At this months WordPress Sheffield we tried something new – a Lean Coffee session.
What is Lean Coffee? Well:
Lean Coffee is a structured, but agenda-less meeting. Participants gather, build an agenda, and begin talking. Conversations are directed and productive because the agenda for the meeting was democratically generated. There are currently dozens of Lean Coffees happening world-wide, including Seattle, San Francisco, Stockholm, Toronto, Boulder, New York City, and more.
In reality I stole the structure from a WPLeeds session a few months ago. It was a great way to open up the group and allow people who are normally quiet the chance to speak.
The topics were all very useful, here are the notes:
Question by: Ian @devolute:
These are system emails, forgotten password, system updates, thank you for registering. Some shared (bad) hosting can send email but now with DigitalOcean/Linode style hosting on the rise alternative email routing is needed (they don’t like email). How can I get past this?
Ian has been using PostMarkApp or Mandril which are great and they have a good SPAM checking relationship.
We (Make Do) use SendGrid as WPEngine recommend that they won’t support emails via the usual means. We use the WPSMTP plugin to route emails to the SendGrid servers.
Basically if you need email to work on your WP site then you should not rely on core WordPress.
Question by: Tom @tomptimalmo
WP Security Tips? A good security understanding (escaping and sanitising data for example). What is not considered good practice.
Tom (JN) says you need to be more robust around escaping functions and the control of these. General security tips are that /uploads should not allow php and your CHMOD rules should match the WP recommendations.
Tom (JN) embellished by saying do not use FTP use SFTP or Git to deploy to deploy/update your site and ensure that you use nonces rather than AJAX calls in general development.
Matt said turn off plugin/theme edits via wp-config. Also you can move WP to a sub-folder and move wp-config to a level above to make your setup more secure.
Dave from Delicious Media says check log files to test for any forced logins to wp-login.php and use IP banning to block more than 5 or 10 logins as these will be bots. There are plugins that enable this and it’s built into some web hosts. You can also add bad IPs to your .htaccess but this requires a manual update.
XML-RPC should be removed, just delete it or kill it with .htaccess and wp-config to disable it.
Ian mentioned adding very secure passwords (WP has a good build in solution for this now) and never ever, ever setup 777 CHMOD on your file structure.
Also finally be mindful of where you buy/download plugins and themes. Never Google “free wordpress themes” as it’s a honeypot and you will end up downloading malware.
Question by: Tom @tomptimalmo
Should the Customiser be used for more than just cosmetic updates?
Tom mentions that certain things should not be in Customiser as part of the ‘theme’ they should be added as a plugin (for example if it uses a hook to add content or menu management). The counter argument is to that there will be TOO many plugins – however this is off topic and the subject was halted.
My (Kimb) opinion is that the Customiser should and can be used to create a a ‘site builder’ app and stop using Custom Post Types to display certain things because you may not want to use CPTs for a couple of ‘testimonials’ or even a carousel CPT could more easily be managed in the Customiser and it’s easier for your client as they get a ‘live preview’ of what they will ultimately see.
The final example was that a lot of Customiser rules are not used on custom sites – for example Page driven sites could have a much cleaner back-end if they didn’t add CPTs for homepage items only.
Again there was a LOT of discussion around Customiser in plugin verses theme – what should and should not stay, like logo uploads, background images/color etc. However a should someones Phone Number be a in a theme or a plugin? As the logo is more likely to change than the logo.
The general outcome was that yes, the customiser should and can be used for more than cosmetic changes but it’s a judgement call.
Question by: Steph @missstephwalker
How to Project Manage in a WP agency
So the question was around struggling to find a ‘product’ that covers CRM, Task Management and Communication – a suite of Slack, Trello and a CRM like Capsule would be great but we need a more integrated approach.
Matt mentioned The Microsoft SharePoint Project Dashboard and Dynamics would work but he does not recommend it and is very expensive. As a small agency Steph needs something simpler and smaller.
Kimb / Matt showed that at Make Do we use Trello for all client conversations and try to use Slack for B2B/agency partners/clients. We demo’d a client project board with examples of this.
CRM and sales funnels came up – we (Make Do) are currently demoing ActiveCampain but Capsule and SalesForce were mentioned although not recommended as SalesForce can be very overwhelming and a few people have tried Capsule but never stuck with it.
Finally we talked about internal wiki and how to have staff handbook that you should update to cover all of this.
Question by: Matt @mwtsn
Should we live video feed the Sheffield WordPress Meetup?
How can we technically do this? An iPhone and Periscope or Hangouts on Air. This would be better if you could ‘save’ live streams permanently and therefore use this as a follow-up video.
Steph argues that this ruins the intimacy of the event and some speakers would not like to be filmed and this destroys the authenticity of the event in some way.
It is suggested that recording ‘some’ talks but these should pre-agreed with speakers and perhaps be agreed before the event. These could then be added to WordPress.TV and YouTube.
In general a totally live streamed event was seen as a very bad idea.
Question by: Matt @mwtsn
How to connect with other local (potentially non-WP) meetups and talk about other WP-related topics
The answer is that we can infiltrate their groups via their online communities and ask them to share community subjects. We can also talk about WP/non-WP (Sass and WP, Git and WP) sessions.
Use as a ‘skill’ and ‘knowledge’ sharing – “I’ll do a WordPress talk for you if you do an Agile talk for me”.
We offer a shout-out at our own event to promote events on the calendar that are in Sheffield and other WP groups in the area (Leeds, Manchester) and mention their website and topics.
The OpenTechCalendar is a good way to move forward with this:
Matt and Kimb will follow this up via the new Digital.Sheffield Slack channel Ian is also a new member and will join in any related groups to build partnership.
Session over, 6 questions, approximately 45 minutes spent