 Lots of waves. Thank you for packing in here this morning. I promise I will try to make it fun. I've already been asked what this will look like in terms of, is this going to help me as a user or a developer, different things like that? I hope to ride the line between the two a little bit. This comes from the angle of, as someone who can code, here's a good way to make the dashboard a little easier. If you are a user using the dashboard, you might learn some things about what you shouldn't touch in this meeting, which will be really good. I will save your life, I promise. So hopefully we can kind of come at it from both angles. I'm happy to answer questions afterwards and help out as much as I can. If you want to yell at me, that's where you can do that. I will not respond while I'm talking. If you want to visit this URL, what this will take you to is something on GitHub. Now this is for Nerds, OK? But it will take you directly to a plugin that you can drop into a site that utilizes all of the code examples that we talk about today so that if you want to try something out or see what it actually looks like when you're putting it into practice on a site, you can already go ahead and edit those code examples instead of having to write them from scratch. It also gives you a good idea of if you have a test site, install it, delete, add some lines and things if you're tinkering in the code. It'll help you kind of understand what's happening and what's changing when you apply some of these things. So especially for developers, myself included, although I've gotten far more enlightened on this of late, it can get a little interesting when you start talking about why is the admin area hard, or complicated, or scary at all. It seems really simple to me. When I compare it to other CMSs, it seems a lot easier. I'm not scared of it because I know what I'm doing and all of this kind of stuff. And that is neat. And this might be why you look like when you're doing the admin and you are super good at it and you are dancing around probably without pants as well, especially if you work from home, I've learned about this. But this is what happens when other people try to do this dance. And they really, really imagine that they look more like this guy, but they look more like these people. And it's hard for us to remember, isn't that great? We just sit there and watch it all day. Boom. So I learned a lot about this, and you can see kind of the framework of this from something I'm working on with a business partner of mine called Evermore. I'm not pitching you on that today. Most of you, honestly, are not the target customers for that. But the concept here is that we host and curate WordPress for people. So we take away a lot of the risk that's involved for people who want to use something like WordPress and would benefit from it. Good morning. And would benefit from it. But honestly, don't want to mess with the details. Or as soon as they start touching something, everything falls apart. People become very self-aware when they're trying to run a business. And they realize the next time they touch something, everything will die. And so this is a really good example for them. And a lot of what we're using today is what we use in production. Basically, if you sign up and are a customer and you hit the WordPress dashboard, you see the default experience. We don't change a lot of that stuff, because we want you to be able to know WordPress, whether you're a customer or not. But we take away a lot of the scary things that we'll talk about today. So here's a basic look on the dashboard when you have a fresh WordPress installation. And let me maybe break this down for you, whether you're new or old. Kind of look at it with fresh eyes and pretend that you are a person who has never really seen or experienced this before. So this is the way I would talk to people now. That's pretty much the only safe zone in the whole thing. That's the only thing where you cannot break the site by touching the wrong thing in the default installation. Everywhere else, dragons. Complete dragons. And we don't think about updates having scary elements and things like that in there, but you're basically, when you think about it, you're downloading and implementing code that you did not write or review onto your website and basically just hoping to God that it works correctly. And if someone missed a semicolon somehow, your whole site will be blank. So it's scary. And we trust it a lot because we end up having good developers in the WordPress community. And so overall, it's low risk. But if you've ever talked to somebody who just updated and then OMG, my site is broken, they'll feel a little bit different. Oh, and then also there's this thing called screen options which hides all the stuff that you want to see. That's the most confusing thing to tell people because you're sitting on a call or you're talking to somebody and you're trying to tell them to put something into a box that's not there. And then you have this aha moment where there's, oh no, there's this tab up there called Screen Options that lets you unhide the things that you need to see. It's there. Anyway. So we're gonna do two things to the admin area today and I'm gonna walk through all of them. And we're gonna make it friendlier and safer for everybody whether you're a developer or not, right? It's really not a bad idea to have things a little more foolproof even if you do know how to fix something when it goes wrong. So step one is to clean some of the crap out of WordPress. One thing, I'm gonna add a caveat to this, okay? But one thing, there's this little tools area in there which was basically like a junk drawer for things that were sort of like stuck in WordPress that we kept around for a long time that nobody used. There's something called press this in there until the upcoming version of WordPress, okay? So they have redone it for 4.2 which will come out sometime soon. Prior to this, that thing is just kind of really weird and fairly useless in my opinion and it's confusing to have things like that there. Point is though, that's an entire page that we really don't need people clicking around and looking at and trying to figure out what's going on it just adds to the clutter. And so you can actually go in and remove these pages with plugins. Everything that I'm showing here today, you can use a plugin, install it or install in a must use plugin which I'll explain a little bit later. But in any case, you can do this, activate it and all of the stuff like you can just hide things, you can take things away from the admin, you can simplify them and you can do it the right way without getting hacky and anything else. And on top of it, if you wanna go back to danger mode, you can just deactivate the plugin and everything goes back, okay? Two. So I'm a user who doesn't really know anything about caching but my developer installed caching because that's how websites work. And now I have this admin bar that's at the top when I'm viewing pages and posts and all this and that caching plugin has stuck a bunch of random stuff in there that I honestly don't ever need to click on. Not only do I not really wanna click on it because I don't need to read it but there are things that you should just not know in life if it's not important for you to know and FAQs about a caching plugin is one of those. It will make you believe that you understand what's happening. It's a very dangerous thing to read. And so you can go in and actually remove a bunch of the things that's dropping down in those menus, hide those from people entirely, reduce confusion because most of the time the purpose of that bar is really just to get people quick access to edit things and hop into places they wanna go. Also there's this, there's this meta box on the dashboard that's like WordPress news. No one cares about what is happening in that newsfeed whatsoever. The people who already wanna read WordPress news know exactly where to go to get it and it's not the dashboard of their client's site, okay? And if you don't really care to read it, why is it there? It sort of implies that it's important and there's stuff you should read when really it's just links to people arguing about onerous things about WordPress. So none of it is helpful. So you can just remove these boxes entirely. And again, usually the way that people approach this is, oh, I know how to use screen options even though people don't. So what I'm gonna do is I'm gonna log into somebody else's account, go into screen options and start hiding all the stuff that I don't need to hide or they don't need to see, right? So that's one way to do it. Here's another way that doesn't require you to risk security by passing passwords back and forth or hacking into somebody else's account and then relying on cookies and all this kind of stuff to make it happen. Just remove things that don't need to be there entirely and that's one of the things you can do. So step two is kind of understanding what you should actually be able to do. So one example, and I wrote a plugin that does this, it's very simple but you can install it and do it this way. So there are some default roles in WordPress and basically it's like you can't do anything, you can't do anything, you can't do anything. You can do everything, right? And so that's the gap between editor and admin and it's sort of a weird spread of things to do when a lot of times you want to give people the right to do things like move widgets around but you don't maybe want to let them access PHP code directly, right? There's a nice gap in between there and so what this allows you to do or the plugin that I wrote is it basically says, look, if you're an editor, we'll let you touch some of those other things that are in there that affect the appearance that will probably not break your site if we do all the things that are involved here but you can actually get to that appearance menu with themes and widgets and plugins or, yeah, not plugins but the other ones I said and you can use all that kind of stuff. So, but that's an easy way that you can kind of add capabilities to roles without, okay, raise your hand if you've ever tried to build custom roles in WordPress before, okay. Raise your hand if you thought that that was super fun. Two people, all right, no, that's okay. It's just that those people are less than the people who did it and think it was not fun. That's because it's really confusing and hard to keep up with and you end up trying to basically do this most of the time. Just like, okay, I want to take somebody who can write and I want to give them a few more things that they can do. Once you get more advanced, sure. Advanced roles and capabilities are helpful and important but a lot of the times we're just trying to add small tweaks to roles. So, that's a good way to do it and again that changes the admin for people. It lets people go where they want to go, use the customizer and different things. Three, one thing you can do and now we're going a little bit more into especially if you want to make the admin area and the WordPress experience better for people that you built the site for or maybe you do maintenance. Maybe you're helping them with things from time to time and basically their job is just to write content, make changes, different things that normal kind of users would want to do. So, one thing we can do and there are a couple of these here is when you start adding themes and plugins for other people, because of the way that our community works and GPL works and all of this, people want to add these little boxes that say, thanks for installing my theme. Could you give me money or visit my website or do all this other stuff that we actually don't want anybody doing? Because it's very confusing. If you buy a theme for a customer and you roll that into their cost and then they see a link that says, oh, are you having trouble? Why don't you click here and give someone else that you don't know money to answer your questions that you should be asking somebody else. And it gets like a mess and a hurry and so there are a couple of ways to deal with these. One of them is I saw recently in the actual customizer somebody had stuck an entire section in there that's like, give me money. No, so we can remove that there. We can also remove those nasty admin notices. If you've ever installed the right combination of themes and plugins, you'll see 97 admin notices about your license or about an API key or about an update or about allowing tracking or all these. Or you may see 90 updates and then also these cool little tooltips all at the same time. And you just basically want to log out and go home because there's so many of them. One thing that we do want to do if you are updating things for other people and you're taking care of that like if you're using a Mote thing like Jetpack Manage or WP Manage or Manage WP different things like that. If you are updating it for other people just remove the whole thing that tells them that something needs to be updated. They don't need to know it introduces unnecessary concern to their day. They can't do anything about it anyway because most of the time this little nag is sitting up there and it asks them to click something and then when they click it it says you can't do that. That's just annoying, don't do that. So you can actually hop in and sometimes this takes a little bit of code perusal but you can hop into plugins and themes and you can go find where they're adding little admin notices and just say take those away entirely. So step forward. This is where it gets really fun especially where people are pretty surprised that with a minimal amount of code you can really change a lot of the complicated parts of WordPress for people. So one thing is if we install this plugin as a must use plugin. So let me explain that for 30 seconds. Some of you will still have questions afterwards because it's kind of confusing. So when you install a normal plugin it goes into a plugins directory, right? So there's this magical directory called mu-plugins. If you put a plugin in there it automatically activates itself, okay? Automatically runs before the other plugins. It's basically a way to say this must happen on this website. It's irrefutable, you can't deactivate it. Things go in here, right? So when you're customizing things and you're actually coding it well that's a very good place to put stuff like this. You don't want people looking around trying to deactivate the thing and then as soon as they deactivate it all the stuff comes back. So anyway, when you do that you can actually turn off the ability to see what must use plugins are in place because WordPress will show it. Because that's just another thing that's confusing. If you're trying to make the admin less confusing there's no reason to show the thing that you're using to make it less confusing. So you can turn that whole section off with this. Now this is where it gets even more fun. So for instance with Evermore when you look at the list of plugins which I hope that whole kind of plugin interface gets better soon in general. But with a default thing you get the name of the plugin and you get the description and then you get version number, author links. You get a link to a random website. You have all these kind of additional links that people can shove in there. Again, another opportunity for paying me money even though you don't know who I am. All this kind of stuff. And so we can do a couple of things. One of these is let's take that whole row that sits below the plugin description that says it's this version. It's by this author. Go to the author URL and we're just gonna hide that entirely because for people who are using WordPress they don't really need to know about that. Unless they are people who tinker, wanna know more about plugins. But for the most part again that's not the majority of WordPress users. Especially if you are actually helping them install plugins, keep them up to date. All they need to know is do I need this on or off? And so this helps hide a lot of those details and makes things a little bit easier to parse on that screen totally. As well as I mentioned they can, plugin authors can shove these links down there by deactivate and settings. So there are several like this one WordPress SEO. So it'll link you to FAQ. It'll link you to premium options. It'll link you to all these other things. So with Evermore we already pay for that for people and then it's already presented there so they don't need to upgrade. They don't need to ask anybody else questions because we're the support people. And so we can just hide those things entirely. And so what this function is doing is saying, look, pretty much just take out anything except for the deactivate link. Just leave that stuff there, right? Because that's what we want people to be able to do. And so at this point you've really taken that whole big table of plugins and you've made it a lot less daunting to look at. Because now people can just see, what's the name of the plugin? What is it supposed to do? Is it on or off? And you can leave links to settings and things like that if you want people to be able to touch that. Now here's even more fun. So if you have some things installed for a customer especially or this is also applicable even if you're not a developer doing it for other people but you're just the WordPress person at work and everyone else is not and doesn't need to touch things. This could also be helpful. So let's say you have, in this case, we have a security plugin, caching plugin, maybe a CDN plugin. So different things that people just should not touch. There should be no reason to change it once things are set up, once things are good. You can just hide these entirely from the plugin area. So that people can never accidentally stumble across it and say, I don't think I need that anymore and then kill your server because that's happened. So what we're actually doing here is we're saying, okay, here's a list of plugin titles. If those plugin titles are there hide them unless, because you're the nerd, right? So now you can add a little git parameter here. It says c plugins equals the show and go ahead and show me all the plugins that I'm hiding from other people. That way, because you're the nerd, you can go in and activate or deactivate and different things like that as you want to. And so again, this is all about curating WordPress for the right people but making sure you leave room for yourself if you need to do things. This is one of the only examples where it would probably be easier for you to just be able to see it or not see it. And almost all the other cases, you still don't need the stuff that we're hiding. You still don't need the WordPress news dashboard widget. You still don't need a lot of other things like that. Further, so we've already hidden things from the menu bar that are unnecessary. We've hidden plugin links that are unnecessary and we've taken a lot of things off the dashboard and places such as that. So now let's say, okay, let's just remove pages entirely that people don't need to be able to touch. So here's the cool thing, again, because you're the nerd. So you can still visit options, pages, for instance, for a caching plugin, you can still visit it just by knowing the URL that you're supposed to go to. What this does is it says, just hide it from being able to discover it in the menu and click from there. So certainly you could go in here and at this point you could say, if you have user roles or something, you could specify your role in this function whatever, you can mess with it as you want. But for the most part, to me, the easiest thing to do is just say, I know eventually what the URLs are to get to different plugins. All I have to do is kind of plug it on the end of the domain, I go straight there. And so this allows people to not have to have the unfortunate discovery of things that they shouldn't touch and then start touching. That's what people do, by the way. Sometimes they get bored or excited and it's sort of the other side of the coin when we really empower people with WordPress and they get really pumped and they start dealing with really complicated things and they're like, I'll click around and see what happens. And then everything breaks because that's what happens when you get into complicated things. And so by doing this, we can remove a lot of the risk that's involved in those sorts of things at all. So this is really just plugging into that function that I showed initially that hides the tools page. You're just removing other pages and you can look up in the codex how to apply this to your particular example. But it's a really helpful thing to do. So let me soap box this for just a minute. This is what happens when you use the built-in WordPress editor. Okay, so there's this thing under appearance and editor where you just have this magical text box where you can mess with PHP code, right? I told you. So with PHP, here's an example, right? So you accidentally forgot a semicolon. Your whole website looks like this now. Not only that, because you did it in the editor that's in WordPress and that's how you were editing the file, your admin area looks like this too. So you can't even get back to the place that you were to make the change that you know that you needed to make because you know that you were using the wrong thing to edit the code to begin with, right? So now you need to make sure you have FTP or magical access to get into this thing, go in there, find the file and honestly what you're doing at that point is doing what you should have been doing to start with and it's just really embarrassing. So what this thing is, is this is a constant that you can set in your configuration file or as you'll see in that plugin example that I gave you, you can also set it in a plugin. You just have to do something particular to check for it. At any rate, by doing this, you just say, okay, we're just gonna turn that off. We're not gonna let people get to that. That is a very good idea for everybody. I personally wish that WordPress would ship this way. I really don't understand why we give people access to this kind of thing, but aside from that, if you are in control of any website at all, just do this, okay? Just do this. That is the wrong way to edit code. It is very scary and all of us have accidentally caused this, oh well. Wait, that's gonna play again? Let's just, I don't know. I really like watching this. But that is what it feels like. You're adding stuff and you're like, no, I'm gonna be fine. Everything is cool. Let's see how much I, eh, right. Anyway, everyone has done it and had their website end up like this. And most of the time, because you were trying to do something quickly, an admin area, it's why you were using that text box to begin with, and now you've spilled coffee all over yourself and you really have to use the restroom, but now you have to fix it and you don't know who to get to and someone else changed the password now and oh my God, how do I get in touch with them? They're on vacation and you're running around and you're freaking out because your client's website looks like that and you don't know how to tell them that you did it the wrong way and it's your fault. So anyway. It's never my fault. That's true, yeah. It's their semicolon, really. Additionally, one other thing we can do, so this really goes further into the, you're kind of curating WordPress and dealing with the maintenance for other people. If you are updating plugins for other people, and you're actually staying on it and you're doing it well, just turn off the ability for them to do it entirely, because what happens is when there are those updates, there's that little refresh button at the top and a number and it looks really important because it normally is, but if it's your job, take that off somebody else's plate. Make them less worried because WordPress is not only right now, is it encouraging you to update visually? You're in the UI, it's telling you things need to be updated, but as we continue to go into WordPress 4.2, it's having a little shake down about it right now, but they're making updates a lot easier for plugins. If people shouldn't be doing that on their own because you need to test the plugin first or any number of reasons, you should just turn that off entirely. Basically the whole purpose of a lot of this stuff is to keep things that shouldn't be clicked from being clicked and so just remove them entirely. Don't just have to train people on touch this but don't touch this. It introduces a level of fear and complexity into using WordPress that is unnecessary and makes them really not enjoy being in the backend of that site because they're pretty sure they remember what you told them not to touch, but I'm not real sure and now I'm not real positive if I can in fact add this content. Okay, this is way too much, why don't I just get you to do it for me? And that's the way that a lot of things end up and it might be cool for you to make $25 an hour adding their content, but it's not really empowering other people to pick up on WordPress, it's making them afraid and it's not helping them to learn and be able to utilize the tool that they have. And so that's basically the big point that we are trying to make with all of this is we wanna empower people to love WordPress the way that we love WordPress as users is by not being afraid of it, okay? And just because WordPress is significantly better, I think, in the admin area than most other CMSs, doesn't excuse it from being complicated and being really scary and having a lot of extra, additional options that people can click on and break a lot of things on their site. And so I would really encourage you, especially if you are either managing your own website and there are other people involved or you're managing clients' websites or you're doing something on a platform level like we're doing with Evermore. I would really encourage you to take some of these examples, look for places where you can remove fear, uncertainty and doubt from the admin area for people, remove the risk that's involved in clicking and discovering and just basically remove the fear. Because the cool thing is, and this is why I keep bringing it back a little bit to what we've done with Evermore, what we can do is when we turn sites over to people this way, we can say, do whatever you want, click anything. For the first time in your life, you can click anything on a website back in and not break it, no matter what. And if you do break it, that's something we messed up. We can fix that for you. And so that's a really freeing thing to be able to tell people because a lot of us, if we manage websites for people, kind of live in the fear that they're gonna touch the wrong thing or that we're going to have to explain, I know that it told you to update to that plug-in thing, but that was a major update and there was this conflict with this other plug-in that we had and now it broke and you just sound like a nerd, no one cares what you're saying, like they're just like fix it for me, why are you talking, you know? And it's just the truth, like most people just want to get on with their lives and use WordPress to do it. And so we need to focus on empowering people to use it that way. So I've left some time for questions because I know this is very open-ended. So what can I answer for people? Yes. Have you found, basically you have the super admin on open site, there's things you need to do to say you have people that are creating sites for you but you don't want them to update plug-ins but you need them to be able to activate things like that. Is there sort of that middle section between, you know what I'm saying? Yeah, somebody else asked about multi-site. Multi-site is like, it's full of dragons. The whole thing is dragons all the way through. It's very scary. For those of you who don't know, multi-site is basically an option that you can enable in WordPress that lets you turn it into a network of sites. Basically you can run the equivalent of WordPress.com on your own from your single installation. Yes, you can do most of this stuff with multi-site. It just takes a little bit more domain knowledge in looking for the proper kind of checks and functions and all that. This is not going to help as much stock that plug-in that I gave but you can pretty easily extend it outward and give people more granular capabilities and things like that. But in general with multi-site that gap between user capabilities of you need to be able to do a few things but not anything else and then you need to be able to control everything. That gap is usually more acceptable in multi-site. And so not a cut and dry answer as much there but for the most part like I would still say most people need very little access to a lot of the things that can just break stuff. Does that help? Yeah, oh yeah. Well, I suppose the update plug-in is as a super locally say, you want that quick ability but then out in the wild you don't want it there. I know that, yeah, I get what you're saying. Okay, yes ma'am? Will the, you know, a couple weeks ago Yoast had the hack that then WordPress pushed off the automatic update too. If you disable the updates will that also stop the WordPress pushes updates to your site automatically? That was a super interesting question. No, it's more complicated to turn off what they did that day. So to explain to everybody, so a very popular WordPress plug-in got pushed out. There was a big security vulnerability in it. Because of the amount of people using this WordPress plug-in WordPress as a core team proactively like force pushed an update to most everybody's site. Really without your permission as a way to keep a large scale hack from happening. So there is a different setting basically that you have to turn on that's, it was poorly documented basically. There was some community disagreement about whether that was the right thing because in one place WordPress said we're gonna be able to do that and then in other places WordPress said we would never do that. They fixed that now to say we will sometimes do that. Which was really interesting. But yeah, I can help you with details a little bit more later if you're interested but that's sort of a separate setting to turn off. What we're turning off here is just the kind of like the ability to like modify files within the admin area and just making it easier on users. Yes. Yeah, if they are going to be maintaining it I would disable the editor and I'll leave most everything else in place. Do my best to train them. Pretty much everybody who I've been able to take care of it themselves I log in pretty regularly to make sure they actually did because they didn't most of the time. But yeah, at that point it's just a little bit more. Okay, you have tools be very careful with them. Does that make sense? Okay. Yes. Do you recommend in general with clients when you're responsible for updating core and all that kind of stuff making them editor or admin? So I've seen it that kind of go different way. Yeah, to me the line between editor and admin has a lot to do with what plugins you have installed, how they're utilizing capabilities, right? And then sort of a trade off between do I want to kind of code in the ability to access things directly without giving them admin access or do I want to give them admin access and try to just restrict things that they shouldn't touch? There have been situations where people have admin access, but I basically say unless it's me hide everything. Okay, so that way like if I log in myself which you can do this with these types of functions if you're really interested in tweaking with the types of things that we've shown today like there are all kinds of variable capabilities that you can do with them. And one of them is saying like if it's me if I'm logged in like check for my user ID if it's not me hide all the rest of this stuff. So there's some granularity you can add. Does that help? Cool. Yes, sir. Fill us off to a question, what are the ways? I kind of came in WordPress backwards. Software developer who discovered it. I was actually looking for a decent PHP framework and fell in love with WordPress as what it is. Once you get in the admin you've got a cross between an app and a publishing platform. And so depending on what plugins you've got and depending on what your user scenario is. So I just want to express an appreciation some of the things that I came at for the reason I had so much fun with roles and capabilities is because it's a heck of a lot easier than I did with anything else back when I was running it the other direction. So WordPress would let you have something between an admin and an editor without a whole lot of problems. And my question is do you have a methodology, best practice, set of suggestions for defining, are you dealing with a publishing platform or are you dealing with an app? Interesting. Usually I can separate the types of people who are using it in those two different ways. So there are a lot of people who are just using it for publishing. And then there are people who need to be able to tweak settings in a plugin, make changes to a slider, different things like that. I guess I'm talking about from a business use standpoint they've got their sales report on there and so they go in the back end and update their business information in a plugin as opposed to, so suddenly making up a scenario of their prompt statements are now available in the admin area to their stockholders. I mean because it's business information but it's also published to a smaller group of people. So is it an app or is it a website? Interesting. Yeah, I just come at it from the perspective of I'm only gonna give you access to things that I know you need access to. Which is an app, which is an enterprise app attitude? Yeah, and there are a lot of people like I've set up larger sites and there have been different people who need to be able to update only certain things. So that is all they see in the dashboard. Here's your custom post type and your things that you can edit. Everything else is gone. So that's the perspective I take. Jonah Bain is laughing because I did that with their website and I think it worked pretty well actually. It keeps people out of places that they shouldn't be. Yes. As a plugin developer you talked about having too many admin notices. Is there a good way to say hey allow opt-in tracking add our updater for a premium plugin. How do you give all that information to the user without drowning them in admin notices? Because if you have too many then they'll just stop creating them. So step one for me especially is solving most of those problems without ever having to ask them to begin with. So almost everything that is do you wanna be tracked? Do you wanna enable this or that? It's just a setting in the database. So there's like a big SQL query that I run on a lot of websites that we start up that just says okay go ahead and store database rows where it said yep you can track. Yep here's some default settings and different things like that so that they never have to answer those to begin with. Most of the nags I'm trying to hide are the ones that come up because there's oh my god an update and people need to do it but you can't. Those are the ones that I wanna get rid of and the rest of them I wanna just kind of decide. I find that most people have no idea what allow tracking means so they'll just click whatever coffee made them click that day and not think about it. Whereas it's anonymous and it's helpful so let's go ahead and turn it on and it'll be fine does that make sense? Yeah that's like that whole database thing that's a little nerdier but that's a really good approach we found of if there's a ton of default settings in place find the way it's stored in the database and then just like roll that into an installation immediately. Yeah. So I've had a couple cases. The user will try and find it no matter what. And they'll like Google it and they're like my plugins are missing what do I do? And then they'll actually go in and manually type in plugins on PHP just to get to it. Sweet. So is there any way that you know that there's a way that we can prevent those users who are slightly savvy enough to find that information? I think I would tip my hat to people who figure that out and get there. Yeah that's pretty awesome. If you really want to though, I would like if I want to never ever allow access even if they find it like you can just go in and just if it's this page in the admin and you're not this user you know. Okay that way that came out weird. Wait. Die is a function. I'm sorry, I'm sorry. Some of us are here to hear from you. Wow. Nerd coffee hat. Die is just a function that says just turn the screen blank and stop doing things basically. Okay I apologize. Wow that would be harsh. Yeah if you're not me then settle down might be a better function. Yeah that's the way I would go about it if I had to really block it. Yes Joe. There are a number of popular plugins being supported that are directed at feeding and controlling things in the admin. And I know that none are probably off the granular code level stuff you're talking about here. But in your experience of any of those that you think you'll do a pretty good job or somebody on the front side you want to offer them some capability to do some of the things you're talking about here. Yeah so that's also a good question. I'm gonna answer it a little bit more broadly because I've messed with those plugins in the past. There have been some. I have not found one that was good for more than a year. The problem that I found is I would install one like there was one that helps you hide admin items. That was helpful. And that was helpful until they stopped updating it. And then it broke. And then you couldn't get to the thing that let me get to all the other stuff I needed to get to. And so like the utilizing someone else's plugin unless I've reviewed it and it looks a lot like this is very scary to me to do most of this stuff. I'd rather in this case if I feel comfortable kind of roll my own and go with it that way. But yeah there are some. And I would say if you do find some that are helpful and you can use them, that's fine. But really check back on it. Especially as WordPress does a couple of major updates. Make sure they're continuing to update their plugin because you don't want something breaking that gives you access to things that helps unbreak things. Right? Yeah. Cool. Okay I thought there was one over here. Ricky. All right so I like this idea but scale seems like a challenge for us maybe where we have out of maybe a hundred different sites we wanna implement this on but not just me but like three of us on the team that we need admin access. So it would be reasonable to take all that and put it like a make a new role called like super editor or something and assign that to clients and wrap all your stuff in there so that way any admin could log in and see everything but then clients could go in with that stuff in a new role. I mean I think that would work. Yeah I think you could do it that way. You could make new roles, you could use your IP addresses. Well yeah I think you could get back to that. I wanna one solution I can roll out for most everyone. Without having to get in specific views or IPs or anything to say. I'd go and say now instead of them being admin or editor of this new super role that hides most of it, whoever is an admin still can go and do it across most of the board. Interesting. Is there a hole there I'm missing that many? I don't think so. I think that sounds like the best way to do what you're saying. Interesting. Yeah. Speaking of that scenario. All right. I'm actually gonna bring up. So now that you poo poo plugins I wanted to mention my favorite plugin. Only poo pooing for like out of year. Yeah, yeah. For a while I've been using one called admin menu editor. That's the one. Yeah. Is I think the most popular. And to speak specifically to that scenario and also talking about creating user roles and managing user roles earlier. What I found is like a quick dash solution is I just, since I'm sitting here, I posted it on a github, github jest, github, I don't know how you pronounce it, whatever. But a github jest that basically all you have to do is all you have to do is four lines to copy the admin role. So you don't have to look at all the capabilities and stuff. But I usually what I do is I create a site admin role that is the identical to the admin role. So customers still feel like clients still feel like they have admin privileges because it has the word admin in it. But then using admin menu editor pro I'll go in and hide a bunch of stuff from them. And the newer version of that plugin not only hides the menu items but actually takes away their capability. So it speaks to the other gentleman's question about like if they go and look for plugins.php and type it in the URL, we'll actually see you do not have these capabilities. And so it gets around the power user scenario. So that's kind of the combination that I usually use. Interesting. And I found that that plugin tends to, I've talked to the developer nice enough. They seem to continue to be developing it. So far nothing has happened. Yeah, that can be a really good option. Like I said, you just have to stay on top of it. Cause that's, yeah, you get a very desperate email or call one day if it breaks things. But yeah, you're staying on top of it. That's awesome. Yeah. A lot of these plugins, and this is how I ended up doing it that I found some of, you go in and you look at the code. What are they doing? Now, what could I do with my own? I mean, there's a, that's the whole, that's part of what I fell in love with. It's GPL. You see it. I mean, what is this, what is this filter thing? How do I, how do I find this filter thing? All these things that you're talking about. So I learned on, on Justin Tadlock's members plugin. That became my, my tutorial. Right on. Yeah. Now that's, it's very helpful for a lot of people. I'm trying to kind of ride the line between those because so we come from a software development standpoint and so that's our default to go in and do that. 99% of people don't care about that at all. Don't even know how to start with that. Don't think about it that way. And so by kind of presenting some of these options, like, I don't know, people like us, like the super nerds, we're comfortable with having super nerdy options because we know what happens when we break things and how to fix broken things. But for the most part, like I really want to help people understand what can break things, how to get rid of those things and at least how to start approaching dealing with them. Find that a lot of people haven't had the kind of groundwork to know, well, you know, step one might be just hiding a page because that's the easiest way to stop discoverability. From there, if you have smart people googling how to find the page anyway, like how do you deal with that scenario? And you kind of step it up from there. So again, just kind of starting with only show me what I need to have to get my job done and then move on is really helpful. So yes, ma'am, last question. Make it good. When I'm on the fly, I find a site or something like that and then I go home and download those files to my computer. Am I getting myself endangered? Yes. Okay, why? Why is the good question, does that not? Because our intentions are really good but it totally relies on our memory and willpower to do something. And every time we edit something in one place and say, okay, basically I need to go home and make sure everything is caught up that way, like you're sort of setting a dependency in your mind that's really hard to keep up with and is really risky if you don't. Like I've been in situations where I've done that, forgotten to re-download it and then fix something else, pushed up code, undid all the stuff I did originally, don't know why or didn't notice it, somebody emailed me, ask why I undid all the stuff I already did, I don't know why, I have to go back and it just creates sort of an iffy situation. I like to challenge, by the way, all of us are intermediate developers, okay? But yeah, I like to challenge like if you're writing code and that is a necessary part of what you're doing even with CSS, if you're doing anything that edits actual PHP files, just go through the very uncomfortable process of learning, okay, I've got my code editor, this is my process and this is always the way I'm going to do it. That's probably my problem, or worse, I'm on their machine and they want me to do something and I can do it, I can make it happen from their machine, they can see it immediately, they're happy. If the biggest concern is my forgetting to download it and back it up, I'm okay with that. If there are problems with the actual functionality of it blowing up something unrelated, then I'm scared. If you can limit it to CSS stuff, I would go ahead and roll in, like Jetpack has a CSS module and different pieces like that, like I would go ahead and roll one of those things that just lets you put in style and then injects it into the page and lets you kind of override what's already there instead of editing the style sheets. That will limit your risk because if it's CSS only, there's no way to break anything. It's editing those PHP files that makes all the difference. And so that's the route I would go because I know what you're saying. Well, yeah, yeah, yes, basically. And if you're very careful in the file editor, yes, you can change the CSS things and it will never break anything, but it's just, you're just walking on lava, you know? You have to be able to go in there, put a little tiny script in that code, call that code directly, download a whole payload and you're accepted back to it. Right, yeah, that's another good point. Just to say we're just for the sake of dealing with it. Yeah, because rubber bands on watermelons, right? Cool, awesome. Well, thank you guys so much and if you have more questions, come let me know. All right.