1. Meetup Recap 8/20/2014

    Thanks again to everyone who came out to our Developers meetup on Thursday night. Despite the absence of Ben and Andy for this one, we managed to cover a couple of interesting topics that I hope you found helpful.

    Google Analytics and filtering out Spammy Results.

    When reading reports in Google Analytics you’ll probably notice that you’re getting a lot of traffic from websites like:
    and a whole lot more that you’ve never heard of.

    Check out this screenshot of some of the traffic that is being reported on a website of a local commercial design firm

    Screen Shot 08-22-15 at 01.13 AM

    At quick glance you might say, 1091 sessions isn’t that bad for local commercial design firm, unfortunately all of this referral traffic (including the 633 sessions from are spoofed results created by robots who are simply submitting information packets to google’s servers using your analytics ID.

    Why the hell would they do that?!

    I’ve found that there are different motivations for each spammer. Some of them do it to generate leads, some to drive affiliate traffic, and others to earn ad revenue by increasing traffic. Not clear on how they generate traffic? Well if you are looking at your report and see that is forwarding such a large amount of traffic to your site, do you think you might be motivated to visit the site and see who they are and how your business is being represented on their site? Of course you would (or at least you would have before this awesome blog post).

    Ok so again, most of these are not real visits; they are simply using your analytics code to submit packages to google. A good tell-tale sign of this is incomplete or (not set) fields that show up in your report. Here’s an example.

    If you set the secondary dimension on your referral report to display the Hostname

    Screen Shot 08-22-15 at 01.35 AM

    You’ll see that for most of the referrers the Hostname is not set.

    Screen Shot 08-22-15 at 01.39 AM

    This is actually good news for us, because we can use these shortcuts to filter out the junk and get our reports showing us realistic results. So let’s do that and get rid of these things.

    There are two parts to this: First we will build in filters to prevent these results from showing up in our future reports, however they do not work retroactively so I’ll need to show you a strategy to allow you to strip the junk out of any reports you look at prior to us making this change.

    Step 1: Let’s build a couple of filters.

    In Google Analytics go to your admin section and select filters.

    Screen Shot 08-22-15 at 01.48 AM

    Click on the Screen Shot 08-22-15 at 01.49 AM button and enter the following information

    Filter Name:  Exclude common spam

    Filter Type: Custom

    In the Exclude section

    Filter Field: Campaign source

    Filter Pattern:  (Copy and paste the following) **Last updated 8/22/15**


    Screen Shot 08-22-15 at 02.01 AM

    Next we can see how this would effect our current results by clicking the “Verify this filter” link under the Filter Verification section

    Screen Shot 08-22-15 at 02.03 AM

    You should see something like this, showing you that if the filter was running today, it would have eliminated these referrers from the report.

    Screen Shot 08-22-15 at 02.05 AM

    That’s it for this one. Click save and check back here periodically for updates to the filter.

    Next we’ll build a filter that only allows results that include our Hostname. This will eliminate a majority of the ghost referrals.

    Once again create a new filter and fill it out as follows:

    Filter Name:  Only include hostname
    Filter Type: Custom
    *Go down and choose the “Include” radio button
    Filter Field:
    Filter Pattern: Insert your website here for this example it will be: www\.zdesigninc\.com|zdesigninc\.com
    **Notice that these filters must be written as regular expressions, which means that you have to escape special characters like the ‘.’ to do this you simply place a backslash in front of it. In this example I’m including two versions of the domain. I can add as many as I’d like as long as I separate them with a pipe character (|). 

    Screen Shot 08-22-15 at 02.18 AM

    Once again verify the filter and you should see something like this:

    Screen Shot 08-22-15 at 02.19 AM

    WHOA!!! That’s more like it. Look at all that garbage that will no longer be skewing our results. Make sure you save the filter and from this point on, your analytics reports will be much cleaner and you will have actionable data that provides real insights into your business’ web traffic.

    Step 2: Advanced filtering on existing reports

    Remember the new filters won’t effect our existing and historical reports, they will only be in effect on all reports going forward. Does this mean that you are out of luck when looking at past reports? Of course not! You’ll only need to apply some real time advanced filters that are similar to those that we just created. Let’s do that.

    First make sure that you add a secondary dimension of Hostname (just like we did earlier) on the report you want to view

    Screen Shot 08-22-15 at 01.35 AM Screen Shot 08-22-15 at 01.39 AM


    Next click on the advanced link on the upper right header (just below the graph).

    Screen Shot 08-22-15 at 02.30 AM


    Now we can add some filters. Let’s start with Hostname since it will have the greatest impact.

    Make sure that include is selected and in the Add Dimension box type Hostname.

    Select “Containing” from the dropdown list (it should be the default) and then type your domain name into the box. (This should be in a normal format… do not escape any characters and only add 1 domain per query.

    Screen Shot 08-22-15 at 02.37 AM

    If you hit apply here you’ll see that a large number of bad results have now been filtered out of the report, but you’ll likely have some stuff that still needs to be removed. Unfortunately I am unaware of an easy way to do this without doing them individually. (If you know a better way, please share)

    In my example I still have referrers like:,, etc that I don’t want to see. Here’s how to get rid of them. I’ll demonstrate success-seo which seems to be the biggest culprit at the moment

    Screen Shot 08-22-15 at 02.45 AM

    Go back up and click on the “edit” link that has replaced the “advanced” link in the top right header just beneath the graph. Your query should appear again, ready for more conditions.

    Screen Shot 08-22-15 at 02.48 AM

    Now click the “Add a dimension or metric” button. Then in the search box type “Source” and click the dimension to add it to the query.

    In the text box next to containing start typing the name of the source you want to remove and when it pops up in the results select it to add it to the query. In my example I started typing ” success” and came up so I added it. Next click EXCLUDE from the drop down on the left side.

    Screen Shot 08-22-15 at 02.55 AM

    Now if you click apply you should see the result has been filtered out.

    Screen Shot 08-22-15 at 02.56 AM

    VOILA!!!!! Simply do this for each of the results that you don’t want to see and you’ll have a report that more accurately represents the traffic you’re getting and where it is actually coming from. The good news is that with the filters we set earlier, you won’t have to do this on your reports going forward.

    Again I hope this was helpful. We also discussed different ways of adding the analytics script to your wordpress site, but this post was a little lengthy so I’ll summarize what we discussed on that topic in another post. As always if you have any questions or feedback, please leave them in the comments or reach out to me directly. You can find my contact info at I look forward to hearing your thoughts.

  2. Meetup Recap: 7/16/2015

    Let me start off by thanking you for bearing with me tonight in the absence of Ben and Andy. Hopefully you were able to take something helpful out of our discussions. For your reference, here are a couple of the things that we talked about along with some of the resources.

    Changing the table prefix in wp-config.php

    The question was posed as to how to change the table prefix from the default ‘wp_’ (after installation) and why it’s recommended?

    First we showed an example of what the prefix actually does, which is to change the default name of the tables that WordPress uses to store data for our website. There are 11 tables that are created when WordPress is installed; they are named wp_posts, wp_meta, wp_users, etc. We can change this by simply changing the table prefix property located in the wp-config.php file. A common practice is to append a random string onto the end of the default ‘wp_’. For example: ‘wp_rsxjs5_’ (Note: Don’t forget to add the trailing underscore after the random string.) When this is done WordPress will go through the installation process and create the tables: wp_rsxjs5_posts, wp_rsxjs5_meta, wp_rsxjs5_users, etc. (Note Squared???: rsxjs5 is only an example. Come up with your own random string!)

    So why is this important?

    The popularity of WordPress as a platform opens it up to a lot of attention from hackers who attempt to exploit flawed security. Although security is generally pretty good with WordPress, security flaws are occasionally identified within various plugins and themes. When this happens it may be possible for bots to attempt SQL injection into your database. This means that they can insert an admin user into the users table and then login and have their way with your site; including locking you out of your own site (Diabolical!). Adding the prefix can make this more difficult and less likely to happen.

    What if I didn’t change the table prefix when I installed WordPress, can I change it?

    The answer is yes, there are a number of ways that this can be accomplished. As we demonstrated in the Meetup, simply changing the name of the prefix in the wp-config file won’t accomplish that goal. Doing this will actually trigger a new install of WordPress and add the tables to your database, which will make the process much more difficult (DON’T DO THAT!).

    One way that you can change the table names is by using a database management tool like PHPMyAdmin. This option would require you to go into the database and explicitly change the name of tables by adding the prefix. You would then be able to go into your wp-config file and change the prefix to have your site work. Obviously this requires a certain level of skill and comfort with manipulating the database, which brings me to the much easier (and safer) second recommendation. You can install the iThemes Security plugin (formerly Better-WP-Security) and let it do the dirty work for you. With millions of downloads and more than 600,000 active installs, this free plugin is one of the most popular in the WordPress repository. The plugin will evaluate your site and identify this and other security vulnerabilities. It will then help you make the changes necessary to make your site more secure and help you sleep better at night. You can get the plugin here:

    I hope this helps. If you have any questions please feel free to contact me directly

    Other resources that we discussed were:


    Database Search and Replace Tool:


  3. 6-4 meetup notes

    Targeting April/May 2016 for next #WCBUF

    Pat wants to learn how to customize her WP Blog. We showed her how to make a sticky post.

    Ivory wants to back up his site. We tried the duplicator plugin, but it failed because he has huge mp3 files on his site, and his hosting provider doesn’t give him the resources. Wp-clone didn’t work either.  We showed him how to use soundcloud to host the audio files to save space.

    We looked at email signup plugins like and maintenance mode plugins like

    Ivory would like a list of “essential plugins” for your WP site. Thoughts? Post in comments below.

  4. 5-21-15 notes

    Discussed acquiring woocommerce. Scott demo’d a woocomerce site he’s building. Demo’d Gravity Forms/Woocommerce integration.

    Anne asked if we could ask questions somewhere-either here or We should discuss/integrate a discussion board maybe.

    Scott’s code for making custom shortcodes that show the last modified date:

    // ==============================================
    // ==============================================
    function cc_last_modified() {
    return 'Last updated: ' . get_the_modified_date() . '';
    add_shortcode('modified', 'cc_last_modified');
    And for responsive youtube videos:
    .video-container {
    position: relative;
    padding-bottom: 56.25%;
    padding-top: 30px; height: 0; overflow: hidden;
    .video-container iframe,
    .video-container object,
    .video-container embed {
    position: absolute;
    top: 0;
    left: 0;
    width: 100%;
    height: 100%;
    Starter theme is at
    For Bob: Hide the no comments message on your posts by copy/pasting this code into your style.css file:
  5. April developers meetup notes

    Connie is trying to make her site mobile-friendly. Trying to back-up, but can’t figure out how to back up site. Andy installed Jetpack and it now switches to a mobile-friendly version. Google now views her site as mobile friendly.

    We built starter-theme version 2 with more code! We started with starter-theme version 1. Andy will put it on bitbucket so we can version track it.

    Scott H. demo’d WP security. IThemes Security, Sucuri, and WordFence.

    Aaron mentioned Cloudflare.



  6. Ideas for WP101

    Next month: Witness the birth of a WordPress website.

    Ron will demo buying a domain name on GoDaddy and install WordPress on it.

    Andy will demo admin panel. Posts, pages.


  7. Notes from 2-19-2015

    • People are looking for help with purchased themes.
    • It’s too cold out.
    • The join our mailing list form is up.
    • Chip in with some $ on the meetup page.
  8. Notes from 1-15-15

    Bob started us off with best practices questions about User Accounts.
    1. Is it better to use a user name or email address for accounts? The answer was that it doesn’t really matter and depends on your organizations approach to user accounts. A suggestion was made for generic user names based on positions (webmaster, sales, etc) as a way to seamlessly manage change. The downside to that is authorship. If a generic approach is used the author loses the credit for the authorship.
    2. When creating a new user account, what level access should be provided? We looked at the five default roles WordPress provides in the Codex (Admin, Editor, Author, Contributor & Subscriber). WordPress provides five Roles with associated default Capabilities. Additional Roles and Capabilities can be defined as your website needs. Each organization uses a different approach to assigning roles. Many use a minimum capabilities approach for security reasons. Bob asked about giving team members who may not really need it admin access to provide a backup. That’s a fine backup plan, a recommendation was made to use a two-factor authentication (Google Authenticator) for additional security.

    Ron was excited to share his productivity boost from Here’s a description from their website-
    Emmet is a plugin for many popular text editors which greatly improves HTML & CSS workflow.

    Scott shared his template created with WP-Visual Composer and we looked at some questions. He uses MenuMakerPro for his menu layout and customization. Ben suggested searching for menu approaches.

    looked at pixlr – a free Photoshop-ish image editor

    Nick talked about the Google Places Reviews plugin included in his theme which adds his Google reviews on his homepage.

    Contact Forms: What are people using to add contact forms to their website -gravityforms($), contact forms 7, fast secure contact, ninja forms

    Someone commented about the WordPress community and we paid homage to #wpmom.

    Looked at website

    Looking for ideas for future meetups:

    • workflow
    • tools – editors/version control/deployment
    • Child theme development
    • WordPress SEO Plugins
    • Custom Post TYpes
    • Taxonomy
    • Framework comparison
    • getting schools/businesses involved
    • security plugins: wordfence, securi, ithemes

    We asked everyone to think about wrangling a segment at a Meetup.

    Talked about Meetup funding (ways to cover cost of

    • Provide ways for people to donate – Add a donation button to, bring a basket to the meeting and ask for donations
    • Add a donate button on WordCamp Buffalo signup

    A suggestion was made to change the meeting to 1st & 3rd or 2nd & 4th Thursdays to make it easier to plan.

  9. Meeting Notes 12-18-2014

    To start the meetup, we took a look at the SoakSoak Vulnerability, and the Slider plugin that was to blame for it. We talked about keeping your site up-to-date, knowing what plugins or built-in functions that a theme you’re using has, and some general security suggestions. Sucuri Security is a plugin that we agree is great to keep track of core files and malware.

    Dominic showed a really neat website built with WordPress to the group, All Grain. It has some impressive features and even if you aren’t a homebrewer, you’ll still enjoy the work that went into building it. You can see the developers information and a link to the slides from a presentation on his website; Gabriel Nagmay.

    Andy gave a brief demonstration of his workflow with Sass and Gulp.js and some of the functionality. We will be having a more in-depth discussion and full installation of using these two together at the next Designer/Developer meetup in 4 weeks.

  10. Notes from 10-23-14

    • Dave wanted to customize a custom post type layout. We looked his custom post type code and got it to put classes on the fields that could be controlled using css running only in the admin ala
    • Terry demonstrated using advanced custom fields with custom post types as an alternative to Dave’s process.
    • Scott showed some responsive sites built with html-blank theme, using megamenu pro and revolution slider.
    • He demo’d Visual Composer as a way to lay out your pages with a WYSIWYG approach.
    • Search and Replace DB2 is a good way to migrate your database-Terri
    • WordPress Duplicator is how Ben usually migrates sites.
    • We looked at several events/calendar plugins: and