Bessie Smith Cultural Center of Chattanooga

When you post a video or include it in your content, chances are that you don’t want to have to hunt around for a featured image to accompany it. However, many WordPress themes look their best with featured images in the homepage, category, and archive templates. Without featured images, many image-dependent designs can break or look inconsistent.

Automatic Featured Images from Videos is a new free plugin from the folks at WebDevStudios. Created for sites that are heavy on video content, the plugin will automatically grab the thumbnail of a YouTube or Vimeo video that occurs within the first 1000 characters of a post.

I tested the plugin and found that it works unobtrusively in the background. It doesn’t require anything extra when adding a video in a post. As soon as the draft finishes saving, you’ll see the new featured image assigned. The screenshot included here shows videos from both Youtube and Vimeo with thumbnails automatically added by the plugin.

Automatic Featured Images from Videos currently only works with a full URL, i.e. http://www.youtube.com/watch?v=ScMzIvxBSi4 and does not work with a shortened URL like http://youtu.be/ScMzIvxBSi4. It also works when using the full embed code. I spoke with Brad Parbs who said that the team is currently working on a patch to ensure that the shortened URLs work, too. They also plan to add a few more popular video services in a future release.

If you post a lot of video content, then the Automatic Featured Images plugin will be a real time saver for you and will keep your homepage and archives looking colorful. Download it for free from WordPress.org.

Loco is a free service for managing and editing software translations. Many WordPress plugins and themes include language files that make it possible for users to translate the text strings. Loco offers a place to manage assets associated with translations and easily collaborate with translators:

The service also offers a PO file editor that works just like Poedit, except directly within your browser. You simply drop in a PO file to edit – no account required.

The service analyzes the file and prepares it for translation in the browser. Once you’re finished editing, you can download the updated .po and/or .mo files, or create an account (optional) and store the files with the Loco service.

Loco Translate Lets You Translate Plugins and Themes in the WordPress Admin

Tim Whitlock, founder of the Loco translation management system, created a WordPress plugin that allows users to translate plugins and themes directly within the WordPress admin. Loco Translate brings the PO editor into the admin under the Tools menu where you view and manage all available translations for your plugins and themes:

Select from any of the available packages to start translating strings in the admin with the Loco PO Editor:

When you save a new PO file, Loco will try to compile an MO file in the same location. It was designed to work purely with PO files and allows you to keep them up to date with the source code without the interim step of maintaining a POT file. The plugin includes the following features:

• POEdit style translations editor within WordPress admin
• Create and update language files directly in your theme or plugin
• Extraction of translatable strings from your source code
• Native MO file compilation without the need for Gettext on your system
• Support for PO features including comments, references and plural forms
• Configurable PO file backups

Loco Translate does not currently have the ability to automatically translate your project; it is only capable of handling the manual entry of translations. However, Whitlock is working on integrating some automatic translation services into the plugin in a future release.

The Loco service and Loco Translate plugin make translating WordPress themes and plugins much more convenient. It eliminates the requirement of adding an additional translation program to your machine and the task of moving files back and forth. Hosting your files on the free Loco service is entirely optional, but it has the added benefit of providing a centralized place for translators to collaborate on your project.

You don’t have to be a developer to use Loco’s browser translation tools. Having those tools at your fingertips in the admin might make it easier for your average WordPress user to create their own custom language files. Check out Loco Translate on WordPress.org. Do you think if it offers a more convenient solution than what you’re currently using?

While there are plenty of plugins that help monitor changes to a site such as Stream, maybe you want a text message when specific events happen within WordPress. A brand new plugin called WP SMS Notifications, developed by Jeff Matson, fulfills this role. The plugin supports both International and US carriers without the need to use an external API. After activation, you’ll find the settings in a top-level menu item titled WP SMS Notifications. You can configure notifications for the following events:

Text messages are sent immediately after being triggered. If you have a limited amount of text messages as part of your mobile plan, be careful with enabling notifications for when a post is updated. Each time a draft post is saved, published, or a published post is updated, a notification is generated. This could quickly use up your available text messages, especially if you’re using it on a multi-author site.

Here’s the text message I received after updating a plugin. As you can see, there is just enough information to tell you what happened.

One thing I’d like in a future version is a cleaner FRM message. Instead of detailed information of the mail server, I’d rather see which domain generated the message. This would be especially helpful if the plugin is used on multiple domains.

I asked Matson what motivated him to create his first WordPress plugin. He said, “It’s been a long time since I’ve done any real development work so when I entered the office on a Friday morning, I decided I would use that desire to make something useful for the community.”

Matson recommends that you don’t use this plugin in a production environment just yet. He needs a group of beta testers to discover bugs and is accepting feature requests to help him plan his roadmap. You can find the plugin on Github where pull requests are welcome. Support is being handled through the WordPress.org support forum.

If you have feature requests or feedback, let us know in the comments.

Eventually, you have to talk about cost.

If you’re a consultant, as I am, you’ve been asked how much your services cost. And you have to make some decisions:

• What services am I providing?
• How many hours do I think this will take me?
• How much is this worth to the client, from a business perspective?
• Does the client have money? How about a business plan?
• Should I charge hourly or by project?
• Is this a one off thing or is there potential for a long term relationship?
• How busy am I? Do I need this job? Do I want it?

These questions are important. The answers are important. Gauging the client is important. Every interaction I have with the client helps me learn more about them and the project at hand, and affects what the cost will be.

Cost often also depends on market and location. I’m assuming I’m talking to an American audience in US dollars. What follows may translate well or poorly depending on your location and culture.

How much should a custom WordPress website cost?

I’ve built websites or been a part of website projects — all on WordPress — that have ranged in cost from under $1,000 to over $100,000, for complete websites.

So in short: it always depends.

This is why we can’t ballpark it for you.

And as Chris notes in that link, “Most people’s budget is 2-3 times smaller than their desires or expectations.” And if I ballpark anything specific it’s highly unlikely both of us will be happy once it’s all said and done.

A proper estimate costs money

An estimate takes time. Whether that time is in a paid discovery or a sunk cost I (the consultant) bring on myself is a different matter. Either way, estimates are expensive because they are time consuming. And I promise you if I spend a week on an estimate or proposal I’m putting that cost into the proposal, somewhere.

Who is the consultant?

There are some broad brush common price ranges I can establish for you. I’m trying my best to be specific with this post, though that’s really, really hard.

Let’s start by segmenting based on who you are working with. Basically, working with a freelancer will normally be cheaper than working with an agency.

Agencies have more overhead, more padding built in, are more worried about cash flow, and generally just tend to be a bit more expensive.

If you work with an agency, the risk of them falling off the map is generally a little lower, but they probably move a little slower too. And you’ll often have to deal with changing contacts as the project progresses (from sales to design to development to maintenance).

If you work with a freelancer, your risks are a bit higher they’ll disappear someday. It means vetting them is even more important than with an agency. But they also tend to move quickly and don’t juggle as many projects at once. You also have the benefit of working with (typically) one person that knows everything about your project, and you don’t feel like you’re constantly getting bounced around contacts like can happen in some agencies.

It’s possible to have a great relationship with a freelancer or with an agency. I think it typically depends on the client’s mentality and requirements as to determining which route is better.

In general, freelancers are great for jobs that fit the following criteria:

• The job is small enough for one person to handle the entire thing (note, most projects fit this category)
• The timeline is tight, and you want them to start quickly
• Communication channels don’t have to be too formal
• Big contractor agreements don’t have to be signed and the contractor doesn’t need insurance or other common big-business requirements

In general, agencies are better for the following criteria:

• You don’t want to risk your consultant disappearing
• You’re okay with a project structure you don’t define (most agencies have established processes)
• You’re okay with a multi-month project (I’d say most agency projects last between 2-6 months)
• You don’t mind waiting until you can be fit into their schedule to start (often 30-90 days… but great freelancers often have significant backlogs too)
• You want a dedicated project manager (some freelancers are phone-call averse)
• Your project will require multiple full-time folks working simultaneously, either due to deadlines or huge project scope

Freelancer rates vs Agency rates

I don’t want to get into hourly versus project billing. But either way, for most projects the consultant has to estimate the time it’s going to take them to build, and charge at least that. So I’m going to assume the consultant is not charging an amount enormously higher than their cost just because it’s worth it to the client.

Whether the consultant is an agency or a freelancer, I’m going to assume 50% “billable” or productive time. In other words, I’m only figuring that half of anyone’s day is spent actually building what’s being paid for. I think this is a good goal for most and also quite achievable with discipline. Also, I think that number is probably higher for your average web-worker in an agency, but still works as an average because managers and PMs typically won’t hit 50%, if their time is counted into direct costs at all.

I’m also going to assume the freelancer is billing an end client, not subcontracting to an agency where their costs go considerably down due to less PM and consistent work.

Finally, I’m utilizing these hourly rates as if it’s for billable work and known costs. So, if the rate is $100 per hour and the design will take 50 hours and the development will take 50 hours and you build in 25 hours for project management, it would be 125 hours and the project would cost $12,500. Profits, overhead, and everything else are “built in” to the internal hourly rate — just like if someone were billing the client hourly for the work.

Freelancer rates

• Beginner freelancer: $25-$40 per hour
• Intermediate freelancer: $40-75 per hour
• Good, experienced freelancer: $75 – $125 per hour
• Excellent, in demand freelancer: $125 – $175 per hour
• Specialist, best in industry: $175 – $400 per hour

Agency rates

• Small market general agency: $50 – $75 per hour
• Medium market general agency: $75 – $115 per hour
• Medium market reputable agency: $115 – $150 per hour
• Medium market high end agency: $150 – $175 per hour
• Medium market best in industry agency: $175 – $225 per hour
• Large market reputable agency: $150 – $175 per hour
• Large market high end agency: $175 – $250 per hour
• Large market best in industry agency: $200 – $275 per hour

When I say “best in industry”, I’m referring to an agency that’s made a name for itself in regard to something specific – maybe high-end WordPress websites, or Ruby on Rails, or websites for newspapers, or eCommerce. It depends.

When I talk market size, I mean the difference between working in big towns or small cities (small market), cities that are thriving but not huge like my own Birmingham, AL (medium market), or the type of city that’s got pro sports teams and 1 million+ people (large market). Not listed, but notable, are the mega-markets like New York and San Francisco types. I’m sure you can pay as much as you desire for services in such places.

Also, these are all guesses.

Please, please, please don’t take these guesses as offense. I’m purely trying to show you a picture of the landscape, as best as I see it.

I talk to a lot of people. I read a ton. I listen to a ton of podcasts. I go to conferences. But I’ve only worked at two agencies and freelanced on the side. But I think I have a decent take on the market, and I think this is a practical range to work with.

Consultants break their own rules all the time

Freelancers and agencies also break their own rules all the time. A great example of this is when you get an inquiry from a big brand.

If it’s a competitive bid, and a consultant wants that brand as a featured client, they could easily drop their rates by a third or more to get it — with the hope that that brand will make other folks want to work with them down the road. Sometimes this is effective, sometimes it’s a terrible idea. My guess is that referrals can come from anywhere, and generally bending your rates for a brand name is a bad idea; I also want to do it in the heat of the moment all the time.

There are other times consultants break their own rules or don’t follow their internal rates. Consultants may charge less if it’s a client they work with over and over and know the true costs better. Consultants may charge less for non-profit organizations, or may charge less if a retainer is promised, or may charge less if work is slow, or may charge less if they get emotionally invested in the bid. The list of ways to break the guidelines goes on and on.

Who is the client?

The client is a huge factor in price. In short, if I gauge that a client is going to be difficult, it affects the client multiplier I put on the overall project cost.

What is a client multiplier?

Well, I’m glad you asked! Over a number of years, I’ve started to pick up on client qualities that end up costing money. Here are some things that can get expensive:

• The client doesn’t have a single point of contact (multiple people always have to be looped into communication)
• The client contact has to get some form of committee approval
• The client contact isn’t decisive, or doesn’t seem capable to play the “consultant advocate” role well internally
• The client has a lot of red tape for decision making
• The client’s payment schedules are really bad (as in, I might not get paid for work I’ve done for months)
• The client contact is prone to huge email threads over small issues
• The client contact wants daily/frequent phone calls or meetings
• The client doesn’t have a clear business plan, and will require a lot of advising

These are mostly people and organizational things. They have little to do with the actual project.

Let’s say the work for a project will be around $20,000. I usually add up these client qualities that could get costly from a project management perspective and apply them to the overall cost.

In a $20,000 project, it’s not uncommon for $5,000 of that to be project management costs. If I decide there are enough concerns to warrant 50% higher PM costs, the project gets a $2,500, or 12.5%, increase in overall project cost.

Looking for client qualities that trigger higher costs is important as a consultant. And for potential clients out there: keep in mind that your qualities (organizational and behavioral) affect your consultant’s price.

Costs ranges for different types of websites

There are many types of websites, and each has their own potential costs associated.

The many different types of websites

I tend to rank sites in complexity like this:

• Simple blog (2-3 views): Archives and single post views only, and a pretty typical layout.
• Simple brochure site (2-4 views): Fairly standard but custom home page design, page layout. Stock archive / blog setup with little to no customizations.
• Complicated blog (4-6 views): A bunch of “out of the box” styles for various templates, requires attention to detail on archives, single posts, and other stuff like post formats.
• Marketing site (3-7 views): Basically a mashup between the simple brochure and complicated blog. Requires more designs to be made and the home page might be a little more advanced than the simple brochure.
• Business website (5-12 views): Similar to a marketing site, but often includes a couple of custom content types that require design and code, like events, testimonials, services, etc.
• eCommerce website (10-25 views): Could be a mix of any of the websites above, plus all the needs in eCommerce (like cart/account/checkout views, and tons of configuration considerations). This is often a huge PM bump as well.
• Big non-profits or advocacy sites (10-30 views): I’ve found that non-profits and advocacy sites are pretty much the holy grail of wanting everything on a budget. These are really hard to keep in scope because they often have the same needs of big businesses, without the budgets.
• Big business website (12-30+ views): Big business websites are like regular business websites, but more of it. They often have lots of custom content types, advanced searching needs, tons of content, and perhaps some fancy user permissions needs. And of course potentially much, much, more.
• Big scale: You can take pretty much any of these types of websites and then say you need it to handle millions of pageviews per month without breaking a sweat, and a whole new layer of complexity comes into play.

The hours it takes to build these different types of websites vary can vary tremendously; it depends on the consultant’s experience, whether they’ve done similar work before, how many “gotchas” appear in the project, how particular the client is about any given feature, and more.

However, I tend to believe in a few key concepts about pricing.

Pricing views

Generally, I try to estimate how many unique views a website has in order to wrap my head around how much it’s going to cost.

What’s a unique view?

• The home page is a unique view.
• The archive page is a unique view. Though archive pages could be category, search, and more all combined in one unique view.
• The blog “post” page is a unique view.
• The generic “page” template is a unique view, though can sometimes be mashed with the post view.
• Custom page templates — like fancy about us pages, or a key landing page — are unique views.
• Custom post types are often unique views — sometimes in the traditional archive/singular sense and other times the way it sits within another view: like how an FAQ content type may fit into a regular page.
• Variable sidebars within sections of the website can be unique views

Unique views aren’t always obvious. I usually figure out more necessary unique views depending on how my discovery conversations go with the client.

What’s important about unique views is that they are excellent for estimating design time, and they at least can help guide estimating development time.

If a unique view requires a comp (design preview for the client), then that’s a relatively set number of hours for design that are required. If it doesn’t require a comp, I usually still build in some time for the designer to quality check after it’s been developed, so they can make sure it looks good.

Designing a unique view, from the ground up, could take a designer between 4 and 10 hours depending on the complexity; and for certain complex or innovative views that number could hit upwards of 20 hours. Just for design.

Also, design requires a base set of hours to establish the overall tone of the website and to design things that are rarely considered with unique views, like the header, footer, and overall style guide. The base elements and style guide for the website could easily range between 10 and 100 hours. Yes, I know that’s a ridiculous range. You should be accustomed to this by now.

So, we’ve sort of established a framework for pricing the design of unique views. Developing them is a different story.

Development must be carefully considered. Generally, my rule of thumb is that every design hour should get a development hour to go with it. But development hours can easily break that rule, especially when you are developing something complex. I use that rule for when the thing being developed is a known entity — like if you’re building a custom post type for a team page or something.

Development hours can be literally anything for wholly custom functionality, and that is completely outside the scope of this post. Development can cost millions of dollars.

Pricing Content

With WordPress, you can add as many posts and pages as you want. This is true. I’ve also found that the more posts or pages the client’s existing website has (and expects to transfer to the new site), the more complex the new project will be.

I don’t have a perfect factor for increasing the price of a proposal because there is a lot of content, but I have some levels that I consider worth noting.

• If there are less than ten pages, no big deal.
• If there are more than 30 pages, you better start thinking about structure.
• If pages are hierarchical (lots of parent > child page relationships) it’s going to cost strategic thinking time.
• If there are hundreds of pages, there’s either a problem or a lot of strategy and design consideration to be made.
• If there are thousands of blog posts, taxonomies (category / tag handling) and search are going to be important to consider, and will probably require more cost.
• If there is a lot of content (of any sort), navigation needs to be uniquely priced for internal quoting purposes.
• If it’s a multi-author blog (likely with big blogs), it’s going to need special consideration.
• If pages or posts need editorial workflow (section management, change or publishing approval, etc), it’s going to need special consideration.
• If the current CMS isn’t WordPress, the migration is a huge deal and you need some great language and details about how that’s going to happen.
• If the current CMS is WordPress, you need to know what plugins or custom code is potentially creating shortcodes or other weird content handling (maybe with custom fields), or what other bad practices may have taken place and need to be accounted for.

These are just some quick thoughts on content. There are more, but this is a great starting point.

Custom design vs a pre-built theme

You may have noticed I have not once brought up the question of whether the website is built using custom design or with a pre-built distributed WordPress theme.

Websites cost money for many reasons beyond the base styles.

Yes, custom design costs more than pre-built themes — until you try to add functionality to or modify the way something works in a template. Then you want to cry and run into a hole and pity yourself for having charged less money for using a pre-built theme.

For small sites, the question of custom vs pre-built themes is a big one. As the site gets bigger and more complex, the savings for using a pre-built theme are far less and can easily invert.

In short: clients shouldn’t get too excited about the potential cost savings of pre-built themes and consultants should be careful about charging less for them.

Pricing is hard

Are you confused? Good.

Pricing is hard. Really. Hard.

People write books on this subject. I’ve written over 3,000 words and I’m not sure I’ve done it any justice at all.

Custom website prices

Okay, so after all of this, how much is it, you ask again? Hopefully now you realize it could be anything. People are not kidding when they say $1,000 or $1,000,000 (or more!).

However, in the interest of being helpful, I think here are some “ballparks” to consider:

Can you get a custom website for under $3,000? Yes, but be very careful, and know your risk of getting something imperfect is high.

If you work with a good freelancer, I think ~70% of custom websites for average folks and average businesses will cost between $3,000 and $15,000.

If you work with a good agency in a medium market, I think ~70% of custom websites for average folks and average businesses will cost between $8,000 and $40,000.

This difference from freelancers is because larger sites will naturally gear toward agencies, and agencies will be less likely to take on smaller projects if they can take bigger ones instead. That said, some agencies love the small jobs, because they get really good over time at doing quality work in less time than the competition.

If you work with a best in business freelancer to build something special (whether a simple blog or complex website), you’ll probably spend between $10,000 and $50,000+. The freelancer you work with will probably utilize a team of other subcontractors in this scenario, because it’s rare for someone to truly deliver all the things you need running solo.

If you work with a best in business agency to build something special (whether a simple blog or complex website), you’ll probably spend between $15,000 and $100,000+. Most agencies will self-perform the work, and often times you can expect them to be available for retainer contracts, hosting / maintenance agreements, and other long-term relationship style services.

It’s also worth noting that in large projects, it’s very common to break them into multiple projects and phase them. This is very typical with six-figure clients, and in these scenarios it’s not uncommon for some agencies to have million dollar per year clients, whether billed hourly, by project, or a combination of both.

I write this post for three audiences:

1. Clients looking to hire a consultant, and not knowing what to consider when comparing costs
2. Consultants trying to wrap their head around pricing
3. Me, because I’ve been building websites for years and pricing them for a couple of those years, and I’m not even close to having it down

I hope this has helped you, and I apologize if it offended you.

If you have more to add, please let me know in the comments. I know many of my readers have much greater wisdom on this subject than I do.

January 2014 marked the first month that mobile traffic has overtaken PC traffic on the internet in the US, accounting for 55% of Internet usage. As mobile traffic is on the rise, designing in the browser has become more popular, as it offers better tools for testing sites against various devices.

Responsible is a plugin that adds viewport resizing to the WordPress admin bar with support for six different device sizes. If you’ve ever used a browser bookmarklet in the past to test how a site appears in different devices, the Responsible plugin essentially replicates that same experience within the WordPress admin. It adds a little viewer icon to the admin bar, which refreshes the page with the viewport resizing panel.

Clicking on the device icons will automatically resize the site, whether in the admin or on the frontend. Below is an example of viewing a website at iPhone dimensions:

Responsible includes the following common viewport sizes for testing, in addition to custom sizes:

• Mobile: 320×480 (Portrait), Ratio: 2:3
• Apple iPhone 5: 320×568 (Portrait), Ratio: 40:71
• Small Tablet: 600×800 (Portrait), Ratio: 3:4
• Tablet (e.g. Apple iPad 2-3rd, mini): 768×1024 (Portrait), Ratio: 3:4
• Widescreen: 1280×800 (Landscape), Ratio: 8:5
• HDTV 1080p: 1920×1080 (Landscape), Ratio: 16:9

If you prefer using the the tool as a bookmarklet, the plugin comes with a filter that allows you register a custom bookmarklet. You can then generate your own bookmarklet using the Viewport Resizer tool.

Responsible is perfect for designing in the browser with WordPress or for some quick responsive testing when you don’t have access to all the different devices. Download it from WordPress.org or add it to your site via the admin plugins screen.

Have you ever wanted to remove access to the WordPress dashboard for a user but didn’t want to touch any code to do it? Remove Dashboard Access by Drew Jaynes makes it an easy process. After activating the plugin, I found it difficult to locate where the configuration settings are. The settings are at the bottom of the Settings > Reading page. I also discovered a quick link to the settings on the plugins management screen.

You can remove access based on a user’s capability, or if they’re part of the Administrator, Author, or Editor roles. This is great if you don’t have any users assigned to roles provided by plugins like Edit Flow or if you created custom roles though the Members plugin. If a custom role has a specific capability separate from other roles, you can use the Limit By Capability feature.

Settings To Control Who Has Access To The Dashboard

For those that don’t have access, you can redirect them to a specific URL. You can also choose whether or not they can use the dashboard to edit their profile. Last but not least, there’s a box provided to create a custom login message. The plugin removes access to some of the built-in WordPress Toolbar menu items by default. However, if you want to remove toolbar menus from other plugins, you can follow the guide on the plugin’s other notes page.

Remove Dashboard Access works great for its intended purpose but if you need more granular control over which roles you can remove access from, you’ll need to look elsewhere. The plugin can be found on the WordPress plugin directory or on Github. Jaynes openly invites pull requests.

Do you know of a plugin that has a similar feature set but supports custom roles?

WPCore landed in the WordPress plugin repository this week. The plugin extends WordPress to interact with the new WPCore service that allows you to create and manage plugin collections. The new WPCore plugin lets you bulk install all the plugins from any collection in just one click. The service was created by Stuart Starr, an application developer with a penchant for launching what he calls “brand new and relatively useless web services.” In this case he may have actually launched a useful one.

Your average WordPress site needs at least a few plugins to add basics like contact forms, SEO, galleries, etc. More specialized sites can require a dozen or more related plugins in order to provide more complex functionality like e-commerce, social networking, forums, or event management. This is where having a collection ready to install can save you some time.

Once you sign up for the free service, you can start creating your own public or private collections on WPCore.com. Private collections will not appear in the collections directory.

Start typing in plugin names or slugs to add them to the collection. The search box autosuggests plugins as you type:

As you can see above, each plugin collection is assigned its own unique key. Once you’ve added all the plugins you want to your collection, you can then paste this key into the WPCore settings page:

This will pull up all the plugins in the collection and link to a bulk install page in the admin:

The handy thing is that you can grab the key from any collection to bulk install the plugins; it doesn’t have to be one that you created. You can browse the WPCore Collections directory to find other public collections that users have already shared.

Collections can be shared, edited and/or deleted, and made private at any time. The concept is very similar to what the WP Install Profiles plugin provides with its corresponding service. The WP Roller service is another app that attempts to do the same thing but also allows you to customize a few extra settings in the process. So far, none of these services have grown to become mainstream tools for WordPress developers.

The WPCore app was built with Laravel and Bootstrap. After testing the app and the plugin, I can confirm it is user-friendly and provides a super fast way to install a long list of plugins. Making the most of WPCore requires having your collections set up already and a necessity to install the same plugins on multiple sites.

For those building WordPress sites regularly for clients, the tool can be a real time saver. Once your collection is set, you no longer have to spend time trying to remember all the plugins you need for setting up new sites. It’s also an easy way to share your recommendations with new users and other developers. Check out WPCore and let us know if this is a service you’re likely to use.

The New York Times writes about how The New Yorker is overhauling its design and online presence, including experimenting with paywalls and this wonderful nugget:

The new site, designed to be cleaner, with new typefaces, will be based on the WordPress publishing system. It is expected to be easier to navigate for mobile users — among the fastest-growing segments of the readership.

The New Yorker is one of my top 3 favorite publications in the world, and I’m very excited they’ll be using WP for their next chapter.

Theme Hybrid released Hybrid Core 2.0 today after many months in development. The framework, created by Justin Tadlock, powers this site and many other WordPress sites on the web. Version 1.0 was first released in October 2010, built from the engine that made up the base of Tadlock’s popular Hybrid Theme.

Since that time, Hybrid Core has been downloaded hundreds of thousands of times. Version 2.0 includes more than 200 commits and several major changes that will be important for users and theme developers to know about.

Composer Support

Tadlock credits Andrey Savchenko (@Rarst) with helping to add Composer support to Hybrid Core. Composer is a dependency manager for PHP that operates on a project-by-project basis by pulling in all the required libraries to manage them in one place.

Hybrid Core now includes a composer.json file and those familiar with Composer can find the package link on Packagist. Please note that using Composer is optional and not required for using Hybrid Core. For more information on getting started, check out @Rarst’s mini guide on using Composer with WordPress.

Trimming the Framework

Hybrid Core 2.0 is a return to the basics of WordPress theme development in that it further separates functionality from presentation. Tadlock took a blade to the framework and sliced out a sizeable chunk of legacy code, opting to support accompanying plugins to keep the core lean.

Widgets have been completely removed in favor of the Widgets Reloaded plugin, which Tadlock recommends users install if they want to keep their widgets. Entry Views was converted into a WordPress plugin in order to help keep the framework more modular. Several extensions were dropped entirely, along with post and comment-related template shortcodes and deprecated functions prior to 2.0.

Theme developers will be particularly interested in the new attribute system which allows for more flexibility than using body_class(). It includes built-in support for ARIA and Schema.org microdata.

Hybrid Core 2.0 also organizes all of the framework’s template tags into a /functions directory and introduces many new tags for theme authors. “Most of them are on my WordPress ‘wish list,’” Tadlock said. “So I hope to eventually see them added to core WordPress. They are functions that I believe are hugely beneficial to theme authors.”

Overall, Tadlock was able reduce 66 KB from the Hybrid Core zip file, while adding new features for theme developers at the same time. Naturally, if your site was making use of anything that was removed, an update to 2.0 may require you to add a new plugin or make transitions in your theme’s code. You’ll want to review the specifics outlined in the release announcement.

Theme Hybrid has always been on the forefront of defining and redefining WordPress theme frameworks and the relationship between parent/child themes. Tadlock is a purist when it comes to WordPress theme development best practices and his commitment to data portability is admirable in a theme market where many of the largest sellers are only there to make a buck.

Hybrid Core 2.0 is a much leaner version of the framework that theme developers have been working with for years. As documentation is still being written, you’ll need to take it out of the box and explore the code to find all the new goodies. Hybrid Core 2.0, like all Theme Hybrid plugins and themes, is available to download for free.

WP Quick Install is an interesting new tool from Julio Potier, Jonathan Buttigieg, and Jean-Baptiste Marchand-Arvier, the folks behind WP Rocket. As part of supporting their commercial caching plugin, the WP Rocket team works extensively with clients. WP Quick Install is a tool they use internally and decided to share with the community.

Its creators claim that the script is the easiest way to install WordPress. You download the tiny script and then upload it to where you want your installation. The new installation screen allows you to add themes and plugins to your site as well as configure some of the most common settings. It even allows you to do a few extra handy things like auto-remove the default content created by WordPress, ie. page, post, comment, themes, etc.

“We set up a fresh WordPress installation almost every week, both for our clients and for testing purposes,” Marchand-Arvier told the Tavern. “It’s always the same (when we don’t have SSH): download the zip, unzip, upload via ftp, install our favorites plugins, remove the default content, etc. So we developed a tool to do this for us.”

Marchand-Arvier said that the team created the tool for the sake of convenience and wanted to share it to give back to the community. He confirmed that they have no plans to build a commercial product around it but simply want to release as many free plugins and scripts as they can while developing for WordPress.

Bulk Install Plugins and Themes While Installing WordPress

In addition to all the usual database details, WP Quick Install allows you to select search engine privacy settings, media thumbnail sizes, revision and autosave settings, enable debug mode, and disable the theme and plugin editors. Any theme that you include in the install folder can also be automatically activated:

The automatic plugin installation part of the script is likely to save users the most time. It allows you to specify extensions by their slugs and automatically activate them upon installation:

WP Quick Install may seem like a long installation form to fill out, but the good news is that you can include a data.ini file to pre-populate the installation form or to generate content (posts, pages, etc).

Multisite Support Coming Soon

In the future, the WP Rocket team plans to add network creation to the script. “We want to keep it simple, but of course we definitely want to improve this tool,” Marchand-Arvier said. “We are currently working on multisite deployment. The script is on GitHub and it’s open to contributions.”

The tool is convenient if you prepare a data.ini file to pre-populate the installation form, but its primary shortcoming is that it doesn’t let you select the language before doing anything else. The script uses the WordPress 4.0 language API to manage the dropdown selection, allowing you to install in any language. However, it doesn’t automatically change the language in the installation process. This forces the user to complete the lengthy form in English. Hopefully, this aspect of the script will be improved in the next version.

The WP Rocket team created WP Quick Install chiefly for novice developers. “We aren’t pretending to replace the classic WordPress installation,” Marchand-Arvier said. “But today we believe that it’s the easiest way to install WordPress, especially if you don’t use WP-CLI or wget to install.” Check out the demo video below and let us know in the comments if you think the script can help you speed up your installations.

First reported by Sucuri, the WPTouch plugin has a dangerous security vulnerability and users are encouraged to update immediately. WPTouch is used to quickly add mobile support to websites and has over 5 million downloads making it one of the most popular plugins in the WordPress plugin directory.

WPTouch Plugin Header

According to Sucuri, WPTouch incorrectly uses the “admin_init” hook which can lead to users without the correct capabilities to upload malicious files to the server. Mailpoet, another popular plugin recently suffered from the same type of security issue. Taking advantage of the bug is a simple two-step process.

All an attacker had to do in order to compromise a vulnerable website was to:

1. Log­in and get his nonce via wp-admin
2. Send an AJAX file upload request containing the leaked nonce and his backdoor

So long story short – don’t only use nonces to protect sensitive methods, always add functions such as “current_user_can()” or the likes to confirm a user’s right to do something.

The vulnerability only affects sites that have registration enabled but you should update regardless. Users should already see an upgrade notification in the dashboard.