Episode 273: Talking Modern WordPress


Show Summary

Rob Cairns talks to Tom Finley about Modern WordPress.

Show Highlights:

  1. What is Modern WordPress?
  2. What changes are making WordPress better.
  3. The impact of blocks and Full Site Editing for WordPress.
  4. What is in the future for WordPress.

Show Notes

Hey, everybody, Rob Cairns here today.

I’m here with my guest Tom Finley of Pruf Creative.

How are you today, Tom?

Thanks, Rob.

How are you?

Doing well, we had a lot of good chat before we went to record and I think this will be a great enlightenment for the listeners.

Uhm, I like to start by asking people what’s your WordPress origin story and how did you get in the WordPress?

WordPress word and story so I I.

Was an HTML guy for a long time, didn’t really.

Get in the mices that heavily and a friend of mine was really big on writing.

You know, fiction stories and personal blogging and basically said hey can can you?

Set this up for me.

And I did that and you know I supported it for for a few years and kind of.

Went on my way doing other things.

Was an in house designer for a company that didn’t use a content management system and and then eventually got into movable type.

And at some point I needed a job where press was getting really.

So I started.

I started.

Basically experimenting with WordPress and I Remember Remember my first paying client was.

Was my dad.

And I built I.

Built a theme for his hohs on Kubrick.

And then a buddy of mine needed.

A website and I built his.

His theme on it was a.

Automattic offering theme shaper, I can’t remember for the.

Life of me, what it was called.

Did a couple more of those sites and.

Ended up at a small agency in Hagerstown, MD.

And they introduced me to Genesis and not really, I guess.

That’s my super villain Origin story once I once I.

I I got a.

Hold of Genesis framework.

That’s all she wrote.

That’s pretty much all I used.

And, and you know, I mean I’ve been doing this now since I think 2010.

As a job.

Uhm, WordPress since maybe 2006? Uhm, since it was a wee baby so.

I have been on it for a while now.

Yeah, you started your agency about the time I did.

So we’re we’re kind of in the same.

Uh, age group there?

I started mining in 10 as well, so that’s interesting.

Well, this is my I’m on my second agency.

I shut the first one down and, you know, started working for other people again.

This may have a little bit more staying power and.

I I really feel the energy.

I don’t know if.

You want to call it.

Like the full site editing movement.

The block movement, but.

But I I definitely.

I definitely believe when when Brian Gardner and Nick Diego say that there’s really never better a time to embrace this paradigm shift.

I believe that.

I agree 100% I think.

Dumb, I think boxer the future. I think full site editing’s the future and the future’s now. I really believe that. I remember when.

Blocks dropped at Gutenberg dropped a word Camp USA number of years ago Word Camp Toronto was weekend.

And when word got out, it was gonna officially drop at word camp. USI kind of shook my head and said.

I want no part of this.

And then I made a decision about a year and a half ago as things matured, I want a big part of this and I, you know, because the guys like Brian Gardner, Nick Diego and and many others, it’s made the transition to blocks really easy, I think.

It has I I remember, I I guess I don’t remember specifically like where I was when I first heard about blocks and, you know, when I first started actually touching them in the editor.

But I also.

Do remember slapping Gutenberg ramp on everything.

Like my life depended on.

It because, you know, I was.

I was.

Definitely unwilling to to to embrace the technology at that point and I think that.

You know, I mean, we’re probably talking about when, when did that? Wouldn’t it actually come out 2019?

Uh, yeah.

2018-2019 yeah, so. So I mean.

There, there’s, there’s still.

A lot that needs to be done in in block land.

And you know I I certainly don’t want to malign.

Anyone effort? I really uhm.

Admire all the work that the contributors have done and the plugin theme developers.

I mean, uhm.

You know, sort of one thing and forms another.

Brian Gardner and I were talking about.

Genesis blocks the other day.

And I mean there are so.

Many elements of of plugins like that that have found their way into core, right?

But it’s taken.

Three to four years in some circumstances.

So uhm you know we have some miles to go yet but I’m definitely not not as fearful and and and have have some and I have one really hefty.

Publication site running on blocks so.

Uhm, it’s a little late for me to.

Back out now.

So, So what I’d like to ask you is that publication site when you went to box?

Uhm, what did that do for your speed scores ’cause one of the things I noticed and I talk about quite frequently is.

The minute I dumped my page builder on my site, which at the time was Beaver Builder with an Astro theme, and I cut over to Cadence and Cadence walks.

My speed scores went up by 10 points and I I talk about that quite a bit ’cause it did wonders and I’ve actually got the screenshots before and after to show it when people say not couldn’t.

If I said well yeah it did, what did that do to your speed score on that publication?

Should say.

So the the site.

Is DC beer.com? I’m allowed to talk about it because I’m.

A de facto.

Contributor to the site and and uh.

They were running.

I want to say it was WP Bakery, visual composer and and.

Uh, theme pencey that was specially made for that.

And as far as as.

Far as WP Bakery visual.

Composer themes go it actually was surprisingly good theme.

Uhm, but in switching over and pulling trigger on the live site?

It was actually a.

Pretty significant update to the theme that I used for it, which is an I.

Know theme from.

Element studio.

They released uh, they release a theme update that.

Increase the speed score even more, but I want to say that.

It’s like a 20 or 30% point difference for the DC beer.com relaunch. I mean it’s especially for mobile, you know, the speed score isn’t as good for mobile. It’s pretty image intensive site even though it’s mainly.

It’s still ridiculously dramatic on, you know, both dimensions, mobile and desktop and.

You know, I think.

It it depends on your caching layers, so.

I use WP.

Engine they have the object oriented caching may also have you know CDN.

That’s, I think, now backed up by Cloudflare.

Correct, powered by Cloudflare.

So, so yeah, it’s just.

It’s night and day difference.

Visiting that site on a on.

A mobile device is.

Just a huge shift for the readers.

Uh, it’s a huge shift for for even, you know, the other contributors, they they.

Quite often.

Tell me that, uhm.

Which is a major.

Major upheaval in a good way.

Yeah, it is.

And I, you know, I’ve been kinda, I’m glad you shared that story because I’ve kind of been stressing with clients with other people in the WordPress community.

That one of the compelling reasons to go to bar is the speech course it and and it.

Unfortunately with Google, it matters so much today.

And mobile speed scores manage even more because we all know over 50% of your web searches are are done on a phone or a tablet or an iPad or an Android tablet, I mean.

I don’t know about you, but I know when I browse the web, if I’m sitting around at night, I’ve probably got a phone or a tablet on my lap, if not both, and not a PC or.

Or a Mac at the Times.

Uh, I’m.

I definitely am a phone.

First guy but.

It it kind.

Of it’s very contextual for me, right?

Yeah, uh, with DC beer they write a lot of long form content.

Well, a decent amount, but let me reframe that.

So it depends.

You know, and and if I’m on.

Something like the Atlantic or or bum, you know?

One of those sort.

Of heavy hitter, kind of.

Long form content type of sites.

I generally will.

Send the page to my desktop browser and read it later.

Uhm, but.

But yeah, I mean.

I I don’t think that there is.

Any site for a modern business publication nowadays that isn’t getting at least 25 to 50% of their traffic?

From mobile devices, period, right?

Uhm, and?

You know, I’m not.

I I’m.

I’m not going to pretend that I’m particularly gifted at persuading people to upgrade the blocks because a couple times I have attempted it it, you know, they just weren’t getting it.

Uhm, but.

It it.

It’s significantly faster and better for me, and I feel like a lot of a lot of that, that conversation around the democratization of websites.

Oh, you have an org or a business that you.

I mean, you need to have a website, you need to have a.

Website That you can edit it.

It really is finally born out in the form of blocks, right?

I mean before with Shortcodes.

Didn’t really cut it.

A lot of us made do with advanced custom fields or or.

Pivoted like you to Beaver.

Builder and Elementor which is fine.

But having managed some.

Fairly large content driven sites.

There are problems.

With doing that.

I would agree with it.

There’s there’s big problems and it’s funny you mentioned Beaver Builder before I went to Beaver Builder.

I was playing with headway.

If you remember those days, there’s there’s it from.

The past. Yeah. Wow. Yeah.

And, and I mean they.

They seem pretty promising too, right?

But yeah, I actually, you know, I guess to brag about some other sites in My Portfolio as it were.

I I was hired circa 2014 by Shenandoah University to help migrate their site to more modern WordPress paradigm and.

The company that they engaged, I mean, and it was like only a year or two before they hired me to redo their existing site that I was inheriting its base here in Alexandria, VA WDG did really great work.

Uhm, they set the site up on.

Karrington build.

Which was?

Uhm, I I think it may have been one of the very earliest visual builders right up there with like visual composer and.

We had we, we.

Spent a year extracting all the content from the database basically.

Or well it was more really just copying and pasting from 1 instance to another and and putting as much in the WordPress editor as we could.

Using some shortcodes for situations where we needed, you know, like FHQ, accordions etc and and then later I ended up.

Rolling some some.

Homebrew ACF solutions to help them manage their you know, their their curriculum pages.

Uhm, but yeah, I mean the IT all started with they they they knew that they were stuck.

They were afraid to upgrade, right?

Yeah, because of how tightly coupled their theme was with this.

This early builder.

And uhm.

You know, I think that that touches on and asked another aspect, not just.

What’s going on with your content in terms?

Of the code, but.

What’s happening with the theme, you know?

Come with a lot of block themes.

Even if the blocks aren’t necessarily available.

To another theme.

Yeah, you can still switch, right?

And your content is largely intact and and I.

I do you know I do have a a thing that I.

Say to people and would be really like forthright.

About it when you tell me.

Is Beaver Builder or elementor?

To build your sites.

I don’t have a problem with that, but to me those aren’t necessarily WordPress sites, right?

Because the way that the data gets stored makes it infinitely harder for me coming behind it.

To get it out.

No, no, no question.

I mean, I know when I moved my own site, what a painstaking task it was.

And I was sharing within I’ve shared on this podcast.

I did it on a live site.

A mistake number one mistake #2 was at the time I had.

I was hovering around 180 podcast episodes, so that was why I didn’t on the live site, because.

The blog posts had to be done one at a time, and I changed my podcast host at the same time in the middle of it, which I’m no longer with.

And I I did all that all at once and it was just like.

It is a job to go from a page build.

To come to box it is a lot of work.

You really shot from the.

Hip all now and.

Then you know, yeah.

I did.

Well, I can’t blame.

You, though, I mean you.

You know, sometimes.

You just.

Want to get it?

And and also it it it probably held your feet to the fire a little bit right?

But it’s OK.

It’s ’cause it, it it.

Was your site right?

Uhm, you didn’t at least.

You didn’t have a client.

Coming after you angrily with.

Large scissors, right?

No, not at all.

Not at all.

I’ve had enough for that lately.

For other reasons that we shall not discuss.

Yeah, yeah, but.

So, so you’re.

You told me you’re you’re you’re a a big cadence fan.

I am.

How did you arrive?

How did you arrive to that?

I looked at a number of themes and like Genesis Box was in my repertoire at the time, was in my raid.

And I I just at the time there was a pile of stuff that cadence was doing and that they were gonna jump long term in a road map into the woo space.

And I just said, OK, that’s it.

I’m in with Cadence and that was what did that.

Now I should also say.

Just from interest standpoint.

I’m also a little bit in with I teams for some other stuff, which is also in the stellar family.

I’m an RCP user restrict content pro.

I’m a I theme security user and believe it or not, I’m a backup buddy user.

Uhm, that factored a little bit into it as well, that I already had stuff in that ecosystem, so it just made the choices a little more easier for me.

What is your?

What is your box stack?

So it depends.

I I started off really leaning heavily into frost from from Brian Gardner and Nick Diego.

OK.

And uh.

I was on a webinar.

Or something in.

That nature with Brian and Nick and and Nick said.

Oh, you wanna know?

Who’s doing something really cool and ingenious?

Not just with.

Their blocks, but with their business and of.

Course you know me, I’m like.

Yes, I do.

Yeah, of course.

And he and he and he dropped a link to the I know themes, which is a I and O for your listeners.

I would not check them out and use their free theme, the I know theme.

And I think I.

Use it for about a week for free. And then I spent the 100 or whatever for their preliminary membership offering and.

And, and I would say it’s well worth it.

Uhm, especially for.

If you want to make a designers site.

That’s what I really favor, because they’ve got.

Just this uncanny.

Really you know word press way sort of set of design controls for the blocks, but it’s all based with flexbox and grid.

There there are bad ways of assigning attributes to blocks, you know, whether that be like margins, padding, even font sizes.

Uhm, that?

You can.

You can assign an entirely different set of attributes depending on the break point and before WordPress core even had there.

Modular type scale built and I know had figured that out.

So what you get from that are these really beautifully fluid.

Uhm. Sites and uhm.

You know I.

Have to I have to tell myself I’m a little spoiled. I’ve been working with Brian Gardner’s Bright mode for My Portfolio theme, which is a wonderful theme.

Uhm, very few failings, but I find myself wanting to to add add certain types of things like margins and padding that aren’t aren’t active.

Uhm, you know.

I guess in court.

Uhm. And and it.

It just goes to show you.

That that there are plug-in developers out there and theme developers out there.

That are really sensitive to the needs of their customer base and and they’re not they’re not content to wait for you know the contributors to to add.

I will.

All that stuff.

They’ve done a fantastic job specifically, I know.

So, you know, along the lines of cadence, you know, I’m a, I’m an event calendar.

Customer I’m, I’m also on RCP.

Uhm, subscriber for a couple of of my sites and I I think they make good stuff.

I’m really interested in checking out Cadence I.

I think I think one of the.

One of the interesting facets of that ithemes dynamic is that.

Uh, events calendar has really held back a lot and in terms of of converting their their templating system to blocks and.

Experiencing it first hand, it’s a little frustrating.

And you know I can’t I.

Can’t fault them for the.

Business decision.

I’m not in that work.

Right, but as a user I have.

A couple different ways that.

Events show up, you know, relative to blocks, and the templates are all very much PHP driven.

So it’s it’s been it’s been an uphill.

Battle and and I’m hoping that that relationship with Cadence tightens up and they can really get on the same page.

Yeah, I I think it’s headed there.

Uh, knowing who I know over there and little bit of a disclaimer for listeners.

Kathy’s aunt, who’s the marketing lead over Cadence, is a good personal friend and.

You know, I think, I think it will tighten up because I actually think Ben Ritner and I was saying to you before we went to record, I think he’s a really good developer and he knows what he’s doing and he’s passionate about his product.

So, and he was the founder of Cadence and I think he’s got his head screwed on where it needs to be and he’s listening to his.

Users and to me that’s really important.

I’m not saying others don’t, I just know Ben is.

Uhm, the other thing I’d throw into the mix and I failed to mention is I also run a little cool little plugin called editor plus by extend if I and many people are dumb.

Aware of editor plus and I just find that it gives me some styling quick options that are not in core right now that it can do really quickly and to me that is.

Saved my bacon on a few design projects already.

Where were you last week?

I use this.

I was on the case.

Right.

Free crap.

Yeah, I know.

Jason till till I showed up on Friday as you know so yeah I know it’s it’s like and we all toy and I know you were talking about padding and it was interesting because vertical right you were at the time of this record today you were on a got into a Twitter conversation.

About exactly padding somebody and a question.

It always seems to be an issue.

Right now if you’re using core box like it’s just.

We need the add-ons, right?

Yeah, we do and, and I mean there’s, there’s the added, uhm, I guess bonus, uh, you know.

One of the reasons I I stopped going bleeding Edge was because I got I got bitten in the **** by running Gutenberg on the production site and.

It’s current iteration of Gutenberg circa 14.0. Point three has additional padding.

Attributes it you can.

Give to blocks, but they’re not backwards compatible.

And I actually started, I think experiencing block.

Corruption as a result.

So I really backed off.

Of features that I knew were.

More experimental, I do know that the.

And and I’m running the Gutenberg plugin on production.

Science. So there you go.

But yeah, you know, like between the layout shifts and a couple of other issues, I mean I I know good things are coming down the pipe.

Uhm, in that regard?

But I’ve had to just kind of take a step back and and and you know tend to my flock as it were using using exclusively core and just accept the fact that.

I wasn’t going to.

Have the the bells and whistles.

But good stuff.

Is coming down the road, you know and.

The more it.

The longer that those features stick around, the more stable plugins and themes will be.

So really, I mean for me.

The, the, the thing on the horizon that I’m looking towards altogether really is stability because that informs what we can put in front of clients right and and reliably so because there are clients that I know right that can handle the block experience right now and then I have other clients.

They know there’s no way.

That I can do that?

Uh, it just wouldn’t be fair to to either of us.

So, uhm.

Yeah, I’m looking forward to the discussion that we’re going to have this upcoming Friday on.

WP build mode?

Yep, plug for them I think.

About block locking hopefully.

I I hope so too, ’cause you know where I stand on that one, yeah.

I think I think block.

And and what I’d like to see kind of come.

Out of that.

Is or or earliest in in the future.

Is. Is maybe.

You know, global settings that we could import from one site to another site because I know another one of my pain points with blocks is having to sort of re architect the same stuff where you know with with like Genesis I I totally had my own.

Starter template and I don’t really have that with the blocks because the content is so deeply intertwined and you know what’s being laid out in the code for blocks and I’m not there yet, like I don’t know how to author on the on the theme and the block side.

Yeah, I I hear you on that one.

I think blockings in important part as we move forward.

I’ve already gone through one occurrence where.

I had a client who had admin rights.

Whose intern didn’t have admin rights and then convinced the coin he needed admin rights to do what he wanted to do.

Without going through me.

The problem is with walk locking in the current format.

Oh no.

He decided to move stuff around on me.

And you know how well that went, don’t you?

And then I had to wrap the clients hand and this particular clients a good friend of mine, he runs a retail store.

And his wife, his business partner and I looked as wife and said I’m taking away admin rights from everybody and if you don’t like it you can go elsewhere.

And I took away admin rights from everybody but me and uh, so I think block Locking has to go in.

I think come, you know, we’ve got to think more with clients about what we do with user roles and do we give.

Clients the whole kitchen sink?

Or do we only give them what they need so that they protect them?

From themselves kinda deal.

I think we got to really start thinking that as designers and developers, we really do.

I I agree.

My my, my mind.

Has definitely started to to head.

That way as well.

I have not had to be as concerned about it for.

Many, many years.

Even when I was running.

That university site.

The user roles were not a terribly.

Huge source of concern.

And now I think that.

You have a.

Lot more nuances within WordPress regarding user roles because you know, like woo commerce, you have, you have shop managers.

I think you have a couple different.

Uhm, tiers of users there.

Also a newsletter glue customer.

Shout out to Leslie from the newsletter.

Glue they have, yeah?

Outstanding job with that plugin and keeping.

Pace with the.

UM, I don’t know if they sleep up, but at any rate, they they have, you know, they have a uh newsletter manager role and with the capabilities that we now have for these sites, you.

You know, running entire educational institutions or even enterprise websites on them it it it certainly is necessary to.

An approach to user roles and and definitely make sure that that there are portions of these sites that can’t be disrupted.

You know through.

Even the best of intentions?

I I agree with you, I wholeheartedly agree with you.

And while we’re talking about user roles and bar clocking.

Uh, we’re sort of talking beforehand and said now maybe we should jump in this security.

So it’s just a good segue at.

That I’m uhm.

What do you?

And I know you’re with WP engine and we all know in our business security is based on trust, and I wholeheartedly agree with that.

Uhm, what do you use besides WP engine is being your partner in security?

Do you do anything special?

Not really.

It it pretty much is, is exclusively trust in that platform what I can say.

To that is that.

I ended up on WP engine.

Partially because.

I’m a.

A fairly shrewd mind about when I’m.

You know, going to land in hot water and.

I’ve been. I’ve been warned.

When I started the roller Shenandoah University that they were undergoing a lot of ongoing DDoS attacks.

Hacking attempts, etc.

And so you know.

They had really been.

Through Cloudflare and Rackspace, when I relaunched the site, we moved to some allegedly Whiteglove hosting company in Baltimore.

And I got to the point where maybe six months later, it was definitely the summer.

I remember it being hot.

And I was. I’m, I’m.

Very unhappy when I’m hot anyway and and the university site was not being well trafficked by students because it was the summer, but it was crashing about 10 times.

That and and and I had to be.

I had to get on the phone to have them manually reset the server.

Every time.

It went down.

And and I had already begun hatching a plan to migrate the site.

A very good friend of mine whose name is Aaron Collegeman.

He used to work for a company called.

Squidoo and he’s.

Kind of a big name in PHP I think.

Uhm, Aaron helped me leapfrog to WP engine.

I think we migrated in under a week or two and as soon as we migrated to WP engine it all stopped.

So I have no doubt.

That there was some byproduct of the US attack that we were suffering from and the Fast forward into my next role I worked for.

Let beta be.

Telecom selling commercial Internet and VoIP surfaces services too.

Other businesses and come there constantly.

Under attack and you know from.

A lot of different.

Vectors right and.

WP engine just just it.

It just worked.

Yeah, I did.

And so I I really, I, you know, I haven’t, I haven’t felt inclined to add another layer and.

And, and this could just be pure ignorance on my part, but they’re really I, you know.

So many years of pain hacks, etc.

That I underwent before it just all evaporated, right?

So if there are recommendations about things I should be doing, you know, I mean, maybe you.

Can tell me what?

What your favorites are and and why, you know, I know you’re big on security, so.

Yeah, it it’s interesting.

Uhm, I understand the DDoS attacks.

For many many years till I offloaded.

I maintained a site for the Ontario Police Association.

For the UM provincial memorial that they use for live stream and every year during the ceremony, and I got out of that about a year ago, I did it pro bono because of a number of people I knew and I did it for over 10 years and I can tell you every year during the police ceremony, which is the first Monday.

You should have seen the DDoS attacks if I looked at server logs while the ceremony was going on.

I used to sit outside the production truck with a tablet in my hand, trained on the server watching what was going on.

It was that bad.

There’s enough police haters out there.

And in all the years we did it, uhm, I don’t think the server ever came down once.

Now I use a server in a data center which helps.

Uhm, on the software side, I do a couple of things.

I do backups at the host level, at the server level.

I also backwards.

Have do you have to.

Do backups at the host level.

Yeah, I also do backups at the site level.

I do both ’cause I like redundancy.

The backups at the site level I do daily.

And I keep them for three months.

The backups at the host level I offered three times a week.

I keep those for three months.

Have some custom scripts that kind of do stuff for me.

And then uhm.

So the backups at the site level.

I’m using backup buddy at this point in time.

It seems to work for.

Uhm, it worked fine.

It’s not perfect, but that’s why I do redundant backups.

Now the what I would say to people about backups is.

Please folks.

If you’re doing backups, do a restore before you need it to a staging site or somewhere like.

Don’t think just ’cause you’re running backups are good.

I’ve seen cases even in healthcare where backups we thought we could weren’t good, so make sure you test them before you need them.

Uhm, the other thing I do really well is I run I theme security at the software level in conjunction with Patch Stack right now.

And between the localized firewall that patch Stack provides and uh, I think security just lets me tweak some settings real quickly so I don’t have to tweak them manually basically. And I also use it on many sites to invoke 2F8I think on.

High risk sites.

I would even say any site.

If you can convince your users to do it, two step authentication is the way to go.

I certainly run that and then on a on the management side I use a self hosted main WP.

I’ve actually got three main WP installs running.

Come on, three domain separate domains and that’s all.

They run just to manage all this stuff really easily at an overview.

Uhm, and I’m at this point I’m still using Uptime robot to check for.

Site staying up and site staying down and that seems to work OK.

So I’m running like a multi layered approach for me.

Nice I I.

Do use I do.

Use an uptime monitor.

That I think is relatively new.

Yeah, I believe it’s called better uptime.

Yeah, they have a really good reputation.

Further out.

Yeah, they have an interesting product.

Suite, but uhm.

And you know, they’re free tiers, very generous and and I think that they’re, they’re paid tiers is well worth it as well.

You know, whatever, whatever.

We were.

Volume of sites for each given tier.

This is.

Probably beyond generous if you’re just talking about uptime monitor.

Uhm, so been really pleased there.

Now what else is?

What I also say is people always say to me, what do you think about word fence and dumb?

Personally, I think having I was a word French customer for a long time, I think their product is so bloated right now.

And dumb.

It’s a resource hog and it it actually slows sites down.

I don’t know.

I don’t think there is in tune with the community as some of the other security providers and for me that’s a big issue because I think what makes WordPress strong is our community and.

I think being in tune with what the Community is asking for and what they need is really important.

Yeah, it’s been, it’s been a good.

Many years since I’ve worked with Wordfence.

You know, at the time.

The agency I worked for, we had great.

Need for them but.

We definitely did run into various problems, you know, out.

Of, sort of.

Thinking about jetpack when you were talking about bloat and.

Uhm, you know.

If you’re if you’re introducing things, specially if it’s uh.

Rather heavily traffic site on the admin side.

With a lot of users you know you have two factor authentication.

Yeah, security software that’s slowing your site down really have to take into consideration that back end user experience.

So I’m.

I had.

I had some experience more recently with two factor authentication but it was all e-mail based and and I really just don’t like that experience one because e-mail is not terribly secure.

If you’re owned, probably, probably you know.

Higher probability your e-mail is going to be owned.

Uhm, but you know, I I.

Really. I.

I like the authenticators over anything, right?

Uhm, just don’t make me authenticate via YouTube.

I don’t know why Google does.

That it’s so.

It’s so bizarre.

Yeah, I and I’m with you on the authenticator, so I run both the Microsoft one for Microsoft apps ’cause it’s easier.

And then everything else I channeled through the Google Authenticator and it works seamlessly without a problem.

And I’ve even got the Authenticator running, believe it or not, on my smartphone and on my tablet. So if one goes down, I’m not Sol. Upper Creek without a paddle, so to speak.

And uhm, I wouldn’t go like for high risk sites, ecommerce sites.

I think it’s a great way to go to to protect your user.

And I think you just gotta educate site owners and say this is in your best interest.

So please, please, please let’s.

Try it.

Because I think it makes a difference.

And forcing forcing strong passwords.

I mean, yeah.

I I really.

Cannot fathom why that’s not built into core UM.

’cause it.

It should just it should just be.

A default but.

Forcing strong passwords is.

Really key and and I’m I’m a big LastPass fan.

Despite they’re, you know, they’re.

Product is getting.

A little long in the tooth, but it has worked pretty well across multiple devices for me for a good many years.

So, so great.

Some ventures I am.

It’s it’s a great it’s a great product.

I still still like my previous.

I think the top three password managers in my opinion are LastPass, bitwarden, which I use, or one password on a Mac that’s.

The other one.

I think running a password manager is great.

I use random passwords, I generate them random.

The only two passwords I can remember and people laugh at me is my e-mail password and my bitwarden password.

Everything else I have no clue, including the password for my online banking.

I have no clue where did this right now.

I just generate her.

I’m. I’m.

I’m not going.

To give away the keys to the castle.

Rob but yeah, I’m, I’m, I’m.

Pretty much up there.

I think I might have a couple.

Uhm, that I’m either recycled or or from memory, but.

But by and large.

Uhm, yeah, I mean I’m.

And As for what we’ve been doing?

As long as we have it’s, it’s really not reasonable to do anything but use a password manager.

I don’t.

I don’t know how, I don’t know.

How people function without them, to be honest?

I actually upgraded an entire phone.

I had a.

It was an iPhone 10 and the face ID chip and it went bad.

Oh no. Oh no.

And, and yeah, that’s possible.

You can drop them enough times that the face.

ID chat chips go bad, right?

And so I it stopped being able to not only unlock my phone via or, you know, be in my face, but I couldn’t access my passwords as quickly.

And I do some social media management for some clients and and you know just things like online banking etc.

I didn’t have that quick access to face ID to get into the password manager quickly.

And it it.

It really screwed me up so.

Yeah, sure.

Uhm, you know we reached this point where?

We have these complex, sophisticated digital lives and I think that you’re, you know, you’re, you’re spot on you.

Know we’ve got to.

Incorporate our security practices with WordPress into.

Those those protocols, right, it’s just.

Yeah, one.

I would love I.

Would love it if I could use.

Touch ID or face?

ID to get into a site and just.

Not have to think about it beyond.

That. That.

That really is, I think, the Holy Grail, right?

Yeah, and and they’re making changes.

I know with I team security pro, they’re trying to eliminate passwords through that type of methodology.

I haven’t played with it yet, but the other cool thing I teams security Pro will do is.

Really easily it will force admins to change their passwords.

So my immense hate me ’cause I said all their sites that have changed their password every 60 days.

I do I take the corporate way of coming out of an enterprise environment where I’m used to changing passwords and I.

Force it on.

My admins and say here you go.

And by the way, you better use a password manager ’cause then you can update your password manager.

I forced that.

They love me.

But why they get their step?

Suffice to say.

I’m not there yet.

I don’t know if I’ll ever be, but I’m not going.

To hate on you for it.

No, I’m just, I’m just steinel, that’s all.

And I and and I think the other important thing is, and I talked about this was I keep backups for three months and everybody says why.

Well, let me share something.

You could have a code injection today.

A vulnerability hit and the payload can sit there dormant for two months.

And what ends if you have to go back?

And that happens more than people think.

People infect sites and just leave it there until they need a bot farm, a bot attack and then they invoke.

And I think keeping a week of backups that are current is not necessarily the best protection out there personally, but.

Yeah, that that seems that seems totally reasonable.

Yeah, so that’s a little bit about security now it’s and we’ve had a lot of good discussions in the in the builders group that WP engine does and.

If you.

Gonna suggest to somebody they were going to say OK, I wanna jump in a box today.

What would you suggest?

Download local WP.

Do not, you know, don’t do not create learning environments on remote servers.

Personally, my favorite thing to do for learning blocks is I have a site or not site, but.

An instance on local WP.

Uh, that is a multi site instance and so when a block theme comes out or a plugin comes out or maybe a com.

That I’m interested in learning.

I spin up a new multisite.

Instance within that and activate it that way and and basically this enables me to do a.

Couple things, right?

I don’t have to.

Set up a whole new.

Site over and over again and you know if you’re resource constrained, you know have enough hard drive space.

That’s pretty important.

Maybe it’s a memory.

Issue but either way.

That. That.

Multi site approach let’s you have uniformly and all your plugins and.

And you don’t.

Have to have them active on every site.

If you don’t want to.

But it gives me a really solid testbed.

So I can, you know, approach things like I would scaffold the production site.

But I don’t have all the overhead.

Uhm, you know, expenditure of that time and energy over and over again.

Second thing I would do is you definitely need to.

Read up.

And I cannot name everyone from memory right now my.

Brain is a bit fuzzy, but of course.

Birgit is a is a great.

Source. What is that?

Gutenberg times at Berg organ back.

Putin was good in both times.

And and then what’s the?

Let’s see, there’s, there’s.

What’s the block?

There’s a block learning website I wish I could remember.

I cannot.

But doesn’t Carolina run it?

Yeah, Carolina does.

Yeah, yeah.

Airline neimark, right?

Right, yes, and and.

So that’s an excellent resource.

I really hate the fact that I cannot remember the name.

Of it off the top of my head.

Uhm, but I think.

It’s like learn WordPress blocks, something like that.

Yeah, I know.

Oflearn.wordpress.org a good place to go I would say.

Yeah yeah, learn that wordwordpress.org.

And and, you know, I mean but there’s there’s really no substitute.

Then then just by doing right?

Uh, but I think I.

Think things like accessing the patterns are still.

A little bit.

Esoteric enough that that you need to.

Have a guide.

And then in the on boarding up.

But you know, I’ll I’ll put this out.

Hopefully it doesn’t come back to bite me.

I I I do sessions for people a lot.

Chris, I want to say I’m vigman.

Wakeman engine? Yep.

Yeah, he uh.

He’s on the engineering side.

He works for the headless space, so he doesn’t work with blocks as much and he was experiencing some pain.

Uh, with trying to learn and just not being satisfied with the experience.

And I said, hey, let me copy your site and I will set up three different themes and show you how all these differ.

And and you know what your site looks like in them and.

You know, look at what it weighs.

Right, ’cause I think his his.

Some homebrew theme is like.

Something ridiculous like 35K.

Yeah, it’s huge.

I don’t know if I have that right.

He’ll probably correct me.

But no.

I mean, it’s tiny.

His home pages.

35 kilobytes.

Oh yeah.

Right.

And and it’s it’s it’s so hard to to to match that even with the block thing.

I I I think, I think the closest we got was Rich Taylors Wahby was around 100K.

And that was with the demo Christmas site and then?

I did a.

Demo for Vito from Adam and like kind of mocked up his corporate site using.

One of the I know themes.

Just to show him what it would look like.

And and dumb.

You know.

I I’m I’ll I’ll.

Show anybody?

Who needs some some quick onboarding how to use blocks.

So feel free to come to me.

I’m not really an expert on the level that some of these other folks are, but I’m happy to do a video set.

Yeah, I I’ve spent some time and I I’ve had the pleasure, even on this podcast.

I’ve I’ve talked to Birgit about box.

I had Matias Ventura do.

We’d Gutenberg lead on with me late last year.

And you know, we talked box, I think also falling the right people on social people like.

Birgit people like Caroline.

People like uhm.

Courtney and Puja Robertson, who run learnwordpress.org, does a third lady and Courtney is going to shoot me the minute she hears this. But that’s OK. I’m sorry.

Courtney meow.

People like to Brian gardeners and the Nick Diego’s of the world, people like rich Payton.

Yeah, Brian, Brian chords, Rob Howard.

Rob Howard. Rich Taylor.

Yeah, I mean and and these.

Rich, the post status folks.

Oh yeah, post status.

I I don’t know where I’d be without post status.

You know, a shout out to Corey and that crew and.

There’s there’s a lot of good people out there and a lot of good people will get in the conversation, so.

The best thing I can say is get in those conversations, even if you just listen.

And uh, you know, I was commenting before we went to record on last Friday’s build. I was pretty quiet ’cause we were talking about fonts.

And fonts is the subject I always get hung up on.

So I you know, I was more digesting than I had a lot to my usual what to say?

Get involved in that and learn like the people will learn with you and everybody is learning how to do this so.

You know and and say I need help.

People will jump in and help.

I think the.

Yeah, I mean every day, every day I’m learning something new related to Gutenberg.

For blocks still I still fall.

Into that naming trap.

But it really it does help to immensely to have such a generous community and and some of my, I guess more emo moods.

I get a little little teary eyed about how awesome it is that.

You know, I I don’t think at any point in my career.

I have known so many people.

Who are are willing to just give parts of themselves in such great quantities to.

Help other people get ahead in their careers for no other reason.

Then to just lift other people up, right and and so, yeah, I mean just they’re like.

The list that we rattled off was too short.

There’s so many people you know that we overlooked and and so I.

I want.

I do want to plug I have.

A I have a Twitter list I think you follow.

It’s called WordPress humans.

I certainly do, yeah.

And and so usually when I’m tired of the main timeline, that’s what I’m that’s what I’m on, because that’s really what I mean.

Therefore write UM.

Is to to not miss out on on that community.

You know I took a took a Twitter fast.

And it was good for a lot of reasons, but I really missed the community.

I agree.

And you know.

Follow that.

Follow everybody on that list and in fairly short order.

You two will be part of not only the WordPress community, but you will be on the leading edge of block expertise.

Yeah and and you know there’s there’s a a big WordPress community on Twitter there’s.

Now a big WordPress community on LinkedIn that Courtney and I have been moderating and building were last I looked there were about.

800 shy of 10,000 in that group. So that group is growing, which is nice to see. UM.

And it’s away from the spammy stuff on LinkedIn we’re all accustomed to and get fed up with.

By their day.

Me included.

So and and like get in some of these conversations.

I mean you know reach out to people and most of the dev advocates for most of the.

The hosting companies have a pretty open door policy, so if you have a a question like reach out to them or reach out to somebody like bergad and say help.

I know last week I was in a conversation with M McCarthy about automatic and something I was stumped on that she put out and I kind of said and help.

And people help.

We we.

The outlying thing with WordPress is the community.

Everything else is great, but their communities pretty special at the end of the day.

Yeah, yeah, I think it.

It really is dumb.

But I mean, it’s a testament to the intent behind it, right?

And dumb.

I lost my train.

Of thought, but but suffice it to say.

Uhm, you know.

The the.

Essentially the the.

Beginner level access blends right into that intermediate access and you’ll find yourself in GitHub comments for both Gutenberg and other plugins, and you’ll get to know people in fairly short order that way really easily as well.

So it is.

You know, for all the beginners.

Whether you’re a WordPress beginner or just a block beginner.

Come one foot in front of the other.

And the other thing I would kind of urge anybody to do is if you find a problem.

Please don’t just tweet about it.

Actually open up a ticket.

So that the core team can address those problems.

And I know they’re gonna hate me, but if you have any problems opening their ticket, reach out to one of the dev advocates.

They’ll help.

They’ll gladly help you.

And uh, you know.

And and that’s what they’re there for.

So, you know, say help.

I don’t know how to open a ticket.

I want to document this problem.

Please do it because then we can make word press even a better platform than this now.

Well said.

So I think that’s important.

So Tom, thanks for an amazing conversation tonight.

Really appreciate it.

Uhm, if somebody wants to get ahold E, how’s the best way?

Yeah, you can find me on Twitter at.

@tomfinley,

You can also find me via https://prufcreative.com/

Thanks, Tom.

Have an amazing night and we’ll talk to you soon.

You too, Rob. Thanks.

 


Subscribe to The SDM Show

Similar Posts