Charles Costa is the owner of CJC Digital, a market research consultancy that helps businesses ensure that their ideas are on track before work begins.
Choosing a theme for your WordPress website can be a challenge for even the most experienced developers and designers because aside from the code being increasingly complex, with paid designs, purchases often are as-is. With responsive capabilities being a crucial element of most designs today, it is important to ensure that the themes you purchase don’t fall victim to responsive web design pitfalls.
Fortunately by following a few common sense precautions, you can reduce the chances of downloading a theme which can pose a threat to your website.
Simple Ways to Validate Your Themes Code
Since going through a themes code by hand is a tedious task most professionals don’t have time to do, validation tools such as the W3C Markup Validator allow you to check the markup validity of a site with only a few clicks. To validate the themes you plan to purchase, simply point the validator to the live demo page and then check the results.
Before installing software on your computer, you would probably do a bit of research on the software before loading it on your system. Since the traditional software world has a handful of established vendors, vetting out bad software is relatively easy.
WordPress plugins are often a little more difficult to screen because traditional antivirus programs can’t detect web exploits. Instead users are often forced to rely on their gut or sparse comments on the web to figure out if code is safe to use.
The best option to ensure the security of WordPress plugins you use is to audit the code by hand. For most people, this time commitment is a bit excessive. By following a couple of common sense measures, you can protect yourself from many malicious WordPress plugins.
Using Security Scanners
Although most security threats can’t be controlled with automated tools, using a quality web security scanner is a great way to compliment common sense security measures. Sitepoint mentioned a few security plugins in their article on managed WordPress Hosting pros and cons which are worth looking at. In particular Wordfence and Sucuri SiteCheck are both solid tools which can help you spot malware which isn’t visible to the average user.
Going Beyond Reviews
While the WordPress Codex and many WordPress Plugin sites offer user reviews, this feature isn’t reliable for a couple of reasons.
The first reason is that reviews on the WordPress Codex are often sparse and the reviews often only have star ratings rather than actual user comments. Additionally, reviews on company websites aren’t trustworthy because the developer has ample opportunity to manipulate the ratings.
If you are looking for credible reviews, then you should check out independent plugin marketplaces such as Envato Market or BinPress as they are the vendors which stand out. Just make sure you pay attention to user comments which detail why they gave a product the rating they did.
Aside from relying on reviews, have a look at the plugin website and look at the support forums to get an idea of the attentiveness of the developer and quality of their code. Look to see if they have a professional support ticket system, and also try contacting the developer if you have concerns about their offering.
You also should try Googling the developer’s information to see if they have a negative reputation across the Internet.
While these steps aren’t foolproof, they are much better than making a blind purchase.
Landing pages–those long, long pages with rivers of text, shouty headlines and big BUY NOW buttons–are controversial.
They run counter to what we’re often taught: That the best way to make a sale is to win the trust of your customer and make a soft sale over time.
Landing pages, on the other hand, tend to play on fear and urgency to compel readers to hand over their email address or make a purchase.
While you might think landing pages are obnoxious, you can still learn lesson from them that will make your corporate marketing strategy more effective.
As a developer or design professional, one of the biggest benefits of building your sites on WordPress is that in most cases you are building your code on a proven platform which has been fortified over time. Unfortunately when it comes to security, there’s no such thing as a fully hack-proof system. Fortunately though when it comes to securing both yours and your clients systems, there are a few WordPress vulnerability scanners which can help you spot errors before they get out of hand.
It is important to note that while this guide is primarily intended for WordPress.org users, the techniques can still be applied to WordPress.com users. For those unfamiliar with the differences between the two offerings, Sitepoint has a guide to clarify the differences. WordPress.com users will have less power when using the tools, but they technically will still work.
Although trusting generic online scanners is questionable at best, a new breed of Open Source security tools allow developers and other tech savvy professionals to test their code against exploits with ease. While these tools have a bit of a learning curve, learning the basics of penetration testing tools can help keep you ahead of most digital threats.
WordPress Specific Tools
WP Scan is an Open Source tool for Linux and Mac OSX which is a Swiss Army Knife for attacking virtually any WordPress install. Key features include the ability to pull user names from the WordPress database, scan the plugins which are being used by a specified website, and also see which themes are installed on a server. WP Scan also integrates with known vulnerability databases so that the software can filter results to only show code which is susceptible to attack.
Although WP Scan is a powerful tool, the installation process can be difficult if you don’t already have Ruby installed on your system. This applies greatly to CentOS systems – the default Linux distro of many hosts – due to the operating system not having all the required libraries. Fortunately by using Ubuntu or MacOSX you can greatly simplify the process. If you are a complete Linux novice, WP Scan comes pre-installed on multiple security centric Linux distributions, a listing can be found on the project website.
Plecost is an Open Source WordPress fingerprinting tool which can analyze the plugins installed on a specified WordPress system along with the common vulnerabilities and exposures (CVE) codes if applicable. Since Plecost is a Python script, installing it is as simple as adding the files to your server and then following the instructions on the project website.
Although this tool is limited to only showing vulnerabilities in installed plugins, the CVE code integration makes Plecost a notable tool because it provides the users with instant feedback as to how to exploit outdated software on the server.
Since Plecost is a collection of Python scripts, installation is fairly simple, and you can run the utility on Windows, Mac OSX and Linux/Unix systems as long as they have Python installed and configured.
When you have an idea for a new startup, it’s tempting to do some quick research on Google and then jump right into coding.
That’s a bad idea if you want to be sure you are on the right track. Launching a product requires a lot of effort, and it can be difficult to determine whether your idea is workable.
By following the steps below, you can greatly improve the odds of success when deciding what you should and shouldn’t pursue.
Building software for the web is different from many other fields because it’s possible to create a revolutionary product with nothing more than an idea, a computer and a bit of time.
You don’t need millions of dollars for real estate, permits, lawyers and other bottlenecks.
Just sit down, write your code and success will come.
Or so it seems…
But as we’ve discussed previously, web development is an area where programmers can easily go astray.
Choosing a web host can be one of the toughest decisions you make as a web development professional, because your decision plays a significant role in whether your client’s business will succeed or fail.
Unfortunately web hosts are now a dime a dozen. Plus the fact that many hosts white-label their services to third parties means that the company you recommend to a client might not even have direct control over the servers they claim to provide.
In the past, web hosting was simply a service where the host provided the hardware, and the client provided the code. Today however, managed WordPress hosting has emerged as one of the hottest offerings in the web hosting space.
Some of the biggest players in this sector are WP Engine, and Pagely, as well as traditional hosting companies such as Media Temple and GoDaddy who now also offer specialized WordPress hosting. Of course, we can’t forget WordPress.com and WordPress VIP (who offer high end hosting).
IT professionals and business owners can barely go a day without hearing about a new product claiming to leverage “the cloud” to help solve common problems. Unfortunately, the cloud computing industry is now eerily similar to the weight loss and financial industries, promising quick and easy solutions to difficult problems.
While there’s no arguing that many cloud platforms and software suites have had a positive impact on the way companies do business, many vendors are now using the term “cloud” whenever possible as a marketing talking point without backing it without any substance. That’s harmful to the whole industry, and I think we should stop. Heres’s why.
A Brief History of the Cloud
Before continuing it’s important to note that cloud technology is, at its core, a marketing buzzword defined as, “the practice of storing regularly used computer data on multiple servers that can be accessed through the Internet” Long story short, cloud computing has been around since the 1960s.
The first major adoption of cloud technologies as we know them today – software as a service (SaaS) platforms – was Salesforce.com when it launched in 1999. By providing a simple software package which was automatically maintained by the vendor, users benefited from quality software which could be scaled to fit their needs without IT professionals worrying about deployment logistics.
The cloud was pushed further into the mainstream with the development of Amazon Web Services (AWS) in 2002. This innovation included a variety of web based services which allowed developers to build cloud applications on top of Amazon’s infrastructure. In 2009, cloud technology as we know it took its stride, causing companies such as Google and Microsoft to also begin offering Internet-based applications to meet the demands of consumers, who were increasingly using multiple devices in their daily routines.
A Clearer Definition of the Cloud
Despite a lack of a formal definition, most legitimate cloud services share the following common characteristics:
- User self-provisioning
- Pay-per-use billing
- A multi-tenant architecture
- A virtualized infrastructure
- Linear scalability
A Significant Example of Cloudwashing
One of the most prominent cloudwashers in the IT industry is Oracle. The enterprise vendor well known for their high-end computing solutions was a vocal critic of cloud technologies, but then switched stances in 2012. Rather than embracing the model of moving their applications to the web, Oracle instead began to offer “Oracle Infrastructure as a Service,” marketed as a cloud solution — when, really, it was nothing more than a way for companies to rent Oracle datacenter equipment and house it on-site.
Another example of cloudwashing is Microsoft’s “to the cloud” advertising campaign, which just showed what could be done when Windows 7 is connected to the Internet.
In a field where everyone is trying to get money for their latest idea, it can be difficult — if not impossible — to secure outside funding for your project. In the past, your options for getting large sums of cash were primarily venture capital funds or angel investors. Today, though, crowdfunding has become a practical alternative for entrepreneurs who need funds but don’t want to sacrifice equity or go through the grueling process of being grilled by investors.
What Is Crowdfunding (in a Nutshell)
For those unfamiliar with crowdfunding campaigns, crowdfunding is a new way for entrepreneurs to raise capital by tapping the masses rather than a small pool of investors. You might have heard of a few, like Kickstarter or Pozible.
Crowdfunding works by allowing virtually anyone to make relatively small contributions to a project in exchange for tangible goods, rather than having a small pool of investors risk large chunks of funds. Donation amounts vary from campaign to campaign but they typically range from $1 up to $10,000.
Who is Crowdfunding Best Suited For?
Crowdfunding sites originally gained notoriety in the creative and artist communities because they allowed artists to successfully raise funds even though most traditional investors wouldn’t touch their work. Crowdfunding proved to be highly successful for these groups because the rewards are practical: by offering CDs, copies of paintings and other tangible goods, the system became a way to pre-order a variety of innovative products. As crowdfunding became more popular, digital downloads emerged as a popular reward option.
Is it Applicable to Software?
As a software development professional, you’re probably asking yourself if crowdfunding can help you raise funds for your software project. While the majority of crowdfunding projects revolve around creative endeavors and tangible goods, The Next Web mentioned two software campaigns which made their top crowdfunding campaigns list for 2013.
Ghost is designed as a platform devoted to publishing. By pitching itself as a simple alternative to WordPress and other content management systems, the creators of Ghost were able to raise £196,362 from a £25,000 goal.
Macaw raised $275,000 from a $75,000 goal. Macaw gained notoriety by providing designers with a tool which allows designers to write code straight from the design view.
So, yes, software projects can be successfully crowdfunded, provided there is a solid strategy behind the project.
Hold Up, Not So Fast
Before you go out and put your project idea up on a major crowdfunding site, it’s crucial to note a few key facts.
Smartphones no longer carry the corporate stigma that they used to. The decline of Research in Motion and the Blackberry has opened the doors for many companies to allow employees to use their iPhone and Android devices for both work and personal use, rather than providing them with dedicated corporate devices. Although the bring your […]