January 17, 2014

Joining us for episode 11 is Dan Griffiths, the founder of Redux Framework, a framework for creating beautiful option panels for your themes and plugins. Along with our discussion of what Dan does day to day, we highlighted three noteworthy plugins that you should check out.

Show Notes:

Transcript:

PIPPIN: Hello, everyone, and welcome to Apply Filters, Episode 11. Today we have a special guest, Dan Griffiths, with us, as well as our usuals, myself and my cohost Brad Touesnard.

BRAD: Hi, everyone.

PIPPIN: Dan, please say hi.

DAN: Hello.

PIPPIN: We’re going to first start out by giving a quick shout out to our sponsors. WP Ninjas, the creators behind Ninja Forms, have been kind enough to sponsor this episode, and so they are the creators of Ninja Forms and a couple of other great plugins for creating contact forms, surveys, other types of things that you need to do with a form plugin, and so go check them out at NinjaForms.com or WPNinjas.com.

And with that, why don’t we go ahead and jump into things? Dan, why don’t you tell us a little bit about who you are, what you do, what your day-to-day schedule looks like, things like that?

DAN: Well, who I am, I’m a WordPress plugin developer predominantly. I spend a lot of time working with Pippin on Easy Digital Downloads.

PIPPIN: Yeah. Dan has been an active contributor to that project for a while now.

DAN: Nine months now?

PIPPIN: Since — I looked at it. I think it was either February or November of last year, something like that.

DAN: Since like February. I can’t remember. Oh, no. You know what it was? It was March was when that commit got in the —

PIPPIN: Yeah, so it’s been a while. Aside from that, what else do you do?

DAN: Aside from that, I’m the founder of a project called Redux Framework. And what Redux is, it is a theme and plugin options framework for WordPress. Basically it’s designed to allow developers of plugins or themes to easily create a full-scale options panel for their plugin with basically minimal coding on their part, kind of similar to like Options Tree and stuff like that.

PIPPIN: Sure.

DAN: But we’ve kind of gone a different route and tried to make it a lot simpler for the user and a lot more flexible.

PIPPIN: Cool. So it’s really for implement, like creating a settings screen, a really advanced setting screen in a plugin or a theme that then gets either distributed on, say, WordPress.org or Theme Force or CodeCanyon, something like that.

DAN: Yes, and we actually have kind of gone out of our way to make sure that we’re maintaining compatibility with both of their licensing models so it is —

PIPPIN: That’s awesome.

DAN: Yeah.

BRAD: Hmm.

PIPPIN: Brad, have you ever used Redux?

BRAD: No. I have never even heard of it. Well, I had really no reason to look for this kind of solution.

PIPPIN: Well, you don’t do a whole lot with setting screens. I mean, I’ve seen your setting —

BRAD: Yeah, exactly.

PIPPIN: — on WP Migrate DB Pro. It’s like three fields.

BRAD: Yeah, yeah, yeah. Exactly.

DAN: You would not be my target audience.

BRAD: Yeah, exactly. Oh, I see. So this works for plugins as well as themes.

PIPPIN: Yep, and we are currently, I believe, the only one that is specifically targeting both, which is really cool. I’ve used — I know a year or two ago I used the — I’ve used both Options Tree and Options Framework from Devin Price, and I think it was specifically for themes.

DAN: Mm-hmm.

PIPPIN: Which works well, and is really cool, but I do love the idea that you’re targeting both because, when you really get down to the technical aspects, there’s not really anything different.

DAN: There are a few changes. There’s a few things that a lot of the options frameworks historically have done that are based on like functions specific to themes like, you know, using get style sheets, you know, or get style sheet directory for, you know, determining the plugin route or the theme route, which obviously doesn’t work in a plugin.

PIPPIN: Right.

DAN: So, you know, there are some things that we had to change.

PIPPIN: But overall, in terms of like the overall settings are….

DAN: The overall, the basics, yeah.

PIPPIN: …setting the pages themselves, they’re not that much different.

DAN: Exactly.

BRAD: Okay. Cool.

PIPPIN: Very cool.

BRAD: So who does your design, Dan?

DAN: Me.

BRAD: Okay. So you have a little bit of a design background then as well?

DAN: A little bit. Honestly, I’m no really much of a designer. I’m more of a developer. I can kind of fake it when I have to. In all honesty though, not all of the graphics on that site are mine. Some of them I’ve kind of snagged from other places.

BRAD: Hey, the best designers steal, right? Isn’t that the —

DAN: It seems to be the way. It works.

PIPPIN: I can tell you, you’re far better at it than I am.

BRAD: I think the exact saying is, “Good designers borrow, great designers steal,” or something like that.

PIPPIN: Yeah, I saw that the other day. We’re not advocating stealing.

BRAD: No, unless you’re a designer.

PIPPIN: Right, right.

BRAD: No, this looks really good. I mean, clearly you have some, definitely a mind for design, so it looks great.

PIPPIN: I’ve played with it a few times. It’s really pretty and works very, very well.

DAN: All right. In all fairness, the design for the panel itself is not really 100% mine. A lot of that, a lot of the credit for that goes to my lead developer, Dovy.

PIPPIN: So you actually have a team that works on Redux.

DAN: I do have a team. I have a handful of full time or semi full-time developers that are working with me on it. And I believe right now we have 17 active contributors who have actually made more than 1 commit in the last month.

PIPPIN: That’s awesome. And you have it all open source on GitHub, don’t you?

DAN: It is 100% open source, and it is 100% GPL compatible.

PIPPIN: Very cool.

BRAD: Cool. So are you using like some kind of widget UI library or something here, or did you guys build out your own?

DAN: No, it is 100% our code. It is custom.

BRAD: So like the color picker, you guys —

DAN: Okay. That actually is based on the default WordPress color picker, but we rewrote it.

BRAD: Okay.

DAN: Because we wanted to add the ability to do the RGBA compatibility in the actual transparency selector on it.

BRAD: Okay. Cool. It looks a lot like Bootstrap, Twitter Bootstrap UI.

DAN: Parts of our system are based on Bootstrap, yes.

BRAD: Oh, awesome. Cool.

PIPPIN: So day-to-day, I know that you work on Redux a lot. You also spend some time on EDD. What is maybe your normal dev day look like?

DAN: Normal is such an abstract word. I think the only normal part of my day is the getting up in the morning and getting a cup of coffee. After that, it kind of depends. I spend a lot of time traveling, as Pippin can attest because I keep coming and harassing him. I spend a lot of time working with clients. I have a handful of clients outside of EDD and Redux that I work with on a fairly regular basis.

PIPPIN: As like a freelance contractor?

DAN: Yeah. And that can be anything from, you know, someone saying, “I need a plugin,” to someone saying, “I don’t understand WordPress. Can you build me a website?” My day generally begins at like 8:00, 8:30, sometimes earlier if I’m actually conscious at that point in time. It all depends on how the night went. And then I pretty much work straight through until about 2:00, have lunch at 2:00, and then work straight through until about midnight.

PIPPIN: Very cool. Yeah. I know I see you’re always online.

DAN: Yeah.

PIPPIN: You’re always online when I’m online, except then I also see that I get up in the morning, and Dan has texted me at like 3:00 in the morning. And as far as I could tell, you’ve never gone to bed.

DAN: No. I get like two to three hours of sleep at night.

BRAD: Holy crap.

PIPPIN: That’s ridiculous.

DAN: For some reason, when I’m at these WordCamps, I tend to sleep a lot more. I think WordCamps have become my way of catching up on sleep.

PIPPIN: Oh, yeah. I guess — Dan and I are actually currently sitting in our hotel room at WordCamp Phoenix, which is pretty fun.

BRAD: And I am not.

PIPPIN: Yeah. You’re up in cold Canada.

BRAD: Yes.

PIPPIN: It’s not cold here. I’m sorry.

BRAD: And envious of their warm climate.

PIPPIN: I’m very sorry. It’s about 75 degrees outside right now.

DAN: In all fairness, it’s pretty cold at home for us too.

PIPPIN: That’s true, it is.

BRAD: Yeah.

PIPPIN: We’re both from the Midwest, Kansas and Nebraska, so it’s pretty cold there.

BRAD: Yeah. Oh, well. I’ll be in Vegas in April for Microcom, so I’ve got that to look forward to.

PIPPIN: Oh, there you go.

DAN: Nice.

BRAD: So, Dan, how did you start with WordPress, like when did it all start for you?

DAN: It’s been seven or eight years.

BRAD: Oh, wow.

PIPPIN: Oh, wow.

DAN: I started with WordPress. Actually, when I first got into WordPress, I had never done Web development beyond basic HTML. I mean, I had a basic grasp of PHP, but wasn’t really a Web developer. I was a desktop developer.

Before getting into WordPress, I actually worked on an operating system called Arch Linux. I was a core developer for them. And I’d been doing open source Linux desktop development for the better part of my life. And WordPress came along, and all of a sudden it changed my life.

PIPPIN: That’s pretty cool to me because I used to run Arch on desktop, and it was my primary operating system, so here I am sitting here, like you were one of the lead developers for my old operating system. That’s so cool.

DAN: Sadly, you don’t use it anymore.

PIPPIN: No, I don’t.

DAN: Well, I can’t really say anything because neither do I.

BRAD: What do you guys use now, Ubuntu?

PIPPIN: I’m an Ubuntu user.

DAN: It depends on which computer you’re talking about. My laptop that comes with me to WordCamps is actually running Windows 8, which really drives me nuts. But that really comes down to I haven’t taken the time to fix that. My desktop at home is actually running, I guess you could call it, a custom Linux distro. It’s kind of my own spin on how I think Linux should be.

BRAD: Wow.

PIPPIN: That’s cool. Pretty hard core.

DAN: Well, it’s like six or seven years in the making now, and I’m still not happy enough with it to actually release it.

BRAD: Oh, now it makes sense why you don’t sleep. So during the day you’re doing WordPress stuff, and then at night you’re like hacking away at Linux.

DAN: Actually, it doesn’t really work that way. It’s more along the lines of I’m working on WordPress and then something happens in my operating system that I don’t like, and I go, “It shouldn’t do that. It should work this way.” And so I step aside for a minute and rewrite part of my Linux system, and then I come back to WordPress.

PIPPIN: See, that sounds a little bit like —

BRAD: Yeah.

PIPPIN: — what used to be my day-to-day, except slightly different. I would be working. I’d be doing whatever it was. Generally it was client work back then. And all of a sudden I would break something on my computer.

DAN: Yep.

PIPPIN: And instead of just like fixing it, I’d spend like four hours trying to fix it.

DAN: (Indiscernible).

PIPPIN: And then I’d end up just like reinstalling my entire computer, and there was my day. And that would happen about every three weeks.

DAN: See, the difference is I don’t reinstall. I just recompile whatever the project is —

PIPPIN: Yeah.

DAN: — program is that’s causing the issue.

BRAD: Yeah. I think, Dan, you just highlighted exactly why I don’t use Linux because I’d be like so distracted by like the imperfections.

DAN: Okay. So in that case do what Pippin does and just use Ubuntu. It doesn’t actually let you do anything like that.

BRAD: Oh, okay.

DAN: It’s not….

PIPPIN: It’s actually true. Ubuntu is really like the — it’s the normal person version of Linux. Like if you think about like OS X or Windows, something like that, but you want to use Linux, and you want a little bit more control, Ubuntu is where you want to go.

BRAD: Right, right, right. I think I —

DAN: As much as I hate Ubuntu, I will admit it is extremely stable.

PIPPIN: It’s very stable and very polished. It’s pretty cool.

BRAD: I think I stuck with — I’m going to stick with OS X. The reason I went with OS X is because you can run Photoshop. That’s pretty much the only reason.

PIPPIN: See, I just — I used to actually keep a computer around to run Photoshop, and then I got rid of it, and I’d like — it was the same time that I quit contract development, and I decided I don’t need Photoshop anymore. And for like on a day-to-day basis. I would still run into things where I needed it and it was really annoying, but it was also kind of awesome because it forced me to do things a little bit differently. And I have to actually opened Photoshop in a year and a half, and I do not even have a copy on my computer anymore. I have a computer that can run it now, but I don’t use it at all.

BRAD: Do you have a little counter like days, days since last opened Photoshop?

PIPPIN: …days since Photoshop. Why don’t we —

BRAD: It’s like days without an accident kind of thing.

PIPPIN: Yeah, awesome. I should start a calendar.

DAN: Are you implying that Photoshop is an accident?

PIPPIN: No. Why don’t we jump back into WordPress for a second? And, Dan, so aside from Redux, I know that you’ve written a couple of other plugins. Aside from Redux, what is maybe the most popular plugin that you’ve written?

DAN: Aside from Redux and EDD?

PIPPIN: Well, I mean, we know that — we already know that you contribute to EDD. But I know there’s….

DAN: Well, no. I don’t mean EDD itself. I’m talking about plugins for it.

PIPPIN: Sure, sure, that works.

DAN: Because I would — you know, I’m really not sure. I’ve got a couple of plugins in the repo that are ridiculously popular, but I don’t know as though I would say that they’re more popular than some of my EDD ones.

PIPPIN: Sure. Why don’t you just tell us a couple of what they are?

DAN: Well, EDD PDF Stamper obviously is one of my more popular ones for EDD. It hasn’t really been out that long, so there really aren’t as many users as I think there were going to be.

PIPPIN: Sure. And what, that allows someone to download a PDF and like put a watermark on it?

DAN: Basically, yeah. If you have a PDF that is for sale on an EDD site, it allows you to dynamically stamp that at like with … a watermark or anything pretty much whenever a user downloads that file. So you can actually, you know, you have a PDF and you want it to be registered, so to speak, to a specific user when they purchase it and they download it. Then you can stamp it with their name and their purchase ID. Or you can put a literal watermark on it if you want to have your company’s logo on it, or pretty much anything.

PIPPIN: It’s definitely great for, I mean, anybody who is selling like sensitive information with PDFs or things that you need to be very closely tied to users and help ensure that they’re not redistributing that information.

DAN: That was probably my biggest nightmare plugin for a long time, but it’s also turning into one of my more popular ones.

PIPPIN: Yeah, I know we had some support issues with it. I think it was a good example of a plugin that highlights issues that you run into with different hosting accounts with just people having different configurations, different options available.

DAN: It also highlights the need to actually properly error handle your code.

PIPPIN: Oh, sure because you would have — there would be an error like something would just fail, but it wouldn’t tell you why it would fail, right?

DAN: In all fairness, that was not my fault. I had no control of that. PDF Stamper relies on FPDF and FPDI, which are PDF libraries for PHP.

PIPPIN: Mm-hmm.

DAN: The problem with this is that while FPDF is basically the de facto like everyone uses it, PDF library for PHP scripts. It also kind of sucks because it doesn’t actually do any real error checking. If it runs into an error that it doesn’t know how to handle, it just gives you a generic “I can’t do this” message, which resulted in a lot of headaches for us on the support side because we’d have users that say, “I’m getting this error.” And I’d look at it and go, “This error means nothing, so I don’t know how to fix it.”

PIPPIN: Yeah, super annoying. Brad, have you ever worked with FPDF or FPDI?

BRAD: No. No, I’ve never even heard of it. No.

PIPPIN: Don’t.

DAN: Don’t.

PIPPIN: Don’t do it. It’s —

DAN: If you need it, just send it to me. I’m used to it.

PIPPIN: It’s an unfortunate headache that unfortunately there’s not really better alternatives at the moment.

DAN: Yeah.

PIPPIN: I don’t know why it is. Maybe working with PDFs is really hard. I’ve never tried to do it in PHP. But it’s really the only option out there. If you searched for like — go to Google and do like PHP PDF parsing or like writing.

DAN: There are two others.

PIPPIN: Okay. There are two others?

DAN: Yes. There’s one called MPDF, which is supposed to be a better version of FPDF. I’m trying to remember what the differences are. I know it supports UTF-8 where the core of FPDF doesn’t. And there were a few other changes, but it’s not actually 100% compatible, so it’s not really a drop-in replacement. And then there’s TFPDF; I think it is. Isn’t it?

PIPPIN: I think that’s right.

DAN: Wasn’t that the other one?

PIPPIN: They’re all named almost exactly the same thing, which makes them really difficult to keep track of.

DAN: But what it comes down to is that in terms of compatibility and in terms of size, FPDF is basically the one that everyone uses because the other ones are either not really compatible with everyone else’s code, or are just huge.

PIPPIN: Yeah. I don’t really like — I don’t really enjoy working with PDFs, but unfortunately it’s kind of a necessary evil sometimes when you get into selling digital products.

BRAD: Yeah.

DAN: I like Git….

PIPPIN: True.

BRAD: Yeah, I definitely worked with PDFs a while back. I can’t remember what I used. I may have used FPDF. But I needed to generate invoices for my company, Web hosting company.

PIPPIN: That’s exactly. That’s one of the things that we also use it for.

BRAD: Yeah.

PIPPIN: Like we have PDF invoices.

BRAD: Anyway, I remember whatever I used, it was fairly painless to use. Maybe I should look it up and let you guys know.

PIPPIN: That would be awesome. Maybe we’ve just been using the wrong thing and never knew it. One of the issues that I know we ran into, both with Dan’s plugin and another plugin that someone else wrote for EDD, is that it would work for the vast majority of users, but then if you get somebody who is displaying like UTF characters, for example like the euro sign —

BRAD: Right.

PIPPIN: — would freak out.

DAN: Oh, God.

PIPPIN: And a lot of other things like that where, as — like when we are testing it, generally we’re testing it in with English and with U.S. characters primarily, and we don’t run into any of these kinds of issues. But then when you start getting into say Arabic or Hebrew or Cantonese or any other alphabet, then it starts being much more troublesome.

BRAD: Right.

PIPPIN: And that’s what I think where the bulk of our support issues came from.

DAN: That or compatibility with hosts.

PIPPIN: Right. Unfortunately, PDF Parsing does not work very well on a lot of shared hosts.

BRAD: That’s not surprising.

PIPPIN: No.

DAN: I kind of take it with a point of pride and this really shouldn’t be happening, but PDF Stamper, I believe, is the only plugin that EDD has right now that actually has a disclaimer on the plugin page that says don’t buy this if you have these hosts.

PIPPIN: It’s true. Yeah, we ended up — we found that there were a couple of severe problems that we couldn’t resolve on a particular host or two, and so we had to just say, “Hey, look, I’m sorry. If you’re using this host, we can’t help you.”

BRAD: Yeah. That’s….

PIPPIN: Which was really unfortunately. I hate the fact that sometimes you have to do that, but.

BRAD: Yeah. Well, sometimes hosts, just like some of them are just really crazy about like security lockdown or, you know, one thing or another. Sometimes they refuse to install like a standard PHP extension or they have it disabled for some reason. You know, sometimes you just get these oddball hosts that are, you know, dead against certain things for some reason.

PIPPIN: Yeah.

BRAD: I just looked up my old code and, yep, FPDF.

PIPPIN: Well, there you go.

BRAD: So I don’t have a better solution for you, unfortunately.

DAN: Yeah. Oh, well.

BRAD: Yeah. Dan, are you — you’re not related to Clay Griffiths, are you?

DAN: No. I’ve been asked that before though.

BRAD: Okay. Well —

DAN: Let me rephrase that. Let me rephrase that. Not that I’m aware of. Anything is possible.

BRAD: Right, right.

PIPPIN: It would not be a bad relation to have. Clay is cool.

BRAD: Right. Yeah.

PIPPIN: Smart guy.

BRAD: Clay Griffiths, of course, for those who don’t know, is one of the founders of Headway, a theme framework and all that stuff.

PIPPIN: Yeah. A pretty cool system.

BRAD: Yeah.

PIPPIN: I’ve seen the code behind it, and it’s — Clay is a geneous.

BRAD: Yeah. How old is that guy now, like 20?

PIPPIN: 19, 20. No, wait, no, he just turned 21.

BRAD: Okay. He can drink now.

PIPPIN: I think so, yeah.

BRAD: If he chooses to.

PIPPIN: Because every time that I’ve been with him at a conference, we’re going to the after party or something, and he’s like, oh, guy, I can’t go. I’m like, what?

BRAD: Yeah.

PIPPIN: Well, I think we’ve got one more question for you, Dan, and then I think we’re going to move on to some plugin picks that we want to talk about a little.

DAN: All right. What do you got?

PIPPIN: Have you ever contributed to WordPress Core, either in terms of bug reports, patches?

DAN: I’ve submitted my share of bug reports, not a whole lot, but a few of them. Sadly, I don’t have any actual code that’s been committed to Core yet. Most of that doesn’t come down to I don’t want to, and it comes down to I just don’t have the time to right now.

PIPPIN: Sure. I think that’s probably one of the hardest things for a lot of people in terms of contributing to Core.

DAN: I have lots and lots and lots of things that I would love to see happen with Core, and some of them I have open bug reports on or have commented on other people’s bug reports on. But I just haven’t really gotten around to actually committing anything yet, unfortunately.

PIPPIN: Bug reports are a big part of contributing, I mean, to any project.

DAN: It’s true.

BRAD: True.

PIPPIN: Brad, do you want to take us away with your —

BRAD: Yeah.

PIPPIN: — plugin?

BRAD: Yeah, okay. So the plugin I’ve chosen is called Better WP Security. And I tried this out a while back just because, you know, there’s probably some stuff with my blog and my other sites that are on WordPress that could probably be, you know, strengthened in terms of security. So I gave this a try and a couple other plugins. But I thought this plugin was very comprehensive. It had a lot of different kind of angles on security to take a look at.

Unfortunately, in the end, the plugin didn’t really work out. It was causing the memory on my server to go crazy. So I shut it down. But I did learn a lot of things that I could kind of fix up using htaccess rules and other things.

PIPPIN: So did it reveal some of those, I guess, weak points by like going through and identifying common areas that could be improved?

BRAD: Yeah. And it’s laid out really nicely in the dashboard, so if you go to the admin screen for the plugin, it kind of has a tab for each kind of area where you can — kind of security area where you can kind of strengthen things. So one of the tabs is like, it’s called user, for example. And it encourages you to make sure that your user name is not admin, which is the default user name.

DAN: Not any more.

BRAD: Right. Not any more. But it was for —

PIPPIN: There’s still a ton of sites out there that still have admin.

DAN: Oh, yeah.

BRAD: Yeah, a thousand years, I think.

PIPPIN: Yeah.

BRAD: It’s been admin —

PIPPIN: It felt like it.

BRAD: — until it recently changed. But another thing on this tab it tells you to do is that the ID, change your ID from one, which is the default user ID, to a different number. So that’s like, that’s probably a very unlikely thing to be exploited, but it’s —

PIPPIN: So I have to laugh a little bit when you say that — sorry to interrupt you for a second — because one of my favorite security flow that I ever created by accident was related to user IDs with one, the user ID of one. And I had a bug that allowed someone to log into a site without a password or user name because basically like it was identifier the user as like invalid, and so we used like negative one to identify the user, which was a terrible idea.

And then it got run through AppsINT, which turned it into one. And then it tried to log the user in. And sure enough, there’s a user, and they’re an admin. So that’s a — I mean, it may seem silly to change your user ID, but if you have a plugin that’s not necessarily being malicious, but just has like a little, obscure bug like that, it can actually have pretty bad consequences.

BRAD: Right. So those are two things that WP or Better WP Security plugin can do for you. And then you can just, you know, disable the plugin if you don’t want it running all the time, right?

DAN: Yeah, that’s cool.

BRAD: So there’s quite a few things like that. There’s like the prefix, your table prefix. It can change that for you, and all the — because changing your table prefix isn’t as simple as just renaming your tables. There are other things that you need to do. And there’s, yeah, there’s other things like backups, making sure to lock down certain files and all that stuff. So check it out.

Dan, you’ve used this plugin too, haven’t you?

DAN: Yeah. I actually did a review of it during a security lecture I gave a month and change ago. It’s — I will agree with you that it is a very comprehensive plugin. My one issue with it is that for someone who doesn’t know what they’re doing it can be downright dangerous. It does give you a lot of information. It gives you a lot of great information. However, some of the things that it recommends doing can certainly damage your site if you do it wrong.

BRAD: Mm-hmm.

DAN: And it doesn’t really hold your hand a whole lot through the process. It kind of just says, “Here’s a problem. Click here to fix it.” Well, their fix doesn’t always work in every situation.

BRAD: Right. So you’re saying like it’s definitely not something that, you know, just an average WordPress user should do. It’s something that’s for a developer.

DAN: Right. Well, no, not necessarily even that. I don’t see there being a problem with a user activating it and looking at the information it gives you and saying, “Okay, here’s a problem. Now how do I fix it?”

However, you know, even for a basic user, it would be a lot smarter for them to take that information and then go to Google and say, “Here’s what it’s telling me. Now how do I fix this in principle as opposed to just clicking the magic button and hoping it does it right.”

PIPPIN: Maybe like what are the repercussions of this failing if the fix doesn’t work.

DAN: Exactly. The first time I ever actually used the Better WP Security plugin, I actually crippled my site —

BRAD: Yeah.

DAN: — because I didn’t take that advice because I hadn’t previewed it yet, and I just pressed the fix problem button, and it actually took my site down.

BRAD: Yeah.

PIPPIN: That can definitely happen.

BRAD: Yeah. And this plugin has actually been acquired. It’s a free plugin and everything, but the author now works at iThemes: Chris Wiegman. I think it’s how you pronounce his name.

DAN: Yeah.

BRAD: And then iThemes have kind of taken over development, so it might be getting some love in….
DAN: I have high hopes for it.

PIPPIN: I would have. I have huge hopes for it.

DAN: They’re….

PIPPIN: I mean, iThemes has obviously got a very strong repertoire of building great plugins, everything from BackUpBuddy to Exchange. Great company. Great people. And they know what they’re doing.

BRAD: Yeah, yeah, for sure.

PIPPIN: That’s awesome. So I had two plugins that I want to highlight. One of them I’m just going to mention really quickly. If you ever need to do custom CSS on your site, there’s a lot of custom CSS plugins out there. There are also a lot of times themes will build in a custom CSS panel. I like to warn people that using a custom CSS panel provided by your theme is not necessarily a great idea because, if you switch themes, that CSS goes away.

Now, that CSS might have been written specifically for your theme, so it might not matter. But, in general, I think custom CSS should be relegated to a plugin. And so Andrew Norcross from Reaktiv Studios built a really nice, custom CSS plugin called Reaktiv CSS Builder.

And the thing that I like about it more so than most custom CSS plugins is that instead of simply outputting the CSS in a styles tag in line in the header, it actually generates a real CSS file and then puts that into the site. And so that file can then be cached. You can minimize it. All the things that you would do with a normal CSS file loaded through a plugin or a theme, which is really slick. So go check that one out. It’s Reaktiv CSS Builder. It’s on WordPress.org.

And the other plugin, and this is one that I do not have a personal use for, but I think is a really cool idea. And the execution of it was beautiful. And it’s called Stream. Stream, it’s from the X-Team, which is led by Frankie Jerrett, who I believe also ran ChurchThemes.net. And it was built by a lot of different people that are involved with the X-Team.

But what it does is it allows you to track activity in your site. So let’s say that you have a site, and you have this plugin activated. It will track user logins. It will track changes to posts, new post types that are created, taxonomies that are created, media files uploaded, comments posted.

It tracks updates to WordPress and to plugins. So let’s say that your site is running great today, and then some time overnight you do an update to WordPress Core or you do an update to a plugin, and suddenly your site is having a lot of trouble. You can go into Stream, and it will tell you what happened. So it will say this plugin was activated. This plugin was updated. WordPress Core was updated, et cetera. And it’s really, really cool, and —

BRAD: It’s kind of like Blame in Git.

PIPPIN: Yeah, exactly. It’s basically let’s see a history of what’s happened on this site.

DAN: I think, going forward with WordPress, especially with the 3.8 release where we now have the automatic updates, the background updates built into WordPress, I think that’s going to be seeing a lot of use.

PIPPIN: I would agree because, I mean, sometimes — I mean, we know that automatic updates are extremely reliable and, in general, are going to cause very, very, very few problems. But it’s still a nice thing to have, to have that history that says we ran an update yesterday at 10:00 p.m. or a new plugin was installed at 3:00 p.m. today, and this is the user that installed it. It’s like taking the idea of a social network stream, like an activity feed from your friends and your connections, and putting them into your WordPress admin to see the activity.

DAN: Now I have a question on this. Something like this, we’re talking about this thing is actually tracking basically everything that happens on your site.

PIPPIN: Right.

DAN: Wouldn’t that have like a ridiculously high memory footprint?

PIPPIN: You would think. I did a code review of it for them, and I was really pleased. They have taken performance really seriously. And it does not — it stores everything in custom tables that they’ve optimized really well, so it doesn’t store anything in the post table or post meta, which are sometimes responsible for slowing down sites more so than other tables. And the way that they record their actions has very minimal footprint. The only thing that it’s doing is it’s basically inserting a value into a table when you do these kinds of actions. But since these are admin actions usually, having an extra like two milliseconds on an action is not really a big deal, as opposed to like adding two milliseconds to a page load on the front end is a big deal.

DAN: Right.

PIPPIN: But in the admin, in terms of doing these kinds of things, it’s not necessarily as important.

DAN: Fair enough.

PIPPIN: The one note is it does require 5.3 or higher for PHP.

DAN: Okay. Honestly —

PIPPIN: Which honestly should not be —

DAN: — why should anyone —

PIPPIN: Right.

DAN: Why would anyone have below 5.3?

PIPPIN: That shouldn’t —

DAN: Not that we don’t run into it on a weekly basis, but you shouldn’t be running anything older than 5.3.

PIPPIN: It really shouldn’t be a problem that we need to require 5.3 or that we need to tell people that are required 5.3, but there are still enough hosts out there that run 5.2….

DAN: If your host is running 5.2, you might want to change hosts.

PIPPIN: That’s probably true.

BRAD: If your host is running 5.2, it’s probably just an old server, and they probably have another one, and are eager to get you off that server.

PIPPIN: Hopefully.

BRAD: Speaking from a former Web host.

DAN: Oh, nice.

BRAD: I used to host. We used to have that problem, right? When shared hosting, you have clients on older servers, right? But oftentimes they have older software running on those servers. And if you upgrade them, their software will explode because it doesn’t support some of the new features in PHP 5.3 or whatever. And so you have this dilemma of like can you actually move a site? Maybe. Maybe not.

DAN: Write better code.

BRAD: Yeah. Well, I mean, yeah.

PIPPIN: I wish we could say that like writing better code was the answer to everything, but sometimes old code can’t be updated, which is unfortunate, but it’s the truth of the matter.

BRAD: It’s a willingness thing sometimes too, like, you know, if it’s WordPress, and they haven’t hacked the Core, then updating shouldn’t be a problem.

PIPPIN: Yeah.

BRAD: But oftentimes it’s like an old version of OS Commerce that has like a ton of hacks in it and like the client just doesn’t want to deal with updating it for PHP 5.3.

PIPPIN: It’s true. Well, I mean, sometimes the benefit of upgrading doesn’t outweigh the time that it takes to do it.

BRAD: Yeah, exactly. Well —

PIPPIN: I wish that wasn’t as true, but —

BRAD: I don’t know if I agree with that. I mean —

PIPPIN: Well, I just mean like let’s say you have a site that is more or less self-contained. I mean it just runs fine. There are no problems with it. Sometimes upgrading just for upgrading’s sake, it’s kind of — I mean, aside from like fixing security bugs, obviously, it’s kind of like the same idea of re-factoring code for the sake of re-factoring code.

BRAD: Yeah. I think there’s a lack of —

PIPPIN: I mean, you need to have —

BRAD: — a lack of understanding with customers oftentimes that, you know, they don’t have to maintain the software.

PIPPIN: Right.

BRAD: That once it’s built, it’s kind of set in stone, and it’s good to go forever, you know, rather than —

PIPPIN: Which is definitely not true.

DAN: That is a very depressing attitude.

BRAD: Yeah, but I mean I think it’s true. I think —

PIPPIN: I think it’s very common.

BRAD: And it’s our job to like change, you know, minds, right?

PIPPIN: Absolutely. I mean it’s very common. And I think a lot of it is not necessarily that users or customers have an attitude that says, “Oh, this never needs to be updated.” It’s that they’re not, it’s not their area of expertise, so they’re not — put it this way: they’re not really educated on the reasons why you should do that, I mean, because, to a lot of people, if they’re not a developer or they’re not familiar with the ways that software works, I mean, it works, so why would it stop working?

BRAD: Yeah.

DAN: Well, that kind of comes back to it’s the developer’s own responsibility to know what software or, you know, what their system depends on. And if there is a major update, then they need to look into it.

PIPPIN: Yeah.

BRAD: Yeah, exactly.

DAN: I mean I had a plugin or two that horribly broke with the WordPress 3.8 update because I was depending on CSS Classes and IDs that didn’t exist anymore, so the interface just falls apart, you know. Well, if you’re proactive enough then stuff like that doesn’t really matter because you can catch it before the users do.

PIPPIN: Right.

BRAD: Yeah, exactly.

PIPPIN: Well, cool. I think that just about wraps us up unless, either Brad or Dan, if you have anything to add.

BRAD: No, I think that’s good for me.

DAN: Not really.

PIPPIN: Awesome. I’m going to give a quick shout out back to our sponsors again. Thanks to WP Ninjas for sponsoring this episode and episodes to come in the future. They’re pretty cool guys. Go check them out. Thanks, everybody. And thanks, Dan, for coming on and joining us.

DAN: Any time.

BRAD: All right. Thanks, everybody.