Developing WordPress for Limited Bandwidth

What goes into building websites for the developing world? Is it something that your company or your development team considers? Having grown up and worked on many internationally recognized websites in South Africa, a country with major socio-economic divides, building websites that individuals can access with out the use of the latest technology and up to date browsers is an incredible challenge, requiring a deep understanding of almost every aspect of the development process.

This talk, using a data-centric approach, will show business owners and developers how to work and develop with clients whose websites need to be accessible and optimized for the developing world.

Tired of building disposable websites? Learn to build with maintenance in mind

Most websites are disposable – they are built once and not changed until they are replaced or turned off. Frequently, this is despite the best intentions of the original owner, designer, or developer.

But some sites and applications are made to last – to be updated frequently as part of doing work, for weeks, months, or even years. These sites are an integrated part of a high-performing business or organization – one that can do a job well, and then adjust quickly to meet changing business needs.

In this talk, we will explore best practices that smart developers use when building things to last for years. In addition to technical design and development topics, we’ll cover some of the human factors that are at play in IT projects, especially when it comes to WordPress:

WordPress as a critical tool for business (not just as a workaround to IT policies)
Themes and plugins and custom development (how not to paint yourself into a corner)
Ownership through collaborative construction (how to avoid hand-offs that disappoint)

Building scalable enterprise applications with WordPress

I’m going to show how we can improve our code using skills from the wider PHP world. I’d like to shatter the idea that enterprise applications and WordPress don’t mix. WordPress can be a great platform to build enterprise applications.

The end result, a code base that is lean and scalable. A process that lets you bring on more developers as required. In particular, I will be discussing how to separate theme development from application development, the elegance of using MVC (Model, View, Controller), taming URL rewriting and embracing custom database tables.

Ultimately this lets developers pitch for larger projects using the skills they already have.

Securing SVG Uploads in WordPress

Designers and developers are increasingly using SVGs to replace standard image formats. That’s all well and good, but they may not be aware of the inherent security risks that come with allowing users to upload them themselves.

In this talk I aim to explore some of the main issues that surround SVG uploads and why we’ve not seen this feature in WordPress yet. We’ll also look into why they need to be sanitised and the problems that can occur if we don’t properly secure them.

An Introduction to Unit Testing (for WordPress)

If you are a software developer, you might have come across the term “testable code”. Almost always when someone refers to it they do it in the context of unit testing. So in order to understand, and then learn to how to write, testable code, you first have to understand unit testing. And this is what this talk is all about.

Thorsten first provides a high-level overview of unit testing in general, and classifies it in terms of test level, and testing methods and techniques. He then explores and explains different possible units. The second part of the talk is dominated by one of the key principles of unit testing: testing in isolation. What is it? How can it be done? What is this mocking that pops up here and there? Next, Thorsten shows different unit test examples, involving both PHP and JavaScript, and highlighting different (yet simplified) aspects of real-life code. Thorsten concludes with a few tips for writing good unit tests.

Uncommon (Ab)Uses of Composer

Composer is a hugely flexible tool that works reliably on all but the most obscure hosters/platforms. What’s more, it provides a plugin system that lets you pull external code from a repository and have that code hook into the normal Composer execution flow. The logical conclusion is that Composer is used for much more than just pulling in dependencies.

We’ll start this session with a quick look at the basic mechanisms that make Composer as flexible as it is. Then, we’ll go through some of the more useful and/or exotic examples of how to use Composer for solving problems that it wasn’t really meant to solve.

How We’re Using WordPress as a Headless CMS

1. What is a headless (or decoupled) CMS
2. Why use WordPress as a headless CMS
3. Tools and process of building a headless site
4. A basic example and some gotchas we found
5. The Future is (probably) headless

Security Is a Process, Not a Plugin

In 2000, the internationally renowned security technologist Bruce Schneier wrote: “Security is a process, not a product”. In the same essay, he wondered: “Will we ever learn?”. Apparently not.

How many times have you considered your WordPress application security only once completed? How many times have you installed a security plugin and thought it was enough? Securing a web application doesn’t mean installing a plugin just before deployment. Not at all.

I’m very passionate about security and I’d like to share my thoughts with you. My focus will be the security awareness related to web applications. Is WordPress secure? I will answer this question very clearly. And you’re not gonna like it!

Content Security Policies: Let’s Break Stuff

Content Security Policies are another tool we should have in our security toolbelt to help protect users of our sites. In this session you’ll learn what they are, why they’re needed, how they work and the limitations on what they can & cannot do to protect users.

You’ll see a demo of attacks a CSP will block, you’ll see a site broken by a CSP, show what the different CSP directives & options will do and be introduced to some of the tools available to help with implementing a CSP on your sites!

When to Use the API

As the WordPress API matures, this is an important moment to take stock and consider the best use-cases. We’ll briefly take a bird-eye view of the API, before deep-diving into different ways the API has been deployed.

We’ll see examples of the API as an integration tool for running dual CMSs, as a public-facing queryable dataset, as a big data visualisation tool and as a way to share large sets of data.

Along the way, I’ll share ways to make your API implementation more efficient, and share some of the pitfalls and mistakes we’ve made.

We’ll take a look at decoupling both the front end and back end of WordPress, and answer the obvious question: why continuing using WordPress?

Key takeaways:

  1. The API liberates data outside of WordPress and projects like Gutenberg – breaking content into modular content blocks – will change the way WordPress considers data relationships.
  2. The API is driving a new Enterprise Stack – with each element the industry leader in its field – including WordPress as the fast moving publishing solution.
  3. Decoupling the front – using technologies like React – & decoupling the back – using technologies like Elasticsearch – begs the question: Why continue using WordPress? The answer is that clients, content teams, editors & authors all over the world have built a passion for WordPress for its ease of use and friendly interface. This strength should never be underestimated.

A couple of years ago Joe Hoyle introduced us all to the API – then last year we had a lot of HowTo talks across different WordCamps. Now is the perfect time to look at when to use the API & looking at some real-world examples.