\nNathan Ingram opens his virtual office doors during this informal, unstructured webinar to answer your questions. There is no agenda and no planned content. Bring your questions and Nathan will answer them first come, first served. Get your answers and learn from the questions of others.\n\n\n\nRegister once for all Office Hours from April through March 2024.\n\n\n\n\n\n\n\n\n\n\n\n\n","EventOrganizerNames":"Nathan Ingram","inline_featured_image":"","livestream_public":1,"is_multi-day_event":0,"livestream_replay_set":0,"livestream_zoom_registration_link":"https:\/\/us06web.zoom.us\/webinar\/register\/WN_LBE7CmvaTSeHL4X4_pmB7g","livestream_chat_log":"https:\/\/drive.google.com\/file\/d\/1gp1MpVN9LM96Yv5syJAr12DCnAj6Q2Sv\/view?usp=sharing","livestream_live_transcript_url":"https:\/\/otter.ai\/u\/cmHdz3zHkr1iLK8L9-cObH7Hoaw?utm_source=copy_url","livestream_live_transcript_text":"Unknown Speaker 0:00 \r\nOkay, one more time here we go\r\n\r\nUnknown Speaker 0:08 \r\nokay Beth let's just yeah, not just me Okay one more time\r\n\r\nUnknown Speaker 0:20 \r\nokay, I see captions now. So that is positive. But let me copy this code again.\r\n\r\nUnknown Speaker 0:28 \r\nAnd we should have Ah, here we go and save. Alright, finally now we're ready to go.\r\n\r\nUnknown Speaker 0:36 \r\nOkay, now, let's get started.\r\n\r\nUnknown Speaker 0:40 \r\nHappy Thursday, everybody. Welcome to office hours here on solid Academy. I'm Nathan Ingram, and it's Thursday so you get to ask whatever you want to glad you're all here. We had a really good conversation yesterday with Tom ray from we watch your website. Hopefully you were in on that. Always good stuff with him. How many of you saw the news about the Microsoft engineer that found the little vulnerable little vulnerability that could have brought the Internet to its knees Did you see that one? Absolutely crazy. What a great.\r\n\r\nUnknown Speaker 1:15 \r\nWhat a great story that is, and I'm just bringing this up. One second.\r\n\r\nUnknown Speaker 1:21 \r\nBy the way, for those of you that aren't aware, I do a column every Friday on post status.\r\n\r\nUnknown Speaker 1:28 \r\nThat is the news. Let me this preview.\r\n\r\nUnknown Speaker 1:34 \r\nThis is actually the article that's going to it'll drop tomorrow morning, but the story is this Microsoft engineer named Andres groined, I guess he was just running some tests, right? And he noticed a 500 millisecond delay in the startup of a process on his Linux server 500 milliseconds or half a second who, but he got curious and started to investigate and found that some malware had gotten injected into this very, very popular utility. It's like on most Linux servers around the world.\r\n\r\nUnknown Speaker 2:15 \r\nAnd it there was this vulnerable code that was injected that would have been a backdoor for anybody. And it really, you know, I don't know how many it's the vast majority of the internet is run on Linux servers, and this could have brought the Internet to its knees. Absolutely crazy.\r\n\r\nUnknown Speaker 2:36 \r\nx z utils. Okay, that's okay. So this is a tutorial. This is how you update a post in WordPress. It's really easy. You can just change it, and then schedule it. And it's right back to you know, so that would this was a learning experience for everybody here just to change that x z util text.\r\n\r\nUnknown Speaker 3:01 \r\nOh, I did I did it wrong way again. I did it the wrong way. Again, hang on.\r\n\r\nUnknown Speaker 3:06 \r\nThis is because it's been that sort of week.\r\n\r\nUnknown Speaker 3:09 \r\nX, Z utils. There we go.\r\n\r\nUnknown Speaker 3:13 \r\nYeah, okay. One more time.\r\n\r\nUnknown Speaker 3:17 \r\nOkay. Anyway, so this guy found this. But the story is really fascinating because this x z utils. It's, it's run by an open source. It's an open source project. It's run by small team, and it was mostly run by this one guy. For forever. And then about two years ago, this new person just appeared and started offering helpful suggestions for the code. And for two years, this person who went by GIA tine, was contributing to this open source project and gaining the trust of people was like this this you know, behavioral and what it was he based this was probably a hacker, but for two years worked on this just slowly being helpful contributing code, whatever. Yeah, like a sleeper cell Melanie. And, and then two years later, dropped this malicious code that could have crippled the internet. It is absolutely unreal. Unreal. Folks are pointing towards the Russian SBR intelligence service. They're the ones that did the solar winds attack. They think maybe this is who this G Aton person actually worked for. Who knows? But there's a couple of great articles here. I like the New York Times story the best if you haven't read this. It's maybe a five minute read is fascinating. But my question in this article is, gosh, could WordPress fall prey to a similar scheme? You know, do we really know who these core contributors are? Like, gosh, what if some of the core contributors were just pretty nuts? But anyway, it's a really interesting story. That if you haven't seen it yet, you ought to just take a quick read on that. It's it's pretty interesting.\r\n\r\nUnknown Speaker 5:06 \r\nLet's see. Okay, something else is, so we launched a site this week that I'm actually pretty proud of, but there's a piece of it that I think y'all might be interested in and maybe we will do this might be something we can do a an extended training on. This is just a poll to see if you're interested. Okay. So this website, this is one of my oldest clients.\r\n\r\nUnknown Speaker 5:37 \r\nI started working with these folks in about 2002. Okay, so 22 years, free WordPress. I've been working with these folks. This person is a self published author here in Birmingham. They've got a lot of really good content like we've, they send out this weekly devotional. It's a this is like spiritual literature. And we've got these really cool grid builder grids that, you know, filter all their many hundreds of devotional, it's really it's anyway, pretty cool. We like it. It's really neat little podcast feature that does sort of the same thing, where it's all categorized and you can store it anyway. But the really neat thing is the events piece. And so we actually built an event management tool for them because they do these occasional events. And they didn't really fit into any event plugin that we wanted to use. So we built one.\r\n\r\nUnknown Speaker 6:41 \r\nAnd let me show you what we did.\r\n\r\nUnknown Speaker 6:43 \r\nAnd when I say we, so Chris, and I have this joke. We say well, I fixed this problem, and we call it the royal i, which is really like me and chat GPT so like the royal I develop this code. Anyway, so we've got this events custom post type and check this out. It's super cool.\r\n\r\nUnknown Speaker 7:04 \r\nWhere it's a meta box, custom post type, and it's just a post. But we have all these things here. So is it upcoming or past there's an event start and stop date, the timezone, the cost, the ticket limit, how many tickets had been sold, and all this works automatically. Like it's it's really amazing. So we have this one gravity form that is on the theme or beaver theme or layout that shows our events, and it dynamically pulls in the cost.\r\n\r\nUnknown Speaker 7:40 \r\nSo I'll show you so here's this event that we're looking at.\r\n\r\nUnknown Speaker 7:45 \r\nSo there's a gravity form that's just embedded on this page already. And in that, like if we were to change this, I mean, this is the Lab site. So nobody told my client will quick update this. Like if we change the price here in this custom field. It's going to update it here on the form. Isn't that cool? There's code that does that.\r\n\r\nUnknown Speaker 8:07 \r\nAnd whenever the form is processed, it knows to increment how many tickets are sold. And when it hits the limit. It you know, so if this number is equal to this number, then it doesn't. It doesn't even show the form anymore. It just shows there's no more options. And it uses stripe as a payment gateway. And then you know, we have venue details and so forth but like there's all these toggles like his registration open. We could hit no and it'll it won't show this row on the page. Anyway, what I'm and so oh and like it automatic, it won't show the event anymore if it's past the event in date. So what we did was we built this little piece of code that as soon as you schedule an event or update the information in an event, it takes this event in time and schedules an action scheduler item that on that day when it gets to this time on this date, it toggles this to past. Isn't that cool? So anyway, it's really It looks complicated. There's some code but it's not super terribly complicated. I don't think it's sellable. CEU because it's it's a little it's a little clunky.\r\n\r\nUnknown Speaker 9:25 \r\nLike you have to know it will take some work to make it more usable. But here's why. And here's why. I'm suggesting this because May is going to be a weird month for us here on solid Academy.\r\n\r\nUnknown Speaker 9:41 \r\nLet me just look at the calendar. The last two weeks of May I will not be here, other than I'm going to fit in an office hours on the 24th but from these two weeks, the week of the 20th and the 27th I'm going to be out. It's actually my wife and my 30th anniversary and so we're taking a cruise to Alaska. It's like on my wife's bucket list to do this Alaska cruise. So we're doing that. I am gonna fit in an office hours here.\r\n\r\nUnknown Speaker 10:10 \r\nBut that's the only thing we're gonna have. So what I was thinking and so there will not be a standard two day premium event in May because I'm not going to be here. But what I'm thinking is right here on May the 15th. How about we do a two hour training on this event thing? How would that how would you like that?\r\n\r\nUnknown Speaker 10:30 \r\nThat that this would be an at a really good time to do it. And so even if you're not even if you're not interested in events, it will be helpful just to see the process right. So I'll you know, just explain, like how this gradually developed. So anyway, I'll schedule that. So I mean, it just Okay, and so if you don't if you're not interested in this, and you don't want to say it publicly send the message to hosts and panelists and say I'm not interested in that. I just want to know, but it seems and then it would be very similar. They see Yeah, yeah. It's just custom fields.\r\n\r\nUnknown Speaker 11:10 \r\nAnd I'm all about like doing a solid WP cruise, but you know, somebody would have to figure that out besides me. Anyhow, so Okay, we'll do that.\r\n\r\nUnknown Speaker 11:22 \r\nSounds like yes, so meta box is what we're using, but you could you could use any custom field plugin for this.\r\n\r\nUnknown Speaker 11:29 \r\nI don't know Beth have been have they been saying? Yes, I couldn't. I couldn't tell.\r\n\r\nUnknown Speaker 11:34 \r\nOkay, so we'll do all right.\r\n\r\nUnknown Speaker 11:40 \r\nOkay, well, I'm glad because that's good. I was really I was concerned about us not having a premium event in May giving you something to sink your teeth into.\r\n\r\nUnknown Speaker 11:51 \r\nBut that'll be kind of the best of both worlds. Okay, all of that said Let us move into question. shall we? So we will start with Sue.\r\n\r\nUnknown Speaker 12:02 \r\nOh, hang on a minute. There's a\r\n\r\nUnknown Speaker 12:08 \r\npremium courses it's showing upcoming bachelor for ages. Oh, oh.\r\n\r\nUnknown Speaker 12:18 \r\nI am getting really excited about this course. This is coming up in just a couple of weeks. This Cloudflare for agencies course is going to be really good. I have several new Cloudflare rules. I've been testing that further lockdown WordPress even beyond what I've been doing. And it's yeah, I'm looking forward to this so it's it's here it's not showing. Where are you seeing it past Melanie?\r\n\r\nUnknown Speaker 12:42 \r\nYeah, because it's it is should be showing is correct.\r\n\r\nUnknown Speaker 12:49 \r\nOkie dokie like if it's showing past somewhere, I'll fix it.\r\n\r\nUnknown Speaker 12:55 \r\nAh, not logged in.\r\n\r\nUnknown Speaker 12:58 \r\nThat will do it.\r\n\r\nUnknown Speaker 13:00 \r\nBut it still shouldn't be showing his past.\r\n\r\nUnknown Speaker 13:05 \r\nOkay. All right.\r\n\r\nUnknown Speaker 13:08 \r\nFirst question is from Sue today. Sue, remind me please where this goes. UTF eight and before is the character set. WordPress prefers for database storage, because it safely supports the widest widest set of characters and encodings including emoji, blah, blah, blah. This looks like it was copied from the Starter Site document that I created last year.\r\n\r\nUnknown Speaker 13:32 \r\nThis goes in the WP config file\r\n\r\nUnknown Speaker 13:42 \r\ndo WP config. Hello. There it is.\r\n\r\nUnknown Speaker 13:49 \r\nWhoo.\r\n\r\nUnknown Speaker 13:51 \r\nWeird permission.\r\n\r\nUnknown Speaker 13:53 \r\nInteresting.\r\n\r\nUnknown Speaker 13:56 \r\nI'm not going to be able to Okay, hang on a minute\r\n\r\nUnknown Speaker 14:05 \r\nHey, where are you?\r\n\r\nUnknown Speaker 14:07 \r\nThis in the way my week is going on weak there's just weird weird weird things\r\n\r\nUnknown Speaker 14:18 \r\nyep, I can't edit it. Oh, that's that's a peculiarity WP night and I forgot about that. For some reason. I can't edit the WP config in\r\n\r\nUnknown Speaker 14:32 \r\nthe cPanel which is just weird.\r\n\r\nUnknown Speaker 14:35 \r\nOkay, here it is.\r\n\r\nUnknown Speaker 14:39 \r\nIt is right here.\r\n\r\nUnknown Speaker 14:41 \r\nIt is a WP config constant that looks like this.\r\n\r\nUnknown Speaker 14:46 \r\nAnd that is what you would use to Yeah, so I'll have to roll my excuse and stuff.\r\n\r\nUnknown Speaker 14:57 \r\nLater because it's just now on the recording. And my salt keys. Awesome. But it yes, it goes there. That's where it goes.\r\n\r\nUnknown Speaker 15:06 \r\nOh, okay.\r\n\r\nUnknown Speaker 15:08 \r\nWe're about to blow off that WP Nathan anyway. All right, is that good for you soon?\r\n\r\nUnknown Speaker 15:18 \r\nDo we get a dancing su gift? Is that possible? Sue? Because you have several questions today.\r\n\r\nUnknown Speaker 15:27 \r\nI think we might require a gift. What do y'all think? Can we vote? What do you think? Should we should we require a gift from Sue?\r\n\r\nUnknown Speaker 15:34 \r\nAh you can just vote in the chat\r\n\r\nUnknown Speaker 15:41 \r\nplease.\r\n\r\nUnknown Speaker 15:45 \r\nAll right, next up. Bev Livingston, okay, when your security plugin I use other plugin we got emails to let you know when there's increased quantity.\r\n\r\nUnknown Speaker 16:03 \r\nOh, I'm actually okay. We'll go back to this. Some people say this. I'll say that. So when your security plugin emails you to let you know, there's an increased bot attack and they're blocking them is Is there anything else to do?\r\n\r\nUnknown Speaker 16:25 \r\nI've seen posts and Facebook groups from people who feel they need to do further hardening but having the blocker in places. Okay, so Beth, if you're getting emails letting you know that you're getting a bot attack, that is that the security plugin doing its job, however, okay, how a big however, you really don't want your WordPress security plugin doing the heavy lifting of bot blocking. Okay? Because even every time that bot is hitting your server, even if it's being blocked wordfence or or security or somebody is having to do something which is consuming server resources. So ideally, you want to block them at the network level, which is Cloudflare. So that's why having really good Cloudflare web application firewall rules, which we'll get into in the course this month, just stop them there before they even get to the server. Now you know it's likely that the impact will be relatively minimal. But, you know, like, for example, a lot of the the hammering away of bots is on the WordPress login page. And if you have a CAPTCHA on that login page, it's gonna you know the big server resource consumption is trying to login so you know, those login login battled that can bring a server to its knees. But if you put a CAPTCHA there, well, that stops them from being able to log in, but that page is still being loaded, loaded, loaded 1000 times a second, right. And that can grant that can degrade your server resources. So it's better to block out stuff at the network level before the traffic even hits the server. So that's where really good WAF rules come into play. Does that make sense? So we'll talk about that. That's one of the things we'll deal with in the Cloudflare course. This is where you know, we talked about during disaster week, having multiple layers of protection.\r\n\r\nUnknown Speaker 18:22 \r\nThe the in my opinion, the role of a WordPress security plugin is best.\r\n\r\nUnknown Speaker 18:31 \r\nApplication hardening like doing the things to harden WordPress, and then user hardening and not getting into all this firewall stuff and whatever. You know, it's helpful to have patch stack firewall to prevent existing exploits and things like that. But you really want most of that firewall stuff happening at the network level. That traffic doesn't even get to the server to begin with. Anyway, that's the approach solid security takes. And to me, it makes the most sense, because any other approach like it just, it bloats up the site itself can consume server resources. So anyway, Ben, where do you check if you have a problem with hammering?\r\n\r\nUnknown Speaker 19:14 \r\nI mean, if you see things start to really slow down like a slowness of the server and a light or a spike in traffic, you can often see okay, that's some something that's hammering away, and your server people should be able to tell you oh yeah, you're getting hammered away on XML RPC, or something's hammered away at your login page or whatever.\r\n\r\nUnknown Speaker 19:34 \r\naccess logs could be Yeah.\r\n\r\nUnknown Speaker 19:37 \r\nBut, you know, again, it's, that's why I like for example, in the current set of Cloudflare rules that I use now. I put a manage challenge at Cloudflare in front of the WordPress login page for everything. And I don't even use a CAPTCHA on the WordPress login page anymore because every bit of traffic that hits the login page has to pass through a manage challenge. Same goes for you know, there are no sites that we use that use XML RPC. And so we just block access to XML RPC across the board, because there's nothing that needs it. And so no traffic can hit XML RPC.\r\n\r\nUnknown Speaker 20:19 \r\nAnd that sort of thing. So these are all excellent questions. That we will spend plenty of time talking about in the Cloudflare course this month, so thank you for that.\r\n\r\nUnknown Speaker 20:30 \r\nOkey dokey. Next up also sue. I think Sue and Beth met for coffee again and they sat there with a laptop and just put a bunch of questions. That's what I think. All right. Can Gravity Forms and Kadence do this? A website with a weekly quiz using gravity forms one question with five choices. Is there a way to bank the quiz question and a graph of the results dynamically? The hopeful result a visitor can click old quizzes and see results for prior results. I am not aware of?\r\n\r\nUnknown Speaker 21:03 \r\nWell, let's see.\r\n\r\nUnknown Speaker 21:08 \r\nClarifying CEU Are you saying that you want the user in question to be able to see their previous quiz entries that they have submitted?\r\n\r\nUnknown Speaker 21:24 \r\nAny visitor can see all results in a pie graph.\r\n\r\nUnknown Speaker 21:32 \r\nProbably yes.\r\n\r\nUnknown Speaker 21:35 \r\nMelanie beat me to the punch again. Gravity view might be able to allow that\r\n\r\nUnknown Speaker 21:46 \r\nthis would be an interesting job for chat GPT because that code exists on the back end you wouldn't save it as a post. What you would do is like that, that data exists, and there's already code in grant the Gravity Forms quiz plugin to output it on the back end. I betcha chat GPT could write a function that would create a shortcode that would output it on the front end or something that would Yeah, that would be something to work through.\r\n\r\nUnknown Speaker 22:18 \r\nMelanie does gravity view let you see those quiz results on the front end? Gravity view can be display so grab the quizzes. I know gravity view can display entries, but will it display like the the\r\n\r\nUnknown Speaker 22:36 \r\nquiz like the unit like the aggregated quiz results?\r\n\r\nUnknown Speaker 22:49 \r\nBest beffta Smart Quiz Builder. Do you that smart Quiz Builder is a great plugin.\r\n\r\nUnknown Speaker 22:57 \r\nInteresting. So there's a couple of different directions you can go so there's always a way Kadence really would have anything to do with it. Gravity Forms or whatever you're using to capture those quiz responses. Yet smart Quiz Builder actually might be the best way to do it.\r\n\r\nUnknown Speaker 23:17 \r\nI think it's already built in.\r\n\r\nUnknown Speaker 23:22 \r\nOh, the dynamic fields in Kadence I think. I don't think I would try that for this. Because yeah, that's the gravity. The Kadence dynamic fields are really geared towards custom fields on a custom post type. Yeah. But yeah, look at smart Quiz Builder. They have a really good the developer is very active in the Facebook group there and they have some really helpful conversations, gravity charts.\r\n\r\nUnknown Speaker 24:01 \r\nminerals that God gave us great. They solve so many practical problems. That's an interesting approach.\r\n\r\nUnknown Speaker 24:17 \r\nInteresting, all right.\r\n\r\nUnknown Speaker 24:21 \r\nNext All right, next up is dancing. Sue, Sue, come on.\r\n\r\nUnknown Speaker 24:31 \r\nLittle bit. Okay.\r\n\r\nUnknown Speaker 24:33 \r\nNext year, Sue, you hear him?\r\n\r\nUnknown Speaker 24:39 \r\nAll right. Your best recommendation for a podcast plugin. We really y'all we really got to do a like an event where we all get together and do this. This is too much fun. Okay. The site owner does not need a plugin to podcast just to display podcast they use the script and squad cast is trying to avoid building custom post type the plugin will do it I realized that if they use Buzzsprout it will fill the page dynamically looking for something nondenominational.\r\n\r\nUnknown Speaker 25:10 \r\nWishing for a plugin to play audio to play video to show transcript meta Featured Image allow for an excerpt. Well, I don't have a I don't know that there is a Oh, that's not tied to a podcast. particular one. Yeah. So I mean that will\r\n\r\nUnknown Speaker 25:29 \r\nthat's what we did here on this site that I just showed you.\r\n\r\nUnknown Speaker 25:39 \r\nIf you look at the podcast page, these are custom post types.\r\n\r\nUnknown Speaker 25:52 \r\nAnd basically, there's a title. There's the content area that is basically For show notes. There is a box to paste in your podcast embed. If you want to do a YouTube URL you can and then a date picker for the date. And what happens on the front end of the site\r\n\r\nUnknown Speaker 26:18 \r\nis it just outputs here in this thing and you click it and it pulls up the podcast single page which embeds the podcast player from Buzzsprout in this case, and then you've got all of this now, eventually these folks are going to start they're just doing audio now they will do video and so the push to YouTube, and I did that over here\r\n\r\nUnknown Speaker 26:47 \r\non this podcast and this is not a plugin. We just built this and it's really simple. It was not hard to build at all. So let's just click this one. Okay, that doesn't have video. Here. This one has video.\r\n\r\nUnknown Speaker 27:06 \r\nOkay, so here this is just a conditional on a beaver theme or layout with a PABX and it lets you switch back and forth between audio and video. And it's just the YouTube embed and the Buzzsprout embed.\r\n\r\nUnknown Speaker 27:20 \r\nSo but this is all basically the same concept where you just add a few custom fields to the custom post type. I don't have anything that'll I don't know of a plug in. That's going to be podcast, network agnostic.\r\n\r\nUnknown Speaker 27:38 \r\nThis is really simple to build those who will just build it. Then you got it.\r\n\r\nUnknown Speaker 27:45 \r\nDoes that help soon?\r\n\r\nUnknown Speaker 27:52 \r\nYep, ACF or in our case, a metal box.\r\n\r\nUnknown Speaker 27:56 \r\nI never met a box. I didn't like There we go. Anyway.\r\n\r\nUnknown Speaker 28:00 \r\nOkay, moving right along to hey, it's Sue.\r\n\r\nUnknown Speaker 28:06 \r\nOkay.\r\n\r\nUnknown Speaker 28:10 \r\nAll right.\r\n\r\nUnknown Speaker 28:11 \r\nSVG is what to look for in an SVG uploader plugin. Is the one you showed that changed SP color SVG colors a week ago. Is that an upload or does it require two plugins? Yes. Okay. So the plugin that I recommend, and this is part, it's been in the Starter Site. suggestion for a few years now. And that is this one. SVG support by Ben Bodie.\r\n\r\nUnknown Speaker 28:38 \r\nThis one here, this is the best it does a number of things under that.\r\n\r\nUnknown Speaker 28:48 \r\nSettings. Yes, short pixel is one I just this one has always worked and the problem with something from short pixel like that is actually they bought es enable SVG or something they bought an existing plugin. But now see, whenever you see a accompany like short pixel by a plugin like that, it's because they're just gonna blitz you with ads, right? So I just rather use this one.\r\n\r\nUnknown Speaker 29:14 \r\nSo this gives you some really nice options like sanitizing the SVG to make sure there's no malicious code in it. minifying you know, all the things here so you have a bunch of different options here that I like. So you know, that's why I like this one. So that is the plugin you. By default, WordPress still does not allow the uploading of SVG is because technically it's a security risk in SVG is just a text file. And you couldn't add malware into an SVG so they don't allow it to be uploaded in core WordPress. You do have to have a plugin to enable that. So the one that does colors that we did in the plugin roundup this month, that is a separate plugin it does not itself allow. It assumes you can already upload SVGs Yeah, so it it I don't believe I don't believe it, itself enables the upload but either way. I, Paul Exactly. Either way, I would still use SVG support simply because you can look.\r\n\r\nUnknown Speaker 30:27 \r\nYou can restrict the uploading of SVG is to certain roles, and then you can sanitize or pardon me you don't sanitize for these roles. That those settings are on I always want to sanitize SVGs\r\n\r\nUnknown Speaker 30:46 \r\nYeah, so you can restrict the uploads to certain roles. And if you want like only administrators can upload them and then at all you can always sanitize it. So those are the two things that make this really, really helpful.\r\n\r\nUnknown Speaker 31:02 \r\nOkay, next up, is Paul.\r\n\r\nUnknown Speaker 31:11 \r\nBy the way, if you've got questions link is in the chat.\r\n\r\nUnknown Speaker 31:19 \r\nAll right, Paul. Yeah, where's dancing? Paul?\r\n\r\nUnknown Speaker 31:24 \r\nWe got dancing, Paul.\r\n\r\nUnknown Speaker 31:28 \r\nWe all right. We're trying to figure out how to be a big boy agency and do things without Paul is the point person good for you. Some client SAS accounts we need to log in as them we cannot add a user to the account in cases like this. Having the client use keeper is the best way to share the credentials. I agree. What if they do not have it? Should I require them to open an account to share the credentials?\r\n\r\nUnknown Speaker 31:55 \r\nOkay, well, let me keep reading. Adding to the complexity of this should we also have an agency account that is not mine, not a team members individual account. I feel that security like this is very important. I don't take it lightly that we have the account holders power to do whatever on the accountants we're logging in. Alright, so here's here's the way I approach this, Paul.\r\n\r\nUnknown Speaker 32:15 \r\nThe so first of all, it's always best to a regal essence to your thoughts.\r\n\r\nUnknown Speaker 32:25 \r\nOr this one?\r\n\r\nUnknown Speaker 32:27 \r\nHalf a second.\r\n\r\nUnknown Speaker 32:29 \r\nI think a generic agency account does not seem to be the safest. Yeah, I agree. So the level of keeper that I have allows me to set up a a business I forget what love it's like the next level up the business level where my user just in our case, my user and Chris's user, there's a shared brilliant web works folder that I will move client logins into and Chris, by virtue of his login has access to that share. Now if at some point, you know, I throw Chris out, which would be never if we have to restrict access, I could terminate that user's access to that shared folder. That's the best way to do this. So that was probably Paul require you to upgrade to a business level whatever that next level of keeper is, that will give you that business share. Now, here's the problem.\r\n\r\nUnknown Speaker 33:25 \r\nOftentimes, like when if a client shares a password with me and keeper, I can't then move it to that shared folder.\r\n\r\nUnknown Speaker 33:37 \r\nYou share credentials with team members and they can't see it. Since something's wrong with your keeper setup, because that's how we do it. There's like a shared folder in keeper called in our case be WW and I move stuff in there. And you just have to make sure if your team members have access to that folder, they should be able to see it. If not, I would reach out to keep her support, because that's how it's supposed to work.\r\n\r\nUnknown Speaker 33:59 \r\nSo first, always, we want to get delegated access from the client. If that's not possible, then what we're doing now is getting the client to actually send the password to us with one time secret. And I'm creating that in our shared company folder.\r\n\r\nUnknown Speaker 34:21 \r\nYou set it up that way I can share individual accounts with team members and it's set so they cannot see the password. They can only log in Yeah, exactly. So that that's what that's your that's how it should work. Yeah.\r\n\r\nUnknown Speaker 34:34 \r\nOh, I see what you're saying. I misread or I misunderstood. Yeah, so that's the way I would do it.\r\n\r\nUnknown Speaker 34:40 \r\nThe problem is when client like if you get the client to share it with you. In keeper you can't move it to that shared folder, which I think is weird. And I really probably need to reach out to keep her and ask about that. So we're using one time secret to let clients share passwords if you've never seen that before. By the way, folks.\r\n\r\nUnknown Speaker 34:59 \r\nThis is a really great tool.\r\n\r\nUnknown Speaker 35:03 \r\nAnd you people can send it there they put in a phrase is difficult to guess. They send you the secret link. And yeah, and Melanie's right. If it's there's two FA involved it's gonna be a problem.\r\n\r\nUnknown Speaker 35:18 \r\nYeah, more and more accounts or sites are allowing delegated access, which is really the way to go for this. But yeah, so what you're describing is the best way Paul, that's what I would do.\r\n\r\nUnknown Speaker 35:33 \r\nIs there something here on this Paul?\r\n\r\nUnknown Speaker 35:42 \r\nCan you demonstrate how you set up keeper to do the to FA on an individual account\r\n\r\nUnknown Speaker 35:52 \r\nI would need something that requires two fa i guess we could set up\r\n\r\nUnknown Speaker 36:01 \r\nnow let me see. Let me get into keeper and just add something I'll show it to you here quickly. I just don't want to put anything on the screen that is sensitive.\r\n\r\nUnknown Speaker 36:12 \r\nAnd if I were to create new record Nope. That didn't work\r\n\r\nUnknown Speaker 36:45 \r\nokay, so\r\n\r\nUnknown Speaker 36:50 \r\nfinally I want to show you Alright, so let's just say here's my login for solid Academy, right? If I want to add two factor, and I'm in I'm in the keeper vault, I would go here and add a two factor code. And what that does is it gives me this little thing here, where I can scan a QR code and if I click this oh it's desktop application nuts hang on a minute I gotta go to keeper desktop\r\n\r\nUnknown Speaker 37:23 \r\nsystem\r\n\r\nUnknown Speaker 37:26 \r\nwas taking forever to load here a second ago. I'm not quite sure why that is.\r\n\r\nUnknown Speaker 37:35 \r\nNope, there we go.\r\n\r\nUnknown Speaker 37:41 \r\nAll right. So now I'm here in the desktop app. And I would go to edit the record. Add a two factor code. Desktop version. Yep. So you do this. Now you have the ability to scan the code and it gives you this little screen you just put it over the top of the code and that pulls it into keeper and you enter in the number back on the site to verify that you got it right. So it's really pretty easy.\r\n\r\nUnknown Speaker 38:14 \r\nZach gets your question Paul.\r\n\r\nUnknown Speaker 38:20 \r\nGreat, Karen question about news roundup. It's it's kind of all over the place. It depends on the month and what else is being scheduled. Some are off because of other things that had to be scheduled. It's usually the like the third Tuesday of the month, but that varies depending on other things that have to be scheduled in.\r\n\r\nUnknown Speaker 38:43 \r\nYep.\r\n\r\nUnknown Speaker 38:45 \r\nWe try to shoot for the third Tuesday. So like plugin Roundup is the first Tuesday virtually always news roundup. Sometimes that impacts like, the premium event or something that solid needs to schedule. That's product related anyway, so that news roundup kind of moves around.\r\n\r\nUnknown Speaker 39:03 \r\nAll right, next up is Beth Livingston.\r\n\r\nUnknown Speaker 39:10 \r\nAll right, Beth. The last time I tried to use reCAPTCHA three I had problems which version if any, does Nathan use on client sites? I don't use reCAPTCHA at all. I hate it. It's awful. And Google is starting to charge for it. So I use Cloudflare turnstile if a CAPTCHA is required. But honestly, on more and more sites, we're not using CAPTCHA at all because we don't need it. So there are typically a couple of places you would use a CAPTCHA on an average site. The first would be on the login page for WordPress. And like I mentioned before we hit that stuff at the network level with Cloudflare. So you can't even hit the WordPress login page. Without a managed challenge which is the same thing as Cloudflare turnstile. The other place you would see it is on form entries, or forms right where you want to capture the complete the form. And for that we use Gravity Forms zero spam, and which don't have spam, Gravity Forms zero spam works like magic. If you're a Gravity Forms user, if you're not, you probably you're going to need a CAPTCHA plugin.\r\n\r\nUnknown Speaker 40:20 \r\nSo I recommend Cloudflare turnstile as your CAPTCHA alternative. Solve if you're not using Cloudflare itself to protect your DNS. Solid Security does have Cloudflare turnstile built in fluid forms may have a turnstile add on if not, there's an excellent plugin called simple Cloudflare turnstile that I believe will Yep, it supports fluid forms. It supports all the forms. This is what I would recommend. Simple Cloudflare turnstile, put CAPTCHA on forms if you're not using Gravity Forms Cloudflare turnstile is in my opinion, by far, the simplest best CAPTCHA alternative option out\r\n\r\nUnknown Speaker 41:14 \r\nOkay, does that answer this question Beth?\r\n\r\nUnknown Speaker 41:20 \r\nMelanie does Cloudflare limit the number of sites for turnstyle I believe it does, but it's like 100. And then if you run out, you just make another account.\r\n\r\nUnknown Speaker 41:30 \r\nI've got a few. I have like three different Cloudflare accounts. But the nice thing is like you can give each of them access.\r\n\r\nUnknown Speaker 41:38 \r\nI don't think it's just 10 I think it's I know I have more than 10 I don't know what it is. I've never hit the limit. But again, I'm not using a turnstile key. I may be only using gosh there may be less than 10 sites. I could be totally wrong about this\r\n\r\nUnknown Speaker 42:02 \r\nI'm sure there's a limit. But if you run out then just you just make a new account. And all of my accounts have access to each other. So regardless of which one I log into, I can always see all the sites\r\n\r\nUnknown Speaker 42:16 \r\nand again, the only sites that I actually have a Cloudflare turnstile key for our WooCommerce sites. And there's like two sites we have that aren't under Cloudflare for various reasons. Okay, so 1010 is the limit just make another account.\r\n\r\nUnknown Speaker 42:36 \r\nYeah, we love the simple Cloudflare turnstile for adding Cloudflare turnstile to the WooCommerce checkout page. That is super helpful. It stops card testing attacks immediately.\r\n\r\nUnknown Speaker 42:51 \r\nAnd okay, if you can keep it to yourself. This is just between you and me.\r\n\r\nUnknown Speaker 42:57 \r\nSolid security very soon. We'll be adding WooCommerce checkout as an option. For turnstile. It's coming.\r\n\r\nUnknown Speaker 43:08 \r\nIt is in process but that's not public knowledge. I might not even share said that. So just delete that from your recording.\r\n\r\nUnknown Speaker 43:18 \r\nAll right.\r\n\r\nUnknown Speaker 43:19 \r\nNext up.\r\n\r\nUnknown Speaker 43:23 \r\nBeth Moore on Cloudflare do you use the free Cloudflare prep plan or the pro version? I use the free plan. There's nothing in the pro that I need.\r\n\r\nUnknown Speaker 43:34 \r\nYou know, the the only thing I'd have paid for at Cloudflare is domain registration. And a couple of sites we tried the automated automatic platform optimization for WordPress works pretty well, just for site speed.\r\n\r\nUnknown Speaker 43:49 \r\nBut no just for the average site.\r\n\r\nUnknown Speaker 43:53 \r\nCloudflare free is all you need. I'll be talking about that in the course.\r\n\r\nUnknown Speaker 43:58 \r\nAll right next up Stacy. With me\r\n\r\nUnknown Speaker 44:04 \r\nAll right, Stacy.\r\n\r\nUnknown Speaker 44:06 \r\nMy contact for my client had a falling out with the owner. She is the first admin on the account. I'm the second until a phone call yesterday the only contact I've had with the owner is that he pays my invoices. Oh, this sounds like a fun situation. I was able to change the administration email address to my email. WP engine won't talk to him as he isn't listed on the account. I found that the registrar is network solutions with client transfer are prohibited. The name servers world Nick and I can't die world Nick I believe is Network Solutions.\r\n\r\nUnknown Speaker 44:40 \r\nI'm pretty sure about that.\r\n\r\nUnknown Speaker 44:45 \r\nAny suggestions to get access to the registrar without any account information. Okay, so this is awesome. And there are few things that are as fun as re getting access to web hosts and or domains when the premier primary contact is not talking or is unavailable. It is just delightful. So Stacy, this is going to be fun and there's no easy way to deal with this. So yeah just like Suez saying every registrar has a different process. GoDaddy is actually pretty simple. On the phone, you bet you validate a bunch of information you validate the card on file, blah, blah, blah and over the phone, you can get back access to an account. It does usually take a phone call and as long as the owner is paying the invoices for these things, then they should be able to get access. Stacey is the owner's name not on the domain as the owner or who is the domain owned by this other person.\r\n\r\nUnknown Speaker 45:54 \r\nDoes that other falling out person? Oh you don't know? Oh, you don't know? Because it's a private registry right?\r\n\r\nUnknown Speaker 46:02 \r\nIs the owner being billed for the domain?\r\n\r\nUnknown Speaker 46:08 \r\nHe doesn't know. Oh.\r\n\r\nUnknown Speaker 46:12 \r\nSo you know, the best way to find out about that is just do a who is on the domain name. Find out when the expiration date and have them look for a charge on their credit card. Right around that same time from Network Solutions.\r\n\r\nUnknown Speaker 46:29 \r\nYeah, if he's not being billed for the domain name, and he's not the registrant then it's a process.\r\n\r\nUnknown Speaker 46:38 \r\nYeah, it's a process.\r\n\r\nUnknown Speaker 46:41 \r\nAnd you know, yeah, so the best thing you can do, you call Network Solutions. You explain what's going on. And I always say, Look, I know you may not be able, there's all I realize there's only a certain level that you're gonna be able to talk to me, because, you know, I'm not authorized on the account, but this is our situation, what can we do to, you know, get the actual owner access and there will be a process to follow. So that's, it's a phone call to Network Solutions and go from there. WP Engine.\r\n\r\nUnknown Speaker 47:13 \r\nAre you listed on the WP Engine account? Stacy?\r\n\r\nUnknown Speaker 47:21 \r\nWhere's it just this other person? You have admin access?\r\n\r\nUnknown Speaker 47:27 \r\nSo\r\n\r\nUnknown Speaker 47:31 \r\nokay, what I would do again, I would call WP Engine they have a phone number, you can call them explain the situation. And if they're just being a butt about it, say fine. We're just going to change web hosts and you will lose our business, you know, but they will likely it looks not like this never happens. They would have a process also of you know, helping the owner get access. Is he being billed by WP Engine?\r\n\r\nUnknown Speaker 48:02 \r\nYeah, okay, so he's paying the bill. So they will talk to him because he's paying the bill. So yeah, and there's no way around this other than it's gonna take a call and it's going to be some time and so prepare the owner that he can handle this himself or he can pay you hourly to figure it out. And it's gonna take a while. And so it is what it is, unfortunately. Yeah.\r\n\r\nUnknown Speaker 48:24 \r\nSo there's not a simple easy way. It is. Yeah, it just takes time. But each all of these folks and Network Solutions they'd be engine. They're going to have a process in place to step through this and validate ownership and all of that because this does happen. It's not like this is a unique situation.\r\n\r\nUnknown Speaker 48:44 \r\nSo good luck. Have fun with that. Yeah.\r\n\r\nUnknown Speaker 48:48 \r\nWhat a mess.\r\n\r\nUnknown Speaker 48:50 \r\nOh, yeah. hippyish All right, Doug is up next.\r\n\r\nUnknown Speaker 48:57 \r\nAll right.\r\n\r\nUnknown Speaker 49:01 \r\nDavid, Oh, you mean tom tom securities around up session had me thinking about the security issue with Chrome plugins. Yeah, in the past few months. I've found evidence of extension conflicts with WordPress. One extension particularly did funny things when copying and pasting, there's got to be some protection for extension users. should Google be accountable.\r\n\r\nUnknown Speaker 49:22 \r\nSo step one. Good luck.\r\n\r\nUnknown Speaker 49:26 \r\nGoogle's Terms of Service are inscrutable to any human and potentially even inscrutable to certain lawyers. But at the end of the day, you're not going to be able to hold Google accountable for anything.\r\n\r\nUnknown Speaker 49:40 \r\nSo you just basically use at your own risk. can chat GPT analyze the code? Absolutely. You can drop it off at chat GPT write a Chrome extension. It's not terribly complicated.\r\n\r\nUnknown Speaker 49:53 \r\nHow do we protect ourselves? I mean, you heard Tom yesterday. He doesn't use extensions at all.\r\n\r\nUnknown Speaker 50:00 \r\nAnd his recommendation yesterday was basically it's the same recommendations. We talked about with choosing a WordPress plugin. Look at how many installs it has. How long has it been around? Does the developer have other plugins out there? Are they a lunatic or not, you know, Google them and see if they're reputable or not. So yeah.\r\n\r\nUnknown Speaker 50:20 \r\nYeah, class, I think they have abandoned that motto. Long, long, long ago. As soon as they started taking venture capital to do no evil thing from Google just sort of gradually vanished.\r\n\r\nUnknown Speaker 50:34 \r\nI'm not saying they do evil. I'm just saying it's not on their T shirts much anymore that I've heard.\r\n\r\nUnknown Speaker 50:41 \r\nAnyway, okay. My own best practice I use Chrome for website management, Firefox for personal banking, and trusted within Grammarly. Yeah, exactly. So that's the safest\r\n\r\nUnknown Speaker 50:58 \r\nAll right. Next up last question of the round up is Beth Livingston.\r\n\r\nUnknown Speaker 51:04 \r\nOh, and it's a repeat. Okay. Follow up to the previous question. What do you know about Cloudflare turnstyle. I like it in the questions\r\n\r\nUnknown Speaker 51:17 \r\nall right, that is it. Any other questions?\r\n\r\nUnknown Speaker 51:22 \r\nThis was fun.\r\n\r\nUnknown Speaker 51:26 \r\nAll right. So we have reached the end of another week. We have things happening on solid academy next week if you haven't seen that yet. We are looking at news round up for Tuesday.\r\n\r\nUnknown Speaker 51:42 \r\nKathy Zant is with us on Wednesday. This is going to be a good one. security incident response planning with WordPress. We've got Kathy scheduled for a security webinar every month for the next several days. That's gonna be a lot of fun.\r\n\r\nUnknown Speaker 52:00 \r\nYep, so make sure you're registered for that one. First office hours. The following week is our two day Cloudflare for agencies course and office hours. So that is all that is coming up. Hope you have a great weekend. And I will see you back here on Tuesday for news roundup on solid Academy, where we go further together.\r\n\r\nTranscribed by https:\/\/otter.ai\r\n","livestream_vimeo_video_id":933418731}},"postCountOnPage":1,"postCountTotal":1,"postID":448501,"postFormat":"standard","geoCloudflareCountryCode":"US"}; dataLayer.push( dataLayer_content );
Nexcess.comServers.comLiquidWeb.com
Search our site for answers
Help Docs Software Kadence Nathan Ingram’s Office Hours

Nathan Ingram’s Office Hours

Nathan Ingram opens his virtual office doors during this informal, unstructured webinar to answer your questions. There is no agenda and no planned content. Bring your questions and Nathan will answer them first come, first served. Get your answers and learn from the questions of others.

Register once for all Office Hours from April through March 2024.

Was this article helpful?