Series: Thoughts and Proof of Concepts

Why Do We Ask: What’s Your Budget?

I didn’t ask this question a lot. But recently a client linked to an article, possibly to make sure I didn’t ask for their estimate budget for the project (which is fine):

The Worst Question To Ask Your Clients: “What’s Your Budget?”

The article covers some valid points. Asking budget question might be a sign for:

  1. Lack of knowledge
  2. Signal of deception
  3. No value
  4. No due diligence, etc.

But I don’t always agree. In some case asking for budget is totally fine. Read More Why Do We Ask: What’s Your Budget?

How to Redirect On Theme Activation

theme-redirect-evil

WordPress plugin have a activation method, It’s very useful, and we can use it for various things.

One of the popular method in plugin, is “Activation Redirect”, this is a method used by a lot ( I mean **A LOT**) of popular plugins to redirect user to plugin settings page, setup page, or even plugin about page (of course, within the admin panel) when user activate plugin.

This is (probably) useful for user on-boarding purpose, annoy user, keep the user inform about the feature of the plugin or help them setup the pages required by the plugin or install additional plugins/add-on.

Note: I actually really hate it when plugin/theme author did this. But in some case it could be useful.

Usually plugin use register_activation_hook() function to do this. But theme don’t have similar method/function. However, there’s a workaround for that.

Read More How to Redirect On Theme Activation

What Features To Build in Premium WordPress Theme

There are 3800+ Free WordPress theme available in WordPress.org Theme Repository. Premium theme business is hard because there are tons of free options available.

Of course, to make a user spend $50 for a theme is not easy just by “pretty design”. Theme need to set it self apart from the “free” version so this upgrade worth the money.

Here are several features usually added in Premium version of a theme (other than pretty design + support): Read More What Features To Build in Premium WordPress Theme

List of Popular Plugin for Theme Developer

Not all plugins works well out of the box. Some plugin require a theme support, from simple CSS tweak to template files modification.

As a theme developer, it’s hard to choose which plugins I should support in my theme. It takes time to do this, and theme developer also need to “watch” these plugins to make sure all is working well for latest version of each plugins.

Popular plugin such as WooCommerce also have large user base, and it can increase theme popularity. So, without further ado, here is the list. Read More List of Popular Plugin for Theme Developer

I think WordPress plugin review team decision to no longer accept framework is wrong. And this is why.

plugin-wp

Recently WordPress plugin review team write a reminder post “Please do not submit frameworks” (Ipstenu/Mika Epstein).

And the reason is:

We require that plugins be useful in and of themselves (even if only being a portal to an external service). And while there are many benefits to frameworks and libraries, without plugin dependency support in core or the directory, it becomes another level of hassle for users.

In a comment, Darrin, who had a framework plugin (Advanced Term Fields) submitted and approved last month asked:

Are you saying the best way to handle this scenario is to include the parent framework in each child plugin, as opposed to alerting the user that “This plugin requires XXX plugin in order to function properly”?

And Mika answered:

Currently, yes. That would have been the best way.

I don’t really agree with this.
I think it should go to the opposite direction. And this is why. Read More I think WordPress plugin review team decision to no longer accept framework is wrong. And this is why.

Responsive Image In WordPress 4.4 (Testing, Thoughts, etc)

wordpress-4.4-responsive-image-test
Let the browser decide which image size to display !

So, I did some test for WordPress 4.4 beta3 new feature: Responsive Images. And it will make your content retina ready automatically! Awesome.

Not only that, it will also serve smaller image to low res device and it will make your site load faster to the less capable mobile device. Read More Responsive Image In WordPress 4.4 (Testing, Thoughts, etc)

Building a Starter Theme

I love using Hybrid Core Framework, I use it in all my themes, I don’t even know how to build a theme without it. Currently Justin is working on the Version 3 of the Framework and it’s offer a lot of improvement and features.

I want to create my own.
nokonokoHybrid Core is modular and extendable so I can use only the features I need and bend it as I see fit, but I want to create my own framework so I can have full control of the features and code. For my themes I created “Tamatebako“, a Hybrid Core sidekick to build theme faster by setting the defaults. Now I want to experiment and make Tamatebako as a standalone framework.

The focus is a little different than Hybrid Core. Instead of building new awesome features, the focus is for faster theme development. I might failed and switch back to Hybrid Core, but I think it’s going to be a good opportunity to dive in and re-learn about theme development.

I haven’t even done porting main framework features (still a mess), but you can follow the development here.

48 Hours Theme Challenge

Explorer WordPress Theme

Explorer
A beautiful WordPress theme inspired by file explorer. I create this theme in 48 hours (well, actually 12.5 hours).

So, a few days ago Sami Keijonen create a challenge to build a WordPress Theme in 48 hours. He mention that he need several months to build a WordPress Theme.

Well, for myself, the challenge is not really hard. I usually build a theme in 2-4 days for simple custom theme. As long as the client already have a design (PSD/design inspiration/example) I can build it in less than a week.

I only charge $300 – $500 for a very simple theme. So, I need to work fast 🙂

Read More 48 Hours Theme Challenge

Fighting Brute Force Attack in WordPress

wordpress--brute-force-protection

Brute Force Attack is a daily problem for WordPress sites. What’s interesting is that you cannot prevent it from happening. It’s unavoidable. You can only make harder for the attacker to attack your sites.

If we use CMS with login feature to manage our content, we cannot remove/disable the login functionality because we need it to get access to manage the site.

You can use the strongest password, two factor authentication, etc. But it will not stop the attack to your site.

Every single login attempt will cost you server resource. You cannot cache this page to reduce the impact because WordPress need to validate each login attempt.

They can try to get access to your site, and fail. But they still can make your server collapse.
( or make you pay a lot of money if you use hosting that calculate price by pageviews )

But, we can try to discourage attacker by blocking IP addresses they use. If you use relatively good hosting, you probably have firewall system installed in your server to log and block attacker. But you can also install security plugin to add another layer of security. Several plugin for WordPress brute force protection:

  • Limit Login Attempts : un-maintained plugin, if I’m not mistaken WP Engine auto-activate this plugin for sites hosted there.
  • BruteProtect : Use their server to log IP addresses, kinda like Akismet for brute force attack. You need to register to their site to get API key for each of your site. Currently owned by Automattic.
  • Login Security Solution : similar with limit login attempt, maintained. And have multi-site support. This is the plugin I’m using.
  • And a lot more alternative…

It will reduce their attack, but because they seem to have unlimited number of IP Address, it’s actually (kinda) useless method to try to discourage them.

never give up

Quoting from Matt Mullenweg:

Supposedly this botnet has over 90,000 IP addresses, so an IP limiting or login throttling plugin isn’t going to be great (they could try from a different IP a second for 24 hours).

You can also read other sources to understand the scale of the attack:

Every single day in each sites I got hundreds of failed login attempt. Probably tens of thousands if it’s not protected by firewall and security plugins. It happen in every single site. Not even one site is free from brute force attack.

Several days ago, I ask for advice at Theme Hyrid Forum (private forum replies). I got several response. And from their response I create a custom solution for my sites and my clients sites.

I tested it in 10 different sites for 24 hours, the result is amazing. I got almost zero login attempt.

Even though it’s still premature to say that this solution is working. In this post I would like to share the custom solution I build to solve this problem. Read More Fighting Brute Force Attack in WordPress

My WordPress Journey

I started my online life just as a hobby. The idea to make money online is interesting to explore. Almost no reason, just ’cause.

I created my first blog on blogger and purchased my first domain from Google Apps. Register to Google Adsense and think that I’ll start making $$$. I was wrong. It’s tough, need a lot of dedication. I need to learn SEO, content research, etc. Read More My WordPress Journey