Fall Sale! Code FALL2024 takes 25% OFF our Pro Plugins & Books »
Web Dev + WordPress + Security

Some Q & A

Gonna start posting or deleting all of my old drafts just to clean things up back here in the Admin Area. For example, here is a post that I wanted to flesh out with specific examples and all sorts of references, but it’s just been sitting and waiting for too long, so now I’m just gonna post it as-is. Enjoy or not, here it is..

These are examples of the types of dialogue and correspondence that I’m involved with “behind the scenes”, just about every day. These “Q & A” excerpts are from an email conversation taking place earlier this year.

On security

Here’s a security question from a customer named Paul:

Hi Jeff, i have a doubt regarding to Firewall 5G/6G.

Do you install the Firewall 5G htaccess directives on all WordPress sites you manage by default or not? I suppose so, but i would like to know your opinion about it.

I my case, i do it by default with some aditional extra configurations, like installing a the plugin IThemes Security and some common sense indications to customers, like meking backups frecuently, upgrading plugins, themes and WordPress as soon as possible.

..and my reply:

My strategy is this:

1) Whenever possible host my site, client sites on secure servers, then apply .htaccess rules like 5/6G *as needed* to fortify security.

2) For client sites that already are hosted on a weak/insecure server, advise to relocate to a more secure server. Then go with #1 above.

3) For client sites stuck on insecure servers, apply BBQ Pro and/or 6G Firewall, depending on whether or not .htaccess is available.

4) Always keep 100% reliable, periodical backups.

The key, of course, is hosting on secure servers.

This strategy is based on over 15 years of experience, and continues to serve me well in the online arena. I hope the info is useful for you.

Yes, I correspond via email in plain-text format.

On “builders”

Here is an interesting conversation with reader, Eric G.:

I follow your blog, have learned a lot from you and have a question on theming. I recently discovered [brand name] builder. the word “builder” sets off most developers as it does me. Im wondering what your take on it is. Would you ever use such a thing? Or your against it?

Interestingly I found [brand name] builder to be very cool in that its a “glorified content editor” that takes tiny mce to the next level. Till now, in my themes I left a space in my themes where the_content would be output and it was up to the author to make it look good.

If the author doesnt know html at all, they cant add any cool tricks or classes or columns. Like most blogs the content will just go straight down, with nothing breaking up its flow. It can end up looking stale sometimes. I struggle with this.

I can make themes, and headers and sidebars, and control post_meta, but I cant control the_content. i dont always know how the end user will place their content. [brand name] builder seems to allow me or any author to create fancy posts and pages instead of content that goes straight down.

Unfortunately i was met with A LOT of criticism for even saying such things and people telling me im no real developer. So i was wondering what you thought about these builder plugins.

To this I responded with the following, sort of shooting from the hip..

Glad to offer my own humble insights:

My own thoughts based on 15+ years of experience developing sites is that “builders” as you describe are just a royal pain and not worth the effort. They complicate the entire process, add further layers of complexity, abstract native APIs, and introduce potential security vectors. So yeah, based on solid experience, I can soundly advise anyone who is serious about the craft to avoid such “builders” at all costs; instead focus on mastering core languages and native functionality. It’s the difference between giving someone a fish and teaching them how to fish. Huge difference.

Otherwise, if you’re just an end user and/or not serious about design/development, then go for it. That’s why such helpers/builders/plugins exist in the first place.

I hope this information is useful, best of luck to you.

..to which Eric replies:

Thanks for the fast reply!

I guess I’ll stay away from them.

My only problem is sometimes clients have a lot of content that could have looked nicer had they known how to use html in the editor to break it up or make columns or a better layout. Example from site I’m making: [URL]

Content is very long. I may have to make special design choices just for this page which defeats the page templates purpose.

This is where I’m struggling.

..and then my follow-up response:

Man if it’s for your clients, then by all means give them a tool that they can use to get the job done. I thought you were asking for your own sake, for development, etc., which is a different story completely. If it were me, I would find the simplest, leanest plugin available to do only/exactly what I need to do (e.g., add columns to page layout), and stay away from anything more than that; i.e., avoid bloated plugins as much as possible. Keep it lean, mean, and close to core as possible.

Again, I engage these sorts of conversations almost daily, in an effort to help and give back to the web-dev and WordPress community. It’s a lot of work, and very time-consuming, but something I’ve been doing consistently for around 10 years now, and I still find it enjoyable and even educational.

About the Author
Jeff Starr = Fullstack Developer. Book Author. Teacher. Human Being.
The Tao of WordPress: Master the art of WordPress.
Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
.htaccess made easy: Improve site performance and security.
Thoughts
I disabled AI in Google search results. It was making me lazy.
Went out walking today and soaked up some sunshine. It felt good.
I have an original box/packaging for 2010 iMac if anyone wants it free let me know.
Always ask AI to cite its sources. Also: “The Web” is not a valid answer.
All free plugins updated and ready for WP 6.6 dropping next week. Pro plugin updates in the works also complete :)
99% of video thumbnail/previews are pure cringe. Goofy faces = Clickbait.
RIP ICQ
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.