WordCamp St. Louis was held this year again at Washington University St. Louis on May 14-15 2016. Over all it was a good time I always enjoy going to WordCamps. I figured I would post my notes here like I did last year just cause. I have added the slides that where available as of this posting you can checkout the full listing here. Some of the later notes on Saturday kind of trailed off because I decided to fix my blog after a few issues with Github Pages and Jekyll 3. One of the downfalls to Jekyll being so easy to write with being Markdown at its core and all makes it sometimes difficult to upgrade.

Saturday May 14, 2016

Plugin development 101

Optimizing Your Themes for Responsive Images in WordPress

React.js Powered Themes

WordPress Query Optimization and Best Practices

  • update_post_meta => false Primes the post meta cache
  • Only disable update_post_meta when you are sure that no post meta will be used
  • wp_cache_set (docs) and wp_cache_get(docs) caching for a single request cycle
  • Transients can be used for persistent caching

Code Review: Keeping Things Secure, Clean, and Performant

  • Slides
  • Why? Helps your code be safe, scalable, readable, and learning
  • WP Enforcer
  • VIP Quickstart - Vagrant
  • Use pull requests for code review
  • Diff reviews can work too
  • Make part of your culture
  • NEVER skip code review

Struck By Lightning

Sunday May 15, 2016

Hardening WordPress, Again

  • WordPress 4 major releases since March 2015 (St. Louis WordCamp 2015)
  • Panama Papers - Revolution Slider vulnerability
  • ImageMagick vulnerability
  • Update your sites
  • BruteProtect -> Jetpack Protect
  • 98% vulnerabilities in WordPress security updates due to 3rd party code
  • Automattic Security White Paper
  • Include maintenance on fixed bids
  • To help prevent attacks you tradeoff convenience for security
  • Security is not just on WordPress
  • DNS Proxies
  • Network Firewall
  • Server Firewall
  • Web App Firewall
  • Plugin firewall
  • OSI model
  • Machine BFD (CPHulk)
  • Update permissions so only uploads are writeable unless you are upgrading WordPress

Automating WordPress Plugin Development with Gulp

Podcast Panel

  • Building Google PageSpeed module for NGINX sucks…
  • It was a good panel but see previous note.

Why WordPress Works this Way

  • G.R.I.P.I. (Goals.Roles.Information.Process.Interpersonal)
  • Unified project philosophy
  • Philosophy driven development
  • Democratize publishing
  • WordPress should work out of the box
  • As little configuration as possible
  • Design for the majority of users
  • Solid array of basic features
  • Users shouldn’t have to know/care what version of PHP they are on. (I agree but they should be aware that it needs to be upgraded from time to time. Just like a cars oil you wouldn’t go 10 years without changing your oil…)
  • Decisions not options
  • Options are expensive
  • Havoc Pennington - Author/Writer
  • Options hard on QA and UI
  • Striving for simplicity
  • Accessibility
  • Deadlines are not arbitrary
  • Document flows
  • Don’t just study the code. Philosophy is important as well
  • Philosophy drives development

Casual AMA/Hangout/Networking/Closing Notes

  • I still do not understand why Genesis Framework is helpful. If the biggest value is to add hooks to templates you could have edited on your own just does not make any sense. I guess if you view it from an implementor instead of a developers mind set it would make more sense.