Half-Elf on Tech

Thoughts From a Professional Lesbian

Tag: plugins

  • Is This Plugin Bad?

    Is This Plugin Bad?

    I get asked this a lot, in part because of my job (WordPress Support Guru and Manager) but also because I’m a know-it-all busy-body. The problem with the question is that it’s very subjective, and the answer highly depends on why someone’s asking the question.

    I’m sure it annoys my co-workers when they ask “Is this plugin bad?” and I ask “What problem is the customer reporting?” If the answer is that the customer has a slow site, then MY reply will be different than if they were hacked. Making matters worse, sometimes the answer depends on what other plugins they’re using, or what their theme is, or how they use everything together! You see, the issue is rarely “This is a horrible, evil, terrible plugin and no one should ever use it!” It’s generally more “Well in this case, I would say this is the best plugin, but you have to take this into consideration…”

    As a customer, it’s annoying. I just want a yes or no answer. But this is like that gas milage situation I talked about in my explanation of Shared Hosting. How many tanks of gas does it take to drive from Chicago to Cleveland? For me, it’s one. For my cousin, it was two and some change. Same distance, same day, same weather! What was different? The car and how we drove.

    Your site and my site are different. This site and this other site on my network are different. They run different plugins, though the same theme, and sometimes one of those different plugins causes a problem. Like I found out the custom prices plugin caused my background image not to display. Oops. Does that make it bad?

    There are a few types of ‘bad’ plugins to consider.

    Evil Plugins

    This is the easiest to explain. A plugin that is created to do evil things, like leave backdoors into your site, is bad, no matter what. Don’t use it.

    Holey Plugins

    This plugin has the best intentions in the world, but for whatever reason has a security hole. Maybe they forgot, maybe they missed it, but it happens to everyone. In general, this is not a bad plugin, unless the dev refuses to fix it. Or worse, can’t fix it! Now it’s a bad plugin.

    Broken Plugins

    Pretty common, this is a plugin that once worked but now, with the new upgrade of your theme/plugin/WordPress it stopped. This one sucks, and not much can be done except try and fix it, unless the developer comes around.

    Works For Everyone But You Plugins

    This is the brunt of what people mean when they ask me “Is this a bad plugin?” but they just don’t know it yet.

    Mal (aka Bad)

    If you haven’t noticed, most of the ‘bad’ plugins are really just unfortunate plugins in bad situations. Determining if a specific plugin is bad for you isn’t as simple as going “Yes, I know that plugin is crap!”

    What I do know, but I have to be circumspect in saying, is some plugins are better than others for specific server situations. You’re on shared? You probably don’t want W3 Total Cache right away because the best parts of it (that hooks into server side caching) aren’t available for you. On a VPS? You can probably use that YARPP (yet another related posts…) plugin just fine! Oh, but you’re using it with BuddyPress and bbPress and a whole mess of other plugins with a high degree of interactivity? You may need more memory.

    And that’s the real answer. Is any individual plugin I named ‘bad’? No! In fact I’ve used them all and they’re wonderful in their use case. But they also require me to be aware of my whole situation. What kind of server am I using, what kind of environment am I in, what other plugins am I using?

    It all comes back to being aware.

  • SSL for One Domain on Multisite

    SSL for One Domain on Multisite

    To start with, I made a mistake and assumed, bad me, that the Terms of Service that let me collect donations for my ebooks would similarly be okay with collecting payments for said ebooks. Alas, no. “Digital goods including digital currency” are not permitted, and that was my bad. It resulted in me losing my entire account and having to fight to get my customers their money back.

    Meanwhile I decided to get started on making an easy way for people to pay and stay on my site (like Stripe), and this, no matter what, means I need to have SSL.

    Normally that’s not too much of a problem, but my store happens to be a subdomain of a mapped domain on a multisite. My WordPress install is at ipstenu.org. This site is actually tech.ipstenu.org, and my store (store.halfelf.org) is actually hshop.ipstenu.org (stands for HalfElf Shop…). I used domain mapping to point halfelf.org to tech.ipstenu.org, and store.halfelf.org to hshop.ipstenu.org. While I could just edit the site and home URL in the ‘Edit Site’ page, domain mapping is needed for in order to tell WordPress that the domain is really a thing.

    Setting all that up was the easy stuff, though. The SSL part was something I’ve poked at before and given up, since multiple domains and one SSL cert is a pain in the ass. But today, if you go to the Half-Elf Warehouse, you’ll see it’s all SSL! (NB: It was. It’s now only SSL on pages that need SSL, to allow for better caching.)

    You will need….

    SSL Certs

    This is the easy part. You need an SSL certificate for the domain you need to protect. If this is the only domain you want to add this on to, it’s relatively easy. If you need to add SSL on to multiple domains, check with your webhost.

    I actually have multiple SSL certs. The problem with multiple SSL certs is that a wildcard one for subdomains costs around $300 (this is on Comodo), and I have three domains I need to protect on one server… Oh. Wait, wasn’t this a problem before? As it happens, I’ve got SNI on my Apache instance now, so that was fixed. I picked up a cert for store.halfelf.org and set it up, done. Except…

    Add-on Domain

    Why this? Well it’s funny. I used to always tell people ‘Use Parked Domains, it’s way easier’ and this is still true, it just has a caveat of ‘unless you’re trying to use SSL.’ Now that I am, I hit a sticking point where a parked domain cannot have it’s own SSL cert, but an add-on domain can. This was a simple fix. I deleted the parked domain and flipped it to an add-on domain. Then I added the certificate in for my site and now I have https on ipstenu.org and store.halfelf.org but not halfelf.org. Why? Because halfelf.org and store.halfelf.org are separate add-on domains. Had I bought a wildcard cert for halfelf.org, I could have made halfelf an addon, and store.halfelf a parked domain on top of halfelf, but this works too.

    The other option, of course, is a multi-domain cert, which is too much money for my tastes, and I don’t need it all the time. I have SNI, which makes this so super easy for me, it’s silly. Just add the cert for the domain and have a party.

    WP-Config

    But today I only want to force one of my mapped domains to be SSL:

    if ( $_SERVER["HTTP_HOST"] == "store.halfelf.org" ) {
    define('FORCE_SSL_ADMIN', true);
    define('FORCE_SSL_LOGIN', true);
}

    No that was it. If it’s two domains, it’s this:

    if ( $_SERVER["HTTP_HOST"] == "store.halfelf.org" ) { ...}

if ( $_SERVER["HTTP_HOST"] == "ipstenu.org" ) { ...}

    and so on and so forth. Why not using an OR check? Because it failed miserably when I did that. I suspect it’s due to ipstenu.org being my main domain, but I was tired and stopped here.

    .htaccess

    Okay, now I want my domain to default to SSL when people visit too!

    RewriteCond %{HTTP_HOST} ^store\.halfelf\.org
RewriteCond %{SERVER_PORT} !443
RewriteRule ^(.*)$ https://store.halfelf.org/$1 [R,L]

    That was easy.

    WordPress SSL

    What about making everything on my page load SSLish? Install and activate? That was it? Oh. Okay.

    Verify!

    https://store.halfelf.org

    Hey! Looks good! Actually I’d had a problem when I first ran this.

    Chrome's Warning for SSL

    Yeah, that little yellow triangle. What the heck did it mean? I trotted off to Why No Padlock? and got an error:

    SSL verification issue (Possibly mis-matched URL or bad intermediate cert.). Details:
    ERROR: no certificate subject alternative name matches

    That didn’t help me at all, so I viewed page source and looked for http://store and didn’t find anything. Then I looked at the console and saw that it had an error on some JS:

    //Moral? Always read the ToS.

  • Why Not Multisite?

    Why Not Multisite?

    My most popular post ever has been Don’t Use WordPress Multisite, which I wrote in 2011. It’s 2014 so it was time for a revisit of this concept.

    The point I made in 2011, and again at WordCamp San Francisco in 2013, was that while Multisite is amazing and awesome and wonderful, it’s got limitations. I love it, I think it’s perfect for me, but I always keep those limitations in mind and try to educate people as to what they are. I think I have a pretty good grasp on them by now, and so does Nacin:

    Grumpy Cat: You want to duplicate everything? NO.This may make you wonder what I could possibly say that hasn’t been said before? The questions remain the same, but the answers change a little as time goes by. I want to stress that for every single reason I’m going to list as a case for not using Multisite, I probably have broken. Rules aren’t meant to never be broken, their meant to make sure we understand what and why we’re doing what we’re doing.

    The absolute number one aspect about Multisite that you cannot forget is this: Multisite is for running multiple WordPress blogs (aka sites) on one install (aka a network), with separate content but a shared base for code and users.

    If I was to make it a rule it would be this: Don’t use Multisite unless you want to run multiple WordPress sites, each with their own admin section.

    But …

    You know how I made that list of reasons? Like you don’t need it to categorize posts and make a site that’s all the same (or even all different), and I still firmly think that no one has any reason in the world to have a site that duplicates content 100%. Sometimes you do need Multisite for this stuff. Or rather, sometimes you can use Multisite, and it’s not the wrong choice!

    You don’t need Multisite

    WordPress comes with categories so just use that. Want to remove the word ‘/category/’ from your permalinks? WordPress SEO (by Yoast) can do that, as can No Category Base. Need to limit an author to a category? Use Author Category! In addition, there are Custom Post Types, which you can create for each ‘category’ and then limit authors using Custom Post Type Privacy.

    WordPress comes with categories and Custom Post Types which let you keep your site looking exactly the same from page to page to page, which is awesome. This is, in an essence, what WordPress was made for. If you don’t want your ‘sections’ to look the same, hey theme templates will let you customize the look and feel of each category (or CPT) as you want. WordPress is crazy flexible, and plugins are phenomenally wonderful to let you customize WordPress to the nth degree. Like categories as subdomains, which means it’s theoretically possible to do the same for a CPT. I know you can map CPTs to domains already.

    Before someone gets all snippy about how too many plugins make your site slow, I have to point out that too many poorly written plugins do this. It’s not the number, it’s the quality. A bad theme can slow your site down too, and I see that every single day.

    You could use Multisite

    So why would I use Multisite for those situations?

    Grumpy Cat: I used Multisite Once. I hated it.What if your ‘sections’ aren’t just meant to segregate content? Like you’re selling eBooks and you want to run a whole special ecommerce tool for tracking and payment. Or maybe you’ve got a membership tool and want to set up a news site where people can register and write, but keep them off the ‘main’ site where you’ll be linking featured content back. What about a site that will exist for a year to represent an event like a WordCamp, and then be ‘retired?’ Suddenly we’re talking categories in a different light, and maybe, just maybe, Multisite would work for this.

    It’s easier in Multisite to totally re-skin a section because it’s using its own theme. You can quickly spin up a child theme just for one site, or use a plugin like the CSS Editor that comes with Jetpack to allow each site it’s own custom CSS.

    Because each site is separate, I can limit plugins and prevent load creep per site. Not every ‘section’ needs the same plugins, after all. And at the same time, the ones that do can be network activated. Also a growing number of plugins are taking Multisite into consideration, like W3 Total Cache now lets the network admin configure a large amount of caching settings for the network as a whole! This number grows every day.

    Which Should I Use

    There isn’t one perfect answer here, but that’s true of all things WordPress. I think my cardinal rules of Multisite are mutable and all colored with a great deal of “It depends.” For every single reason I wouldn’t use Multisite, I also would (and probably have) used it. You have to take into consideration supportability most of all, though. Multisite’s worst flaw is that it leads to cases where your eyes are bigger than your stomach, and your network becomes huge and unwieldily before you’re ready to cope.

    The one rule I’ve yet to break, and one I strongly feel no one should, is this: Never use Multisite if your users cannot know about other sites.

    Other than that? Hey, the world is your oyster!

    Multisite is big. It’s daunting. It’s complicated. It’s still, and probably will always be, harder than running a single blog, which makes sense. You’re no longer running a site, you’re running a network.

  • Giving Back Anew

    Giving Back Anew

    Github, with Jedi and Link

    One of the things that makes WordPress special is that people give back. Even people who make their living off WordPress via their plugins or themes give back in some way, be it testing new versions, submitting patches, or even making suggestions and asking questions. I got my start by giving back and answering low-tech questions in the forums.

    Thus it’s natural that, while testing Easy Digital Download’s new version, I reported problems upstream:

    Two Issues I filed in EDD 1.9

    And perhaps more natural that I made my first attempt at a patch on Github for it as well:

    My first Git Pull request

    My code patch is a total of three lines. Four if you count the one I deleted. That’s all it takes to help contribute. You could even fix a typo.

    What does this have to do with ebooks? The patch I submitted was for the display of the [downloads] shortcode, which will allow you to more easily display a flexible column list of your downloads. If you’ve seen my Catalog page, the books are listed with multiple items per line. But I’m not using any columns. With my code patch, you’ll be able to do this:

    [downloads columns="0" thumbnails="true" orderby="title" order="ASC" buy_button="no" category="wp" price="no"]

    Which outputs no columns and no breakpoints at all. Then you just need some CSS.

    .edd_download_inner {
	float: left;
	width: 290px;
	margin-top: 10px;
	margin-bottom: 20px;
	margin-right: 15px;
	position: relative;
	height: 300px;
	padding-top: 10px;
	background: #F7F7F7;
	border: 1px solid #ddd;
	text-align: center;
}

.edd_downloads_list.edd_download_columns_0 {
	width: inherit;
}

    Voila! Flexible columns!

  • Genesis Design for Gummies

    Genesis Design for Gummies

    You’re not a dummy, right, you know how to write and you know what’s good and what’s not, but the last time you had to edit your CSS your site went white. It’s worse now that you’re using this awesome theme called Genesis where every design is a ‘child’ theme that you don’t even want to edit because if WordPress taught you anything it’s that you don’t touch the plugin and theme files!

    Gummie BearsWell great. Now what?

    I’m not a consultant. I suck at it, I hate it, and I don’t enjoy it. My friends the Norcrosses over at Reaktiv Studios are a dev agency that makes themes and plugins and even updates (they’re not paying me or compensating at all for this statement, I don’t even use ’em, I just like ’em). They’re good at it, and to make their life, and your life, easier, they came up with a new plugin called Genesis Design Palette Pro.

    Previously, if you want to edit your theme, I would have said to use Jetpack’s CSS editor. Heck, that’s really what I do here, since it keeps revisions of your css changes. But most of what people change are the standard things that make your site look like an individual. The CSS is just a wall of weird, codey, text thing that made no sense when I first looked at CSS back in 1999. And that’s really how everyone did stuff back when Prince was en vogue.

    But now there’s that nice Theme Customizer built in to WordPress that lets you edit the most basic (and most commonly used) aspects of your site right there and see the changes live! Wouldn’t it be nice if every theme let you play with its design like this?

    Example of the Theme Customizer

    Come here. Closer. The Genesis Design Pro plugin does that for you in a way that looks ‘right’ and familiar. Don’t believe me?

    Design Pro screenshot

    Looks familiar, don’t it? Okay, it’s not exactly the same, yet, but give it time. You can edit for mobile or desktop, adjust colors and padding with simple interfaces that are way easier for a lot of people to master than the weird CSS world. You can even add that freeform CSS if you want.

    I think my only wish for it would be to have an export to css function, so I could design everything, save it, and then plunk it on a site as is.

  • Ministry of Silly Plugins

    Ministry of Silly Plugins

    It’s been too serious lately, and this is the last (planned) post for the year, so what are your favorite, totally useless, plugins?

    I wrote one. Rickroll – Changes ever video to RickRoll. It’s useless, pointless, and funny. I don’t actually know anyone who uses it.

    Ministry_of_Silly_WalksFor IE6 users, there’s Graceless Degradation which just punishes IE6 users with Comic Sans. Speaking of, there’s also Comic Sans which does it for everyone and Comic Sans FTW which is when you need it on your admin dashboard.

    Not enough color? Suzette likes Nyan Cat. Just a great big NYAN on the screen. Otto wrote Unicornify which makes your gravatars Unicorns (and would Gravatar please buy/absorb them and make them real? Please? More gravatar options needed!). Similarly he wrote Rainbowify, for the gaudiest toolbar ever.

    Need more snark? My snarky friend Andrew likes Get Snarky – one of the goofiest “Hello Dolly” replacements out there.

    Want to live dangerously? Logout Roulette will randomly log you out! One chance in ten is way better than traditional Russian Roulette of course.

    Finally, how about a good old fart joke? Farticles farts while you scroll.

    Small image of silly walks from Monty PythonSomeone might ask “What is the point of these plugins?” To them I say “The same as for Hello Dolly.”

    The point of a plugin isn’t always to do awesome things and make your site have every feature it needs. It’s also to demonstrate the exponential extendability of WordPress. To show you the myriad ways you can take a site and make it wonderful. If learning by being silly is what it takes, then by all means, make a silly plugin! A silly plugin, much like the intentionally evil plugins I like to make, serve the same sort of purpose. Teaching people how to do things in a better way.

    A silly plugin is way less terrifying than an evil one, though I tried to keep my evil down to a low level of annoying rather than truly evil. You can take the bones of either kind of plugin and legitimately do things that really are not in anyone’s best interests, but you can also take them to see how everything is put together in WordPress.

    How have you learned from weird, silly, code?