Phil Wylie

WordPress developer, Code Club volunteer & Staffs Web Meetup organiser

June 26, 2015 1

Estimation is difficult

To know how long something will take to do before doing it, is notoriously hard. Yet, as web developers, we’re often asked to give time estimates. In my experience, estimates become quotes which then become deadlines. Therefore, estimation is stressful. Estimation is difficult.

With a small job, it’s pretty easy to guesstimate. You know you have a development site ready to go, the project setup in your IDE and all the server credentials are plugged in ready to push your work live. A small change can be made, tested and pushed live fairly quickly. There isn’t much to go wrong, so it’s simple to estimate.

When dealing with a larger job, or an entire project, it becomes more difficult to accurately estimate. The technique I use, is to break down all the back end functionality, all the front end work and put a time against each task. This process helps break down a complex system and allows me put together a sensible time estimate.

Let me introduce you to bits in-between

Bits in-between are those unforeseen, necessary tasks which tie a system together. They’re the bits you don’t think of when breaking a system down. It’s the research, the trial and error, the page refreshing between code changes, the testing and committing work into version control (with a description decipherable by other humans). Outside of the programming itself, it’s the discussion, the unknown number of emails back and forth between you, your project manager and the client, signing a ticket off and finally, completing a timesheet entry.

The concept goes… when estimating a small job, there are not many bits in-between. The larger the project, the more bits in-between need to be accounted for.

In my mind, bits in-between are different to contingency. Contingency is a buffer added to an estimate when putting a quote together. It’s a different problem, to understand the complexity/risk involved and to quote accordingly.

Estimation isn’t an exact science but its part of the job. It’s certainly not something I was taught about. We learn by experience, and I do believe it gets easier, or, at least, less stressful. Over time, you can get a good feel for how much time those bits in-between can add to a task.

When asked how long something will take, it’s tempting to come back with the first roughty figure which pops to mind. I’d say, don’t be afraid to take a step back. In your mind, the coding itself might just take a few minutes. However, what you should come back with is an overall picture, including the bits in-between.

April 27, 2015 0

How to protect your WordPress site

I recently contributed towards an article on WordPress security and thought I’d write up my advice in full over on my blog. This is particularly relevant in light of recent vulnerabilities in WordPress and a number of high-profile third party plugins.

The most important steps you can take to secure your WordPress site are not necessarily specific to WordPress. Good password practices and keeping your software up-to-date are often overlooked. In my experience, the root cause of security incidents tend to be a trusted administrator with a bad password or an exploit in an unpatched, third-party plugin.

The basics of security

Password security

A strong password doesn’t use dictionary words, it’s made up of a combination of mixed case letters, numbers and symbols. It’s important to use a unique password for every website. Not only because a security breach on another site could give up your password, it could also make it possible to access your email and therefore an attacker could request a password reset from your WordPress install.

Password management

I’d strongly suggest looking into using a password manager such as 1Password. You’ll be able to generate strong passwords and not have to worry about remembering them all. There are also tools around which limit the number of incorrect login attempts. Thwarting automated password attacks. If you already have Jetpack installed, check to see whether Jetpack Protect is enabled, otherwise look into something like Limit Login Attempts.

Keep all your software up-to-date

In terms of keeping software up-to-date, WordPress has a built-in update mechanism to keep itself, it’s themes and plugins updated. Running the latest version of each means you’ll benefit from new features, bug fixes and crucially, security patches.

You can access the Updates screen within the WordPress Dashboard to see and install available updates. The WP Updates Notifier plugin can email you when an update is made available for your WordPress site, saving you from having to manually check.

Managing multiple WordPress sites? Use the tools available

If you’re looking after a number of sites, there are some brilliant remote management tools available. Jetpack now includes a Site Management feature which has many of the useful features the more established services such as WP Remote and ManageWP offer. From one interface you can get an overall feel for the status of your websites and remotely install updates.

The threat from premium themes

WordPress itself has a strong security track record and as outlined in The WordPress Security White Paper, has a dedicated team of professionals responsible for ensuring vulnerabilities are dealt with in a structured and efficient way.

An issue I’ve seen causing pain recently is premium WordPress themes which come bundled with plugins. The idea is to provide additional functionality and value to the end user. However, as the theme author is the licence holder for the bundled plugin, it is their responsibility to update and distribute the patched files. As the site owner, you might not even be aware you’re running out-of-date, exploitable code.

Adding any third-party code to your WordPress installation increases the potential for introducing vulnerabilities. You should source your themes/plugins from the official repositories or from reputable developers who provide a clear update process.

April 21, 2015 0

How to avoid Google’s slow label – benchmarking

This is a post written for the iWeb blog taking a look at a number of website benchmarking tools and services. Useful for pinpointing performance issues which can be improved upon.

For a long time Google have advised the web community that site speed is taken into account as a ranking factor. The move to displaying a publicly visible “slow” label may be the push site owners need to take action…

How to avoid Google’s slow label – benchmarking

April 1, 2015 1

Can you point me in the right direction?

I provide web development and associated services to a small number of clients I’ve picked up over the years. This post is based on my humble experience freelancing and is aimed at those who, like me, are providing a service on a small scale.

Every so often I receive a question from a past client. I try to get back quickly and generally, I don’t mind as it feels good answering little questions and helping people. But those quick email exchanges add up and without an ongoing agreement, it’s a cost that I (and I imagine others) absorb because often those questions lead to billable work.

This lead to an interesting situation recently where I received a question worded with a subtle difference:

“Can you point me in the right direction?”

Many clients don’t understand the troubleshooting process that web developers and IT folk undergo in order to determine the nature of a problem. I imagine this isn’t unique to this industry. There’s value in knowing where to look and how to resolve a problem.

In many cases, it’s the troubleshooting process that accounts for the majority of time spent resolving an issue. Sometimes, the solution comes in the form of a simple flip of a switch, ticking a checkbox that’s buried deep within a settings interface. It might take an hour to find it, but it’s there.

Website owners should plan on paying a monthly maintenance fee to cover the costs associated with troubleshooting, updating and problem resolution. Unfortunately, this is easier to conclude with hindsight. My younger self wasn’t aware that these simple content sites might stick around for five, even ten or more years.

The takeaway? Make it a point to charge your clients for ongoing maintenance. I suggest discussing maintenance early on when you take on a new client. Bundle basic support along with CMS updates and regular backup. Then you can cover those quick questions which would otherwise be covered out of pocket.

March 27, 2015 0

A skewed perception of value

WordPress makes it easy to put a website together but it doesn’t necessarily make web development easy.

For many, WordPress works out-of-the-box and with the vast ecosystem of both free and low-cost plugins, beginners can patch together a reasonable website packing serious functionality within a short space of time, with minimal upfront cost.

The mission of the open source WordPress project is to democratise publishing and of course, in many ways it has achieved this goal. However, the simplicity and low barrier to entry hide the true cost of web development.

Mario Peshev wrote about value a while back after receiving an enquiry. The client outlined their requirements, to alter a plugin to include their bespoke functionality. The client laid out their expectations, “the plugin costs $25 so I estimate the change would probably cost around $15”. It’s clear this client undervalued the work involved in custom development.

WordPress is a great tool to get a project going quickly. It’s fairly rewarding to work with. A lot can achieved out-of-the-box and you can end up feeling that anything is possible! However, once you stray outside the basics of strapping a theme together with a few plugins and need something custom, that’s when you realise web development is complex and WordPress is no different.

Newer Posts
Older Posts