Tag: wordpress

Resilient Responses in Reviews
I review a lot of code. A lot.

On average, I look at around 100 plugins and themes (combined) per day. If I’m not reviewing code for the WPORG plugin repository, I’m debugging sites for customers, writing my own code to make it better, testing patches for WordPress, and pretty much dancing the dance a lot. I like this sort of thing a lot, since I get to see all sorts of different methods to madness, and it improves my abilities to see people doing it right and wrong.

That said, I’m not the best coder in the universe. I don’t claim to be, I don’t plan to be, and I don’t worry that I’m not. We all have our skills and mine is not to be a psycho awesome super coder. Mine is debugging, breaking, helping people debug and break, and writing. We call that support, generally, and it’s a noble profession! But more on that another day. The fact is I don’t know all the code in WordPress. I’m guilty of doing_it_wrong() often enough. And yet, I don’t see my ignorance to be a detriment to what I do.

In an article “Probability and Possibilities”, my father talks about how we react to natural disasters, and how that impacts how we predict them, and their costs. Near the end, he talks about being prepared by having resilient responses, and lists the following traits of those people/groups:
1. Drawing on experience
2. Questioning that experience
3. Intuition
4. Improvisation, or making the most of materials at hand
5. Listening and speaking
6. Examining preconceptions
7. Ignorance + knowledge = wisdom
8. Recognizing and taking advantage of luck
I didn’t realize it at the time, but my dad raised me to be resilient, because those eight traits are ones I apply constantly to my code reviews. It’s because of those that I’m able to do all those plugin reviews, even when I don’t know all the right moves. As a senator once said, I know it when I see it.

Many times, I’ll review a plugin and flag it saying “This is not secure” or “This is not done properly” and sometimes I’ll take a moment to explain exactly why, but given the sheer volume of reviews I need to get through to keep up my end of the review process I will often use some standard ‘predefined’ replies. I don’t review all plugins, nor do I reply to all the emails, though sometimes I know it looks like I do. Still, if one person has to review 25 plugins a day, and craft a reply for half of them (yes, about half the plugins we get need some sort of reply that isn’t ‘approved!’), how am I, a non-uber coder, capable of actually knowing that the code is wrong?

I’m going to tell you the biggest secret of support ever. You ready?

You don’t have to know how to fix what’s wrong to know that it is, in fact, wrong.

That’s it. Not knowing how to fix things was, I admit, one of the leading causes as to the impostor syndrome feelings I had when writing my WordPress Plugin Support ebook. But the thing was, I knew that the code was right or wrong most of the time. Oh, sure, I make a couple mistakes, but if I see someone calling wp-load.php directly in their code, I’ll tell them it’s not permitted and then they get a canned reply as to why, with some general suggestions.

I stopped worrying about not being able to help someone debug their own plugin for a couple reasons, though. It’s (generally) not my job to help you write your own code. If you have a jquery conflict or need help calling WP functions outside of WP (please don’t), I can help you with a search or suggestions where to ask, but just because I don’t know the answer doesn’t make my telling you that you’re not permitted to do something in the WPORG repository invalid.

Ah, there’s the crux isn’t it? Someone was doing code in a totally janky way. It happens. Most of the time, we end up doing this by accident, not knowing there’s already a WP function or action to use for it. We reinvent the wheel by accident. Let’s pretend this guy was using his own copy of jQuery. Now, as we all know, you don’t need to do that! WordPress comes with jQuery and you can just enqueue it. So there’s a canned email we send, explaining you can’t include your own, nor can you call it remotely, please use ours.

The reply comes back “My code won’t work without my own.”

So I reply to the effect of “Please correct your code to work with our version of jQuery. The most common cause of these conflicts is not writing your code to work in no-conflict mode.” And then there was a series of links.

He replied, “Why don’t you just tell me what I did wrong?”

I explained I would if I could. But I don’t know his code, I’m not awesome at jQuery, I don’t care to reverse engineer everything to figure out exactly what’s broken, and it’s not my plugin anyway. So … no. I don’t know how to fix it, but I do know that, having listened to a lot of smart people and having read a lot of code, that the primary cause is an issue with no-conflict mode. So I can Google that and get wp_enqueue_script() – jQuery noConflict Wrappers as a hit (this is the WordPress Codex) and read that this happens if you use the $ shortcut, so I take a second look at his code, determine this is the case (though perhaps not the cause of all issues), and reply back with that info and a link. I’m helpful.

He doesn’t agree. “If you know so much, you should fix it.”

No, sorry. This time I explain I don’t know much more than that as I’m not great with JS yet, and now I expect to get smarmy commentary on how, if I don’t know how to fix it, I don’t have the right to tell him it’s wrong. After all, I’ve heard that a hundred times before. Instead, this guy says “Yeah, I don’t know either, so who am I to judge? Okay, any suggestions where to ask for help?” After picking my jaw off the floor, I sent him to wp-hackers and stack-exchange, after doing a quick search to see what other direct links might help, including one on SE that looked like the absolute answer. He came back, said the SE answer was it, and everyone was happy!

I solved the issue by being resilient, and giving the ultimate support. Also now the guy has the tools to do it himself next time.
31 March, 2014
ZOMG! You Stole My Code!

While the GPL is pretty clear about this, and my personal moral code is as well, the topic today is not about the question of is it right to resell someone else’s work, but what do you do when someone’s reselling yours?

This happened to my friend not too long ago. Someone else took her theme and was reselling it and you either already know who it is or you don’t, it doesn’t matter for the sake of this story. Now, the issue was not if they could resell it, we all agreed they could. The issue was how they resold it. That is, they took her images, much of her ad copy, and resold it, presenting it as if it was their own code. And that was, we all agreed, wrong. That’s fraud, in my eyes. You’re taking someone else’s work and claiming ownership of it. But. That wasn’t my fight, it was my friend’s, and all I could offer was some moral support and connections.

But when this happens to you, what do you do?

First, don’t type angry. It’s okay to type while you’re mad, but if you’re like me, and your skin heats up when you’re angry and you get all green and violent (I type really loudly), it’s probably a good moment to step back and think about why you’re angry. After all, GPL says this is allowed, right? I get mad because of perceived ownership. It’s one of my things. You should never claim to be something you’re not and you shouldn’t sell something that isn’t yours.

And that’s the angle I’d use to approach the situation. I would find the person, ping them privately if possible (almost everyone has a contact page these days) and ask them if they could change the wording to make it clear that this isn’t their code, it’s mine, and they’re using and providing it without the support of the original author. That’s what my friend did, and that’s also what the other people whose themes were being resold did. They pointed out that the reselling was confusing to the customers, and the customers got an unlicensed product.

What if that fails? Well. Now it’s messy. Legally if they’re taking my content and putting it up on their site with verbiage that implies it’s theirs, I have a DMCA takedown right. My content is all under copyright (I have not, nor will I any time soon, chose to go copyless) and I use the CC BY-NC-SA 3.0 license, so if you use my content, wholesale, without attribution, you’re stealing. But this isn’t about my content, it’s my code, and all my code is released GPLv2 (unless otherwise noted). That means in order for me to come up and tap your shoulder, you have to take my code and my content.

Boy this got complicated. But if I ping you and say “Hey, bro, not cool.” and you ignore me, or tell me to sod off, I’ll come back and ping your webhost. “Hi, this guy is stealing my content. I asked him nicely to stop. Here’s a copy of our conversation.” I should note, none of the times I’ve ever had to do this have gotten past this step. The hosts have always stepped in, poked the perpetrator, and that was that. The times I was the bad guy (reprinting news articles), the content owners have only ever had to ask me to take it down. It’s never gotten past me.

Well okay, so what happens if the host says “Tough luck” or “We agree, but we can’t do anything without a takedown notice.” Now you bring in the law and file a DMCA (Digital Millennium Copyright Act) take down. DMCA is a U.S Copyright Law covering intellectual property. Your blog posts and ad-copy are your intellectual property. This went to a pretty dark place, didn’t it? I mean, I hate the DRM with a passion, and I freely give away my stuff, so let’s stop talking about the legal stuff. You can look it up on your own if you really want to know how to file all that.

Most of the ‘handling’ of someone who steals your stuff isn’t even the legal hassle, anyway. It’s just the pain of getting in touch with them, explaining the situation, and getting it sorted. And the headaches come from having to explain over and over that you’re not mad (though you probably are) and you just want them to stop making it look like they’re you, please and thank you.

Okay, so how might I justify selling someone else’s theme or plugin? I would sell a service. It’s really that simple. I would sell the downloading, installing, configuring, and tweaking of the product. I would charge them the raw cost of the product AND give them the license information (it’s their now). I may charge them for some ‘placeholder’ text to import via the WP importer, and to import it. Certainly I would charge for some training on how to do this going forward. But the thing I wouldn’t do is actually say “This is our plugin” or “This is my theme.” Because it’s not.

I’m just making sure you can have the theme better, faster, and easier. Plus now they can upgrade and I can go to Fiji!

28 March, 2014
Migrating A WordPress Site With wp-cli
This is … crazy simple. I wanted to move a site from ipstenu.org to ipstenu.com (yes, I own that too). While ipstenu.org is a Multisite network, ipstenu.com is where I put a ton of add-on domains. I was moving a site over and, as it was WordPress, did it in a matter of minutes.

Add the domain to the … domain

Since I don’t care to have multiple hosting accounts, and I’m the only one with SSH/FTP access, it’s safe enough for me to do this. There is a risk when you share multiple domains in one hosting account, that if one gets hacked they’re all vulnerable, but I consider it low in my situation. Every plugin is vetted, every file is checked, and then I went and gave each add-on it’s own FTP account. Neurotic? Thy name is me.

Anyway, I add the new domain to my hosting where I want it.

Create the new DB

I have to make a new database, and generally a new DB user, on the server too.

Export!

On existing hosting, I do this:
```
wp db export
```
That gives me my SQL file, thanks to WP-CLI. It’ll be named example_com.sql and will sit in my folder with .htaccess and everything else.

Copy!

I do it via SSH. I go to the new location and run this:
```
scp -r olduser@example.com:path/to/files/ .
```
Since I have ssh keys set up, it’s easy. If I don’t, I’ll put in the password, but that’s straightforward.

Edit wp-config.php

Now I have to point to the new DB. Sometimes I name it the same, but usually I don’t, so I’ll edit the DB name, DB user, and password.

Import the old DB

Ready?
```
wp db import example_com.sql
```
Boom. It’s all dumped in! Only two steps left!

Search & Replace

I love this one.
```
wp search-replace example.com newexample.com --dry-run
```
I ALWAYS dryrun test it. This is a serialization safe search, so rarely is it ever going to be an issue to just run, but it lets me make sure I don’t get any wonky results. I never have, so re-run without dry-run.

Cleanup!

Delete the SQL file, delete the old files on the old server.

Drink

I moved code. That’s shipping, right? Or is it margaritas are for migrations?
26 March, 2014
Category or Tag?
Everyone in WordPress has probably heard the advice of Lorelle VanFossen on the subject of Categories or Tags. I’m sure her 2005 post will remain, forever, one of her most popular posts, much like mine about why you shouldn’t use Multisite will be one of mine. And why is that? Well it’s simple.

She’s right.

She gives information in a clear, direct, concise way, and she’s right. She will always be right. No, sorry, if you disagree, you’re just wrong. Category abuse is like menu abuse in that it confuses your readers. If you’re organizing things in too many directions at once, the sense of location is lost and no one cares anymore.

But still, people ask which do you use and where and why? For me it’s really simple.
- Categories are organized
- Tags are free form
To me that means I need to organize my posts on a site to major topics. This is a tech blog, so I’m probably going to talk about how things are and how they do it, and how you do it. That means I really don’t need much more than three categories. I ended up with five, since I decided a CPT for presentations and another for videos wasn’t really needed. Categories categorize, though. It’s simple and straight forward. A category is a room in my house.

The tags are the items in my house and they can go in any room. They’re the minor topics of my site. Like my iPad can come into my bedroom or bathroom (we all do it), the post about plugins could be philosophical or explanatory. The little things versus the big things, as it were. The tags are all those little things scattered around the site.

But what good are they to anyone? They’re both aspects of organization, and they’re both somewhat useful to find old posts, but do your readers ever use them? It’s funny when you think about how much time we spend trying to make all these aspects of our site ‘perfect’ and how few people actually use them. Like I did a study on this site for related posts. I measured, using my analytics, how many people used them to click through and came out with a resounding “Less than a dozen.”

Same general test on another site? Over a hundred. And on that site, no one clicked on tags. They don’t really here either, but since I use categories to organize ‘sections’ of the site, those get used a lot everywhere. And if you can’t tell, this is all a lot of work. You’ve got to work hard to make the site flow right for your users and visitors. For your product, you have to consider what you’re sharing and selling, and how people logically get around. You need to study, watch, and experiment.

The real answer to category or tag is, of course, what works for you. But when you’re starting out, listen to Auntie Lorelle.
24 March, 2014
I Don’t Care If You Use Multisite

I love Multisite. I think it’s awesome. It makes my personal life way easier, it helped me write a book and get a job, and it’s a totally cool aspect of WordPress that is still underdeveloped but a very hard worker. Multisite could be so much more, and it’s still that new kid on the block, but it’s growing every day.

When I tell people over and over again that they shouldn’t use WordPress Multisite, I do so knowing there’s a good time to break every reason I said not to use it. After all, why not use it?

But there’s one big question I don’t answer in the WordPress forums anymore, and that is “Should I use WordPress Multisite?” Oh I may clarify specific moments in what I said in other places (like you can duplicate content, but I don’t believe you should), but I won’t get into conversations of “Is this a good use case?” The reason why is that I cannot tell you, quickly, if you’re a good candidate for being a WP Multisite Admin, nor can I glance and say that your situation and environment is perfect for multisite. And the reason for this is that Multisite is complicated.

Actually that’s wrong. The reason is I don’t know, and neither do you.

Do you remember, way back when you started with websites, and you first looked at WordPress and asked yourself “Is WordPress right for me?” Someone probably said “It can be.” or “Maybe.” Oh I’m sure someone said “Of course!” And another person said “No way!” But the point of all of those answers is that it depends.

When you consider using Multisite, or WordPress (or anything) for that matter, you should take stock of what you want to do. Does the product, natively, support those things out of the box? Do people complain that doing something is really hard? Do people say it’s weird, but works? Do people suggest plugins? None of those things are reasons to not use the product, whatever it is, but it’s getting an understanding as to what world you’re stepping into that is important.

But I know, I just know, one of you will post a comment here “Mika, I just want to know if I should use Multisite! Please tell me!”

No.

It takes me about an hour to determine if you and your current site are a candidate for Multisite (and yes, I have rules). Then there’s another two to three hours going over your specs (and probably pushing to get more details) and making sure this can’t be done easily with a standard WordPress install, that it can be done with WordPress, if there are extant plugins, and if there’s custom work that’s going to be needed.

Basically it’ll be about half a day spent to give you the answer you deserve, and even then, it’s not going to be the full answer because you’ve probably forgotten to tell me something like “I need non-logged in users to be able to upload files.” or “This will be on Windows IIS.”

Hopefully at this point you’re thinking that’s fair of me. Four hours of my time is worth around $1000 USD (my going rate is $250/hour when I’m available, which is rare), and while I’d be happy to do a flat-fee for that sort of thing, no one in the history of ever has come to me with a clean and precise list of what they need and why and how they plan to grow.

Which brings me back to why I just can’t do this anymore. I just don’t know. I don’t know you, I don’t know your skills. I don’t know the skills of your users and I don’t know your future plans. I don’t know if you’ve compared the options yet. I don’t know your feelings about custom code and a lot of plugins. I don’t know your requirements. I don’t know if you want to have multiple sites with no admins, or a network with a hundred super admins (please don’t do either of those things). I don’t know your SSL requirements, your domain mappings, your servers, or your host. And because I don’t know those, I can’t answer the question fairly.

I don’t care if you use it or if you use multiple separate sites. I do care that you understand that multisite is complex and I care a great deal that you’ve researched your options. I care that you ask questions like “If my database gets too big, can I split it with Multisite?” (Yes, use HyperDB or SharDB.) I care that you consider “Is a custom post type slower or faster than a separate site on a network?” (Neither, as it happens. They’re about the same.) I get really happy if you ask specific questions, actually. You know, the ones that tell us you’ve looked into this and thought about it.

The answer to “Should I use Multisite is?” is a question.

“Are you prepared to use Multisite?”

19 March, 2014
Embedding Videos from TVGuide
This one goes out to my fellow fansites.

There are a lot of you guys who use WordPress (probably that’s my fault) and like me, you bash your head in when a news source makes a video embedable, but only if you use their code. Why is this a problem? Most of us like using WP’s visual editor, and that means we have to switch to text mode, paste this in, and then never ever ever visit that page in the visual editor again:
```
<script src="http://player.ooyala.com/player.js?width=600&amp;amp;video_pcode=VlajQ6DTdv9-OYPHSJq6w4eU0Bfi&amp;amp;embedCode=NwdzM3aDp4BB3-MEdPemlMJK5XH7ZVdn&amp;amp;height=337&amp;amp;deepLinkEmbedCode=NwdzM3aDp4BB3-MEdPemlMJK5XH7ZVdn"></script>
```
Augh!

In part this is because WordPress uses TinyMCE for editing GUI-like, and switching between visual and text mode kills things. But on the other hand, how come we can just paste in a YouTube URL and that works? Well it’s a magical thing called Embeds, and basically WordPress sees that URL for YouTube and knows “OH, I should be a video and YouTube has a special code on it’s sever to tell me how to display it! Yay!”

Not everyone has that. TV Guide, CBS, etc. I’m looking at you. Where this makes sense is where they do not want you to embed a video because they want the traffic to themselves, which is fine. We can link. But where it’s daft is when they make it embeddable, give you that link, but it’s flipping ugly and can’t be used in the visual editor!

For TV Guide, at least, there’s a fix. Ooyala Video Browser.

While the search function doesn’t work ‘great’ right now, probably because I’m searching for their videos with the wrong keywords, but still I was able to embed a video like this:
```
[ooyala code="NwdzM3aDp4BB3-MEdPemlMJK5XH7ZVdn" player_id="undefined"]
```
The ‘code’ is the ’embedCode’ from the embed they gave me before.

I can also use this:
```
[ooyala code="NwdzM3aDp4BB3-MEdPemlMJK5XH7ZVdn" player_id=&"VlajQ6DTdv9-OYPHSJq6w4eU0Bfi"]
```
Using ‘video_pcode’ for ‘player_id’

So this wasn’t super obvious, and personally I would love it if Ooyala had an oembed and then a ‘share this on WordPress’ link for things, but seeing as Automattic (and Pete! Hi Pete!) helped with the plugin, this may be as good as it gets for now. Maybe they could marry it into the Media Uploader, below ‘Insert from URL’ – have ‘Insert from Ooyala’. Dreams. I haz them.

There’s a lot to this plugin that I didn’t need, though. After all, since I don’t have an account, I don’t need all the search stuff, so I stripped it down to just this (which is an mu-plugin):
```
/**
 * Ooyala Shortcodes
 * Usually for crap like TV Guide
 * Example: [ooyala video_pcode="VlajQ6DTdv9-OYPHSJq6w4eU0Bfi" width="222" embedCode="NwdzM3aDp4BB3-MEdPemlMJK5XH7ZVdn"]
 */
add_shortcode( 'ooyala', 'ooyala_shortcode' );

function ooyala_shortcode( $atts ) {
	extract(shortcode_atts(array(
		'width' => '500',
		'video_pcode' => '',
		'embedcode' => '',
		), $atts
	));

	$width = (int) $width;
	$height = floor( $width*9/16 );
		
	if ( !is_feed() ) {
		$output = '<script src="http://player.ooyala.com/player.js?video_pcode='.$video_pcode.'&amp;width='.$width.'&amp;deepLinkEmbedCode='.$embedcode.'&amp;height='.$height.'&amp;embedCode='.$embedcode.'"></script>';
	} elseif ( $options['show_in_feed']  ) {
		$output = __('[There is a video that cannot be displayed in this feed. ', 'ooyalavideo').'<a href="'.get_permalink().'">'.__('Visit the blog entry to see the video.]','ooyalavideo').'</a>';
	}
	return $output;
}
```
And that is that!
17 March, 2014