How to defend your website with ZIP bombs

How to defend your website with ZIP bombs” has been making rounds on the Internet for the last few weeks.  It’s both sad, that we have to resolve to such measures, and funny as to how tongue-in-cheek this approach is.

Whether you are going to implement it for your web host or not, it’s well worth reading, for a better understanding of what’s going on online, in places, that you are probably not looking at.

WPBloggerTricks – The Real Blogger & WordPress Tricks

It looks like blogging is coming back.  At least in the world around me, there is quite a few new blogs spawning up, and the old ones being resurrected.  I don’t know what’s causing that, but I see it as a good thing.

I’ve been answering a lot more basic blogging questions from all sorts of people recently, so I thought, let me link to one of those tips and tricks sites that have plenty to offer.  You know, just to save myself a bit of time.

WPBloggerTricks seems like a good choice here.  It has plenty to offer to the new and return bloggers.

Choosing a future JavaScript framework for WordPress

WordPress in general, and Matt Mullenweg in particular have been pushing for JavaScript for a while now.

So, it’s not surprising that WordPress developers are chatting about the JavaScript framework that they’ll use for the WordPress core JavaScript needs.

The discussion is far from finalized right now, so it’s particularly interesting to see how it develops, both in IRC/Slack chatrooms and in Make WordPress p2 comments.

So far, there are two primary contenders – React and Vue.  I have zero experience with either one (or pretty much with any JavaScript frameworks, trying to avoid JavaScript as much as I can), but I’m still interested in the reasoning that goes behind the choice, especially so, from the people who know so much in this domains.

What Is WP-CLI? A Beginner’s Guide

WP-CLI is a super useful tool, which I use on a daily basis, and I wish more people knew about.  Gladly, there is now “What Is WP-CLI? A Beginner’s Guide“, which explains what it is, how to install it, how to use it, and where to go from there.

The Ultimate WordPress Security Guide – Step by Step (2017)

WPBeginner, a website for beginner guides to WordPress, has published an updated and comprehensive guide to WordPress security – “The Ultimate WordPress Security Guide – Step by Step (2017)“.  Most of the things are well known to seasoned WordPress users – keep things updated, use strong passwords, remove unnecessary plugins, make sure to pick the right hosting, add security enhancing plugins, etc.  But it’s a good place to start for  people who are not too technical and those who don’t think about security implications of having a publicly accessible website on a daily basis.

There are plenty of questions, answers, simple explanations, and links to other resources in the article.  So even if you are an experienced WordPress user, you might find a useful thing or two in there.

You might also want to checkout my earlier blog posts:

Announcing JSON Feed

Straight from the JSON Feed homepage:

We — Manton Reece and Brent Simmons — have noticed that JSON has become the developers’ choice for APIs, and that developers will often go out of their way to avoid XML. JSON is simpler to read and write, and it’s less prone to bugs.

So we developed JSON Feed, a format similar to RSS and Atom but in JSON. It reflects the lessons learned from our years of work reading and publishing feeds.

See the spec. It’s at version 1, which may be the only version ever needed. If future versions are needed, version 1 feeds will still be valid feeds.

Sounds interesting…

WordPress : Supercharge your ecommerce

Supercharge your ecommerce is a collection of reviews of some of the best ecommerce plugins for WordPress.  It covers a variety of options from the most famous like WooCommerce to some less known ones.  Here’s a list of of what’s reviewed:

 

 

A Million Words Published at Work in a Remote Company

Sara Rosso shares some thoughts on what to document and share, after publishing over a 1,000,000 words while working at Automattic.  Here’s the gist of it:

  • If you’re the go-to person for something in your company, consider how much of it is just gatekeeper information you could document properly to help someone else learn/grow from or work on independently.
  • Separate out processes and historical background from your strategic expertise. Processes and backstory are not really ‘what you know.’ It’s much better to be a person someone asks ‘why’ or ‘when’ to do something vs. the logistics of a ‘how.’ How can and should be documented for others to build off of regardless of your involvement. This should free you up to be more involved in the why, the new, and the next of your work.
  • If you’re repeating yourself in private chats or (gasp!) email on a specific topic, document it. That’s also what drove me to create this blog – being able to answer someone’s question with an answer you’ve already carefully crafted for someone else is a great feeling (and a great use of your time)!
  • Will someone want to know why you decided or executed something a specific way later? Share as much background as possible so colleagues are brought up to speed immediately. Share the setup & thought process you went through, where to find more information, and even the facts, ideas, or information you considered but deemed outside of scope for the particular project. My goal is to hopefully never have someone ask “where did this come from?” or “what’s your source?” or “did you consider this?” (when I had) and instead focus on enriching the discussion or challenging my ideas vs. asking me for information I should have provided in the original post.
  • Gather the best, most complete, or authoritative things you’ve authored and submit them as potential onboarding materials for new team members. Challenge them to ask questions and to find something you need to document.
  • If important progress is made, be sure to update your documentation, or retire in favor of something newer or more complete. We do this by linking from old posts to new ones, and all it takes is a quick comment and a link on an old post.

WordPress Plugin : Image Processing Queue

As described in “Introducing WP Image Processing Queue – On‑the‑Fly Image Processing Done Right“, Image Processing Queue plugin tries to solve several issues with On-The-Fly Image Processing (OTFIP) in WordPress.  Some of the things that it improves are:

  • Response times for pages with non-yet generated thumbnails.
  • Server CPU spikes for pages which use a lot of images on sites with a lot of configured thumbnail sizes (49? really? WOW! I don’t think I’ve seen more than 10 in the wild, which is still a lot).
  • Server disk space issues caused by removed images and leftover thumbnails.

This is a very useful direction and I hope all the necessary bits will make it into the WordPress core.  But even for those who don’t use WordPress, the whole discussion and implementation are a handy reference.