The WordPress Block Editor is great for creating custom layouts. There are plenty of core and third-party blocks to choose from. They bring a world of possibilities – all without writing a line of code. Add a block theme, and get a browser-based design and development experience.

There is one valuable thing that WordPress blocks left behind, however: code commenting. They’re common when building custom PHP templates and writing CSS. We use them to provide context for what a code snippet does or why it was implemented.

There are times when that extra context is useful in the Block Editor. For example, you might want to share information about a block with clients or colleagues. Perhaps it’s locked or requires a specific setting to display correctly. Sometimes we need to remind ourselves why we did something.

That’s where the WordPress Notes feature comes in handy. Use it to add notes to specific blocks and even keep a threaded conversation. It’s another way to improve your editorial workflow and provide a quick reference for users.

Here’s a look at how the feature works. We’ll show you how to add and retrieve notes to any block on your site. In addition, we’ll share a few tips and hidden gems worth knowing about.

Sample Project: Let’s Collaborate With Blocks

The WordPress Notes feature is part of the larger Gutenberg Collaboration phase. At the very least, it’s a way to add reminders or have an asynchronous discussion with other site users. That second part is what we’ll focus on here.

We’ll simulate a discussion of colleagues regarding a Group block. We promise it will be quick and easy!

Step 1: Choose a Block

The first step is to open a page or post in the Block Editor and select a block. We’ll choose a Group block at the top of the page. We want to discuss its styling with a colleague.

Step 2: Add a Note

Now that we know which block we want to discuss, it’s time to add a note.

1. Click on the Options menu (⋮) and select Add note.
2. A note dialog appears on the right side of the screen. We can add our note in this space.
3. Click the Add note button to save the note.

For reference, we asked if our Group block should have a background color to stand out from the rest of the content.

Next, we’ll wait for our colleague to reply to our note. When they click the block in question, they’ll see a user avatar that indicates a note is available.

Step 3: Our Colleague Replies

Here’s a handy feature: WordPress will send you an email when someone replies to your note (it’s based on the existing comment system). As such, we don’t have to keep checking our page for the latest news.

Our colleague replied to our note and acted on our design suggestion. When we visit the page, we notice that their avatar has also been added to the block’s note notification.

Step 4: Reply and Resolve

We love what our colleague did to dress up the Group block on the page. The last steps are to reply and mark the note as resolved.

To resolve the note, we’ll click the checkmark on the upper right of the dialog. Keep in mind that the note will stay in place unless we manually delete it from the block.

An Easy Way To Collaborate in WordPress

The WordPress Notes feature is a great way to relay information to others or remind yourself of something important. And it will continue to be enhanced as more collaborative features are added to the content management system (CMS).

Even better, you don’t need a plugin to get started – it’s already built into WordPress. That being the case, there are ways to customize the experience. We recommend checking out this guide to tapping into that potential.

Whether you’re part of a team or working solo, give WordPress Notes a try. You may wonder how you lived without it!

The post Quick Tip: How To Use WordPress Block Notes appeared first on Speckyboy Design Magazine.

The process for adding functionality to your WordPress website has been the same for years. You find a plugin that fits your needs (or gets you close) and install it. It’s no wonder we have sites with dozens of plugins – many of which go unused.

Sure, building a custom plugin has always been an option. That’s fine for scenarios that require a code snippet. However, complex tasks were reserved for highly-skilled developers. This meant that most of us had to settle for whatever was available on the market.

AI has swooped in to change that calculus. Advanced models like Claude Code enable even novice developers to build powerful, multi-layered projects. These days, it’s more about knowing what to ask for than understanding every line of code. We now have a tool that does the heavy lifting for us.

This technological shift gives new life to an old question: Should you use an existing plugin or build one yourself? AI certainly expands the potential scope of what’s possible, thus calling into question the need for third-party tools.

But don’t go on a vibe-coding rampage just yet! There are some important considerations when making this decision. Let’s talk about them.

Which Approach Best Fits Your Needs?

There are tens of thousands of WordPress plugins on the market. Some utility-based options are very niche, but most plugins are built to serve a broad range of use cases. Product makers must account for the many ways people use WordPress.

The downside of that approach is that a plugin might be more than what you need, or fall short in some areas. The old “too much or not enough” conundrum has long been a part of the plugin experience.

Building a plugin with AI, on the other hand, lets you narrow the focus. You can include only the features and functionality your project needs.

For example, let’s say you need a feature that only applies to one WooCommerce product. There is probably a third-party extension to fit this purpose. But a single-purpose plugin could do the same thing without the overhead or the cost of a yearly renewal. AI makes the process quick and easy.

On the other hand, needs evolve during a project’s lifecycle. Perhaps your client will need similar functionality on more products down the line. A vibe-coded solution may not be quite as flexible in that case. You may need to refactor the plugin to meet new requirements.

As such, it’s important to consider your current and future needs. If scope creep is a concern, a third-party plugin may be a better choice.

Do You Want the Maintenance Responsibilities?

An existing WordPress plugin may not solve your every need. However, it takes you off the hook regarding future maintenance. It’s the plugin author’s responsibility to fix bugs and build new features.

Naturally, that’s a double-edged sword. Some product makers are more responsive to issues than others. In addition, more than a few plugins have been abandoned over the years. And sometimes a product goes in a direction you don’t support. You don’t want to be left to pick up the pieces or placate clients when there’s a problem.

It’s all about control and responsibility. If your project (or personality) requires absolute control, then building it yourself makes sense. That way, you know what’s going on every step of the way. You don’t have to wait for someone else to take action.

Still, we should note that vibe coding plugins result in a higher level of responsibility. It means checking for security holes, compatibility testing, and acting as your own technical support staff. The practice puts everything back into your capable hands.

Kudos to you if this fits with your philosophy! To be safe, we also suggest thinking about how these responsibilities scale. Maintaining a single plugin for a client is one thing. The upkeep of dozens of plugins spread over dozens of websites is another. Make sure you have processes in place to keep things running smoothly.

Can You Build It Better?

The final consideration on our list is simple. The idea is that just because you can build something with AI, it doesn’t mean you should do so. Sometimes, there are established products that do the job well enough. Why reinvent the wheel?

The scope and depth of a plugin play a role here. Consider a popular plugin like Jetpack. It does a lot of things and has been around for a long time. Sure, you could vibe code your own suite of similar functions. However, ask yourself if you want to take on a project of that magnitude, or if it’s even worth the effort. The same could be said for Yoast SEO, Gravity Forms, and other flagship products.

That being said, you could reasonably use AI to recreate specific aspects of a plugin. For example, building a social sharing plugin that includes a few of the missing features you want. Smaller and more focused projects are better in most cases. And there’s also an opportunity to build your own extensions of an existing plugin.

There are also scenarios when your needs are very specific, and there aren’t any great options available. It’s here where vibe coding really begins to shine. You can take your idea to your favorite AI model and build it from scratch. It’s empowering for those working with clients!

The bottom line is to use AI when it’s beneficial. You might be able to build the next WooCommerce, but what’s the payoff? Instead, look for opportunities that help you level up.

There Are Endless Plugin Options and Opportunities

The WordPress plugin ecosystem has an answer for many project requirements. It’s one reason why the content management system (CMS) has remained so popular. Adding more capabilities has always been a few clicks away.

The introduction of AI into the development process has expanded those possibilities even further. If an existing plugin doesn’t do everything you need, it’s easier than ever to build your own solution. In many cases, AI works quickly and is cost-effective. It helps us provide clients with more personalized functionality.

All of this makes deciding to go custom more compelling. AI lowers the bar for building complex features. Sometimes that means fewer advantages for existing products.

Still, vibe coding isn’t always the best option. It comes with a higher level of responsibility and adds to your long-term maintenance list. Plus, there are questions about code safety and stability. AI doesn’t necessarily reduce those risks.

The good news is that you have a world of choices. We hope the considerations above help you make the right one!

The post A New Choice: Use an Existing Plugin or Vibe Code Your Own? appeared first on Speckyboy Design Magazine.

Experimenting with AI can be a great way to learn about its capabilities. And yes, it’s also a lot of fun. A few prompts can take you in any direction you want to go – or to places you never expected.

WordPress is the ideal testing ground for AI tools. You can work with code, generate content, or discover new ways to manage your website. It could do wonders for your workflow.

However, you probably don’t want to experiment in a production environment. There’s always a chance that something will go wrong and affect users. It’s not a risk worth taking!

Thankfully, there’s a new option worth getting excited about. The recently released my.WordPress.net installs a copy of the content management system (CMS) directly in your browser. It’s completely private, but can connect with various AI providers. It’s the perfect place to get a feel for what you can do with AI inside WordPress.

Let’s take a quick tour of my.WordPress.net. We’ll install it (super easy), connect it to AI, and start experimenting.

---

Sample Project: Integrate AI Into a Local WordPress Install

Today’s project is dead simple. First, we’ll install WordPress in our browser. Then, we’ll add our ChatGPT API key to integrate with the AI model. Finally, we’ll run a few test prompts to explore AI-based site management. Oh, and we’re sure to have a few adventures along the way.

Here we go!

Step 1: Install WordPress in Your Browser

We don’t want to spoil any surprises, but you might be amazed at how easy it is to install WordPress in your web browser.

1. Visit my.WordPress.net.
2. Enter a name for your website when prompted.

That’s all there is to it! You could optionally import content from another WordPress site. But we’re starting from scratch.

Once installed, you’ll see a welcome screen.

Step 2: Install the AI Assistant App

Those familiar with WordPress might be confused by the use of the term “apps”. After all, the CMS is famous for its plugin ecosystem. Not to worry. This offshoot decided that “apps” was a more user-friendly word for beginners. Consider plugins and apps as interchangeable.

Regardless, our next task is to install the AI Assistant app. Once again, it will be quick and easy.

1. Click on the Apps menu (an icon with four squares) on the upper right of the screen.
2. Find “AI Assistant” on the list and click on it.

The AI Assistant will automatically be installed on your local site. You’ll be returned to the welcome screen after it’s finished.

Step 3: Connect With an AI Model

We have everything we need to connect WordPress with an AI model. Now, it’s time to choose a provider.

At the time of this writing, AI Assistant works with Anthropic (Claude), OpenAI (ChatGPT), or a local AI model via Ollama. More providers may be added in the future.

1. Click on the command menu at the top of the screen (the long bar with a “/” inside) and select Dashboard.
2. Navigate to Settings > AI Assistant inside the dashboard.
3. Choose an AI provider and enter your API key.
4. Choose a model from your AI provider (we used gpt-4o-2024-08-06).
5. Save the revised settings.

In our case, we grabbed a ChatGPT API key and entered it into the settings. For reference, this method requires purchasing API credits from OpenAI. This is separate from your regular ChatGPT account.

The AI Assistant app also provides some information on what various WordPress user roles can access. You can also choose to add an AI Assistant button on the front-end of your site, which is displayed to logged-in users.

Step 4: Experiment!

The only thing left to do is have some fun with AI inside WordPress. You’ll find the AI Assistant throughout the dashboard and, optionally, the front-end of your website.

1. Click the AI Assistant button at the top right of the dashboard.
2. Enter a prompt in the chat window and start working with AI.

Here are a few sample prompts to get you started:

Create the following new pages on my website: About Us, Services, Contact Us

What time zone is my website using?

Activate the Hello Dolly plugin.

ChatGPT handled each of these requests without hassle. However, it did install a second copy of the Hello Dolly plugin. We’ll chalk it up to an early bug.

Note that you may be asked to approve certain actions, like creating pages or installing plugins. It’s a safety measure and is worth reviewing before allowing AI to make changes.

An Easy Way To Try AI Inside WordPress

Perhaps our experiments weren’t earth-shattering, but that’s not the point. The idea is that AI can tell you a lot about your website and perform routine tasks. And my.WordPress.net provides a safe space to learn and play.

Even better, the process for installing WordPress and integrating an AI model couldn’t be easier. You can be up and running within a few minutes. Just note the potential cost of using Anthropic or OpenAI for this purpose. Be sure to check your spending limits so you don’t lose a small fortune.

All told, it’s a great way to discover how AI can help your workflow inside of WordPress. So, take some time and find what works for you!

The post Using my.WordPress.net to Experiment With AI appeared first on Speckyboy Design Magazine.

After more than 20 years, WordPress still provides a career path for freelancers and agencies. There are opportunities to build your niche while working with clients. For many, the open-source software is a growth engine.

It’s more than just business as usual, though. WordPress also boasts a global community of users and contributors. As such, agencies don’t have to operate in a vacuum. There’s an opportunity to connect with people and pay it forward.

Community engagement is a win-win situation. First, you’re helping others learn and use WordPress more effectively. There’s a great sense of satisfaction that comes with getting involved.

There are also benefits to your business. It puts your name out there and helps you build relationships. That could result in booking more clients. At the very least, you’ll create goodwill and establish a strong reputation.

Giving back is also easier than you think. Here are a few ways to say thanks to the WordPress community!

Join or Host a Local Meetup

If you want to impact the WordPress community at a grassroots level, Meetups are a great place to start. They’re local get-togethers that welcome people of all skill levels, including beginners.

These events open up a world of possibilities. You might have meetings dedicated to a specific subject, guest presentations, or group projects. It’s also an opportunity for attendees to help each other with site issues or plugin suggestions.

Agencies are uniquely positioned to help. Your team of experts can give talks and connect with your local community. That makes you a trusted resource – one that prospective clients will remember when it’s time for a new website or other project.

Finding a place to hold regularly scheduled meetings is challenging in some communities. So, hosting a meetup at your office or another space is a huge help.

Plus, not every city has a meetup. In that case, you might consider establishing one. It brings people together and builds enthusiasm for the WordPress project.

Being part of the meetup space requires a commitment. However, connecting with others one-on-one is worth the effort.

Set Aside Time To Contribute to WordPress

The WordPress project includes several teams tasked with building and maintaining the software. There are also teams dedicated to providing technical support, writing documentation, language translation, and reviewing themes/plugins.

Joining one or more teams is an opportunity to improve WordPress and its community. This could include anything from fixing bugs, building new features, or improving the user experience. That’s only scratching the surface of the potential impacts.

Contributions of all kinds are welcome – even if they don’t involve writing code. So, think about which team(s) interest you and fit your skillset. It’s also worth considering how much time you can dedicate to the project.

The Five for the Future program is a compelling option for agencies willing to commit 5% of their time to the project. Individuals are also welcome to join.

However, the type or number of contributions you make isn’t as important as your willingness to participate. One way to look at it is that every contribution helps someone. That makes a difference!

Build Free Plugins, Themes, or Educational Resources

There’s also a more traditional approach to paying it forward. Your agency is likely building custom plugins or themes for your projects. And teaching is a key part of working with clients. Why not level up and share what you know?

Once again, this benefits everyone. The community receives something useful. Meanwhile, you increase your visibility across the WordPress ecosystem. It’s a way to generate leads while doing good.

What you share and how you share it are up to you. It might be as simple as posting your GitHub repository link on social media. Or, you might opt to distribute your work via the official WordPress theme and plugin directories.

We should note that some responsibilities are involved with either approach. Plugins and themes must be maintained and supported. Community engagement is part of the deal. It’s also a good idea to keep sales pitches to a minimum if your goal is to give back.

Offering educational resources, such as online courses or tutorials, is also a possibility. Being a guide to users or developers will showcase your expertise. Do it well, and you’ll have loyal visitors returning to your site or YouTube channel.

Say Thanks to WordPress and Its Community

If your agency builds websites with WordPress, it benefits from the open-source software. It also stands to reason that you’ve benefited from the knowledge shared by community members. Every code snippet or piece of advice is valuable.

Giving back is simply the right thing to do. It says that you care about the project and the people surrounding it. Consider the potential boost to your business as good karma.

It’s also a chance to connect with other people and organizations. You never know what may come of these relationships. Friendships, business ventures, and side projects could be in store.

So, think about ways to give back and pick one that’s right for you. It will help you grow as a person and a web professional.

The post How WordPress Agencies Can Give Back to the Community appeared first on Speckyboy Design Magazine.

Publishing dynamic content is one of the key selling points of content management systems (CMS) like WordPress. Content can change based on user input or other conditions. This is useful for everything from e-commerce sites to online publications. There are also simple use cases – even for brochure websites.

But what happens if some of your critical data lives elsewhere? There may be a plugin that integrates with the third-party service you’re using. Or, you might build a custom solution from scratch.

The Remote Data Blocks plugin aims to make fetching data from outside sources easy. It integrates with services like Airtable, Google Sheets, and Shopify out of the box. There’s also a framework for connecting to other services via HTTP. Once connected, you can display your data via a WordPress block and customize it with a pattern.

How does it work? Let’s put the plugin to the test with a sample project. We’ll guide you through each step and see what we can accomplish together. Here we go!

Sample Project: Display a Google Sheet in WordPress

To test Remote Data Blocks’ capabilities, we’ll use the plugin to fetch data from a Google Sheet. The file contains contact information for an employee directory.

The process includes installing the plugin, connecting to Google Cloud Platform (the most time-consuming part), and displaying the data on our website using the included block. We’ll also need to create a block pattern to style our data.

Step 1: Install the Remote Data Blocks Plugin

The first step is to install the latest version of Remote Data Blocks on your WordPress website:

1. Log in to your WordPress website and navigate to Plugins > Add Plugin.
2. Search for “Remote Data Blocks” and find the plugin in the provided list.
3. Install and activate the plugin.

We’ll come back to the plugin settings later in our tutorial.

Step 2: Configure Google Cloud Platform

We have some work to do before we can connect a Google Sheet to WordPress. We’ll show you the steps below. The Remote Data Blocks team has also put together a helpful guide for this process.

2.1 Create a Project in Google Cloud Platform

To start, visit Google Cloud Platform to create a new project.

Hint: If you need help, Google has a project creation guide you can use as a reference. Google will ask for a project name and a parent resource. We’ll call our project Remote Data Blocks Test and leave the parent resource blank.

2.2 Connect to the Google Sheets and Google Drive APIs

Once the project is created, we’ll need to enable both the Google Sheets and Google Drive APIs. Here’s how:

1. Using the left-hand menu, navigate to the Enabled APIs & Services page.
2. Click on the Enable APIs and Services button.
3. One at a time, search for and add the Google Sheets and Google Drive APIs.

2.3 Enable the IAM API

Our project will also need access to the IAM API, as this handles authentication. Click the Enable the API button.

2.4 Create a Google Cloud Platform Service Account

After that, we’ll create a service account for the project. Head to the Google Cloud console website.

1. Using the left-hand menu, navigate to the Service Accounts page.
2. Click on the Create Service Account button.
3. Give your service account a name and click Continue.
4. On the Permissions screen, choose Owner and click the Continue button.
5. The Principals screen can be left blank. Click Done.
6. When finished, you’ll be redirected to the Service Accounts page, where your new account will be listed.

2.5 Generate JSON Credentials

1. Within your service account, click the options button (⋮) and select Manage Keys.
2. On the Keys page, click the Add Key button and select JSON as the format. Click the Create button.
3. Google Cloud platform will generate a JSON that you can download to your device.

Important: Note the generated email address associated with your service account – you’ll need it!

Step 3: Share Your Spreadsheet With Your Google Service Account Email

Remember the email address associated with your Google Service Account that we generated above? We’ll need it here.

We’ll head over to the Google Sheet we want to connect to our website and share it with the email address.

Step 4: Copy the Google Sheet ID

Next, we’ll locate the ID of our Google Sheet. We’ll need this detail to connect it to our website. The ID is located in the Sheet’s URL, like so:

https://docs.google.com/spreadsheets/d/test_spreadsheet_id/edit?gid=0#gid=0

We’re looking at the bolded area above (test_spreadsheet_id). We’ll copy our ID and keep it handy for the next step.

Step 5: Create a Data Source in Remote Data Blocks

We’re done with Google and on to our website. Navigate to Settings > Remote Data Blocks to connect our Google Sheet.

1. On the settings page, click the Connect New button.
2. Select Google Sheets from the menu.
3. Give your data source a name (we chose Employee Directory).
4. Paste the contents of the JSON file generated in Step 2.
5. Click the Continue button.

On the Scope screen, we’re asked to choose a spreadsheet from the menu. Ours is on the list. We’ll select it and the sheet we want to use (Sheet1), then click the Continue button.

On the Blocks screen, we’ll choose the Auto-register blocks option and click the Save button.

Step 6: Insert the Remote Data Block Into a Page

Now, it’s time to add the remote data block to our page.

1. Remote Data Blocks uses the data source name we provided in the last step. So, we’ll search for “employee directory” and add the block to the page. There are a couple of options, but we’ll choose Employee Directory/Sheet1 Loop. This option will automatically update the data when we edit our Google Sheet.
2. The next step is to place our remote data into a block pattern. So, we’ll select Choose a Pattern and click the only available option.

Note that the included pattern does not format the data into a table or anything resembling a spreadsheet. That’s OK, because we created a set of columns to house our data.

Dragging the various data points (First Name, Last Name, Title, Extension) into the Columns Block gave us a better layout. We can also use the Block Editor to make further improvements.

All Data Points Lead to WordPress

Fetching data from third-party sources is challenging. It’s also necessary, as we store our stuff all over the place. Remote Data Blocks helps by providing a framework we can build from.

There’s a lot of potential here, and we can imagine the plugin expanding in the future. Perhaps it works with more services out of the box. It might also include a few more block patterns to style common data types with ease.

The plugin could also empower non-technical site owners. For example, imagine updating a restaurant’s menu page by editing a Google Doc or another cloud-based file. They wouldn’t have to touch WordPress at all. It would eliminate their learning curve and ease our support requirements.

However, this is just the beginning. There are already plenty of niche uses for Remote Data Blocks and more to come. So, download the plugin and experiment!

The post How to Use Remote Data Blocks to Display Google Sheets Data in WordPress appeared first on Speckyboy Design Magazine.

The WordPress Media Library is a handy tool for managing images, documents, and multimedia content. It arranges uploaded files into date-based folders and creates multiple image sizes. All great features for a basic website.

There are a few drawbacks, however. The content management system’s (CMS) predictable file structure makes it easy to guess where a file is stored. For instance, a UK budget document leaked before its official release. How did this happen? A journalist was able to guess the file name based on last year’s version:

The BBC was able to access the PDF version of the OBR’s key report at 11:45 on Wednesday by replacing the word ‘March’ with ‘November’ in the web address of a previous edition.

Search engines can also index your site’s media files. This can be a benefit to your SEO strategy, but it’s not always desirable. Consider a membership website that requires registration to access specific files. A user may stumble upon a file via search, defeating the purpose of hiding files behind a login.

None of this means that there’s a security flaw. Rather, WordPress wasn’t built with private media storage in mind. Thankfully, there are easy ways to improve media file security.

Let’s review some tools and techniques for protecting your WordPress media files. They’ll keep your files away from prying eyes and might even save you some hosting bandwidth.

Available Methods of File Protection

The first thing to know about protecting your media files is that there are multiple types of protection. The method(s) you use will depend on your specific needs. We’ll break this section down by common scenarios.

Note that none of the following options will guarantee file security in high-stakes situations such as the UK government leak above. Rather, they are basic measures that will make it harder for someone (or something) to access your files.

With that in mind, here are a few ways to improve file security.

Block Direct File Access From Outside Sites (Hotlinking)

Let’s say you have a large PDF file on your website. By default, an external website could link directly to that file (a.k.a. hotlinking). It may seem harmless, but every time a user clicks that link, the file access counts against your hosting bandwidth. Even worse, the user never visits your website.

The solution is to block hotlink access at the server level. Add the following snippet to your website’s .htaccess file:

# Deny direct access to uploads unless navigated from your  site (change example.com to your domain name)
<IfModule mod_rewrite.c>
RewriteEngine On

# Only apply to files inside uploads directory
RewriteCond %{REQUEST_URI} ^/wp-content/uploads/ [NC]

# Allow requests from your own domain
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?example\.com/  [NC]

# Block direct access to specified file types
RewriteRule \.(mp3|mp4|pdf|zip)$ - [F,NC,L]

</IfModule>

If your website runs on an NGINX server, add this snippet to the nginx.conf file:

# Deny direct access to uploads unless navigated from your  site (change example.com to your domain name)
# File types protected: mp3, mp4, pdf, zip
  location ~* ^/wp-content/uploads/.*\.(pdf|zip|mp4|mp3)$ {
  
	valid_referers  none blocked server_names *.example.com example.com;
    if  ($invalid_referer) {
  return 403;
  }
}

Be sure to change example.com to match your domain name and edit the included file extensions to match your needs.

Note: We don’t recommend protecting image files this way, as it may lead to undesirable results. For instance, you won’t be able to include images or file links from the server in your email newsletter without adding some exceptions to the code above.

Prevent Search Engines From Indexing Your Media Files

Uploaded WordPress media files can easily end up in search results. This can be undesirable for a few reasons:

• Direct links to large files can eat up bandwidth.
• Users aren’t visiting your website, just downloading files.
• Members-only files could be exposed to the public.

Part of any file protection strategy should include preventing (or discouraging) search engine indexing. As such, there are a few methods to implement.

First, we can add the following to our site’s robots.txt file to discourage crawling of the /wp-content/uploads/ folder:

User-agent: *
Disallow: /wp-content/uploads/

This won’t prevent indexing of your files, just crawling. The main benefit is reducing the load on your server.

To fully prevent indexing, we can use the X-Robots-Tag header.

For Apache servers, add this snippet to your site’s .htaccess file:

# Prevent indexing of media files in /wp-content/uploads/
<IfModule mod_headers.c>
<FilesMatch  "\.(pdf|doc|docx|xls|xlsx|ppt|pptx|zip|rar|7z|mp3|m4a|wav|mp4|mov|avi|webm)$">
Header always set  X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"
</FilesMatch>
</IfModule>

NGINX users can add this to their nginx.conf file:

# Prevent indexing of media files in /wp-content/uploads/
  location ~*  ^/wp-content/uploads/.*\.(pdf|doc|docx|xls|xlsx|ppt|pptx|zip|rar|7z|mp3|m4a|wav|mp4|mov|avi|webm|jpg|jpeg|png|gif|webp|svg)$  {
  add_header  X-Robots-Tag "noindex, nofollow, nosnippet, noarchive" always;
  }

The above methods will reduce bot traffic and reduce the likelihood that your files will appear in search results.

Prevent Access to WordPress Attachment Pages

By default, WordPress creates a post for every media file you upload. It may come in handy for some niche use cases, but it is most often a forgotten feature. Without further action, these posts can be indexed by search engines.

Some SEO plugins, such as Yoast SEO, RankMath, and All in One SEO, offer settings to disable attachment pages. This is the simplest way to prevent search engines or users from accessing them.

Short of that, you can also use a code snippet in your theme’s functions.php file or a custom plugin. We’ll share a couple of them that cover common scenarios.

Return a 404 Error on Attachment Pages:

If you’d like to deny access to attachment pages, the following snippet will do just that. Visitors will see a 404 page, rather than the attachment.

<?php
  /**
  * Force attachment  pages to 404.
  */
  add_action( 'template_redirect', function () {
  if ( !  is_attachment() ) {
  return;
  }
  
  global  $wp_query;
  $wp_query->set_404();
  status_header(  404 );
  nocache_headers();
  
  // Load  your 404 template.
  include  get_query_template( '404' );
  exit;
  } );

Redirect Attachment Pages to Parent Post:

Here’s a slightly different approach that redirects users to the attachment’s parent post. This is handy for blogs and other online publications looking to ensure users see their content, rather than media files.

<?php
  /**
  * Redirect attachment  pages to their parent post when available.
  */
  add_action( 'template_redirect', function () {
  if ( !  is_attachment() ) {
  return;
  }

  $attachment_id  = get_queried_object_id();
  $parent_id     = wp_get_post_parent_id( $attachment_id );
  if (  $parent_id ) {
  wp_safe_redirect(  get_permalink( $parent_id ), 301 );
  exit;
  }

  // No  parent: redirect to file URL if it exists.
  $url =  wp_get_attachment_url( $attachment_id );
  if ( $url  ) {
  wp_safe_redirect(  $url, 301 );
  exit;
  }
  wp_safe_redirect(  home_url( '/' ), 302 );
  exit;
  } );

If you don’t need WordPress attachment pages, there’s no reason to keep them around. Thankfully, you have several options for giving them the heave-ho.

Use a Plugin for Media File Protection

You can also use a plugin to protect your WordPress media files. The right plugin can do some or all of the above functions to keep your files safer.

For example, Download Monitor offers multiple functions, including file protection. Among its features:

• Disable or enable specific folders for file downloads.
• Create randomly-generated URLs for files you want to protect.
• Attempting to access a file directly will result in a 404 error.
• Require users to log in before accessing a file.
• Keep track of how many times a file has been downloaded.

The free version of the plugin covers common use cases. A premium version goes the extra mile by integrating with popular form plugins and adding CAPTCHA protection.

Meanwhile, many membership plugins come with some form of file protection. Check out the plugin’s documentation to see what’s available.

Take Control of Your Files and Gain Peace of Mind

There are several reasons for locking down your WordPress media files, even if you aren’t posting sensitive information. For one, the rise of AI bot traffic means higher bandwidth usage. Restricting access to large files can prevent surprise charges on your hosting bill.

Plus, media files and attachment pages can be taken out of context. A simple redirect can help by pointing users toward your content. That could be the difference between a one-time visitor and a loyal reader. Say hello to lower bounce rates!

The above solutions are easy to implement into your existing website. What’s more, they bring a little peace of mind. You won’t have to worry about the wrong people accessing your files or causing a traffic nightmare on your server.

Consider your file protection needs and how they might impact your SEO strategy. From there, you can create a plan that works for you.

The post How To Protect Media Files Uploaded to WordPress appeared first on Speckyboy Design Magazine.

Artificial intelligence (AI) technology can make life easier for WordPress developers. We can use it to increase our efficiency and coding capabilities. AI takes the pain out of tasks like troubleshooting a buggy code snippet or querying data.

Some of us are using AI to build custom plugins, but it doesn’t have to end there. We can also extend existing ones. This skill comes in handy when a free or commercial plugin doesn’t quite do everything you need. Everything from minor tweaks to complex features is possible.

For instance, we’ve used AI to generate a custom WooCommerce email when a specific product is ordered. Perhaps that doesn’t sound like an earth-shattering use case. But building such functionality without hours of research is a win in our book. About 30 minutes is all we needed to go from concept to finished product.

Let’s face it: Every WordPress project is nuanced. There are always things our clients would like to change – regardless of size or difficulty. AI can help us go from “Oh, no!” to “That was easy!”

With that in mind, here are some tips for using your favorite large language model (LLM) to extend an existing WordPress plugin.

Is This the Right Plugin for the Job?

Wouldn’t it be nice if the plugin you installed also did x, y, and z? It’s a common refrain when building a website. After all, the little details often separate the good from the great.

Perhaps a client requested a feature that differs from the plugin’s default behavior. Or maybe you had an idea for leveling up the user interface. It’s a great way to spark creativity and go the extra mile.

However, not every plugin is the right one for the job. Some extensions may be too complex and difficult to maintain, while others could take the plugin in a completely different direction. The result is an inefficient path to achieve your goals. In short, it’s an easy way to go down the old rabbit hole.

The WordPress plugin ecosystem is vast, and there are often multiple options for every need. As such, you may find that a different product is a better fit for your project. Look for a plugin that already does most of what you need. From there, extending will be easier.

It’s great that we can extend plugins using AI. Yet, that doesn’t mean we should extend every plugin. So, consider the pros and cons of a product before you dive in headfirst.

A Well-Documented Plugin Often Yields the Best Results

WordPress plugins come from all corners of the ecosystem. Thus, you’ll notice that some authors provide more thorough documentation than others.

Well-documented plugins tend to be better candidates for an AI-generated extension. AI models will have ready access to that information, and it will likely improve your odds of a successful outcome.

Another side effect is that other developers have probably built extensions as well. AI can research forums and blog posts to understand how things work. Plugins often have custom functions, hooks, and filters that developers can tap into. The more information that’s available, the better.

Hint: Feel free to include any relevant documentation or demo links in your AI prompts. This ensures that the AI model is looking in the right place. It could save you from some trial-and-error when building an extension.

What if a plugin has little or no documentation? You may still have a chance to build on top of it. Upload the plugin or share a relevant snippet with AI. The model should be able to determine how things work and move forward from there.

Think About Structure and Future Maintenance

Let’s say that you’ve found the perfect plugin to extend with AI. Now what? You’ll want to think about the best way to structure your extension and how you’ll maintain it.

It’s always tempting to paste a few code snippets into your theme’s functions.php file. That may work in the short term. But what happens when it’s time to change to a new theme? You’ll have to do another copy-and-paste, or risk losing your custom functionality.

Placing your code into a custom plugin is usually the best option. This ensures that your functionality stays intact throughout your website’s lifespan. Better still, most AI apps can help you build a plugin structure that’s easy to maintain. A simple plugin might require a single file, while a more robust one could benefit from a tree structure.

Speaking of maintenance, that places another responsibility on your shoulders. It’s possible to build a custom extension that you won’t need to edit for years. However, it’s important to keep track of changes to the plugin you’re extending. For instance, a major change to Elementor or Gravity Forms could mean refactoring your code.

Building plugins that depend on other plugins is great – just be sure to understand what you’re getting into.

Make Your Existing WordPress Plugins Do More

AI is a great asset when extending an existing WordPress plugin. Explain what you want to achieve, share code and/or documentation, and let the app do the dirty work for you. It’s possible to have a working prototype within minutes.

That’s not to say the entire process is seamless. AI can make mistakes or misinterpret your instructions. As such, your generated code may require a few rounds of revisions. Not to worry! That’s still faster than writing something from scratch.

A word of advice: Ensure that your generated code uses security best practices. We have a handy guide to help you test. Taking a few extra minutes here will give you peace of mind.

Do you have an idea that makes an existing plugin even better? Now is a great time to experiment with a little help from AI.

The post How to Use AI To Extend the Functionality of WordPress Plugins appeared first on Speckyboy Design Magazine.

You may associate website spam with things like phony user accounts, senseless contact form entries, and incoherent blog comments. However, spammers can also hit other parts of your website. WooCommerce is a prime example.

Spam bots are known to order products using fake or stolen payment credentials. You may also notice them using offline payment gateways, such as Cash on Delivery or Direct Bank Transfer (BACS).

These activities are, at the very least, annoying. Your inbox and dashboard will become cluttered with illegitimate orders. However, there’s also some danger involved. A spammer using a stolen credit card can result in fraudulent charges. That impacts both you and the victim.

That’s why it’s important to take action against spammers. We’ll show you how to protect your WooCommerce site without disrupting legitimate customers. It’s easier than you think!

Steps for a Spam-Free WooCommerce Shop

There are several anti-spam WordPress plugins on the market, and some are compatible with WooCommerce. Thus, it’s OK to choose the option that works best for you.

For our purposes, we’ll go with Simple CAPTCHA Alternative with Cloudflare Turnstile. Why? It’s easy to set up, and we’ve had good luck with Cloudflare’s Turnstile product.

Turnstile will “challenge” suspicious traffic by requiring them to check a box within a widget. Meanwhile, the widget won’t interrupt legitimate users. It’s an effective and hassle-free way to keep spammers at bay.

Note: There’s also a version of this plugin that uses Google’s reCAPTCHA if you’re so inclined.

Step 1: Create Cloudflare Keys

The first step is to create a free Cloudflare account and generate API keys for use on your website. The plugin’s author has a guide for obtaining your Cloudflare keys.

Step 2: Install Simple CAPTCHA Alternative with Cloudflare Turnstile

Next, it’s time to install the plugin:

• Log in to your WordPress website and navigate to Plugins > Add Plugin.
• Search for “Simple CAPTCHA Alternative with Cloudflare Turnstile”.
• Install and activate the plugin.

Step 3: Configure the Plugin

Let’s configure Simple CAPTCHA Alternative with Cloudflare Turnstile by navigating to Settings > Cloudflare Turnstile.

Here’s what to do inside the plugin’s settings panel. There are several ways to customize the plugin’s behavior. However, we’ll focus on the bare minimum to protect your store:

• Enter your Cloudflare Turnstile API keys (you’ll need both the Site Key and Secret Key).
• Use the WooCommerce Forms section to enable Cloudflare Turnstile on the areas you want to protect. We recommend the WooCommerce Checkout option, as it stops spam orders in their tracks.

Once enabled, you should see the Turnstile widget displayed on your WooCommerce Checkout page.

Other Considerations

As we mentioned, Simple CAPTCHA Alternative with Cloudflare Turnstile has a robust settings panel. That means there are a few other items you might want to consider:

• What happens if there’s an outage? You can protect against a Cloudflare outage by enabling Failsafe Mode. The plugin will either allow all submissions or use reCAPTCHA instead (provided you have API keys). This avoids any disruptions to your site’s customers.
• Would you like to protect other areas of your website? You can enable the Turnstile widget virtually anywhere user input is required. The site’s login, registration, and comment forms are examples. There are also integrations with popular form plugins.
• Should logged-in users see the Cloudflare Turnstile widget? You can limit the widget’s display to “guest” checkouts only. However, we recommend enabling the widget on your site’s registration forms first.
• Do you want to disable the widget for specific payment gateways? This comes in handy if you only want to protect the aforementioned offline payment gateways.

We recommend experimenting with the plugin’s settings to determine what works best for your website. You can always add or remove protection methods as needed.

Rid Your E-Commerce Site of Spam Orders

There is no avenue spammers won’t explore. WooCommerce orders are just one in a long list of places they’ll attempt to wreak havoc. Thankfully, you don’t have to put up with it.

Install Simple CAPTCHA Alternative with Cloudflare Turnstile, and your website will be protected within minutes. You and your clients will gain peace of mind while stopping illegitimate orders from overwhelming your inbox.

Plugins like this one are becoming a necessity as malicious traffic continues to have a field day with WordPress. Be sure to protect yourself!

The post How To Stop Spam Orders on Your WooCommerce Website appeared first on Speckyboy Design Magazine.

Artificial Intelligence (AI) continues to grow as a web development tool. We’re using the technology to write and debug code, perform complex tasks, and interact with users. We’ve discussed a lot of these use cases here at Speckyboy.

However, we haven’t talked about the behind-the-scenes tool that powers AI integrations. MCP (Model Context Protocol) is an open-source protocol that connects AI models to external applications or data sources.

In theory, MCP can sit between AI and any tool you can imagine. One real-world example: connecting Microsoft’s Copilot with your Excel spreadsheet. In this scenario, you can ask Copilot to analyze your data and produce a report.

The same principles apply to your WordPress website. Plugin developers can utilize this technology to incorporate AI-powered features. From there, you might use that connection to generate blog post excerpts or identify a set of related products on your WooCommerce shop. That’s only the beginning of what’s possible.

The following is a light overview of MCP. We’ll provide some background details, potential use case examples, and learning resources. Let’s get started!

A Layer That Connects You To AI

Let’s start with a simple analogy to explain what MCP does:

Say you’re on vacation in a place where you don’t speak the language. Thankfully, you have a friend who does. By serving as an interpreter, they’ll help you communicate with the people you meet on your journey.

MCP does something similar with AI applications. Like the interpreter, it sits in the middle of your tool’s connection with an AI model such as ChatGPT or Gemini.

As a standardized open protocol, it can connect to any AI application that supports it. Software development kits (SDKs) are available in multiple programming languages, allowing developers to build MCP servers and clients.

For developers, it means you don’t have to build an AI integration from scratch. It opens up a whole world of possibilities. That also benefits users, as we’re likely to see more integrations released in less time.

How MCP Works With WordPress

Now that we know a bit more about MCP, let’s examine how it works with WordPress. The recently formed WordPress AI Team already has a tool for connecting the content management system (CMS) to AI applications.

The MCP Adapter plugin brings this technology to any WordPress website. It connects an AI app to the WordPress Abilities API, allowing developers to define what site functionalities AI can access (think adding images to your media library or generating SEO descriptions). The adapter is flexible, as WordPress can act as either an MCP server or client.

The WordPress MCP Adapter doesn’t favor one AI model over another. As such, it doesn’t matter if you’re connecting to Claude, ChatGPT, or another supported app. The tool’s job is to translate between AI and the Abilities API.

The result is a future-friendly tool that can adapt (see what we did there) as new AI models enter the market.

What’s more, WordPress 7.0 is set to include tighter (but not forced) integration with the “Building Blocks” being developed by the AI Team. The team states, “By WordPress version 7.0, any WordPress user – enterprise or blogger, developer or designer – should be able to access, use, and build powerful AI features to aid in furthering their digital presence on the open web.”

Potential WordPress MCP Use Cases

OK, here’s where we start to use our imagination. We’ve already named a few basic use cases for MCP inside WordPress. Let’s dream up a few more possibilities:

• A helpful dashboard agent: An AI agent inside your WordPress install could perform useful and time-saving tasks. Ask it to list your best-selling products, send an email to your members, or delete spam comments.
• Better WordPress onboarding: It’s not uncommon for new WordPress users to become frustrated when learning how to use the CMS. AI presents a golden opportunity for a guided onboarding experience and a way for users to ask questions. Such a tool could show users where things are and how to use them.
• Importing and exporting data: An AI agent could allow you to import or export data with plain-language requests – no database query expertise required. That would lower the barrier for users to get the information they need.
• Improving accessibility: Accessibility plugins already exist, but AI could help them do more. For example, they might proactively identify issues as you work and suggest a solution. They might also scan PDF files to ensure compliance, generate transcripts for your multimedia content, or add accurate ALT attributes to images as you upload them.
• Lock down site security: Your site’s security plugin could use AI to identify malicious code more accurately and alert you to suspicious activity as it happens.
• Make your website multilingual: AI is already speeding up the language translation process for WordPress websites. It might also result in more accurate automated translations and enable you to add new languages on the fly.

The above ideas are just the tip of the iceberg. MCP has the potential to spur all manner of creative uses for AI in WordPress.

MCP Resources for WordPress and Beyond

Do you want to learn more about MCP and its role in WordPress? Here are a few handy resources to dig in:

• AI for WordPress Developers (Jason Adams)
• Are you down with MCP? (Brian Coords)
• Introduction to Model Context Protocol (Anthropic Academy)
• Use MCP servers in VS Code (Official VS Code Documentation)
• What is the Model Context Protocol? (Official MCP Documentation)
• WordPress AI Experiments Plugin (GitHub)
• WordPress Plugins Using AI (WordPress Plugin Repository)

We hope you enjoyed our look at MCP! We encourage you to stay up to date on what’s happening by checking out the WordPress AI Team’s blog.

The post What Is MCP, and How Can It Help Your WordPress Website? appeared first on Speckyboy Design Magazine.

You may think of WordPress plugins as tools for improving a website. That makes plenty of sense. We use them to add features for users and site owners. They add capabilities like SEO, shopping carts, and layout building to the mix.

Plugins aren’t just here to serve those groups, however. There are also products designed specifically for web developers. These expert-only items enable us to troubleshoot issues, measure performance, monitor site functionality, and more.

Some utilities are even meant to be installed temporarily. Use them and then lose them. All the better to keep a curious client from wreaking havoc!

With that in mind, let’s look at a handful of WordPress plugins that cater to developers. You might find a few that fit your workflow.

Health Check & Troubleshooting WordPress Plugin

This official WordPress plugin belongs in every developer’s toolbox. It’s a debugging tool that makes troubleshooting potential plugin and theme conflicts easier to diagnose. You can “virtually” deactivate items within your user session to identify which one is causing an issue.

Importantly, visitors to your website won’t be impacted by your tests. You’ll also find a plethora of debug data and confirmation that WordPress core files haven’t been tampered with. When things go wrong, reach for Health Check.

Query Monitor for WordPress

Does your website have performance issues? Is it riddled with PHP or JavaScript errors? Query Monitor will help you pinpoint the source of a myriad of problems. The plugin logs errors and keeps track of everything that happens during a page load on the front and back ends of your website.

You’ll also find handy details such as the current theme template, user capability info, and server environment settings. There is also a selection of add-ons for extending Query Monitor’s functionality.

Disable Emails WordPress Plugin

Raise your hand if you’ve ever accidentally triggered a user email when working on a website. It’s a common issue when troubleshooting or building new features. Activate Disable Emails, and you won’t have to worry about that WooCommerce invoice or password reset being sent.

It’s also a perfect companion when working on a local or staging environment.

Code Profiler for WordPress

Your site’s theme, plugins, and custom code snippets all impact performance. But how much? Code Profiler provides a visual overview of load times, disk usage, and more. The colorful (and exportable) charts make it easy to identify what’s slowing down your site.

The plugin also works with WP-CLI and accommodates custom cookies/HTTP headers.

Advanced Cron Manager for WordPress

WordPress relies on cron tasks for functionality like sending emails and detecting software updates. In some cases, a failed task can lead to problems – particularly for e-commerce and membership sites.

Advanced Cron Manager allows you to view registered tasks, modify their schedules, and add new tasks to the list. The plugin helps you take control of an otherwise invisible process.

Email Log WordPress Plugin

Let’s face it: email is unreliable. That said, we still count on it for receiving form submissions and e-commerce orders. Email Log provides peace of mind by tracking every email WordPress sends. It also serves as the first step in troubleshooting email delivery issues.

Plugins To Help You Build and Troubleshoot Faster

Developers have no shortage of responsibilities. We not only build websites with WordPress, but we also maintain and troubleshoot them. The right tools are essential for our efficiency and sanity.

The plugins on this list help us do just that. They provide useful data, allow fine-grained control over site processes, and alert us to potential problems. Even better is that we can install them with just a few clicks.

So, don’t go it alone when working with WordPress. Use the tools above to give you an edge – you’ll be glad to have them in your toolbox.

---

The post The 6 Best Developer Friendly WordPress Plugins for Performance & Diagnostics appeared first on Speckyboy Design Magazine.

The WordPress Block Editor enables browser-based design. That’s leaps and bounds from where the old Classic Editor fell short. It may eliminate the need for a page builder plugin in some cases.

That’s all good news. However, it’s also tricky for web developers hoping to prevent their clients from accidentally breaking a layout. It’s all too easy to delete a component or drag one to a different spot. Oh, the horror!

Keeping your designs looking good and safe is essential. Fortunately, WordPress offers several built-in methods for doing just that. They could save you from a headache or two.

Let’s learn how to protect your WordPress block layouts the easy way!

Step 1: Create WordPress Block Patterns

You spent all that time creating a custom block layout. Preserve your work by saving it as a block pattern. It only takes a few seconds and allows you to reuse custom layouts at any time.

This means you can easily restore a layout if something goes wrong. That’s simpler than trying to piece things back together or clean up a royal mess.

Even better, you can export block patterns and save them locally. This keeps your original layout intact, no matter what happens on the live site. You can then re-import the pattern should the worst happen. The other benefit is that the pattern can be imported to other sites or included in a custom plugin.

To create a block pattern, click on a block’s Options menu (⋮) and select Create pattern. Give the pattern a name and optionally assign it a category.

Once your pattern is saved, you can access it in the Appearance > Design menu within WordPress.

Helpful Resources:

• Exploring the WordPress Block Pattern Directory (Speckyboy)
• How to Create & Manage Block Patterns in WordPress (Speckyboy)
• Synced Patterns (Reusable blocks) (WordPress Documentation)
• Using Block Patterns (Learn WordPress)

Step 2: Lock Your Blocks

Block layouts can be easily edited and rearranged by default. For example, you might use the Block Editor’s List View to drag items to different areas of your page. It’s great for flexibility, but it can also result in some unintended consequences.

The Lock feature allows you to prevent blocks from being modified or removed from your layout. Users can still change the contents of a block. However, they must use the same type of content. For instance, you can only replace an image with another image, and so on.

If you’re locking a Group block, you can also choose to lock all blocks within the group. This step protects the entire custom layout. It’s another reason why the Group block is great for housing layouts.

To lock a block, click on its Options menu (⋮) and select Lock.

Note that there’s also an option to unlock a block if you need to make further edits. If you want more control over who has permission to unlock a block, there’s a code snippet that can help.

Helpful Resources:

• Block Locking API (WordPress Documentation)
• How to Lock Blocks and Templates (Full Site Editing)
• The Key to Locking Blocks (Learn WordPress)

Keep Your Block Layouts Safe and Beautiful

In days past, web developers had various tricks to client-proof custom layouts in WordPress. We hardcoded them into PHP-based theme templates and implemented custom fields to allow content changes. This approach doesn’t work as well in the world of blocks, though.

No, using the WordPress Block Editor to build layouts is about more than just aesthetics. You also need a plan to ensure that what you create is protected against breakage – block patterns and locking offer quick, built-in solutions for doing so.

Combined, these features add some resiliency to your custom layouts. And, even if something goes wrong, you can still restore the original version. That provides some peace of mind for you and your clients.

The post How to Protect WordPress Block Layouts From Accidental Changes appeared first on Speckyboy Design Magazine.

Running a web design or development agency comes with its own set of challenges. When WordPress is your platform of choice, choosing the right hosting provider isn’t just about uptime or page speed. It’s about how well that hosting setup fits your workflow, your team, and your clients.

Agencies don’t need a one-size-fits-all solution. They need reliability, control, scalability, and smart tools that actually save time. This guide breaks down what to look for when picking a WordPress host for client sites, without the fluff or buzzwords.

Why Hosting Matters for Agencies

Bad hosting wastes time. When your team is troubleshooting server issues, fixing plugin conflicts caused by caching layers, or manually restoring backups, you’re not building sites or serving clients.

Good hosting removes those headaches. It gives you a stable base to work from, keeps your sites running smoothly, and handles the maintenance tasks you don’t want to babysit.

The right host becomes part of your workflow. It should make client launches smoother, give you access to performance tools, and offer real support when things go wrong.

Key Features to Look for in WordPress Agency Hosting

1. Multi-Site Management Tools

Agencies need to manage several (or dozens) of sites from one place. Jumping between dashboards or logging in and out of separate accounts wastes time. Good hosts offer a centralized panel to manage updates, backups, staging sites, billing, and more across all your projects.

Look for:

• A unified dashboard for all client sites.
• Bulk updates for themes and plugins.
• Site tagging, notes, or client labels.
• Permission controls for team members.

Relevant hosting options are Hostinger Pro and Bluehost Agencies.

Hostinger Multi-Site Tools

2. Staging Environments

You shouldn’t have to push changes live just to test something. A proper staging site is critical, especially when clients want to preview changes, test new plugins, or approve a redesign.

Check that your host includes the following:

• One-click staging and sync
• Easy cloning and merging to/from live
• Password protection for client previews

Relevant hosting options are Kinsta and WP Engine.

Kinsta Staging Tools

3. Client Access and Collaboration

Agencies work with clients in different ways. Some clients want access to the dashboard, others don’t. Either way, you should be able to control what they can and can’t do.

Look for hosting that lets you:

• Add client logins without sharing yours.
• Limit access to specific tools or sites.
• Transfer billing when needed.

SiteGround and Pressable both offer white-label options that keep your agency in control.

SiteGround White Label Options

4. Reliable Support from WordPress Experts

Support needs to be quick, clear, and handled by people who actually understand WordPress. You don’t want generic replies or scripts. You want help from someone who’s seen the same plugin conflict ten times before and can tell you what’s wrong without needing a back-and-forth.

Look for:

• 24/7 live chat or ticket support.
• WordPress-specific knowledge base.
• Help with performance issues, security, and plugin errors.

Agencies often benefit from a host that offers priority support tiers.

5. Performance and Scalability

Client sites need to load fast. Whether it’s a local bakery or a WooCommerce store pulling in 500,000 visitors, your host has to keep up. Hosting should be optimized for WordPress with built-in caching, CDN access, and a strong uptime record.

Evaluate:

• Global data centers and CDN integration.
• Server-level caching (not plugin-based).
• PHP 8.x and database tuning.
• Traffic and storage limits that match your scale.

Rocket.net Fast WordPress Hosting

6. Backup and Security Options

If something breaks, you need to recover fast. Hosting should include automatic daily backups with quick restore options. Security should be active, not reactive.

Features to expect:

• Malware scanning and firewall.
• DDoS protection.
• One-click backup restoration.
• Two-factor authentication and login protection.

Good examples are SiteGround Security and Kinsta’s daily backups.

SiteGround Security Features

7. Agency Pricing and White Labeling

Agencies often need custom billing, bulk plans, or white-labeled dashboards. Some hosts offer partner programs with discounts, referral revenue, and tools built for client handoff.

Look for:

• Reseller or bulk site pricing.
• Branded control panels for your agency.
• Client billing transfer tools.

Relevant hosting options are the WP Engine Agency Partner Program and Pressable’s Partner Program.

Questions to Ask Before Choosing a Host

• How many sites can you manage from a single dashboard?
• Is staging included or paid extra?
• What’s the average response time for support?
• Can you easily scale up traffic and resources?
• What’s the plugin policy? Any major restrictions?
• How easy is it to hand off billing or access to clients?
• Do you get priority support as an agency?

Some Hosting Providers Worth Exploring

Here’s a mix of hosts that offer tools geared toward agencies:

Final Thoughts

Agencies have a lot to juggle. The right WordPress host can take some of that pressure off by automating the boring stuff, protecting your client sites, and giving your team better tools to work with.

Don’t just choose based on price. Test their dashboard. Talk to support. Look at how easy it is to clone a site, hand off billing, or fix something when a plugin breaks. Pick a host that fits your workflow, not the other way around.

The post How to Choose the Best WordPress Agency Hosting appeared first on Speckyboy Design Magazine.

WordPress boasts an unrivaled flexibility. There’s an opportunity to customize every component of your website. That certainly applies to themes.

For years, some developers opted to build custom themes from (or near) scratch. Whether starting from a blank screen or a starter framework like Underscores (rest in peace), the goal is to craft a theme that suits your project.

This approach predates the Block Editor, which was introduced way back in WordPress 5.0. It was a time when developers used plugins like Advanced Custom Fields to create a custom page-building experience. There was also a need to hard-code complex layouts within the theme’s template system.

In short, it was often the best way to create a custom website that was also client-proof. However, WordPress and its theme ecosystem have evolved. Custom layouts can be built with a default installation, and block themes allow for greater design flexibility.

That leads to the question: Do from-scratch WordPress themes still make sense in modern times? Let’s explore their role (or not) in the theme development landscape.

Mixing WordPress Blocks & Templates

Traditionally, a from-scratch theme is also a “classic” theme. They use PHP templates and the old-school WordPress Customizer interface.

This path offers developers more control behind the scenes. We can build features that serve a narrow use case and better protect against breakage. It has often been used to customize the content area of pages with layouts that weren’t easily replicated inside WordPress – without using a page builder, at least.

The Classic Editor’s limitations sometimes made this approach a necessity. Adding modern block-based layouts to the mix changes things, however.

Classic themes can use blocks within pages and posts. Plus, modern conveniences like the Query Loop block enable functionality that was previously difficult to achieve without writing code. And we can’t forget about the many custom block plugins on the market. They offer advanced design and dynamic data options.

Blocks can also be locked within the editor, which prevents a mischievous client from doing too much damage. So, there goes the client-proofing argument.

This limits what can be accomplished with PHP theme templates. It’s still possible to embed a layout via hard-coding or using a block template part. However, that doesn’t seem as practical.

Blocks can usually do the job without the need for additional PHP, HTML, or CSS. It feels like one less reason to use a from-scratch theme.

Building From Scratch Goes Deeper Than Design

OK, perhaps any design advantages of from-scratch themes have evaporated. There are still some potential gains to be had.

The third-party theme market continues to struggle with bloatware. Classic themes aiming to be everything to everyone aren’t always the best option. Some offer poor performance and accessibility. You are also ceding control of dependencies and security.

This is where a custom theme shines. You can create a purpose-driven product that addresses a specific need. There are numerous benefits to this approach.

The use of JavaScript is a prime example. Going custom means not having to load scripts you don’t need. Scripts can be optimized to avoid performance hits. Plus, you won’t have to wait for a theme author to update those dependencies.

There is also something to be said about version control. Third-party themes can release updates at any time. That can clash with the needs of large enterprise projects. A new feature could cause unexpected issues. A custom theme allows developers to avoid this risk and add features as needed.

Theme settings and customization are another area where building from scratch has an advantage. You can develop settings to suit any need and limit what users can do. Third-party themes may offer too much access. Maybe client-proofing is still a thing, after all?

When To Go Custom

Despite the rise of block-based websites, there are still reasons to start from scratch. So, when should you consider going this route?

Maybe the use cases are narrower these days. But custom themes are helpful when you have a strict set of parameters to work within, such as:

• You need version control of the theme’s styles and features;
• Some items need to be hard-coded into a template;
• You want custom settings not included with a third-party theme;
• You need tight theme integration with plugins like WooCommerce;
• There are strict accessibility requirements;

These are all reasons to forego the theme ecosystem and build it yourself. You’ll have a result that, for better or worse, a commercial product can’t match. Why? Because it’s tailored to your project’s needs. You don’t have to settle.

This does put the onus on you to test and maintain the theme, however. It includes updating dependencies and ensuring compatibility with the latest version of PHP. There are also security considerations. So, think carefully about what’s best for you and your project.

The bottom line is that, even with changes in WordPress theme development, going custom is still a viable option. That is, as long as you’re doing it for the right reasons.

The post Do Built-From-Scratch WordPress Themes Still Make Sense? appeared first on Speckyboy Design Magazine.

There’s a school of thought among web developers that clients don’t care about how you build something. They only care that things work as expected.

There’s some truth to that logic. Most of our clients aren’t WordPress experts. They don’t know Yoast SEO from Jetpack. They’re unlikely to know what separates a good theme from a poor one. They depend on us to build their website responsibly.

However, our choices will matter to them at some point in the future. For example, when an abandoned plugin includes an unpatched security issue. Or when an outdated theme isn’t compatible with the latest version of PHP.

Making the wrong choice can be costly for you and your clients. At the very least, it means additional maintenance. At worst, it could mean cleaning up a hacked website and dealing with a data breach.

So, how do you know if you’re choosing the best options for your clients? We have some tips for picking themes and plugins that have the best chance of future success.

Choose WordPress Products With a Good Reputation

The WordPress.org plugin repository hosts tens of thousands of items. However, not all of them are fit for use in a production environment. Consider that some plugins haven’t been updated in years, while others have existed for only a short time. The same scenario applies to themes.

That’s why choosing reputable products is so important. Even if something goes wrong, it’s likely to be fixed. Additionally, the best theme and plugin authors are proactive in implementing security measures.

Finding a reputable product isn’t difficult; it involves a little bit of research. Here are a few clues that a theme or plugin is trustworthy:

• An updated changelog: A regular pattern of updates indicates that the product is actively developed. New features are great. However, also look for bug fixes and security patches.
• Resolved support tickets: The WordPress.org forums are a great place to see how well a product is supported. Some commercial products may have their own support forums. Regardless, look for resolved tickets and frequent responses from their support team.
• A steady active install count: The theme and plugin repositories include active install counts. A high number doesn’t always correlate to quality, but it’s an indicator of a trusted product. Even a relatively low number is acceptable, provided the items above are addressed.

None of us can guarantee the long-term outlook for a theme or plugin. But choosing one with a good reputation should increase your confidence. It’s something your clients will also appreciate.

Consider the Pros & Cons of an Ecosystem

Some WordPress themes and plugins come with their own ecosystems. WooCommerce is a prime example, as the e-commerce platform offers extensions you can use to add functionality. Other examples include Gravity Forms, Kadence, and GeneratePress.

Buying into such an ecosystem has advantages. Compatibility should be top-notch, for one. It’s better than a piecemeal approach, where you add unrelated software from all over the web. Each piece fits together to create something bigger.

Theoretically, this should mean easier maintenance, particularly if each item comes from the same author. Product upgrades arrive in lock-step and avoid major issues.

There are some potential downsides to this approach. An ecosystem must be sustainable, for one. Imagine investing in a family of theme products that goes out of existence. That means your clients are using software that is no longer actively developed. It’s only a matter of time until there are problems.

Plus, a singular part of an ecosystem could fall into a black hole. Many WooCommerce extensions are built by third-party developers, for example. That’s great for innovation. Yet, there’s also a risk that the product won’t keep up with changes to the parent plugin.

Once again, this is where reputation comes into play. Scrutinize an ecosystem and its related products as you would any other theme or plugin. Don’t assume every item is of equal quality or strength.

Think About the Bigger Picture

It’s easy to fall into short-term thinking when working on client projects. We’re trying to meet client expectations within a tight timeline and budget. That can lead to installing a theme or plugin simply because it’s the fastest solution.

We may not realize the long-term consequences of those decisions. Using what’s most convenient in the moment doesn’t guarantee quality or reliability. Make the wrong choice, and suddenly, your client will care about how you built their website.

Keep that in mind as you plan for a project. Consider the future needs of the website and how things will look in a few years. Do you see a WordPress theme or plugin that’s still humming along? Or might you be in a panic to replace a key component?

No decision is without risk. However, you can reduce it by doing your homework. Doing so will lead to easier maintenance and more peace of mind.

The post Why the Themes and Plugins You Choose Matter to Your Clients appeared first on Speckyboy Design Magazine.

WordPress is known for its flexibility. The ability to build custom blocks keeps with that tradition. There are so many potential use cases. It feels like the sky is the limit.

However, building a custom block hasn’t always been easy. Even seasoned WordPress developers can struggle to learn the process. Blocks are based on React, rather than PHP. As such, there’s a serious learning curve. That has left many to look at alternative methods or use third-party block suites.

There’s a new tool looking to change the narrative. Telex is Automattic’s AI-powered block builder. Tell the app what you want, and Telex goes to work. It generates code and, once you’re satisfied with the result, creates a custom plugin to install on your website.

Telex is ripe for experimentation. Let’s take it for a spin and see what it can do.

Getting Started With Telex

First things first, you’ll need a free WordPress.com account to use Telex and save your projects. Click the Login button on the upper right of the screen to get started.

Once that’s taken care of, it’s time to tell Telex about your project. The interface should be familiar to anyone who has used ChatGPT, Gemini, or other popular AI models.

Enter your idea into the text field, and the tool takes care of the rest. It generates your custom block’s code and even lets you test it in a real WordPress installation (thanks to WordPress Playground).

Doesn’t that sound otherworldly? Follow along as we create a demo block.

Creating a Custom Timeline Block

From the looks of things, there’s no idea that’s too far-flung for Telex. There is a plethora of creative examples popping up on the web.

For our purposes, we’ll try to keep things practical. We’ll create a Timeline block that allows us to highlight important dates with style.

Here’s the prompt we used:

Create a Timeline block that allows me to highlight important dates in a vertical format. It should have fields for the following:

1. Year
2. Content

The design should feature the Year on the left and the Content on the right. A vertical line should be displayed between the Year and the Content. The Year should be bold text and stand out.

Hint: Telex has an “Enhance Prompt” feature that will that will rewrite your prompt using AI. Give it a try if you’re having trouble describing what you want. We tried the feature, and it added a few elements we hadn’t thought of, including responsive styling.

Click the Build button once you’re satisfied with your prompt.

Generating & Testing Our Custom Block

Telex will start building your block in plain view. The UI shows your prompt at the top of the screen, while the app’s internal dialog scrolls by below.

In our case, the process took about two minutes to complete. Once finished, we were redirected to a WordPress install and placed into the Block Editor.

This is where the fun begins! Telex provides an opportunity to test our new block and see how it works. We can use the chat panel on the right side of the screen to ask questions or make edits.

Judging the Initial Result

At first glance, our Timeline block looks similar to what we envisioned. Telex followed our instructions with the help of its AI enhancement feature. It also added a few details we didn’t think of, such as the ability to style the block’s colors and spacing.

There’s even a handy plus (+) icon for adding additional milestones to our block. As promised, the block is also responsive. The Year and Content blocks are stacked on small screens for easier reading.

It’s a strong start. However, we think there’s room for improvement. Can Telex help?

Improving Our Timeline Block

Perhaps the biggest thing missing from our block is the ability to customize the typography. We’d love to change the font sizing and spacing. Let’s ask Telex for some help:

Can you add font size and spacing settings to the Year and Content fields?

Telex receives our prompt and immediately begins revising the block. Once finished, the Block Editor is refreshed, and it’s time to inspect the changes.

Sure enough, our block now features typography settings for the Year and Content fields. Nice!

We’re one step closer to completion. However, there are a few other small tweaks we’d like to make:

I notice the line between entries isn't connected. Can we change that?

Also, I'd love the ability to horizontally align each entry to the Top, Middle, or Bottom.

Telex got both requests correct, to a point. We can now align our milestones horizontally. However, the connecting line has now moved to the left side, which is not what we wanted. Recall that the line had been in the middle.

Can you move the connecting line back to the middle? It should be connected to the icon between the Year and Content fields.

It took a few tries and a recovery from a PHP crash inside WordPress Playground. Telex eventually moved the line to the middle and adjusted the styling so the milestones are connected on the front end (there was still a bit of space in the editor).

Things are looking good, so we’ll click the Download button on the upper right of the screen. Telex provides a ZIP file containing a plugin for our custom block.

Now, we can install the plugin on any WordPress website!

Making Custom Blocks a Prompt Away

Our experience with Telex was a pleasant one. Within 30 minutes, we had a working prototype of our custom Timeline block. Even the most talented of React developers would have difficulty matching that pace.

Sure, there were a few glitches along the way. That’s to be expected from any AI tool. However, Telex produced the result we were hoping for.

What about security? We ran the plugin through Plugin Check, which gave us a thumbs-up. We recommend using the tool for every custom block you generate. Also, review the code manually. Don’t take security for granted.

Telex is still in its “experimental” phase as of this writing. However, it’s safe to say that the future looks very bright.

The post How to Build a Custom WordPress Block With Telex appeared first on Speckyboy Design Magazine.

Every WordPress website is a target for brute-force login attempts. Bots will swarm your site and flood it with various usernames and password combinations. If they find a weak or compromised password, they can do untold damage.

Enhancing your site’s login security is crucial, and implementing two-factor authentication (2FA) should be a part of your plan. The technology requires a user to verify their identity via email, text message, or a third-party app. It’s the last line of defense against a hacker accessing a user’s account.

The good news is that you don’t have to be a security expert to implement 2FA on your website. Several WordPress plugins can add this layer of security in just a few clicks.

We’ve put together a list of the top 2FA plugins to help you get started. You’ll find options covering different authentication methods, along with the ability to protect administrator and lower-level accounts. You’re sure to find the perfect match for your site’s needs.

Two-Factor WordPress Plugin

An official plugin from the WordPress team, Two-Factor adds 2FA settings to each user’s profile. It also supports several verification methods, including email, time-based one-time passwords (TOTP), FIDO Universal 2nd Factor (U2F), and backup codes. Note that 2FA can be enabled on a per-user basis or for all users via a code snippet.

Wordfence Login Security Plugin

Wordfence is known for its all-in-one security suite. However, they also offer a niche plugin that secures your site’s login. Wordfence Login Security supports TOTP-based apps such as Google Authenticator and Authy. What’s more, you can add reCAPTCHA protection to your login pages and guard against XML-RPC attacks. It’s a lightweight option that adds peace of mind.

WP 2FA WordPress Plugin

WP 2FA makes it easy to protect user accounts. There are options for protecting all users, specific users, or users with a particular role. The plugin supports email and TOTP authentication methods. It also allows users to set up their 2FA preferences on the front end where appropriate. Developers can use the plugin’s API to add support for additional 2FA providers.

Two Factor Authentication WP Plugin

Add a layer of security to any user or user role on your WordPress website. Two Factor Authentication supports TOTP and HOTP methods. It’s also compatible with WooCommerce, Elementor Pro, Gravity Forms, and other popular plugins. The plugin can also remember trusted devices and will alert you if a user enters the correct password with an incorrect 2FA code.

Two Factor (2FA) Authentication via Email

Here’s a simple solution for adding 2FA to your website. Install Two Factor (2FA) Authentication via Email, and a toggle will be added to each user profile. Enable 2FA for individuals or use the provided code snippet to turn it on sitewide. Note that email is the only supported authentication method.

Solid Security Basic WordPress Plugin

Solid Security includes a suite of tools to protect your website, including 2FA. The free version of the plugin offers email-based authentication, while the pro version supports TOTP and backup codes. You can also configure strong password requirements and ban users after repeated failed login attempts.

An Easy Way To Improve Your Website’s Security

Two-factor authentication is a must-have feature for every WordPress website. It’s also one of the easiest items to implement.

The plugins above streamline the process and provide multiple authentication options. So, whether you need to protect site administrators, e-commerce customers, or both, there’s a plugin for you.

We hope you found this plugin roundup useful. Check out our WordPress Security section for more helpful tips and tools.

---

The post 6 Best Plugins for Adding Two-Factor Authentication (TFA) to WordPress appeared first on Speckyboy Design Magazine.