Author: Ipstenu (Mika Epstein)

eCommerce Dream
At the end of my WordCamp San Francisco talk, I said I had a dream. A dream about a plugin that can share an inventory between WordPress sites on a Multisite Network.

Imagine, if you will, a store with a physical products (Geisha dolls). The store has a bunch of different types of dolls. The store has satellite stores, one in Ariel (their flagship store) but now one on Bellerophon and another on Whitefall. While the Companion-Style dolls sell well on Ariel and Bellerophon, the Cowboy-Style ones sell best on Whitefall. Also each store has a different kind of clientele.

So the Dollhouse Store makes a website, and then using Multisite, makes another site for each location: whitefall.dollhousestores.com and so on (or maybe whitefalldollhouse.com even). At first, the webpages are just a list of the local store products, come and buy them here, photos of the locale, employees, and local events. Then they decide to sell stuff on line. But they only want to list items for sale under specific criteria.
1. All items for sale are stored on the network admin
2. Each store can select what products they have at their store
3. Each store controls product volume.
4. Stores can request more product from homebase
Now of course they could have a separate store for each site, but they want to manage what possible items could be sold online, so having that controlled by the network makes sense, doesn’t it?

Meanwhile another store sells cows. All the cows live at Persephone, and are shipped out to Jiangyin and other stores. They’re doing well with everyone going to cowship.com, but they too want to have jiangyin.cowship.com and so on. Each store lists what cows are for sale that live well in each location because Holsteins’ don’t like Bellerophon, who knew? This way, someone on Jiangyin can order Holsteins but not Texas Longhorns. Obviously they need to control which product can be sold at each location, same as the Dollhouse, but they also have a different problem. Their product amounts must also be stored in one location and shipped out from there, so they want to make sure they don’t oversell their cows.

Their criteria:
1. All items for sale are stored on the network admin
2. Network admin controls absolute amount of products
3. Network selects what products they have at each store
4. Orders per store base product volume on the network amount
These are pipe dreams. Today there is no plugin that ‘shares’ an estore across multisite sites on a network. You can’t even do it with ‘digital’ products which now that I say it aloud, I think Pippin should totally get on that.

Today, all sites are separate, and since estores have their content saved per-site, there isn’t an easy, friendly way (if there is at all) to pull data between sites in a way that preserves shopping carts and such. I wish there was. I get asked about this at least once a week, and I have to say “Today, there is no plugin that can share an inventory between WordPress sites on a Multisite Network.”

But this is a complicated thing. Multisite itself isn’t actually built to handle that kind of thing, since the network doesn’t have posts or pages. You’d have to dedicate a site on the network to the shop and pull in content from there, which of course has a switch_to_blog() overhead penalty. I can’t even begin to get past the paper thoughts I have here.
6 December, 2013
Why Does The WordPress Background Auto-Upgrade Work?

Way back in the stone ages I wrote an explanation as to why the WordPress Upgrade didn’t work all the time. In that post, I pointed out that servers and your installs are special snowflakes and not all the same, and that’s why an upgrade doesn’t work all the time. I’m amused that no one pointed out to me that stance (one which I still maintain by the way) seems contradictory to my proclamation that we should love the built-in updater as of WordPress 3.7.

Allow me to challenge myself.

Your server, with your install and your plugins and theme and tweaks, is still a special snowflake.

The background updates for WordPress keep this in mind.

Oh, I have to go further into this? Fine. The reason the updates are restricted to just minor, security/maintenance, updates is that, in general, they do not cause the problems people experienced 2010. It’s been three years. We’re smarter, we learned a lot, and most importantly, if the problem in 2010 showed up again, WordPress would not to install. I heard the sounds of brakes screeching. Let me explain. We want WordPress to not install itself if it can’t. We’re not defining that as a ‘failure’ because while your install did fail to upgrade, your site didn’t break.

Let’s get the down low from the man himself:

All "Update Now" clicks to WordPress 3.7.1 have a 99.75% success rate. That 0.25% is mostly just temporary download failures.

— Andrew Nacin (@nacin) October 30, 2013

About 24,000 auto updates have taken place without any problems. Half of all installs are now being told to update as the rollout continues.

— Andrew Nacin (@nacin) October 30, 2013

Oh no! After 29,000 auto updates to 3.7.1, one site had a critical error. Haha just kidding, the updater simply rolled the site back to 3.7.

— Andrew Nacin (@nacin) October 30, 2013

3.7.1’s fixes were written in such a way to ensure a working site despite any failed file copies. So even a critical failure isn’t critical.

— Andrew Nacin (@nacin) October 30, 2013

Those seem pretty straight forward. WordPress 3.7.1 was made so that a failure to update didn’t break your site, because if it couldn’t apply the install, it would rollback seamlessly to 3.7 without you noticing. Well, except for the email you got to say “Hey, this didn’t work, man. Sorry.”

Why does this work and the major upgrade does not?

That’s the real question, isn’t it? Why are we having such a monumental success for 3.7 to 3.7.1, where we didn’t from 3.6 to 3.7? Actually, we did, but you’re not comparing the right things.

First of all, the 3.6 to 3.7 upgrade is one of the more stable ones we’ve had in a while. 2.9 to 3.0 was the birth of my OMGWTFBBQ!!! post in the forums (and the catalyst for why I’m working for DreamHost). It was a major overhaul, with a lot of changes, and a lot of complicated tweaks. Let’s be frank, it was a re-write of a crap-ton of modules, and it was just going to break things. WPMU folded into WordPress and changed to Multisite? Yikes! But as time has moved on, I’ve been reporting more and more “Everything’s okay in the forums.” This does not mean everyone is perfectly happy and perfectly safe, and the upgrades were a 100% success. We have the same type of complaints as we always have. Themes and plugins were not robustly tested enough with the new release, so they broke when the upgrade happened. This is (currently) unavoidable.

So again, why is this working so well?

Because the core team who wrote the update script learned from their mistakes in the past. The changes made in WordPress may be bold and large, but they’re also done carefully. Instead of just saying ‘What’s done gets into the new version,’ 3.7 took the ‘feature teams’ trend started a few releases back to the next level. Only if the feature was done-done did it get into 3.7. This meant that while we did not have a major ‘feature’ this release (like we did with the Media Release in 3.5), we had the opportunity to make each feature rock solid on it’s own. And this worked better than many expected because of “features as plugins.”

While some aspects of core have to be developed in core, others begin their lives as plugins. Like the password-strength improvements and auto-upgrades were both plugins before they were added to core. Also if you look at 3.8, pretty much every major feature that can be a plugin is one. This means that one feature, a new post editor, didn’t make it because right now it’s not ready. Having things be plugins also lets more people test them, by installing the plugin without having to upgrade to a beta version of WordPress!

Finally, and this is really important, not everyone gets upgraded at the same time. Within 24 hours of the release of WordPress 3.7.1, only 75% of English installs were updated. This was done to keep an eye out for load issues on WordPress.org’s boxes, but also on shared webservers. Which by the way are doing just fine. As we go forward, Nacin’s said he expects this to be sped up, especially for a 100% security release.

How does it work? Glad you asked! The best explanation I got at this was over beer with Nacin, and sold me. At 7am and 7pm your site pings WordPress.org to see if there are updates. When this happens, your URL is hashed into MD5. Then the first three letters of that is converted to a base 10 number (MD5 being based on base 16, which doesn’t do you any good unless you have 6 extra fingers) and that’s used to decide if you get an update or not. The cool part of this is that it can be used to push to only one out of four thousand sites.

I know this is all probably sounding like fan service. Like I can’t see anything wrong with this. Nothing is perfect. I’m well aware that things can break. I’m well aware there are possibilities like WP being DNS highjacked, or a plugin circumventing the updater. But. If the DNS is jacked, the API just won’t work unless the jacker has a duplicate that works. And the evil plugin would kind of have to do the same thing, or they would only be able to impact you when a natural upgrade occurred. And neither of those are actually related to background updates. They could have happened at any time in the past. They could happen tomorrow.

Why do the upgrades work?

Because WordPress grew up.

And that’s pretty cool.

4 December, 2013
Is SEO Best Handled by a Plugin or Theme?
I’m not an SEO expert, but I know a heck of a lot more than many people who claim they are. For the record, I’ve been messing with SEO since it was ‘correct’ to put hidden text in the source code of your site. I used to spend time getting sites to rank well on Lycos and Altavista, back when I was but a wee intern for my friends. It’s fair to say I’ve been around the block with SEO.

I don’t consider myself an expert because of skill, though in the last couple years, I’ve decided not to keep up as closely with things like schema, mostly because I don’t have to. I still retain a solid grounding in what does and does not make for good SEO (content!), and I understand that part of good SEO isn’t just content, it’s how the content is displayed for the reader, but also how the information is sorted for the computers at search engine companies.

Credit: Plymouth UK
About every couple months, someone asks me if I prefer using a theme or a plugin to manage my SEO, and I have been giving the same answer for a couple years now. I don’t use either.

This does not mean that the themes I use aren’t ‘SEO’ optimized, of course. It means that I don’t use their ‘extra’ features. I use, primarily, StudioPress’ Genesis Framework right now, and that comes with an SEO settings page which I never use. Ever. In fact, I turn it off in any child theme I make. This is not because I don’t think that it’s useful, but that what I do ‘use’ for SEO is already included.

My SEO consists of making my content fantastic, using a theme that includes schema headers (or adding them myself if not), and following the guidelines Yoast outlines in his article WordPress SEO Tutorial. I don’t do everything he says (he likes ‘category/postname’ for permalinks, I like ‘year/postname’ but if date doesn’t really matter, I use category instead), but I do read and think about what it means.

That’s the crux isn’t it? I don’t blindly follow advice, or use a plugin or theme because people say I have to. I read, I think, and I come to logical conclusions, and I apply them after I write my post.

For example, Yoast says not to use ‘stopwords’ in titles and make them SEO friendly. I take this to mean your human readable title should be gripping, but the title slug should be short, to the point, and descriptive. So I customize every single title. I come up with four or five before I post, and then when I have one with a good grab, I tweak the title slug to be as short as possible, while still being descriptive. Sometimes I’m better at this than others, but I keep working it.

Next I customize my ‘publicize’ lede. This has to be good and it has to be short. I know I’m using my helf.us yourls, so the URL itself will be tiny, but that doesn’t mean I should use just my title for Twitter. I customize it, trying to make it a little more witty and pithy, to reflect me and my readers. Finally I customize my excerpt. Oh yes, my excerpts are all custom written, and they are intended to grab you hard. Like Yoast, I feel the only well written description is a hand written one, and I do it. For everything.

This puts me at a funny disadvantage. Most plugins and themes I’ve seen tend to want you to make a custom meta description. There are plugins (like the one I do use, listed further down in this post) that allow you to use your excerpt as descriptions, but I’ve never quite understood why themes make this so hard. In Genesis, I have a field for “Custom Post/Page Meta Description” in every post, which if I use it, will change the meta value for description.

When I dug into the code, I saw that it was pulling this:
```
genesis_get_custom_field( '_genesis_description' );
```
Clearly all I need to do is make that default to what I want. And when I figure that out, I’ll let you know. Right now, all I could do was remove Genesis’ function and replace it with my own. Not elegant at all.

Now all that said, there are times when I see to ‘improve’ upon the SEO I’ve been given, because someone else is handling the content will far less care than I give. When that happens, I grab Yoast’s WordPress SEO Plugin. But for the most part, I don’t do anything on a regular basis that involves having to ‘customize’ my SEO, so it’s infinitely portable to any theme I want.
2 December, 2013
Why I Hate Facebook

I do, you know. I hate it for a couple reasons, but the primary one is the user interface sucks. It’s just horrible. And since I’ve apparently turned Friday into my free, shortform, random topic day, let me explain to you why.

Ignores My Settings

I cannot tell you how many times I’ve gone to my timeline and seen garbage from last week. “What the hell?” I would shout, and look to see that my timeline is ordered by something called “Top Stories.” Interesting, because I know for a 100% fact that I set it to “Most Recent.” But no, no, Facebook changed it. So I change it back:

And don’t ask me how many times I’ve had to turn chat OFF.

Click Don’t Matter

This is worse on iOS where I have to click twice on every single link, but it’s bad on the sort order, which is not a link but a drop down. Only since it’s right above the post in my timeline, I have to wiggle my mouse around until I magically click the right place for it to work. Using Facebook on my iPhone means I have to use their app, which behaves radically differently from the normal app, so thanks. Now I have to learn everything twice.

Unfollow Does not Mean What You Think It Means

If I comment in a thread, I follow it. Okay. I can see why you do that, and while I’d like an option to default that to off, I’m not going to argue. But when I make a comment, sometimes I click ‘Unfollow’ right away, because I just wanted to say one thing, or post “Congratulations on your baby!” and move on. That’s the end of it, right?

Nope. Every time someone ‘likes’ my comment, I get a notification. Every. Smegging. Time. I’m witty. Lots of people like my comments, or find them helpful, or whatever. That means I get a lot of BS notifications I don’t give a horse’s patootie about.

Wrong location For VERY important information

Do you know how to ‘tell’ if a post can be shared? Some can, some can’t you see. Let me help. This post is public and can be shared:

This post is friends only and cannot be shared:

Different icons, different meanings. Where are these icons? At the bottom of the post. Why is that a problem, you may ask? After all, the share button is down there too! Not everyone shares with share buttons. A lot of people will copy what someone says on FB to a blog. If they don’t happen to scroll down (which, let’s face it, a lot of us don’t), and don’t happen to know magically that a globe is public and a group of little people is a friends-only thing, they’ll copy the post content, paste it to their website, and share with the world.

I’m not so naive to think anything I put online is ever fully ‘private.’ But I’m intelligent, experienced, and I work in IT. I understand the world around me, and how the digital world shares data. If it’s online, someone will see it, share it, and make it public. Not everyone gets that, and they get upset.

How could Facebook fix this? Put at the top of the post “Friends Only!” or “Public Post” so it’s clear right away.

Bad Colors

Did you know you can embed Facebook posts in WordPress?

https://www.facebook.com/photo.php?fbid=10151997270514795&set=a.10150154582169795.302445.251152514794&type=1

That’s my high school celebrating soccer season. The link for embedding FB? Grey. Pale grey. In the image below, I’m hovering over it. It’s still grey. If I didn’t know better, I’d think it was plain text!

There should be a color change when you hover over a link, a noticable color change.

But wait, there’s more!

I’m sure there is, but at over 600 words, lets call this a day. What annoys you about Facebook’s user interface?

29 November, 2013
Extending Chrome
I had a problem.

If you know me at all, you know this is how 99% of my code lessons start. I have a problem I can’t solve easily, so I dig into it and write about it. In this case, my problem was one of those really stupid, messy things where I needed to force some code to run on certain pages and I didn’t have any access to those pages. Why? Well … let’s just say I wanted to make something like the Hey Girl chrome extension okay? Yes, I need an extension for Google Chrome.

It doesn’t really matter what you’re making, what matters is how easy it is to make a Chrome Extension. It really only needs two files, a manifest.json and then your content files. Let me explain by making Google Red.

Manifest

The manifest is where you list what’s in the Extension. It’s going to have the name, summary, what files to call, when and where. A really simple example would be like this:
```
{
"name": "Half-Elf's Chrome Extension",
"description": "This is an example extension that doesn't do anything useful at all.",
"version": "1.0",
"manifest_version": 2,
"content_scripts": [
    {
      "matches": [
                 "http://www.google.com/*",
                 "https://www.google.com/*"
                 ],
      "css": ["mystyle.css"],
      "js": ["myscript.js"]
    }
  ]
}
```
This is pretty straight forward. Name, description, etc. The value for manifest_version has to be the number 2, no quotes, no matter what. This is mandated by Google. They don’t use it yet, but they will. Then we get to the fun stuff, content_scripts, which is also pretty obvious. Using “matches” says “Only run this when the URL matches…” This is an inclusive match. For a different example, here’s an extension I want to run on every website, but not when I’m in wp-admin:
```
"content_scripts": [ {
	"matches": [ "http://*/*", "https://*/*" ],
	"exclude_globs": [ "http://*/wp-admin/*"],
	"css": [ "mystyle.css" ],
	"js": [ "myscript.js" ]
} ]
```
You can take this even further and only have it take action at specific actions (like when you make a tab active). The content_scripts documentation is pretty overwhelming, but it has all sorts of options. Today, though, saying we want to match just Google’s pages is okay.

In order to do this, I made a blank file called manifest.json and saved it in my ‘Development’ folder called~/Development/Chrome/extensions/GoogleRed but this doesn’t actually matter. Save it anywhere on your computer. Just know where it is. I also put blank files for mystyle.css and mystyle.js in there because they’re my content files! They’re blank, we’ll get to the real code soon.

Content Files

This is the fun part. The content files are what makes the magic happen and the super cool thing? It’s all basic JS or CSS or HTML. Seriously. Anything you can do in those languages, you can do in an Extesion and call it a day. For example, here’s one I used to strip referrers from URLs on Facebook (I was experimenting):
```
document.body.innerHTML = document.body.innerHTML.replace(new RegExp('?fb_source=pubv1" target="', 'g'), '" target="');
```
I set this to only run on Facebook.com and it was exactly what I needed. I admit, there are better JS ways to do this, but I suck at JS still, so this was as far as I got.

The Example

Google actually already made the files, so you can download them from Chromium “Make Page Red” and toss them in your folder. My files are as follows:

mainfest.json
```
{
	"name": "Page Redder",
	"description": "Make the current page red",
	"version": "2.0",
	"permissions": [
		"activeTab"
	],
	"background": {
		"scripts": ["myscript.js"],
	    "persistent": false
	},
	"browser_action": {
	    "default_title": "Make this page red"
	},
	"manifest_version": 2
}
```
myscript.js
```
// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
	
// Called when the user clicks on the browser action.
chrome.browserAction.onClicked.addListener(function(tab) {
  // No tabs or host permissions needed!
  console.log('Turning ' + tab.url + ' red!');
  chrome.tabs.executeScript({
  code: 'document.body.style.backgroundColor="red"'
 });
});
```
That’s it. Two files. But how do I get it installed?

Adding it to Google Chrome

Go to chrome://extensions/ in Chrome and you get this kind of view:

See the box on the upper right? Developer Mode? Check it. Now you get extra information!

What interests us the most here is “Load unpacked extension…” but also that ID code jcpmmhaffdebnmkjelaohgjmndeongip is really important. This tells me where the extension lives on my computer, because I can go to ~/Library/Application Support/Google/Chrome/Profile/Extensions/jcpmmhaffdebnmkjelaohgjmndeongip and see all the code for the other extensions. This makes it super easy for me to fork them. Since this is all just for me, and I have no plans to release them, I’m less worried about licenses than I might be, but I still am in the habit of checking what they are and so should you. Your folder locations will vary depending on your OS, and how many Google Profiles you have (I actually have 3 – me, work, fansite).

Click that “Load unpacked extension…” and select the folder:

Once you upload it, you get this:

Now you know where the file is, but also you get a special link for Reload (⌘R) which is a life saver. Click that and any changes you made to your source files are re-installed into Chrome! This is great because Google’s example of making pages redder? Doesn’t work.

Okay, that’s not fair, it does work, just not on every page. It didn’t work on https pages for me until I edited the manifest and changed permissions from "activeTab" to "activeTab", "tabs", "http://*/*", "https://*/*" and then clicking on the magic button worked:

It’s kind of nice to be able to bully things around that way.

I’m just dabbling my toes into the Extensions water, and I find it highly powerful to push Chrome into my paths right now. Have you written any extensions?
27 November, 2013
WPwatercooler – Multisite Edition

Half an hour kbittzing about Multisite with the players from WPwatercooler

Credit: WPwatercooler

It’s also going to be on podcast and sticher and apparently I have a nice, soothing, voice. Thanks, Cousin Dan, for the tips and tricks about that!

25 November, 2013