It’s Time to Get the File Editor out of WordPress

Easy now. Put down the pitchforks and the torches for a minute while I explain what I have on my mind.

I’m usually pretty good about not shooting my mouth off, especially as it pertains to things like WordPress core, which I’ve admittedly never contributed to, and might not ever contribute to from a code standpoint. But today I’m going to make an exception because I’ve seen way too many fails directly related to the file editor in WordPress, and I think it’s time we get rid of it… mostly.

Why The File Editor Has Got to Go

Let’s completely ignore the fact that being able to write files from within the WordPress dashboard can potentially open up your site to all sorts of malicious behavior, and be a really simple backdoor for anyone who gains access to your site. Defacements and large scale spam attacks are often started from within the WordPress file editor when bad usernames or weak passwords are cracked by brute force attempts. That’s bad news, but that’s not the reason I’d like to see the file editor go away.

At Site Care we go through a lot of broken websites. A lot. I’d say that easily three out of every ten cases that we take on, could have easily been prevented if users weren’t trying to make code changes in their WordPress dashboards. The story is always the same:

I found this tutorial online, and it told me to copy this code into my functions.php file. I clicked Appearance –> Editor, chose my Theme Functions file and pasted in the code from the tutorial. WHEN I CLICKED UPDATE EVERYTHING BROKE.  And now I don’t have a way to restore it.

How Do We Fix This Problem?

There have been several attempts at solving this problem, and pretty much every attempt I’ve seen involves throwing more code at the problem. There’s even an IDE WordPress plugin that has syntax highlighting and all sorts of other craziness.

It’s true, the editor can be disabled with one quick line of code in wp-config.php, but it seems to me like a feature that should be opt in only, not opt out like it is right now. We wouldn’t hand the keys for an Indy Car to a 16 year old kid, so why would we give that supreme power of  unintentionally bricking a website to a WordPress beginner?

Josh suggested we include some type of validation for code that’s added through the editor. I don’t think that’s necessarily a bad idea, but I honestly don’t know why the editor needs to be turned on at all. Teaching people to edit their files locally, or even to cowboy code with a text editor seems like a much better way to go. In the end the overall perception of WordPress could actually be improved because people will be more confident making changes if they have a little bit of safety net.

Using the file editor is like eating at a taco stand. It could be amazing, but it’s probably going to end with regret.

How About a Compromise?

At the very least, having the editor disabled by default on new WordPress installs would be a big win. I actually found this little gem when I was working on a site at GoDaddy today.

I’d love to see a similar procedure and warning worked into WordPress core. It’s just enough information to let people know they should proceed with caution, but still gives access to users for the occasional (but rare) occurrence where the WordPress file editor can come in handy.

So what do you think? Are you ready for the file editor to go like I am? Or will we have to pry the file editor out of your cold dead hands? Hit me up in the comments.

How I Chose the Best VPN Provider for Our Business

We’ve recently been paying a lot of attention to security for our clients at Site Care. We’ve always been conscious of best practices, but we’re really starting to invest in security so we can make it something that sets us apart, and not just lip service. The last thing we want is for one of our clients to have their site compromised, and especially due to a mistake that was made while we were managing it.

We’re just about done with our implementation of LastPass Enterprise, and I’ve been testing different VPN clients for the last 3 or 4 months to see what would be a good fit for our team. As soon as we roll out our VPN, we’re going to look at 2 Factor authentication for all of our client sites to see if there’s a way we can implement that without creating more headaches for our customers. Like I said, security is a big focus for us right now so we’re hopefully pulling out all the stops.

As I was shopping for VPNs, I was overwhelmed by the number of options that were available. There were articles all over the internet telling me which solution was best, but these days with so many “try before you buy” offerings, that’s usually the approach I like to take when I’m testing software, even though it takes more time.

When I worked in IT Security, we always used hardware VPNs, which were excellent, and the control is definitely a nice bonus, but they wouldn’t quite hit the mark for our needs at Site Care.

  • It’s expensive – The cost can be a deterrent but that’s not why I ended up choosing a software solution
  • It’s more work – Setup, configuration, and maintenance is an ongoing cost and creates another job for me
  • It’s not redundant – Limited to one physical location, which means one point of failure (If our office network goes offline, work stops)
  • It has limited features and locations – Again we’re limited to one server. Lots of times being able to troubleshoot or work from other global locations is a nice thing to have, and not possible with a hardware VPN.

Choosing the Best VPN Provider for Our Needs

As I mentioned before, there are so many VPN providers out there. From major enterprise corporations like Norton, to my local ISP. In a lot of ways it’s like choosing a web host. Pick the one that solves all of your problems in the best possible way, and go with that one.

I did trials, and even paid for a few months with VyprVPN, GetCloak, Private Internet Access, ExpressVPN, and IP Vanish. There were a lot of things I liked about all of them, and things I didn’t like about some of them too. To be totally honest there are things I don’t love about the one I ended up choosing, but they’re nit picky and don’t really have anything to do with the most important items which are security and privacy.

Cloak

Cloak was by far the most elegant and easiest to use VPN. I had a funny issue with their service that I’ll get into in a minute, but if I were in the market for an incredibly simple to use VPN, and only needed to use it on the Mac platform, I’d definitely give Cloak the nod. It’s a beautifully simple answer to a tough problem.

I did have a few privacy concerns with the Cloak service. At a certain point I downloaded a file that was protected by copyright laws (whoops, my bad), and within a day my account was disabled by Cloak because they received a warning from the DMCA. Now I don’t blame them at all for disabling my account. They need to protect their service and all of their other users, but the fact that they were so easily able to trace the download back to me made me nervous about privacy and how much they’re logging. Other than that little hiccup it was a great service, but wasn’t enough for what we needed at Site Care.

 VyprVPN, ExpressVPN, and IP Vanish

VyprVPN wasn’t quite as easy to use as Cloak, but it was still incredibly easy to use, and it’s cross-platform and includes mobile apps so those were some really nice additions. All of the software was very polished, and seemed really stable. They also include some encrypted storage, and support all of the major VPN protocols on their Pro and Premier levels.

My only real concern with VyprVPN was it’s close connection with the GigaNews Usenet service, and a less than detailed FAQ answer about how they store and log user data. It also only allows 2 or 3 simultaneous connections on their upper tier plans, so cost starts to become a bigger factor at that point.

My experience with ExpressVPN and IP Vanish was very similar to VyprVPN, so I bundled them all together. They’re all cross-platform, they all had apps with reasonable to good interfaces, and they were all easy to use. ExpressVPN and IP Vanish. The one thing that was different about both of those services was their strict no logging policy, meaning your activity should be anonymous and protected.

I should also note that VyprVPN was the fastest VPN I tested across their entire network. A few other services had faster connections in certain locations, but VyprVPN seemed to be the fastest across the most locations.

Private Internet Access

Ultimately I ended up choosing Private Internet Access for a variety of reasons, but I’ll tell you right up front that it wasn’t because of their branding, website, or their apps. They’re all so damn ugly, and their branding is weak. Simple, yes, but visually speaking their offering was the worst out of all the software I tested.

At the end of the day though, when it comes to networking and security, pretty doesn’t really matter as long as it’s still easy to use.  Here are the main reasons we ended up going with Private Internet Access:

  • It supports all of the major VPN protocols, and can even be used at the router level for protecting your whole network.
  • It had the most available VPN servers of any of the providers, with over 2,000 worldwide.
  • They have a strict no logging policy, and even recommend you use an alias and bitcoin when you pay for their service. I didn’t go quite that far since we aren’t looking to do anything sketchy, but I liked that they make anonymity a priority.
  • It’s truly cross-platform with support for mobile devices and routers. Again, the apps are ugly, but they do the trick.
  • They have a NAT firewall in place to block inbound traffic. Some other VPN providers can open your computer to inbound requests.
  • Their top plan is only $40 per year and includes up to 5 simultaneous connections. Compared to the cost of other services per connection, it’s incredibly inexpensive.
  • It was fast. One of the biggest gripes with VPNs is speed. Using PIA I’m able to get about 90 Mbps on my 150 Mbps home connection using the servers closest to me. Some other providers that I tested were much worse, topping out at ~ 10 Mbps.

Hopefully all that information helps. This definitely isn’t an in-depth look at every VPN provider, but at least it’s a look into some of the things I took into consideration while looking, and which ended up being the best fit for Site Care.

Do you have a VPN provider that you love? Do you use a VPN at all? What keeps you from jumping in if you aren’t?

My Number One Rule For Building A Business

Believe it or not my number one rule for building a business has nothing to do with marketing automation, increasing your blog traffic, or looking for the right business partner.

It doesn’t even have anything to do with building a great product, finding team chemistry, or increasing conversions on your sales pages. It’s a principle that anyone can follow, but for some reason it seem to be more scarce than ever.

Last year I hired 8 contractors that I wanted to eventually work full time at Site Care. From those eight, we hired exactly zero. I thought the success rate was abysmal and that my expectations must be completely unreasonable until I read Brad Tousenard’s 2014 review and noticed that he had five employees go through trials that didn’t work out.

Now there’s a lot that goes on when you’re working with a potential future employee. You’re getting the feel of each other’s work styles, personalities, what processes look like, whether or not they can put up with your annoyances as a boss.

  • Two people left on their own volition because they realized that support was hard
  • One left because we couldn’t pay them the salary they wanted (totally fair)
  • The other five all left for the same reason, and I’ll get to that in just a minute

When we’re working with potential hires at Site Care, we always start with 60 days or so of having them work on small projects for our company. That gives us a good sense of what their strengths and weaknesses are, without putting any client sites at risk. All but one of our candidates had the technical skills that they needed, and we wouldn’t have reached out to them at all if we didn’t at least like them, so that wasn’t a problem either. As far as chemistry goes, they were generally a pretty solid fit.

So what was the one reason that none of them ended up working for us full time?

They didn’t follow through.

If you want to build a successful business that lasts, follow through. Follow through with your coworkers. Follow through with your bosses. And definitely follow through with your clients.

If you say you’re going to do something, then seriously, just do it. 

*cue the sound of Nike trademark lawyers calling my phone*

If it’s going to take more time than you thought it would, or you had a personal crisis come up that’s going to delay things, communicate. People are extremely reasonable and forgiving, especially when we’re up front about how we either dropped the ball, or had something out of our control come up.

  • If you promise someone that you’ll make an introduction for them, follow through.
  • If you tell a client a project will be finished by a certain date, follow through.
  • If you commit to taking out the garbage every Tuesday, follow through.

This sounds like the most elementary practice in the history of elementary practices (it’s a long history), and yet, the perfect follow through is becoming harder and harder to find.

The majority of customers aren’t looking for much beyond follow through. Do what you say you’re going to do, and they’ll be singing your praises from the rooftops. The same goes for commitments made to coworkers, family members, friends, etc. This one principle can apply to literally every single area of your life.

After a while, following through becomes a habit and a fluid motion, just like Stephen Curry’s jump shot. It’s effortless, and it’s just something you do, not only because it’s the right thing to do, but because it’s the “secret weapon” for catapulting your business forward.

I’m selfishly curious to know. Do you ever get frustrated with the lack of follow through from people online, or employers, or friends or family? There are so many real life scenarios that I didn’t even address where follow through makes a huge difference. How do you deal when someone doesn’t follow through?

Drive Fast and Take Chances

When I first got my driver’s license I was ready to fly out the door every time I had the chance. There was a 3-speed 1979 Chevy Silverado with my name on it whenever I had enough money to fill the gas tank. Pretty much every time I grabbed my keys to head out the door, my mom would yell from various parts of the house “drive safe and be smart!”

I think she could hear me rolling my eyes.

“Of course I’m going to drive smart. Do you think I’m stupid, Mom?” (For the record I was very much stupid).

I don’t know if it was my sixteen year old arrogance or the fact that I never left the house without hearing the reminder for safety, but after a while I became so tired of it that I’d start answering back with some smartass remark.

“Can you remind me how my seat belt works too, Mom?”

One day I grabbed my keys off the hook and started out the door, fully expecting to hear those words I had heard a thousand times before.

“Drive fast and take chances!” were the words that came from the other room.

It was her way of dealing with an obnoxious teenager, and it worked beautifully.

Checkmate.

Every time I heard it I knew exactly what she was saying, but it didn’t sound like that “lame mom speak” that teenagers are capable of blocking out completely like Charlie Brown’s school teacher. Not to mention the fact that it was incredibly effective.

So why do I bring it up? Because if I had to choose one mantra for 2014, it would be “drive fast and take chances.”

By nature I tend to be a risk-adverse person, which is hilarious when I look back at 2014. I started a new product company, created a new WordPress conference that turned a lot of heads and created a lot of discussion, all while trying to run another growing business and maintain some semblance of patriarchy #ProDad4Life.

It wasn’t easy.

In fact, it was really damn hard.

I laugh as I write about all of this as if it it’s done and over with. Flagship is still in it’s infancy, and LoopConf has a long way to go before we meet our goals there. 2015 is going to be a grind just like 2014 was.

That said, I’m going about things differently this year.

2015 is going to be the year of “Prepare and Conquer.”

So much of what I do on a daily basis is reactionary. I’m responding to an email, rebooting a server, or explaining the details of a project to an employee 72 hours before the deadline. I’m essentially playing firefighter and it’s got to stop.

I have to take control of internal processes, hold meetings with purpose, and plan business growth for the fourth quarter while I’m busy executing our plan for the first quarter. I refuse to fly the “seat of my pants” airline this year. Delta will be just fine.

Here are the areas of life and business where I’m going to require more discipline from myself:

  • Nutrition
  • Meditation
  • Financial Planning
  • Team Communication
  • Family Time

I’ll explain all of these in more detail soon, but for brevity’s sake I’ll just do a quick breakdown for my intention with each area of self-control.

I have to eat better. I feel so much better when I do, and I know it. Not to mention the fact that my long-term health really needs me to treat myself better. The Five Guys that just opened near my house is probably going to suffer. Possibly even call it quits.

Meditation is HARD, but, it’s extremely rewarding at the same time. It may be on a morning walk, or just sitting still, but I need 30 minutes to myself each day to focus on nothing — and everything. At first it’ll probably only be 3-5 minutes, but I’m going to practice every single day until I hit that 30 minute mark.

There are things I’ve been meaning to do in terms of finances for quite a while now, and this year they’ll come to fruition. I have a meeting with a financial planner today to help me get started.

There are days when my team is completely neglected by me. Part of the problem is that I’m super confident in their capabilities and know they’re going to handle things, but that’s not fair to them. This year I’ll be involved with each of my coworkers on a more individual level, so they know I’m fully vested in them, and in our companies as we move ahead.

6pm to 8pm Monday through Friday is family time. Saturday night is date night. If you see me tweeting during these hours, please call me on it. Family dinner, homework, and bedtime stories are going to be part of my daily routine. (Frankly I’m embarrassed that they aren’t already).

I know I’m not going to magically find discipline for these areas where I’ve been lacking just because we turned the calendar page, but I’m making these newly desired habits known to people who are around me every day. If I send this post straight to you and ask you to help me out, I fully expect you to leave a bag of flaming poo on my doorstep if I post a picture of a brisket burrito (OMG THAT’S NOT A THING I’VE EVER HEARD OF BUT I JUST MADE IT UP WHILE I WAS WRITING AND OMG) on Instagram.

I’m so grateful for the support of everyone who helped pull me through 2014. I know I wouldn’t have made it without your help. You know who you are.

Oh, and Mom… I think I’m gonna drive safe and be smart this year…

What’s are your plans for 2015? Drastic changes? Goals for a new habit? Goals to kick an old habit? I’d love hear!

Image courtesy of James Banks on Flickr

Do You Really Want to Start a WordPress Support Company?

WordPress supportAuthor note: I just got an alert on my calendar that tomorrow is Halloween, so it’ll be Halloween when this is published. Happy Halloween.

Author note #2: Part of this is a rant.

For those of you who don’t know, I started WP Site Care a few years ago. It’s become a great business for my family and our employees, but it’s been anything but rainbows and butterflies.

butterflies-rainbowsNearly every single day I see a new WordPress support and maintenance company come out of nowhere, ready to take on clients and make a place for themselves on the web.

I applaud that.

I wouldn’t be here if I hadn’t started doing the same thing as a freelancer five years ago. Not to say that I’ve “made it,” or that I even consider myself a success, but as far as companies in this space are concerned, I can probably say that ours is as established and well-known as any of the others.

Now it’s time for some real talk.

I’ve seen articles showing up talking about “Starting a WordPress Management Business in a Day“, or “Great WordPress Businesses for Building a Predictable Income“, and either the author’s are just incredibly naive, or downright ignorant. Or maybe they’re just a gun for hire that needed to meet the weekly article quota and ended up spitting out nonsense.

They paint a picture of a low overhead, easy to start business for any “Solorpreneur,” and that’s simply not the case.

WordPress Support and Maintenance Isn’t a Kid’s Game

no-kids-allowedI’m sure that anyone who has worked with companies like Maintainn, WP Valet, WP Curve, or WP Maintainer can attest to the hustle required to run this type of business (I know there are a slew of other companies that I haven’t listed here, but I want to save your wrists from excessive scrolling).

You don’t just wake up one morning, claim a free account from ManageWP and start taking on clients. I’m convinced that living this grind day in and day out is something that only truly sick individuals can embrace. You have to have a special place in your heart for solving the most complex issues, and an addictive personality that won’t let you quit until that last ticket’s closed. You’d also better love helping people, because people need help. And I assure you, that once you say you’re ready to help, people won’t stop asking until they’re satisfied with the solution.

If that’s not enough, you’d better have some thick skin. Even if all of your customers are happy, which is the equivalent of discovering the holy grail, you’re still going to have some dweeb on the internet talking about you in a derogatory way because “they just do support over there.”Sidenote: The ego trips on the internet are prevalent but shouldn’t be acknowledged. Haters gonna hate and all that.

You will have your integrity questioned for no reason at all. People will issue chargebacks against payments because they think they deserve a free trial, even though you spent six hours fixing their site. You’re probably going to be in your office before your kids wake up, and crawling back into bad long after they’ve gone to sleep. You’ll have clients who believe they’re smarter than you, and in some cases they might be. If you’re quick to anger in your personal dealings now, don’t even think about dipping your toes into the waters of WordPress support. You’re going to be miserable.

Bottom line: This line of work isn’t for the faint of heart. Proceed with caution and know that 16 hour days are going to become the norm for a while, and your inbox will never be the same. This isn’t a fucking autopilot lifestyle business. It becomes your life.

What You Really Need to Run a Site Management Company

rocky-knockoutIf you were able to stomach the test above, and you’re still reading this and thinking that site management is something you’d like to do, then 1) we should probably be best friends, and 2) here are some items that are going to be must haves if you want this type of business to work.

  1. Become the best communicator on planet earth – I struggled with this for the longest time. I’d avoid awkward or uncomfortable conversations because I was afraid that people would be angry with me. Give people more credit than I did and be honest with them. If you make a mistake or screw something up, own it and be an adult. If you’re going to miss a deadline, let your customer know a day or two beforehand so they can start working on plan B. The worst thing you can possibly do is try and hide. You’ll feel guilty and the work still doesn’t get done. Always err on the side of too much communication.
  2. Organize your conversations – One of the best ways to become a great communicator is to be able to keep tabs on the hundreds of virtual conversations that can be going on at any given time. We use Help Scout and it’s been a life saver. With as many tools as there are out there, there’s no reason to have sloppy or unkempt communication. At any given moment you should be able to find the status of any customer request or project.
  3. Commit long term – In any type of business where you’re billing customers every month, it’s essential that you build enough trust with your initial and potential customers to let them know you’re in it for the long haul. We’ve self-funded everything at WP Site Care because the last thing we’re looking for is an exit strategy. Bootstrapping is our way of showing our customers that we’re in this to serve them for years and years.
  4. The customer is always right, until it hurts chemistry – Staying humble is crucial in a support role. Out of control tempers rarely solve anything, but laying down isn’t always the right answer either. Nothing is more important for the chemistry of my team than them knowing I have their back 100%. We’ve had experiences in the past where customers have gotten out of hand and resorted to name-calling or making threats. In times like those, be prepared to end your relationship with your customer immediately. Never let anything jeopardize your team chemistry, including a bully customer.
  5. The little things matter – When you’re first starting out, attention to detail like small client gifts, or answering that late night email will make all the difference. Give your original clients no choice but to become raging fans. If you’re smart, and I know you are, try and build trust within a community. When I started Revive My Blog, which was essentially a service where I dug into existing websites and overhauled them completely for $250 or $300 (yes, you read that right), I found a big group of customers and friends in an online fitness community. Then when the question of “who should I have fix my blog” came up, the answer was always a resounding “use Ryan!” I’m still very fortunate to have some of those same clients 4 years later.
  6. Learn by doing – Education is vitally important, and people should learn as much as they can as often as they can. There’s no substitution for going through a painful learning process on your own. In the early days I didn’t have any other developers to reach out to, and it was deliver or die, so I was constantly up against it. And you know what? I didn’t die. There are still instances that come up nearly every day where I’m able to use random bits of knowledge that I learned years ago by working through the problem on my own. For a lot of the issues there’s still no support documentation. You either know it because you’ve dealt with it before, or you don’t know it at all.
  7. Move fast and forgive quickly – You aren’t going to have time to worry about the “he said she said” that’s going on around you. I learned early on from a good friend of mine that cutthroat competition just isn’t worth it, and he was right. I made a really stupid mistake early on with WP Site Care that made me look foolish. I easily could have been called out for it but I wasn’t. I’ve made many more mistakes since, but I’ll never forget how quickly I was forgiven on that occasion, and my mistake was forgotten.
  8. Be an advocate for your customers – There are going to be many occasions where you become the point of contact for all things WordPress. If your client is getting the run around from a hosting company, don’t be ok with the status quo. Go to bat for them and show your clients that you want what’s best for them. That’ll go a long way toward building trust, and in a business where you become your client’s first point of contact for pretty much every technical item they encounter, trust is everything.
  9. Be yourself. You have a lot to offer – Our site design and copy are constantly ripped off. We’ve invested a lot of time and money into making it right, so I understand why. I mean, it’s really awesome, but at the same time I think the biters are selling themselves short. A more simple design with more copy about themselves as individuals, and what they specifically can bring to the table would be a lot more effective than a Site Care knockoff. There are likely things you can do that set you completely apart from the competition. Find those things and be confident in them. There’s no reason to sell yourself as something you’re not. Be Rolex, not Bolex.

Now You’re Ready

Did you notice how I didn’t mention anything about the inner workings of my business? I didn’t talk about anything technical, or legal, financial, or logistical. I may write about more of that later, but for the most part you can figure that stuff out. The stuff I wrote about here, most people are going to shy away from because it isn’t fun to hear. But the fact remains, if this is something you’re seriously considering as a business, you should know what to expect from the beginning.

The good news is, there is so much good that will come from this type of business. You’ll make life long friends, learn skills you never could have anywhere else, create partnerships with other awesome companies, probably get to travel a bit, and assuming you keep grinding and remember these essentials, you’ll create a more comfortable life for you, your employees, and your family.

The reality is that as challenging as all of this is, there’s nothing I’d rather be doing right now. I love the work I get to do every day for WP Site Care, and that’s probably why I can stomach most of these challenges. There are days where it isn’t easy at all, but it’s incredibly rewarding to take a deep breath every once in a while and realize that you’ve been something solid that’s helping people every day.

Now you’re ready to conquer the world. Go forth and create the best competitor WP Site Care has ever seen. You’ll be happy that you did.

Have you ever thought of support & maintenance as an easy business to run or get started? If so, what gave that impression? Is it part of your business? I love real conversations, so please don’t hesitate to share all your thoughts and musings in the comments below.