September 2018 Notes

September 2018 WP Freelancer Meetup

Patty O’Hara – Member Spotlight – Local Hens Website

  • User generated content
  • Geo location search
  • 3000 posts on non-WP site. Migration
  • Worked with a designer
  • Custom theme
  • ACF’s
  • Search for farms by location
  • What kind of products
  • Geo my WP
  • Buddy forms for FED forms
  • Ultimate Member plugin for account management
    • Front end for account management
    • Registration front end
    • Terms/conditions
    • Password
  • Users can edit their farm information & upload photos
  • Buddy forms (Paid, one time) uses ACF’s for some advanced fields.
  • Had a hard time finding good form plugin
  • Approval workflow: Farms need to be approved by Admin. First time only approval
  • WP All import pro for migration
    • Took CSV of external DB export.
  • You can use ACF and Gravity Forms together; probably with an add-on plugin
  • Images were just a url in the DB. Plugin fetched them and uploaded them.
  • leafletjs: JS plugin on top of open street maps

Topic: Security

  • Ryan uses Pantheon: file system not writable except uploads, no plugins used.
  • iThemes security: Does Site lockouts, 404’s.

What are the top security plugins?

  • Wordfence: Free version
    • Had a big vulnerability before
    • can scan for malware
    • Notifications don’t send a lot out by default.
  • Sucuri
    • Does this site looked like its hacked?
    • Firewall
    • backups
  • iThemes Security
    • check have you been pwnd when creating passwords.
    • Also: website health emailed everyone saying the site is F.
    • Pro: nice but not necessary
    • Bought by liquid web
  • Vanessa recommended when looking at plugins:
    1. search the web for it
    2. Look at docs
    3. Read support forum to see how responsive.
  • WP Audit
    • Vanessa recommended for auditing a site that is hacked.
    • Logs all things that happen
    • Good for when a plugin breaks a site – you can track when and rollback
  • Andrew Villeneuve is our local WP security guy

General Tips you can do yourself

  • Disable user name “admin” (WordFence makes this easy)
  • Rename WP Login plugin
  • Move wp-config up a level (it still works but isn’t findable)
  • CHMOD htaccess and wp-config non-writable

Next Month

We’ll talk about the impact and transition to Gutenberg! We still need someone to be the Member Spotlight. It’s only 10 minutes and you can talk about your business, show examples of your work, feature a single project. Great exposure and speaking practice. Let us know if you want to do it.

Share this!