WP Vegas

The February WordPress Meet Up – Notes and Timeline

February 22, 2012 By Russell Aaron 1 Comment

Please Note: The first part of this post is to show what exactly was discussed in the meet up period and the second part is a more detailed description of each time line.

Timeline of events

7:00 pm – 7:30 pm | Introduction by John Hawkins and Russell Aaron. The intro was basically explaining what the group is gathered up for, explaining ways to get more involved with the group and HOW TO SUBMIT IDEAS FOR THE NEXT MEET UP!

7:30 pm – 8:30 pm | Russell Aaron Talked about security inside the core WordPress Files and simple ways of “How to recognize a site is using WordPress”.

8:30 pm – 9:15 pm | John Hawkins Talked about “how to install WordPress on your local machine and what the pros and cons are. The discussion progressed to John talking about what exactly is a child theme and how to set one up. Opening up our favorite text editor “NET BEANS“, John showed the group how he took a friends site and made some custom post types for the site and customized the rest of the site in under an hour and a half.

9:15 pm – End | Questions and Answer Time. Then the group split up into two groups. One group was ran by Russ and the other John.

Detailed Descriptions of Timeline Events

Russell Aaron talked to the group, as well as opened up the meeting, about security inside the core files of WordPress. The core files, or files you download straight from WordPress.org, live inside where ever you install WordPress on your site, ( mysite.com | blog.mysite.com | mysite.com/blog ). When you download the WordPress files, you are given a zipped file that you need to unzip and place inside the root folder of your site. WordPress installs using 4 main and specific features. The 4 features are A Database, A User Name, A Password, and a Host. All of this information is placed inside the wp-config.php file or wp-sample-config.php file depending on how you installed WordPress and your skill level.

When you are creating the Database, you need to name it something. 99% of WordPress involves naming. From naming the title of your blog post to renaming files. Everything has a name. Russ than discussed with the group that re-naming a file, username or passsword with anything that has to do with your site could be a security risk. WHY? Well the key reason is it gives a potential hacker a base idea of where to start when hacking a site. If you know enough about WordPress and want to do some kind of “hacking”, the best place to start is going to the sites URL (www.mysite.com) and the typing in ” /wp-login.php “. This takes anyone to the main login page of the WordPress site. John Hawkins explained to the group that in the earlier versions of WordPress, the default user name was usually “ADMIN, admin or Admin”. You would know that if you installed a few WordPress Sites. If you didn’t, congrats you just learned something for FREE! Why this was brought up is because Russ described to the group several ways a hacker could guess their way into your site using the wp-login.php method.

HERE IS A GREAT PLUGIN TO STOP THAT METHOD AND ADD ANOTHER LAYER OF SECURITY TO YOUR SITE. LOGIN LOCKDOWN. HERE IS A GREAT ARTICLE THAT EXPLAINS SEVERAL WAYS A HACKER CAN GET INTO YOUR SITE AND HOW YOU CAN HELP PREVENT AN ATTACK. SECURING YOUR WORDPRESS WEBSITE.

John Hawkins will be providing myself with the notes he took about the subjects he talked about later.

Thank you to everyone who came out tonight, please go join the WordPress Meet Up Group on Facebook.

Filed Under: events, General Tagged With: February WordPress Meet Up, Security and Child Themes

Using a new framework is not a bad idea

February 10, 2012 By Russell Aaron Leave a Comment

If you have attended any of our Las Vegas WordPress Meet Ups inside the Usr/Lib, you know that John Hawkins and the entire team (WPVEGAS.COM) that puts the meet ups together, are huge fans of the Genesis Framework. For many reasons besides the obvious, it’s amazing! It’s taken over as a top framework to use, much like WordPress has become the standard in website content management systems.

What you might not know is that 80% of themes built for WP use a very basic framework like Hybrid. Then they are edited beyond belief to make an amazing/dynamic theme for anyone to purchase and use. Every designer or programmer has their own reasons for using one, maybe two, specific frameworks. So in this article, we are going to talk about why you should experiment with many frameworks before deciding which to use in your theme.

Frameworks allow designers to edit a framework using a child theme system for the most part. There are themes from WooThemes that allow you to edit the original css sheet and update the framework with out having to reconfigure. Why should you use a child theme based off of a framework? Using the framework allows you to add a style sheet to load, and several other options as well, before the rest of the theme is displayed. This way, when the framework is updated in your dashboard or downloaded from the authors site to be uploaded into your themes root folder (wp-content/theme), your site does not have to then be reconfigured to make your site look the same as before. Anyone who has done that will tell you it is not fun and is very time consuming, myself included.

See a lot of themes contain their own tab in the dashboard sidebar that allows you to modify your theme. Then a new release of the theme comes out and is installed by the admin of the site, only to find out that you must make the same changes over and over again. In the current world of fast moving technology we currently live in, an update could be released weekly, if not monthly. So by using a framework, you are eliminating that extra work all together. So now that our readers know why it’s important to use a framework, lets talk about the benefits you get by taking this step.

Using another person(s) framework is not admitting that the end user or designer couldn’t develop their own framework. It simply states that what others are doing fits into your criteria for the site you are building. Then you make your changes using custom post types, maybe adding in short codes every now and again, and even meta boxes resulting in a finished product that the designer and client both agree on. You can even toss in the argument that using a framework “as is” solves more problems than using a theme from a third party site like Themeforest could ever accomplish. I’d agree to that, but that’s personally my opinion. My argument is that using a third party theme allows you to grow as a designer/developer in many aspects. When a person uses those types of themes, you are allowing yourself to learn what others are doing out in the world, making that person more adaptable to change over time.

Before Genesis was released to the world, only a few, maybe less than 15 frameworks were in existence. That is why we have seen many changes over the last year and a half in the way that WordPress sites look and function. Here is a short list of frameworks that most of the older themes are based off. My personal favorite is Hybrid Core. I like this framework because of the drop down box located at the very top that is used as a place to put your sign up or login forms inside of and a place for social media buttons to live in that allow your footer or header files to be less cluttered or more organized.

Many times I refer new users of WordPress to check out the list of frameworks to get an understanding of what WP was actually intended for. They get an understanding that WordPress was basically a stream of posts put together in a way that makes up your blog. It was not until mid 2009 (roughly) that many developers started building themes that mimic a newspaper design, magazine theme or portfolio style using custom categories to be displayed in a different section on the main page, instead of using the stream approach that only displayed each new post on top of older entries. Each display usually only shows the most recent post in a specific category. That way it looks like your site is pulling information into the main page from the blog, to get people to head over to that section of your site. That is basically what a newspaper’s website does. They display the most recent stories, or top stories on the main page. When you click on a story and read the article you will usually find a feed at the bottom of “Similar Postings” that are recommended to readers allowing them to stay on a specific topic. The framework is the glue that holds all of this together.

So in closing, using many different frameworks from many different designers will allow anyone who is building a WordPress site to expand their imagination and create new and exciting lines of code to share with the world. It’s ok to know more than one or two sets of frameworks. Some frameworks only give you a certain amount of options before you have to cut in your own lines of code. Some frameworks provide more than enough options or lines of code to give your site more functionality than you could ever imagine. Some frameworks allow you to have an amazing site and work well with the SEO PLUGINS you might be using.

Filed Under: General Tagged With: Custom themes, Frameworks, learn how wordpress works, understanding wordpress in a nutshell

WordPress Security and You

February 7, 2012 By Russell Aaron Leave a Comment

This article will focus on the basic steps you should take to secure WordPress.

WordPress is the most popular Content Management System by far these days, and it’s only growing. WPVEGAS will be featuring more articles and groups set up around specific topics that, in more ways than one, help new and experienced WordPress users get more from their installations of WP. The first topic we would like to discuss is “Security”. This may mean different things to different people. So let’s get more specific.

Security is a topic that the WordPress Meetup Group will be discussing at every meetup starting this month on February 21st, 2011 inside the Usr/Lib. If you attended the December Meetup, a few days before the Las Vegas WordCamp, you would of been able to hear one of the best security experts we know. Dre Armeda gave an interesting presentation on how to secure your passwords and user names in a safe location. In this post, we are going to talk more about the default installation of WordPress and setting up proper security measures.

If you have never installed WP manually on your website before, some of this might sound a bit foreign to you. It’s ok thought because we will try to explain, in the most basic of terms, what we are talking about. Before you can install WP you must set up a database on your hosting account that is associated with your WP installation. This consists of a database name, a database user name / password and the database host address in the wp-config.php file which is located inside your root folder, or folder where you might have WordPress installed (www.yoursite.com / www.yoursite.com/blog / blog.yoursite.com), assuming you have re-named the wp-congifg-sample.php file to wp-config.php. Once you have have done those steps and added them to the config file, a user would upload the entire WP files using a FTP client like Filezilla.

One of the most common mistakes a new user can make when installing an installation of WordPress is being very generic or basic on naming each of the entries listed above. Using names associated with the site allows a potential hacker to guess your information and hack their way in. If you named your database “WP” or “yoursiteswpdatabase”, it’s almost like leaving the keys inside your car. Now, we have heard this argued in many different discussions, both pro and con, but for the sake of this article we are going to discuss why this is a bad practice for new WordPress Users. When you name something that matches the site, you are allowing a potential hacker the chance to guess your information and getting inside your installation. Some of the very, we we mean very, basic tips we could ever give is to rename files to something that has meaning to yourself and only yourself. Naming your database to something like “crashcourse_wpdb_2012″ (dont use that name as I have used it in this article) adds an extra level of security. It means something to you and will take a hacker a longer period of time to crack your site. NOTE: Most hackers are looking for sites that take less than a minute to get into. So slowing them down will likely increase the chances of a hacker to guess your information, fail, and move on. See where we are going with this?

The next section of this article is going to talk about the actual administrative credentials associated with logging into your WordPress Dashboard.

If you remember the earlier versions of WP like 2.0, you will remember that the default admin name in the setup process was in fact named “admin” or “Admin”. This seemed pretty cool to anyone who was new to WP because everyone wants to say that they are an admin or administrator of a website, even if it is your own. What wasn’t discovered until later versions of WordPress is that by using the User Name “admin” you again are basically taking a security risk. This is because anyone who would be considered “smart enough to be dangerous” – coined by our own John Hawkins – with WP would already know that you have to go to the wp-setup.php page before your installation of WordPress would be complete and “admin” would more than likely be the default name. So basically, a hacker already has a 50/50 chance of guessing your password to let them walk right into your installation. This is another basic practice a new user should take when setting up WordPress.

Re-naming your admin login to something that means something only to yourself is a huge step. Now we know this might be kind of a ‘No Brain-er” and all, but our readers would be surprised to find out how many WP sites actually still have this going on. Just like your password, you want to name your “admin login” something like “KingKongLong”, (again dont use that as we have used this name in this article for anyone to Google search and read), allows another door a hacker must break through. If a hacker can not guess your config.php credentials, their next step is to visit “yoursite.com/wp-login.php” and try to get in there. We have even seen some installations of WP where the programmer of the site has modified the wp-login.php script to contain a “captcha” before allowing the login button to be activated. This is very smart, but again time consuming to anyone who just wants to hurry up and get blogging.

So in conclusion, the main focus of this article of many to come is to open up the mind of a “new” user of WP so that they can take some kind of security measures with their site.

Filed Under: General

February meetup is scheduled

February 2, 2012 By John Hawkins Leave a Comment

January’s WordPress meetup was fantastic! We had a great chat about SEO. I don’t have plans quite yet for what content I’ll bring to the event this month, but at least we know when it will be.

Event Details:
Date: 2/21/12
Time: 7:00pm – 10:00pm
Location: /usr/lib

If you have suggestions for topics this month, please let me know!

Filed Under: events

January meetup follow-up

January 31, 2012 By John Hawkins 5 Comments

Big thanks to everybody who came out for last night’s WordPress meetup. We had a full house and a lot of great conversation. I had prepared a 10-15 minute presentation on installing and configuring the All in One SEO plugin. That spawned a 2+ hour conversation about WordPress and SEO.

About 3/4 of the way through the conversation I came to the realization that we really need somebody to take notes at the meetups. There were a bunch of great links that we chatted about and it would be great to throw them in to a post the following day.

Since we spoke about a fair amount of topics, not just SEO, the list below is in no real order and is just from my (faulty) memory.

If you were there last night and remember more than I’ve listed, please leave a comment below.

Thanks again for coming out last night. See you next month!

Filed Under: events Tagged With: SEO

January WordPress Meetup

January 22, 2012 By John Hawkins Leave a Comment

After some technical difficulties, I’ve finally nailed down the information for January’s WordPress meetup.

Details:
Date: 1/30/12
Time: 7:00pm – 10pm
Location: /usr/lib

At the moment I don’t have any specific presentations lined up. I’m open to suggestions for anything people would like to hear about. Please leave a comment below to throw out your suggestions. Also, if you have something you’d like to speak about, leave a comment and we’ll get you set up to present as well.

See you there!

Filed Under: events

New home!

November 24, 2011 By John Hawkins Leave a Comment

So here we are. The new home of the Las Vegas WordPress user group. Feel free to sign up, fill out a little information about yourself and get involved with the local WordPress community.

Obviously we are just getting started with the site, so if there’s anything specific you think should be added, definitely let me know.

Here’s what we have planned for the site so far:
- Calendar of upcoming WordPress related events
- Forums for discussing themes, plugins, issues or for showing off your work
- Submissions for presentations at upcoming WordPress meetups

If there’s any specific functionality or content you’d like to see on the site, head on over to the contact form.

Cheers!

Filed Under: General Tagged With: Site Launch