Absolutely everything I can remember from my WordCamp experience this year. Feel free to just skip to the sections that interest you…
(And thanks Esther for the photo of Scott, myself, and Jason on the ferry!)
I was lucky enough to have a full carload with whom to share the ferry costs! So instead of paying about $300 for transportation (last time I flew) it was more like $75. So, there you have it: a direct benefit of participating in a meetup!
Like most mornings when I needed to awake early, I couldn’t sleep the night before. So from about 3 am to 4:30 am I tossed and turned, anxious that I might have set my alarm clock incorrectly or something.
By 4:30 am I just resigned myself to not sleeping, and had pre-breakfast and headed out. I thought I might have heard my 2 year old stirring but luckily she didn’t get up.
I picked up my fellow Shawnigan Lake WordPresser, Jason, at 5:07, 3 minutes earlier than we planned, then Esther and Scott at 5:37am, 3 minutes early, in Victoria. None of them slept well either, and were all running early (which is much, much nicer than running late!)
Main benefit of this early morning: we were some of the first to board the boat, so we got our choice of seats and watched a fabulous sunrise while sailing through the gulf islands. 🌅
We then arrived at WordCamp a little late (after the opening remarks) but just a few minutes into the first round of presentations.
Building Progressive Themes with WP Rig, by Morten Rand-Hendriksen
- main purpose is to allow you to use modern html, js, css, today while maintaining backward compatibility
- does all build stuff.
- allows you to only include css used on the current page
- Morten mentioned that there’s a growing standard to load css inline (not just in head). This way the css is only loaded when the browser gets to that part of the page.
- css variables aren’t supported by most browsers, but wp rig acts as a shim
- when you start using wprig to build a theme, it’s now your code. Your code and the WP Rig code are tightly coupled and it’s expected that you won’t update WP Rig. (I can see how this is nice because “you don’t need to update”… although I can see if there are new WP Rig features in the future, or even security issues, it would be nice to have WP Rig separate and easily updatable.)
- checkout wprig.io
Just enough React: Getting ready for Gutenberg, by Shannon Smith
- when registering custom post types, you can declare its Gutenberg Template
- you can use command line (WP CLI) to scaffold Gutenberg blocks
- Gary Pendergast created a plugin to convert shortcode to blocks (although TBH I can’t find it; all I could find was Daniel Bachhuber’s tutorial on how to do it)
- most theme and plugin devs don’t need to learn react to build blocks etc. Only need react for contributing
How to Optimally Secure Your WordPress Environment, by Chloe Chamberland & Colette Chamberland
- there no single way to prevent all hacks. Need layers and backup plans
- big factor in security is choosing a good host. They should maintain 30 days of access and error logs, use SFTP instead of just FTP, use mod security, clamAV, keep backups for at least 30 days (or find find plugins for those; although configuring SFTP etc is something you can’t do with a plugin)
- use haveibeenpwned.com to see if your email has been compromised in a data breach on some website (I just used it, and my faithful old email from the early 2000s has apparently been compromised a half dozen times 🤒 )
- PCI (security standards for website processing credit card payments) requires you use TLS 1.1 after June 2018
- there are two main types of firewalls, both with PROs and CONs: cloud-based firewalls (which run on a remote server, I think is what Sucuri offers) and application firewalls (which run on your website, which is what Wordfence offers). Which is better? Both.
- cloud based firewalls use DNS, so you set your site to use their DNS and they forward requests onto you, after running them through their firewall. But a hacker can discover your IP address and then send requests directly to you, which bypasses their firewall.
- if you get hacked, first thing you should do is take the site offline, review logs to find out when it was hacked, notify customers, and restore to a backup. (And if you don’t have a backup, hire someone to clean your site or start from scratch!)
- California has recently passed a law requiring no simple passwords
Stop Guessing: Diagnosing & Fixing WordPress Performance, by Matt Kopala
- page cache is ultimate in speed, but has downsides (like needing to be refreshed periodically, which is obviously slow, and it might be hard to cache the entire site, and you can’t cache the admin dashboard)
- object cache helps across all pages
- but it’s best to have a fast site without caching
- webpagetest.org is good way to assess how fast site is (I just tried it on my wpcowichan.org site… 😭 the results were far poorer than I thought they’d be!)
- how to check if host is cause of slowness? Try a different host and copy the site there, then compare results
- new relic now has WordPress integration, shows performance of plugins
- beaver builder usually really slow, so is JetPack
- it’s not the number of plugins that’s important, but what they’re doing and how they’re configured
- jpgs generally much better than pngs
- if you don’t have server access to install new relic, try a host that allows that (hint: sitedistrict) run new relic then, and assess how to speed it up, and you can always go back
Webpack for WordPress, by Carrie Forde
- minimizes, and compiles JS and CSS
- but can be made with source map so errors and js console show what original file that came from
- Babel module can take care of converting modern js to legacy js
- gulp, (grunt?) and webpack kinda serve the same purpose
- make mistakes but fix them
- having a pixel perfect layout actually doesn’t do a ton for increasing traffic
- while a good personality usually doesn’t trump efficiency, all things being equal, most people would prefer to work with someone pleasant and fun
- communicate even if things are your fault
- what contributed to his site’s growth? Social media marketing and contests
It’s funny that even though Ryan was obviously pretty new to WordPress (undoubtedly many of us felt more experienced than him) this was the talk my carpool groupy talked about the most. We liked his effort and emphasis on the important things (like focusing on getting traffic and features that will actually help the business, not making things pixel perfect or poetic code). And for my part, I like seeing more involvement from younger folks.
How to Stay Calm and Troubleshoot Your WordPress Code, by Kirsten Starcher
- when clients are upset, just hear them out and acknowledge them
I’ve started to find meeting people at meetups really easy, to be honest. I just walk up to other folks who’re snacking, or waiting for the next session, and ask “So, what do you do with WordPress?” And they usually mention something they have experience with that I’d like to know more about, so I’ll ask them about it. Somewhere along the way, I’ll tell them what I do and share something about myself too (just to clarify it’s not an interrogation, but I’m interested to learn from them).
That’s how I met Kalen Johnson. He described himself as not being so into WordPress, mostly a general PHP developer. He was also a formidable opponent at Mario Kart 64 at the Blue Host sponsor booth.
Kalen and I played with one of the Blue Host reps. He said if we beat him, he’d give us another ticket for the raffle to win the TV… and somehow, I got lucky and the game (despite initially not remembering which buttons to use!)
I offered the ticket to Kalen but he gracious declined… boy would he regret that…
Afterwards I met Rob Golbeck. He was plenty friendly. He’s a WordPress site builder living in Tsawwassen. Here’s some of our conversation’s highlights:
- being a freelancer, most referrals he receives are from a local business/entrepreneurship group he attends, and from previous work connections (not SEO or social media etc)
- he uses the Pro Theme with their page builder
I couldn’t use my raffle tickets because I was going to leave early to catch the ferry, so I gave them over to Rob. I said, “If you win, give me a tweet on Twitter or something!”
That evening, he tweeted this:
This was one of the highlights of the WordCamp for me.
First off, they had a fun sponsor booth. Mark Maunder was there teaching people how to pick locks. I don’t totally follow why, but it was really fun. And if you managed to pick the lock, he gave you your own lock picking kit.
While I don’t plan to take up breaking-and-entering, it was fun and informative. The point being that if you understand how intruders work, you can better defend against them. And of course that’s exactly what Wordfence is all about, just online.
I like the idea that actually understanding how to attack helps you better defend. I asked him how exactly do you intercept HTTP packets. Apparently on public Wifi it’s pretty trivial: just
- connect to the network (like everyone else),
- setup a packet sniffer on your local computer
- set it to promiscuous mode (which causes the computer to listen to packets not intended for it; normally computers ignore all network messages not intended for it)
- watch the HTTP messages on the network.
At DefCon, a cyber security conference, they illustrated this by setting up the “Wall of Sheep“. It’s where they do exactly what I described above, and have a program analyze the HTTP messages for usernames and passwords, then put them on a projector for everyone to see to shame folks using insecure websites.
We agreed it would super informative, albeit ethically uncomfortable, to have a WordCamp presentation showing how to hack WordPress websites, with the purpose of learning how to better protect it.
Later, Mark mentioned that one of their developers previous worked in military defense, basically defending nuclear installations. So that’s the calibre of hires they do- people get promoted from nuclear defense to WordPress defense…
That of course brought up Red Team Operations, where one of their own staff (usually Colette Chamberland) will secretly try to hack their own system. Apparently their ex-government employee had such an operation working in nuclear defense once, and they didn’t realize it was just an internal exercise, and they nearly alerted the president of the United States.
We also talked about why folks become malicious hackers, in the first place. Mark mentioned how back in his youth, he was a bit of a hobbyist hacker. It was basically a game, a bit like egging someone’s house. He quit when he heard the news of someone being put behind bars for similar hacking. Apparently the USA is one of the harshest on countries on cyber criminals.
Anyways, really interesting stuff. (FYI here’s a great WordPress.tv session with Mark and other Wordfence folks on security that’ll give you a taste of what type of stuff we were chatting about.)
I met Soren and he was nice guy, building sites like most attendees. He gave me a good opportunity to explain the merits of a self-hosted registration system, as opposed to something like eventbrite.com.
What was also fun was we bumped into him on the ferry on the way home. He was taking the bus, and we had an extra spot in the car, so he got a lift with us.
- Young folks presenting. I think we could do a lot more to encourage younger people to use WordPress.
- I really enjoyed my hallway chats; those may have been my highlights.
- Road tripping it with friends. In some ways I wish we’d have a closer WordCamp, without needing to get up so ridiculously early, but it was a lot more fun this way.
- I enjoyed the N64 games and lock-picking sponsor booths. What’s more, I think they may have been better at getting people to come over and interact instead of just pushing their product.
- While it’s cool having “big name” presenters from afar, it’s kinda nice having local presenters too. When someone spends big money to come present, I suspect there’s more of a burden to get a return on investment (eg subtly promote their product). I think there was less of that from local presenters.
What I’d Add Next Time (If It Were Up To Me)
- have lunch above ground. At WordCamp Seattle last year, each person was given a voucher for a nearby restaurant. The walk was refreshing and a good opportunity to bump into other WordCampers
- Another track for more hands-on opportunities, like getting dirty with code, or a a help desk
- Bring aspirin or something. I think the early morning and being underground all day gave me quite a headache.
Any other memories other attendees wants to share?