress is as tight as can be.
Forums are another space where groups work together, and their integration into BuddyPress is getting more seamless all the time. Before the recent release of BuddyPress 1.1, it took quite a bit of development time to make bbPress play nicely with BuddyPress – consistent theming, shared logins, access to the other platform’s core functions. The forum integration in BP 1.1 solves these problems, but raises new development challenges, especially regarding the functionality that bbPress handles in plugins: email notification of forum posts, file attachments, etc.
MediaWiki is the third spoke in the BuddyPress collaboration hub. Our team has made single sign-on between WordPress and MediaWiki happen. We’ve got a method for making the BP admin bar appear throughout MediaWiki. We’ve also developed a tool that brings wiki edits into the BuddyPress activity streams.
I’m excited to be part of the BuddyPress community, as I think it’s got a great future as this kind of collaboration hub: a set of tools for people to connect, and open connections with software where specialized types of collaboration and content creation can happen.
It’s a fact that without a theme your WordPress powered site would be reduced to an administration panel and a database. Sure, you you could access the WordPress admin panel, install plugins, write posts, add links to the blogroll, etc. But with no theme there is nothing for potential visitors to see. Unlike plugins, which are entirely optional, every single WordPress site regardless of size needs a theme. Whether you stick to the default theme or hire a WordPress theme superstar to create an original design, as far as visitors are concerned your theme is the single most important part of your site.
What does this mean for you, as the owner of a WordPress powered website? It means that care should be taken when selecting, creating, or contracting for your theme. Because the need for a theme is universal the world of WordPress themes is prone to bad stuff sneaking in.
As I prepared for my sessions, one focusing on choosing themes and the other on creating themes, I went looking for examples of things to look for and also things to avoid when selecting a theme. From my perspective theme creators can be grouped into three basic, and clearly over simplified, camps:
The Good Theme Creator:
- Releases themes under a GPL compatible license
- Keeps themes updated to incorporate new and improved features of the WordPress API
- Supports the users of the theme they created
The Bad Theme Creator:
- Places restrictions on the way that the theme can be modified, used and/or distributed
- Does not keep the theme updated as new and improved features are added to the WordPress API
- Does not offer to support the users that rely on the theme that they created
The Evil Theme Creator:
- Places encrypted code in the theme, often in the footer area of the site to display “Sponsored” links
- Places functions that alter you sites content without your permission.
- Redistributes the work of others without improving upon the original*
So how do you find the good and avoid the Bad and Evil in WordPress themes? I recommend attending the various theme related sessions scheduled throughout WordCamp!
*NOTE: This is a highly subjective point which could be argued at great length. This author strongly believes in keeping the Spirit of the GPL license beyond the letter of the GPL license.
WordPress 2.8 has been downloaded more than 8.5 million times. Did you know over 45% of those downloads are non-English versions of WordPress? Popularity of WordPress is worldwide, and Japan is no exception.
The growth of WordPress in Japan has been phenomenal. About a year ago, the daily download rate of WordPress Japanese version was only one fourth of that of today. Just as in the U.S. and many other countries, the Japanese WordPress community is seen as one of the most successful and active open source communities.
WordCamp Kyoto (photo by
In my session, I want to talk about how WordPress is doing in Japan, and reasons why Japanese people love WordPress. I’m planning to cover topics like:
- Blogging and social networking trend in Japan
- WordPress vs. other blog/CMS apps
- Importance of mobile device accessibility
- Barriers and differences
- What are WordPress users in Japan like?
- WordCamps and meetups
If you want to learn interesting facts about WordPress users in Japan or you’re just curious how to say “WordPress” in Japanese, come to my session on Saturday morning!
I’m not just one of the Lead Developers of WordPress (a volunteer position) — I’m also a freelance WordPress developer and consultant. WordPress consulting quite literally puts food on my table. With a wife, a mortgage, and a kid on the way, I can’t afford to treat WordPress as a hobby. If you are an aspiring WordPress consultant, someone who is doing WordPress work “on the side” and is considering going full time, or if you are earning your living working with WordPress but want to improve your standing in the marketplace, you can’t miss my Saturday morning session on “Feeding your family with WordPress development.”
I’ll be sharing my story — from high school and college dropout to WordPress Ninja — my tips, a few tricks, and some pitfalls to avoid.
Some of the topics I’ll address:
- How to get started
- Setting your rates
- Hourly, or by-the-project?
- Picking your clients
- Keeping your skills sharp
- Improving your standing in the community and the marketplace
- How to keep your sanity
Come with questions. I’ll see you there at 10:15am, and I look forwarding to competing with you in the WordPress marketplace!
Having been a backseat driver on the 501c3 bus for 25 years, I speak Bleeding Heart fluently. I’ve seen that most non-profits suffer from the same issues:
– PR/Marketing departments not integrated with tech departments, a failure because of the way marketing works in 2010.
– Design has been prioritized over function in website considerations.
– Without solid tech counsel, organizations are slaves to paid software and/or webmasters.
Your Website is Not the Bastard Kid of Your Org
I know all the issues: staff stretched thin, high turnover, volunteer training timesuck, lack of resources/ funding, and nepotistic hiring practices (“My nephew Mervin can put us on the interwebs for free!”). Can WordPress solve these problems? Of course not…but it can turn your website from a time and resource drain into a highly functioning marketing and service delivery tool, and help reduce many of these problems at the same time. Stop thinking of WordPress as a blogging tool: it is a highly powerful Content Management System (magic website manager).
Bleeding Heart meets Bleeding Edge
I am like a kid with cake when it comes to convincing non profits about WordPress as a way to reduce costs, maximize efficiency and most importantly- sell your cause.
- WordPress is budget friendly (and by “budget friendly”, I mean “free”)
- WordPress isn’t going anywhere.
- WordPress development and design help is easier/ cheaper because it is the most popular CMS on the planet.
- A breathtaking number of WordPress training guides and support exist for users.
- WordPress is scalable to grow with your organization.
- WordPress is flexible in appearance and can change as needed.
- WordPress plugins offer utility and functionality that allow non profits to streamline interior and exterior processes to better serve constituent groups.
- WordPress user levels allow you to distribute workload amongst many staff/volunteers without liability or security concerns
- WordPress’s ubiquity on the planet makes it likely volunteers already have experience with the system (easier to find volunteers/less time training them)
- WordPress’s widgets and plugins allow easy (read: cheap) ways to grow into and integrate social media, email marketing, donations, forms and calendars into your website.
- WordPress, being web based, is accessible from any internet connection. You can work remotely, you can access it from the field, and you never have to worry about crashing software/hardware.
I am Funny. WordPress is Not.
WordPress is a serious Mofo. I’ve yet to encounter a non profit that couldn’t be better served by the wonder that is WP, but let’s test the theory. We’ll cover all the reasons that WordPress can rock your world, how to convince the board, and where to start on your WP project with a little time left over for “Stump the Redhead.” See you Saturday, after lunch, in the CMS track.
Scott Kingsley Clark
WordPress is an amazing platform, and it’s used to power millions of blogs and sites. As it becomes used in more complex ways though, it can be difficult to manage the multitude of types of content required for your site, project, or application. In just under 30 minutes, I will perform a song I wrote about using WordPress as a CMS to power your site, I will show real world examples of complex content types in action, give a run through of the backend management of Pods, as well as show features from the Pods UI plugin I’ve developed to make it all even easier.
What’s Pods got to do with your content though? Need some more information about Pods and how to use it? Freshen up over at the Pods website. Warning: Pods is still primarily best utilized by developers and I recommend you put your developer hat on! Don’t worry, I won’t be able to completely lose you in my 30 minute presentation!
I’m really looking forward to speaking about the subject of Pods, and how it can completely transform the way you develop complex sites with WordPress.
BUT WAIT! Don’t let the 30 minute presentation slot fool you, I’ll be hanging around – Tweet me or e-mail me to have a one-on-one walkthrough or ask your questions! In addition to this, I will also be hosting an unConference Session on Pods and will Tweet / Post the room and time on my site on Saturday!
You can always feel free contact me via Twitter @scottkclark or on my website.
Towards the discussion I will be leading on this subject at Wordcamp, this Saturday 11:30am I wanted to share with you this diagram I’m proposing for discussing the open source process and how might design be a part of it.
- What is the motivation model that have been perfected in open source coding? (especially in the WordPress community)
- Can it be applied to design too?
- How might it need to change to fit the design process?
- What examples can we draw from within the WordPress community and from outside it?
I would lead a discussion addressing these questions, and to provide my insights from 4 semesters of teaching the Open Source Design class at Parsons’ AAS Graphic Design program, from my experience as a design professional in Shual studio and from the development process on my own open source project, ShiftSpace.
I am very excited towards WordCamp this weekend and I hope to see you in my session and beyond.
Even if you have the best content on the planet — maybe even the universe — it doesn’t mean much if nobody else notices it. And by nobody, we mean your friends and relatives, even co-workers as nice and supportive as they may be. They may enjoy a post, Tweet it or even post a comment, but unless they have their own hugely successful site or a huge following on Twitter, chances are that your hard work will disappear into the vast ether.
It doesn’t have to happen this way. In my session on Saturday at 5:15 pm (just before happy hour!), I’ll talk about ways to get influential people to pay attention to your site. Think of it as a crash-course in public relations without having to shell out a $10,000 a month (or more since $10K a month in NYC doesn’t buy much) for some tech-savvy Public Relations firm.
Why take advice from me? Because by working my contacts and providing solid original content, I’ve managed to get lots of media attention from major outlets — CNN, BusinessWeek, the Financial Times and the Wall Street Journal to name a few — without spending a single dime on a Public Relations firm or consultant.
Now there’s a fine line between making yourself available and being a slut (the bad kind). Everyone likes the former, but few people like the latter, other than other overly self-promotional hacks.
I’m excited to return to NYC and CUNY to present ScholarPress Courseware, a WordPress plugin that enables you to manage a class with a WordPress blog, including a schedule, bibliography, assignments, and other course information. I’m shaking up the format of this talk a bit from what I normally give, so please attend even if you’ve heard me speak about it previously. No, I won’t have any lolcats, but perhaps some keyboard cats.. we’ll be cramming a lot of things into a short session.
I’ll briefly run through the basics of the plugin, including new features like Zotero integration, and WordPress MU support thanks to the hard work of Jeremy Boggs (who is also presenting at WCNYC). After covering the plugin’s essential features, I’ll give the reins to an audience volunteer who will be led through the process of setting up a course website using Courseware. This will give you an opportunity to see how the plugin works, and gain some ideas for your own course website.
The remaining session time will be used for lightning demos to present the audience’s own course website. My hope is that these demonstrations will give participants a broad understanding of how course blogs and websites are being organized by using WordPress; ScholarPress is just one of many options.
Lightning talks will be an opportunity to briefly demonstrate your course site to the group. Each presenter must be brief, so I’ll need everyone to respect whatever time limit we decide. If someone exceeds the time limit, I’ll “play them off” with the keyboard cat. Don’t be that guy.
To sign up for a lightning talk of your course website immediately following the presentation of the Courseware plugin, leave a comment on this blog post. I can’t guarantee that we’ll get to everyone’s demo, but we’ll try to fit in as many as possible.
See you on Saturday!