Thoughts On Auto-Updating Older Versions of WordPress

WordPress-blue broken plate

Below is a reposting of a Twitter thread.

If the WordPress Powers That Be are going to move forward with auto-updating all version 3.7+ instances up to modern times, 2 things need to happen:

  1. A “One Click Rollback” button needs to be available to roll them back to where they were prior to the auto update; and
  2. The Classic Editor plugin needs to be automatically installed and activated.

I just got off the phone (while here at PressNomics 6) with a client whose site I built ~5 years ago while with another agency. It’s the PR site for a large real estate sales firm in the Washington, D.C. area. Their IT department just updated their WordPress core and plugins for the first time in over a year (read: since Gutenberg was merged into core). The update destroyed their ability to add custom taxonomies, and they could no longer create posts.

I suggested installing and activating the Classic Editor plugin which fixed the problem. This is a site that is still in active use, but only haphazardly maintained in terms of core and plugin updates. The IT department who runs it isn’t on top of the goings on within the WordPress community, and doesn’t know Gutenberg from the actual printing press from which it derives its name. (They also apparently don’t know what a “staging site” is either, but I digress…)

If this one site, that’s five years old, before Gutenberg was a twinkle in Matt Mullenweg’s eye, is still around, actively visited, and actively contributed to could break like this, so could hundreds or thousands or tens of thousands in similar circumstances.

This is the danger of the WordPress Powers That Be’s proposal. That the vast majority of the WordPress sites out there, the 1/3 of the Internet, will break, and their maintainers won’t know how to fix them.

Is there opportunity out there for independent developers like me? Sure. (Do I really want to see code I wrote over 5 years ago in an attempt to debug and remediate it? No, not really.) But this is more than an issue of business opportunity. It’s an issue of “doing no harm,” and recognizing that only a tiny, tiny fraction of WordPress site owners and/or maintainers are actually a part of the WP community, and are aware of the issues—and solutions—that lie beyond the admin dashboard.

A major change like the proposed auto-updating version 3.7+ WordPress sites can potentially cause a lot of damage if not done with safeguards (rollback option; Classic Editor) and extreme caution. #ethics

Why Is There a Blue Butterfly Next to My Name?

Blue butterfly

Photo credit: Modraszek Ikar

September is Thyroid Cancer Awareness Month. I don’t usually mark the occasion myself, mostly because I’m usually so busy I don’t even think about it until sometime around the 25th. But this year, I at least wanted to make some note of it, and share some facts and tips regarding thyroid cancer and thyroid health.

But why the blue butterfly? The most commonly used description of the thyroid gland itself is that it’s a “butterfly-shaped gland located in the front of the neck.” So the butterfly has become something of a symbol for thyroid cancer and thyroid health. Also, there are no emoji for the various types of “cause” ribbons out there (red for AIDS, pink for breast cancer, etc.), so I had to go with the next best thing. The thyroid cancer awareness ribbon is pink, purple, and teal. A blue butterfly is the closest approximation as Twitter and emoji would allow.

Everything below comes from ThyCa: Thyroid Cancer Survivors’ Association, Inc. website, unless otherwise noted.

1. Thyroid Cancers Are Increasing in Incidence

Unlike most other cancers, thyroid cancer incidences are on the rise. However, the reason for the increase is not known.

2. Most Thyroid Cancer Patients Are Women

Thyroid cancer can occur in women and men, but 70% of patients are women.

3. There Are Many Different Types of Thyroid Cancer

The most common types are known collectively as “differentiated” and include papillary, follicular, and (less common) medullary. Anaplastic thyroid cancer is non-differentiated.

4. The Survival Rates for Thyroid Cancer Can Vary Greatly

For the majority of thyroid cancers—papillary and follicular—the prognosis for survival is usually very high: over 90% when caught early. (Medullary and anaplastic thyroid cancers have a much lower survival rate.) This usually leads to the axiom that thyroid cancer is somehow the “good” cancer, but in truth, there are no good cancers.

5. Thyroid Cancer Is Difficult to Detect

I found this out through personal experience. After my Ear, Nose, and Throat doctor became concerned about the nodules in my neck, I had several biopsies over the course of a few years to try and find signs of the disease. All of the biopsies (which consisted of a hollow needle inserted into my neck to extract thyroid tissue from the nodules) came back negative. It wasn’t until the nodules had grown so large that the thyroid had to be removed anyway as a precaution, and thus completely dissected and examined, were the carcinomas discovered. That’s right: I was diagnosed with thyroid cancer after much of my thyroid cancer was removed!

6. Treating Thyroid Cancer Is Different Than Other Cancers

Again for papillary and follicular thyroid cancers: Instead of chemotherapy or targeted radiation, treatment usually involves surgical removal of the thyroid, followed by a course of ingested iodine-131 to kill the remaining thyroid tissue. Iodine-131 is a radioactive isotope of iodine produced by nuclear reactors. See the next point…

7. Thyroid Cancer Risks from Chernobyl and Fukushima

Both of these nuclear accidents released iodine-131 (among other radionuclides) into the environment, where it would be absorbed by the thyroid when consumed by mammals (including humans) and become carcinogenic. The counter to this risk is to take increased amounts of stable iodine (iodine-127) in potassium iodide tablets to saturate the thyroid, causing it to not absorb any of the radioactive version. As that is the only gland in the body that absorbs iodine, any radioactive iodine then would pass through the system harmlessly. This is also why a sizable portion of the population in central Europe is walking around today without a thyroid. Fortunately, iodine-131 has a relatively short half-life of eight days, which means that nearly all the I-131 released in these disasters degraded into stable, harmless elemental isotopes in less than three months. (, Health effects of the Chernobyl accident: an overview (WHO))

8. Check Your Neck!

Above all, make sure you check your neck regularly for nodules and other irregularities. Whenever you visit your general practitioner or ENT doctor—for any reason—they should do a quick feel of the neck area for nodules, and prescribe further testing if warranted.

Further Resources

To learn more, visit the following reputable websites with symptom, prevention, diagnostic, and treatment information.

How the State Department Website Was Built

I recently spoke with my good friend Joe Casabona on his “How I Built It” podcast about working on the U.S. Department of State’s transition to WordPress. In the episode, we cover: working on a federal government project, even if you don’t necessarily agree with a particular administration’s policies; Gutenberg (and why this project isn’t using it); and how sometimes very different aspects of your life can come together in unexpected ways.

Joe is a terrific interviewer, and I had a great time on his podcast. You can listen to the full episode here.

Using Automated Website Testing to Win at Parenting

Sasha climbing a rock wall

Today my daughter starts a one-week summer camp at our local Earth Treks rock climbing center. She’s super-excited, and has been looking forward to this since I signed her up last December.

Of course, there is always a catch. The summer camp scene here in the D.C. area is ultra-competitive, and this one was no exception. You have to sign up early to get into camps with only a few slots, sometimes as early as October or November. By January and February, most of the summer camp programs in the area are open for enrollment, and mostly filled up. When they open, you gotta get in quick.

But I’m terrible: I forget things, I get busy. Just like every other working parent. And I certainly don’t trust myself to remember to check one particular summer camp every day in order to get in right when registrations open. Fortunately, I had a friend and former co-worker who is into climbing and had worked at that Earth Treks. She helped me narrow down about when registrations would open, but didn’t know the exact date. With only twelve slots per camp, once registration opened, those slots would fill quickly.

When Web Tools and Parenting Collide

Then it dawned on me. At my previous agency, we had used Ghost Inspector to perform daily tests on some of our websites in order to make sure certain features were always in working order. As a joke, I even had used it to snapshot the AWS home page once a day to see if I could spot new offerings by the cloud mega-service. What if I could use that same tool to gain an edge on the summer camp sign-up scene?

So I used the Ghost Inspector to find the path through to where the summer camp sign-up page would be. Because there was a bit of JavaScript tab action going on, there wasn’t a single definitive URL that one could just “hit” to see if registration was open. So I created a recording of how to get to the page where the sign-ups would be, and set Ghost Inspector to run that script every day.

Then I waited.

Every day for two weeks I got an email that my test “passed”. That is to say, the result was the same that day as the previous recording. Nothing had changed.

But of course, that’s not what I was looking for. In this case, a “passed” test was actually a failed result. But I waited, and after a couple of weeks, it finally came: I got an email notification that my Ghost Inspector test had “failed.” But in this case, it failed because the sign-up form had appeared. Registration was open!

I jumped onto the site and signed Sasha up for camp, the first registrant for that week’s program.

Is It Worth It?

Of course, at $99/month, Ghost Inspector is a pricy tool for just trying to get an edge on signing your kid for camp. Fortunately, I’ve had my account so long that I’m grandfathered into the free “Personal” plan that gives you 100 tests per month. I’m not sure that that plan still exists, but there is a 14 day free trial.

There are also alternatives to Ghost Inspector, but I can’t vouch for most of them. The requirement for this particular application was the ability to record a script of which elements to click on to get me to the screen I wanted. As I said earlier, there was no canonical URL I could just go to that had the form I needed. If there is, your options open up, because any visual regression testing tool that keeps a history would work.

Wraith is a tool I’ve used in the past for visual regression testing, but it’s pretty archaic and seemingly an abandoned project at this point. UIlicious is another scriptable tool, and they appear to have a free tier (but I’ve never tried it). There’s also the old, and extremely geeky Selenium. I’ve never been able to master it, but if you’re a QA engineer already well-versed in its use, it may be all you need to accomplish the task.

And if you have Ghost Inspector already, and you have the tests to spare, setting up another is no sweat. And getting your kid into the camp she really wants is totally worth it.

What work tools have you used to achieve a great parenting hack? Let me know in the comments!

Mondays Are Super Hard When You’re a Freelancer

Photo credit: Ferdinand Stöhr

Once upon a time, I worked at an agency. Mondays were great. I woke up invigorated every work week, ready to take on the challenges. I loved my team, respected my boss, and did great work for our clients.

Then that job went away and I became a full-time freelancer, er, solopreneur. Now Mondays are a different story entirely.

When you’re freelancing, your day is completely different than when you’re working for an employer. If you’re like me, you work from home at least most of the time. You do work for a variety of different agencies and/or direct clients. You try—as best you can—to balance your work obligations with family ones. And you don’t always succeed.

Last night, I had trouble sleeping, so I made a huge mistake. I checked my email at 4:30 in the morning. I was greeted with a client wondering why I had the audacity to charge them for the time I have spent and will continue to spend addressing an emergency situation with their site. That’s always a positive (not) way to start your work week (and something I never had to deal with working for an agency).

Later this afternoon, I’m going to have to take most of the afternoon off to take the kids to the dentist and follow that up by an emergency PTA meeting. Part of the reason for being a freelancer is having the flexibility to deal with these kinds of situations, but what is problematic is how the rest of my family just expects me to be able to deal with these situations, all the time. Never mind that I’m working on a project where I have 10 tickets that need to be done this week (with more tickets to come, no doubt). I’m home all the time. I don’t have a “boss” to answer to when I need to take off early in the day.

No, I just have deadlines, and those deadlines don’t care that my kids are due for their teeth cleanings.

Mondays are an ever-present reminder that freelancers don’t get the respect—either at home or from other professionals—that agencies and other companies do. Yeah, we try to keep set schedules, as all the “How to Be a Freelancer” advice sites and books tell us to do, but usually our families haven’t read the same advice. And it’s impossible to “be on the program” without buy-in from everyone else in your life.

Like the other mom in the carpool who forgot you go to the client site on Tuesdays and asks you to pick up the kids from the bus when it’s not your turn. Like the PTA meeting that’s called for 5:30 when you already have a call with a West Coast client scheduled. Or the kid who never knocks on your door and barges in when you’re on a video call. (I have such empathy for this guy.)

It’s also harder to face Mondays when you know the majority of your non-familial interactions for the next five days will consist of text-based messages over a chat program. Context is lost. Social chat is minimal to none (not that this is always a bad thing, but sometimes it’s nice to shoot the breeze with people you’re not related to by blood or marriage). And it’s easy to feel socially isolated to the point of being a shut-in when you don’t get to see the faces of the people you’re working with.

The above tweet is from a long time ago. These days, Mondays are so much harder. Harder to feel energized. Harder to feel passionate about what I do. Harder to face the grind of another week. Feel the same way? Share your thoughts in the comments.

How I Integrate Front-End Libraries Into My Development Process

Integrate front-end libraries into your workflow.

As I was listening to the latest episode of SyntaxWes Bos’ and Scott Tolinski’s great new podcast on front-end web development—the question was posed among the hosts over how they integrated front-end libraries—and more specifically, their CSS—into their own code while keeping everything up-to-date. Both admitted that they didn’t have a great answer (usually involved copying and pasting), so I thought I would share a system that works for me.

Most front-end libraries these days are kept on some sort of package management system. Usually this is NPM, but could also be Bower or something else. Assuming NPM, I would load it like I would any other node module, and save it to my package.json file. Take one of my go-to libraries, Breakpoint Sass. I’d install it like so:

npm install --save breakpoint-sass

Now, to include the Sass into my project, I would reference it as I would any other Sass partial, by writing the following line somewhere near the top of my main Sass file (following the path relative to where my main Sass file is located):

@import "../../node_modules/breakpoint-sass/stylesheets/breakpoint";

Obviously the exact path is going to depend on how your project files are organized, but you get the drift.

This works just as well for components like form element prettiers (think something like Nice Select), or anything else that enhances the visual design of your project. Often in those cases, it makes more sense to put the @import statement near where you will be adding in your own CSS to customize the look to your design.

I hope to expand upon this post a little more at some point to give some more workable examples, but for now, ping me in the comments or on Twitter if you have questions on how I do this.

From HTTP to HTTPS: Why Marketers Should Embrace Encryption.

This post was originally co-written with Jim Lansbury and Kurt Roberts for the RP3 Building Opportunity blog on January 26, 2016.

Lately the news has been full of articles about encryption: Big tech companies say it’s essential, the FBI says it’s terrible. Here’s how all that news affects marketers.

Americans now spend over eight hours a day consuming media, and two hours of that are spent on the web, where all of it is accessed by URL.  In the past 20 years, we’ve gone from almost no awareness of what a URL is to nearly complete awareness.  Still, there’s quite a few parts to the URL, and they’re all decided by how you structure your website.

The first part of your URL is the part that specifies the protocol; on the web, that means either HyperText Transfer Protocol (HTTP) or HyperText Transfer Protocol Secure (HTTPS).  It seems obvious that your bank should be using HTTPS, just from the name, but why would you want to serve your marketing sites over an encrypted connection?  Here’s three reasons:

HTTPS improves your search ranking.

Google has been using encryption as a signal for search ranking since April, 2014.  At the time they announced the move, they made it a very small part of your search ranking – only 1% of the final ranking.

Two years later, however, encryption is a hot topic, and Google has a very strong stance on it. The Google Webmasters Blog announced in mid-December that the crawler will start defaulting to the HTTPS version of a link over the HTTP version.

While no one knows exactly what the implications are for each search ranking, it’s certainly in Google’s own interest to favor secure sites while lobbying lawmakers to protect private access to strong encryption.

Going HTTPS is cheap—and it could pay for itself.

In terms of actual dollar costs, webhosts for years have charged a tidy little premium to give you that coveted SSL certificate. But these days, your options for obtaining one have never been more numerous, or more cost-effective. Heck, you can even get a certificate completely free thanks to Let’s Encrypt.

What about paying for itself in terms of better metrics?  HTTPS alone won’t lead to higher conversion rates or sales, but it is a prerequisite for HTTP/2 – and HTTP/2 is here, bringing with it speed boosts of about 50%. And those speed boosts matter in two important ways.

First, speed matters to your Google search ranking. Google has been considering page speed a factor in search rankings since 2010.  And second, it matters to your customers. It’s well-established that visitors leave slow-loading pages, with Amazon stating a few years ago that a 1 second delay in page load time would cost $1.6 billion in annual sales.

The bottom line is a small dollar investment and a faster website will convert more of your site’s visitors into paying customers.

HTTPS aligns you with high-tech companies.

Google isn’t the only brand advocating an HTTPS-only Internet.  Facebook and Twitter have both been HTTPS by default for years, and increasingly other tech companies are joining the call.

Governments across the western world are clamoring for major tech companies to open “backdoors” into their encrypted systems in the name of thwarting terrorism, but fortunately these companies have refused to bow to the pressure. Meanwhile, research continues to mount that encrypted communications are not offering terrorists any advantages.

The reason the tech companies support encryption is they have audiences that really value their right to privacy and know how technology is capable of undermining that right. Those users are their early adopters, beta testers and often loyal supporters. Their support is critical for new product launches, upgrades and changes.

So how do you get started?  Implementing HTTPS (and HTTP/2) properly takes expertise from your IT department or web partner, but it isn’t a difficult change to make in most cases. And as you can see, it can make a big difference to the success of your marketing.

Introducing: Taupecat Studios

I’m thrilled to announce that I’m diving into the independent developer market full-bore with the launch of Taupecat Studios.

I’m calling it “the brand-new digital agency with the long history of success.” After more than twenty years in the industry, and working for such luminary brands as Marriott International, Discovery Communications, and Long & Foster Real Estate, I knew I would be able to add value to a brand new roster of clients under my own banner.

Look for more details on this venture to come in the future, including some awesome client announcements.

Taupecat Studios is starting off small, but I have big plans. Let’s get to work!