August 8, 2018 — Learn how to leverage the power and simplicity of Docker containers with WordPress to build a highly customizable and easy to managed development environment. This workshop will cover using Docker with Docker Compose, combining prebuilt containers, and best practices while using these tools specific to WordPress.
July 12, 2018 — The wp_options database table is the center of all WordPress websites. It stores critical site data and is used on nearly every page in WordPress. However, it’s also very easy for the wp_options table to slow your site to a grinding halt. This talk will review best practices for keeping your wp_options table in check to keep your site performant.
July 12, 2018 — Use of a decoupled CMS is an exciting approach that allows teams to maintain the WordPress admin while embracing frontend experiences that are engaging and flexible. The incorporation of the WordPress REST API into core now makes this possible. But can this be achieved on an enterprise scale?
In 2016, Human Made engaged in a project dedicated to realizing these possibilities. The goal was to create a fully decoupled WordPress admin leveraging a React front end. The technical challenges included API challenges, caching, themeing in PHP & React, and more. This session focuses on the logistical considerations taken to meet the challenge of creating a holistic WordPress/React product.
July 11, 2018 — Protecting your plugin functionality with specific capability checks using the Capabilities API should be a best practice, but it is still one of the most underused parts of WordPress core. Using the API allows for granular access management by developers using the plugin, and may even prevent security holes. This session explains how to use the API by looking at examples and diving in deeper from there, both from the view of a plugin developer as well as of an external developer who needs to tweak a third-party plugin.
As another practical example, some of the upcoming improvements to capabilities in WordPress core itself are revealed, so that you are aware of what’s on the horizon.
July 9, 2018 — As the WordPress API matures, this is an important moment to take stock and consider the best use-cases. We’ll briefly take a bird-eye view of the API, before deep-diving into different ways the API has been deployed. We’ll see an examples of the API as an integration tool for running dual CMSs, as a public-facing queryable dataset, as a big data visualisation tool and as a way to share large sets of data. Along the way, I’ll share ways to make your API implementation more efficient – and share some of the pitfalls and mistakes we’ve made. We’ll take a look at decoupling both the frontend and backend of WordPress – and answer the obvious question – why continuing using WordPress?
July 9, 2018 — Utilizing caching mechanisms in a WordPress product is a balancing act: what remote calls are cacheable, what queries are slow and only occasionally needed, and how will it all impact the end user? In some cases we can set up our environment for a base level of performance, and in others we’ll need to balance data storage (like autoloaded options) and other background processes so they take the overall environment into consideration. I’ll be including my own experiences as a web developer working on a large-scale WordPress multisite as well as sharing the perspective from a hosting company’s point of view.
July 9, 2018 — This talk explores the principles behind some of the original decisions behind Gutenberg. What does it mean to build around HTML and treating the user’s content as the privileged actor? How does Gutenberg work internally to power the editing experience? This talk dives on the technical side of the project and its implications for democratizing publishing.
July 5, 2018 — Content security policies (CSPs) are a relatively new security element on the web horizon. CSPs use browsers to detect and mitigate certain types of attacks like cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context. CSPs can be used for simple purposes like enforcing https on SSL-enabled sites, to more sophisticated uses like authorizing only truly trusted sources and blocking others.
Most sites do not have CSPs installed, but it’s important to be aware of them and how they can be used to add an additional layer of security to your website.