How to Keep Your New WordPress Site Running Smoothly

So you just launched a WordPress site for your business, everything is up and running. Pages load quickly, SEO is better than ever, you paid your development team. Now you’re all set for the next few year, right?

In an ideal world, this would be true. Unfortunately, the Internet is a dangerous place and software is not perfect. With WordPress presently powering 1/4 of the Internet, it is a huge target for hackers and internet miscreants. Left untouched, your site is almost guaranteed to become infected by malware at some point in the future.

Click “Update!”

Clicking that “update” button in the WordPress admin is the single most important thing any WordPress site owner can do. In Windows or macOS these types of security updates can seem like a pain, annoying nag messages that you always dismiss immediately. While these updates are important for desktop computers, in reality, your desktop machine is typically removed from outside attackers by 1 or 2 levels of routers. Your website on the other hand has to be accessible to the broader internet in order for the public to have access to it.

One fact that might be overlooked if you’re unfamiliar with software development is that the vast majority of security patches are in response to a reported issue. What this means is that, potential attackers already have the information to create mass exploitation tools by the time you see the update notification in WordPress.

To put it another way: In my time working with WordPress, I’ve never see a compromised WordPress site that is totally up to date with all updates.

Is It Safe?

One concern that causes many computer users to put off software updates is the fear that something will break. While this fear is not totally unfounded, most software updates are safe, most of the time. When dealing with WordPress updates, you’re looking at new code from different sources. Core updates come from the WordPress open source project, these updates are all vetted by professional developers. Plugin updates are submitted by the plugin author. The experience level of these authors varies widely, they could be hobbyists working on the weekend or large teams of professional developers.

So is it safe?

Minor WordPress Core updates are safe. The minor updates are the updates where the main version number (ie. 4) does not change. The WordPress team takes great care to ensure that updates do not break anything.

Major WordPress updates are probably safe. Again, the WordPress team has a great track record of building in backwards compatibility. So, your site probably won’t break. However there are two caveats. 1) Major features in the WordPress admin will likely look and/or act differently; 2) Some plugins may stop working.

Plugin updates should be safe, but it depends. With a few notable exceptions, most well written plugins will update without issue.The same rule of thumb about major and minor updates apply to plugin updates, a major version update is more likely to break something. A good WordPress site developer will only install plugins that they’ve individually vetted, I never install plugins for my clients that I do not trust.

Be Proactive

A number of plugins and security solutions have started to become available for WordPress over the past few years. They are essentially virus scanners and firewalls for WordPress. By setting these up, you should be able to fend off additional threats or at the very least disable malware if it happens to make it onto your site. A Google search will reveal many good options. My current go to plugin is Wordfence security, I install it on all new sites. I like it because it works well out of the box and it typically does a better job finding malware than the other plugins I’ve tried.

Conclusions

As developers, I think we often do a bad job communicating the importance of ongoing maintenance and security. After all, it’s a little embarrassing to have to concede that this great product you just spent weeks of time and a good chunk of money on, is a giant bullseye for internet miscreants. It can seem like a slimy up-sell to suggest a maintenance contract.

In reality, if you’re comfortable reading and digesting release notes, you should be able to handle keeping WordPress up to date. If you’re less of a tech-DIY person, you may want to get in touch with a developer.

One more thing: Backups

Backups are always a good last resort. I didn’t mention them in this post because backups are typically a poor malware recovery solution. Two main reasons: 1) The type of malware that affects WordPress rarely corrupts content; 2) it can be difficult to pinpoint when a malware infection started, so you won’t know which backup to restore to.

Using Jetpack’s Photon CDN to host images in custom WordPress themes

Photon is a great free image CDN that you can use with any self-hosted WordPress install via Automattic’s Jetpack suite of plugins. Photon uses wordpress.com’s infrastructure to host your site’s images on one of the fastest CDN globally.

I highly recommend enabling it on every WordPress install. If your site is on cheap shared hosting, it will dramatically improve page load times. If you’re hosting a huge news site, it’ll save you loads of money.

By default, Photon automagically serves any images embedded in or attached to a WordPress post or page. Including feature images, galleries, third-party sliders. Due to the nature of WordPress hooks and filters, it’s not possible for photon to grab images stored in post meta fields, or any images that are part of theme template files.

I’ve written a gist that exposes Photon’s CDN wrapper as a simple function you can call in templates:

Relevant Jetpack documentation. 

5 Tips for Playing Board Games With Younger Kids

I have two kids, boys, currently aged 5 and 7. We’ve been playing board games as a family almost from birth. Over the years, I’ve been constantly impressed by their ability to pick up and enjoy some of the most complex and involved modern board games.

The 21st century board game explosion has spawned hundreds of great games geared toward children of all ages. There’s nothing wrong with those games.

But I don’t think you should stop there. In my experience, kids are learning machines! Introducing them to more advanced games can be a great fun way to challenge their math, logic and reading skills.

Here are some ideas to help you choose games to play with kids.

1. Ignore Recommended Ages

The recommended ages listed on the sides of the board game boxes are almost always completely meaningless. Unlike recommended ages on LEGO boxes, board age ranges are an extremely poor gauge for complexity or appropriateness. These recommendations certainly don’t speak to the amount of fun a child might have with the game.

Sometimes it’s OK to use the age as a judge of relative complexity. For example, it’s fair to assume that a Haba game listed as ages 3+ is less complex than another game listed as 8+. But that doesn’t mean a 7 year old won’t enjoy Monza, nor does it mean that a 5 year old won’t be able to grasp Formula D with a bit of hand holding.

There may actually be a pretty good reason for the odd age listings. Games sold in the US market are subject to the The Consumer Product Safety Improvement Act, which is (apparently) a very ambiguous law that regulates the safety of products sold to children under the age of 14 [source]. It can be costly and time consuming to go through the testing and approval process. Sometimes distributors will stick an “Ages: 14+” on the side of the box and I believe sometimes the regulator will set the age based on their own findings.

Exceptions:

  • Sometimes the age suggests inappropriate themes. For example, a 10 year old is probably not ready to face the violent moral dilemmas in Dead of Winter.
  • Obviously, if a kid hasn’t figure out how to not put small pieces of plastic in their mouth, you might want to stick to card games. There’s no real age limit on this 🙂

2. Game Length is irrelevant

If your kids are anything like most kids, the game length listed on the side of the box is several orders of magnitude longer than your kid’s attention span. But that’s ok. You don’t have to “finish” the game.

If they’ve never played the game before they won’t know the victory conditions. I’m not advocating lying to children. I’m just suggesting on coming up with more condensed victory conditions if you believe your children won’t have the attention span to get through the entire game.

In most cases, this can be done without changing a other rules:

  • If you’re playing a game with victory points, you can simply lower the total victory points needed to win.
  • If the game has a fixed set of rounds, knock off one or two rounds.
  • Or, simply set a reasonable time limit. This can work well with adventure games, or longer strategy games.

With some games that depend a lot of long strategy, you will lose that aspect of the game. But with the most complex games, kids will need more time to grasp the full strategy anyways. By playing shorter games, you’ll be able to keep them in the game, while teaching them bits and pieces of strategy.

3. Avoid “Take That” Mechanisms

Games with heavy reliance on “take that” mechanisms can be devastating to children. Maybe this goes without saying but, kids aren’t really accustom to the concepts of being screwed over or stabbed in the back. Doing something to take away victory points they just worked hard to earn IS MEAN and WILL make them cry.

This doesn’t necessarily mean you have to avoid playing those games altogether. I’m just suggesting avoiding take that or modifying the way you play those games.

For example, a key aspect of the Munchkin games is playing extra monsters and other cards against opponents in a fight. I simply don’t do this, I learned quickly that this does not go over well. It doesn’t take away at all from the humour or cooperative aspects of the game. One day they’re realize (or we’ll tell them) that they can play those cards against their opponents and it’ll open up an entirely new aspect of the game

4. Don’t Avoid Math and Reading

Games are probably the single best way to trick kids into learning.

Most 4 year olds can count the pips on a 6-sided dice. I’d argue that dice games are the best way to teach kids simple math.

Reading is a little more nuanced. Games with simple written commands can be a great way for kids to learn how to read. Card games with longer descriptions can be ok too. Kids are great recognizing pictures, once you’ve read the same card a few times, there’s a good chance they’re going to remember what the card does.

Card games with hidden hands and complex can be a little harder to play with kids who are still learning to read.  You might be able to play the face-up hands until they learn the game. But for some games where hiding cards is really important, this might not be an option. Use your best judgement, obviously.

5. Help Them Win

If you’re playing to win, you’re doing it wrong. Kids are going to have a more positive experience if they do well and have a strong finish. They’re not going to be very happy to watch you show them how to to lose.

Playing games with kids should be a fun learning experience. Take time to hold their hands. If you see them make a strategical mistake, take a moment to explain the implications of the move and talk about different things they could do and why they might be a better idea. DO NOT tell them what to do. Do give them the opportunity to disagree with your advice.

In Conclusion, Don’t Under-Estimate Kids

Candyland, Battleship, Monoply Jr, Sorry, playing cards and all those old staples are certainly one way to waste a rainy afternoon at the cabin. The modern offerings from the likes of Haba (I really don’t know any other modern kid-focused publisher, sorry) are a great iteration on the “kids game.”

But seriously, your kids are smart and they love play.

Obvious Caveat: Your milage may vary, all kids are different.

How To: Tweak Disqus CSS for Twenty Fifteen Theme

After installing the twenty fifteen theme I found that disqus’ comments were butting up against the edges of the layout.

You can fix this by adding the following Custom CSS

 

@media screen and (min-width: 59.6875em) {
	#disqus_thread {
		margin-top: 8.333%;
		margin-left: 8.333%;
		margin-right: 8.333%;
	}
}

@media screen and (min-width: 38.75em) {
	#disqus_thread {
		margin-top: 7.6923%;
		margin-left: 7.6923%;
		margin-right: 7.6923%;
	}
}

The Best Way to Synchronize WordPress Uploads

One of the most annoying things about setting up a dev environment for an existing WordPress site is syncing the content. Pulling down the database is trivial, even a large site will have a relatively small database dump. I often use the WordPress Duplicator plugin. But a site with years of photos and other uploads can have gigabits of files and it’s not really ideal to have to pull those all down from the site.

Today I came across a solution that made me feel stupid for not having thought of it. Iain Poulson posted 5 Ways to Sychronise WordPress  Uploads Across Environments, IMHO #4 is the only one you really need to use:


RewriteEngine On

RewriteBase /wp-content/uploads/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*) http://yourlivesite.com/wp-content/uploads/$1 [L,P]

 

So for any file requested within wp-content/uploads/, that does not exist, it will serve the image from http://yourlivesite.com.

The only minor downside with this approach is the lack of offline. If you lose access to an internet connection, you lose access to the live site files, obviously.