Privacy and your WordPress sites

Last night our local WordPress Meetup group hosted a round-table on privacy issues and the implications of the new EU General Data Protection Regulation (GDPR) that comes into force on May 25, 2018.

I think all of us rapidly became aware of how little we know and how complex it is becoming!

As a brief summary, GDPR is legislation that aims to protect the privacy of all EU citizens. It is a system of principles, rights and obligation which everyone who has a website needs to be familiar with.

If you have a website at all, it is very likely that you need to make some changes to it to comply with the legislation.

If you fail to comply with GDPR, you could be fined for up to 20 million euros or 4% of your yearly turnover, whichever is higher.

Key principles

  • Personal Data must be processed lawfully, fairly and in a transparent manner in relation to the individual
  • You must be honest, be open about who you are and what you are going to do with the personal data you collect
  • personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes
  • personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed
  • personal data must be kept in a form which permits identification of individuals for no longer than is necessary for the purposes of the processing
  • personal data must be processed in a manner that ensures appropriate security of the data using appropriate technical or organisational measures

You may think that this doesn’t affect you or apply to your website. But if you ever ship or sell products to the EU or offer a digital service that’s used by EU-based customers, then it is likely that it will.

Examples of things to consider

  • You should already have a page that sets out your privacy policy on your website, but this in itself is not enough. Privacy information must be clear, concise and explicit.

Best practice suggests a ‘layered’ approach, with headings that can be expanded to provide more detailed information that is backed up by a dedicated Privacy Policy page.

Perhaps an even better alternative is clear pop-up notices whenever you are asking a user for personal information, explaining how this will be used and linking to further information. For example, if you collect an email address on a contact form, you might add an explicit message as to why you need this information and how you will use it, e.g. ‘to allow you to access your account and so that we may contact you with important information about any changes to your account’.

  • The default for any ‘opt in’ box must be un-ticked. Individuals must actively give consent.
  • If you use cookies, you will need users to opt in explicitly.
  • If you have pages, say on a blog, where people can comment, you will need to get their explicit permission to retain (store) a connection between their comments and their identity in the form of their email address.
  • If you are using analytics, there may be implications about what data you can legally collect and store.
  • If you are running an e-commerce store, you will need to be clear about what information you may legally hold. This gets complicated in that most countries require that you retain a copy of all invoices for a certain length of time. So you may find you have to delete copies of orders, but retain copies of invoices for the prescribed time, with an effective process for deletion when that time expires.

 

There is a great deal of good information available about GDPR and how to tackle compliance. Below are some links to resources we have found useful, including information about the work WordPress is doing to help users with compliance.

Links

Site Owner’s Guide to GDPR – a really excellent resource manual is available, whether or not you download the plugin it supports. (Codelight)

GDPR: How to write a Privacy Notice – Best Practices – very helpful article with some practical examples. (Hashed Out)

Worried about WordPress and GDPR? Start Here – a good starting point (Pagely)

GDPR Compliance Tools in WordPress – what WordPress is doing to support users with GDPR compliance. If you want to see a bit more of the background to this, you may want to look at Roadmap: tools for GDPR compliance

 

 

 

WP JSON API – how to extend it

Slides as presented at WordCamp Toronto, 2016

In this talk, I demonstrate how to use the WP JSON API to add your own end-point for a custom post type or add/change data being returned.

I walk you through example code that extends the API and show you how simple it can be and how few lines it takes once you get your head around it.

Learning Outcomes

  • expose a custom post type in the API
  • view the output of the API
  • send date to the API
  • save data sent to the API
  • return custom data to an API call

Matador Jobs Development Roadmap

Following on from our launch post about Matador Jobs, this post from our Matador Jobs site sets out our development roadmap for the months ahead.

Matador’s developer Jeremy discusses the short-term development goals for Matador Jobs and its extensions now that we’re officially launched.

Matador Job’s launch this month is the result 7 months of concentrated work by the Matador team as well as the culmination of nearly three and a half year of custom development on the Bullhorn platform by both developers. We feel we put important features into Matador at launch and are proud of our initial release, but we are enthusiastic about continuing development on the project and bringing even more features to Matador in the future. As we continue to nurture Matador post-launch, we have many goals for the future of the project, and we’d love to share our thoughts with you all.

Get To Know Matador

Please note, projecting timelines for software development is an imperfect art. This is a statement of goals, not a promise of delivery. Timelines will shift forward or backward, and features may or may not make it into a specific release. Until we formally announce a release, the following are just goals, not promises.

Everyday: Bug Fixes and Documentation

While we’ve launched what we believe is the best, most stable, most fully-featured WordPress and Bullhorn integration, it will only take a handful of you getting it out in the real world to exceed the sum of all our tests over the last seven months. An always-present goal of ours will be to ensure Matador works the best it can, so if you find a big, we are committed to fixing them as fast as possible. If you find something not working right, file a support request as soon as you can.

Matador Documentation

Also, Matador is built to be customizable and extensible, but right now, our documentation is sparse on those details. A goal of ours now and moving forward is to always be improving our documentation. You can help us do this by asking lots of questions and even submitted Github gists to our team for examples. Got a question? File a support request.

Near Future: Easier Extensions

Matador Jobs Pro plans include access to our Pro Extensions, but its not exactly easy to get them and install them right now. Our biggest development goal beyond bug fixes at this time is making finding and installing extensions easier for our Matador Jobs Pro clients.

2-4 Months from Now: GDPR Compliance and GDPR Extension

The European Union’s upcoming implementation of GDPR (the General Data Protection Regulation) will put important rules in place on site operators that store customer information. We want to make sure that your use of Matador in the EU is compliant.

As it stands now, Matador Jobs Lite (free on the WordPress.org plugin repo) does not store information about site visitors, and therefore will already be GDPR compliant.

When you upgrade to Matador Jobs Premium or Pro, an option can be set to store applicant data locally, which is recommended to enable for faster application processing and data duplication, but thus qualifies as stored data covered by the GDPR. In order for our Premium and Pro users to be compliant with GDPR while using that setting, we add some features that will need to be enabled in the settings screen. This will be completed ahead of the May 25th deadline and provided in a regular update to all active subscriptions.

Further, we are developing a new Pro Extension that will use the Bullhorn API to help your company become GDRP-compliant when it comes to data it is storing on Bullhorn about clients. We are working with our European users to develop this tool and don’t have a lot of details to share at this time. Our goal is to also have this available by the May 25th deadline and downloadable by all Matador Jobs Pro subscribers.

3-6 Months from Now: WordPress “Gutenberg” Editor Support and Job/Applicant User Interface

WordPress is working on a major update that will include the code-named “project Gutenberg” changes to the post editor. It is a pretty awesome project that will make writing and editing content on your WordPress site more streamlined and intuitive. If you’re a current user of Matador, you’ll note that our Job Listing and Applicant admin areas are somewhat boring, and we agree, but we purposely decided to wait to flesh it out until we have more clarity on the “Gutenberg” project. As WordPress gets closer to its next major release that will include “Gutenberg”, our admin user interface for Job Listings and Applicants will improve to not only be easier to use and more intuitive, but also support the new “Gutenberg” features. These changes will be for all Matador Jobs users, including Lite users.

4-8 Months from Now: Recruiter Support (Pro Extension)

A common feature request from past clients of our custom Bullhorn integrations is recruiter support. We understand that some candidates develop rapport with specific recruiters (especially in higher-turnover industries) and like to follow their recruiter’s offering, while some Bullhorn companies are heavily segmented by recruiter and want their site to sort and display jobs with more emphasis on the recruiter. The need to have recruiter-related features in a Matador-powered site is something some of our users really want or need. Those users, provided they are Matador Jobs Pro subscribers, can look forward to a new Recruiter-related Pro Extension sometime later this year. If you’re one of those firms that need these futures and are already a Pro Subscriber, file a support request asking to be added to the Recruiter Support beta test when we open it up.

To Infinity and Beyond

Beyond those four goals, we have a long list of more things we plan to add to Matador either as a Pro Add-ons or included in the core packages, including easier to customize forms, integrations with other job-seeking tools like LinkedIn and Indeed, and more. We will do our best to keep the pace of Matador moving at breakneck speed, but you can help speed up that pace in several ways:

  • Talk to us. We value your input. Whether coming to us as user feedback or as a feature request, we listen, and will ultimately shape our development goals around our users’ needs; after all, that is why we made Matador in the first place.
  • Subscribe to Matador Jobs Premium, especially if you’re a user of Matador Jobs Lite. Matador Jobs is a project of two full-time WordPress developers, but until we have many subscribing users, it won’t fully replace our regular work. In the meanwhile, we’ll divide our time between Matador and other client work. The more people who sign up for Premium and Pro, the more time we’ll be able to focus on Matador, speeding up its development for all.
  • Sponsor Development of a feature or add-on. If your company needs something that isn’t included yet in Matador or something we plan to do but not right away, file a support ticket and explain that you can’t wait. If we feel your requested feature is something that belongs in Matador or available as an extension, we may make arrangements for you to “sponsor” the development at a reduced custom-development cost and move it to front of the line. Requests that don’t fit the long-term development goals of Matador will be subject to the full custom development and integration service.

Announcing the release of Matador Jobs 3.0 for Bullhorn CRM

For the last seven months or so I’ve been working with a colleague on developing the Matador Jobs plugin. It’s finally here!  Below is our release announcement from the Matador site. 

 

Introducing Matador Jobs, the new family of plugins for WordPress to integrate your website with the Bullhorn CRM.

After seven long months of development, hours of testing, one too many emails telling our eagerly awaiting customers “soon”, many long days, early mornings, and late nights, we are excited to finally announce and introduce Matador Jobs. This is the first major release of the new Matador Jobs family of plugins, and we’d love to get you acquainted!

What is Matador Jobs?

Matador is a premium WordPress plugin that connects and integrates your businesses’ marketing website with the power of your Bullhorn CRM subscription. If you’re here, you are likely already a Bullhorn customer, or a developer working for one.

When you install Matador, you will be prompted to use REST-API credentials to connect your website to Bullhorn. After a few settings tweaks, your website will reach out to Bullhorn and gather all the information about the jobs your firm is currently hiring for. It will make a local copy of the job data and then build a page on your website for every job, optimized for SEO and Google Jobs Search that loads incredibly fast. It will then regularly check your Bullhorn account about every half hour for changes to the jobs, and update your site if needed, so you only need to manage your jobs in one place: on Bullhorn.

Matador Jobs - Job Listings Screenshot

Each job also has an application form, either on the job page at the bottom or as its own application page. This form is fully customizable with 14 different fields, including a resume and a cover letter. When an applicant visits your site and finds a job they’d like to apply for, they can do it directly from that page. They are sent a confirmation email, your recruiter is sent a heads-up email, and their information is transmitted directly to Bullhorn to create a candidate record and add them as a new lead or applicant for the job they were interested in. This application data is also saved on your website, for both reference and in case something goes wrong, and if something does go wrong, Matador will retry at a later time. When an applicant provides a resume, Matador will send the resume into Bullhorn’s resume processor and build their candidate profile on Bullhorn with that processed data.

But Other Plugins Claim to Do That, Why Matador?

What makes Matador so good at what it does is that its developers have spent a combined 7 years developing for Bullhorn and we’ve figured out how to address all of the challenges our colleagues haven’t. We’ve seen almost everything that can go wrong, and we’ve tried to include failsafes for as many problems as possible. Two of those big issues are: its very hard to connect a site to Bullhorn and it disconnects often. To address these issues specifically, we built a user-friendly “Connection Assistant” tool and a behind-the-scenes connection recovery tool that successfully recovers from a disconnect up to 80% of the time without user intervention required.

Matador Jobs - Bullhorn API Credentials Screenshot

I’m a User of the Old Plugin, What Happens to Me?

One of Matador’s developers offered a free plugin on the WordPress plugin repository called Bullhorn Staffing and Recruitment Job Listing and CV/Resume Uploader for WordPress for the last few years which Matador Jobs Lite will be replacing. If you were a user of the that plugin, have no fear! When we finish our release, your website will upgrade the old plugin to Matador Jobs Lite and all features you once counted on will still be available to you as well as some great new ones.

So Why Should I Upgrade?

Five reasons: Application Processing, Connection Recovery, Support, Regular Updates, and Extensibility.

A premium version of Matador will be required to receive and process applications from candidates on new installs. Not only does Matador Jobs include application processing, but it includes tools that prevent duplicate candidate submissions, allow single candidate records to apply to multiple jobs, parses and processing resumes into candidate data points, and accepts applications in fewer than 1 second on average via our smart local caching of candidate data.

Matador Jobs - Applications Screenshot

As mentioned earlier, the connection recovery tool is our answer to one of the huge problems when working with Bullhorn. In our years of writing WordPress plugins for Bullhorn users, we found that Bullhorn API connections can be broken somewhat regularly. In the past, our solutions was to email the site administrator to ask them to repair the connection manually, but that required someone intervene every time. Matador Jobs premium includes Connection Recovery, an automatic process that detects disconnections and attempts to reconnect before requesting administrator intervention.

When the old plugin was released, it was released “as-is”. It wasn’t yet fully realized and definitely required an advanced-to-expert level of knowledge of WordPress and Bullhorn to install and configure. The problem is that many of the people who installed the plugin were not developers, so many users reached out to us for support that we couldn’t offer. Not only do all users benefit from the easier to use and configure features of Matador, but our premium users will get access to around-the-clock email support from the people who build Matador day in and day out.

The old plugin only got updates when one of our users offered to sponsor development costs. This meant some users would get frustrated waiting for updates that weren’t coming. Premium offerings will help ensure regular bug fixes and new features, and we’ll deliver those automatically to your site.

Finally, another thing we learned in years of offering and occasionally supporting the old plugin is that everyone who uses Bullhorn uses it in a different way, and we needed to offer a solution that is customizable, configurable, and extensible. While Matador Jobs is the spiritual successor to the old plugin, it is nothing like its predecessor. When we built Matador, we started from scratch, both to create the most stable, most reliable solution available, but also to create an extensible solution. We put hundreds of filters and hooks into the plugin, and we are launching with 7 extensions that add optional features available only to premium subscribers.

So I’m Sold. What Version Should I Get?

Matador Jobs Pro is available as an annual subscription and includes updates and support and all the pro features. It is ideal for smaller firms who don’t need access to our extensions and add-ons. Pro Plus is available as both a one-time lifetime purchase or as an annual subscription and includes all of the Pro features plus access to any or all current and future extensions and add-ons that help you make your Matador experience even more tailored to your business needs.

Why is this version 3.0? What happened to 1 and 2?

In a way, this is the 1.0 version of Matador because it is a completely new plugin, but as we explained before, Matador is the spiritual successor to the old plugin. The final version of that plugin was version 2.5 and so we are releasing Matador Jobs at version 3.0 to ensure existing users of the old plugin can enjoy the automatic upgrade path.

Shout-Out and Thanks to Our Awesome Supporters

Let us take a minute to shout-out to and thank the people who made this possible! Jeremy and Paul, the co-developers of Matador Jobs, couldn’t’ve made Matador without the loving support of our wonderful better halves, Cyril and Gina. While we’ve both had mentors in our careers as developers, one that has been an incredible mentor in many facets of the development of Matador is Chris Klosowski, who embodies the spirit of the WordPress community in every way. We also owe thanks to several of our clients, including Kelly, Tim, Lisa, Lee, and others for being supportive during the development and helping us test our early work. Thank you all!

 

 

WordTechCon! Toronto 2018

WordTechCon

I’m delighted that WordTechCon has just announced that I will be speaking at their conference in Toronto, on May 4 2018.

WordTechCon describes itself as “a new premium conference that will allow WordPress Theme and Plugin Developers as well as hosting services to learn from industry leaders at a relaxed pace in a wonderful location”.

I will be be speaking on a pretty fundamental issue for all coders;

How can I know I am writing secure WordPress code?

Systematic Holistic Speed

Slides as presented at WordCamp Toronto, 2015

We all have created the odd WordPress site that has turned out to be fast but how do we do this each and every time?

In this talk I explore some of the techniques and choices that will make your site feel fast and also talk about how to automate / streamline your development process so that you can do this each and every time, no matter how rushed you are.

Learning Outcomes:

  • Understand what slows code down.
  • Realise how an SQL calls slow the site.
  • Understand that perceived speed can be more important than real speed.
  • Learn how to automate deployment.
  • Discover that it’s the small items that count.
  • Know what caching is, know how cache works in WordPress.
  • Understand the problems that caching causes and how to work around them.

Fitt’s law

I discovered Fitt’s law back in 2011. It states that:

The farther you are and the smaller the target, the longer it takes to move the cursor and point at said target.

Tom Stafford said it best:

“Although the basic message is obvious (big things are easier to select) it is the precise mathematical characterization that is exciting, and that this characterization includes a logarithmic function – which means that the shape of the relationship between size and reaction time is curved so that small increases in size for small objects make it much easier to select them (whereas small increases in size for big objects don’t make that much difference). And the same applies for changes in target distance.”

Size and selection times: Fitts’s Law

 

or in maths speak    MT = a + b log2(2A/W)

I first came across this rule in the this post, The Opposite of Fitts’ Law by Jeff Atwood:

Unintended ejection seat lever consequences
Unintended ejection seat lever consequences

Jeff talks about not putting the the “Delete Forever” button too close to the “Save” button . . . just like you wouldn’t want to put the ejector seat switch next to the radio!

Here’s another good article on Fitts’s Law: Vizualizing Fitt’s Law

 

WCUS – passion, democratization, accessibility, community

It was almost with trepidation that we took off for  WCUS in Philadelphia at the end of November 2016. In the wake of the Trump election victory, even before his inauguration and what followed, US travel already seemed somehow less appealing.

Justice, equality and freedom of the press

The Liberty BellIn the event, I am really glad that we were there in that moment. It was a reminder of so much that is good in America. To stand beside the Liberty Bell was particularly poignant. To read of past success in the struggle against injustice and inequality was a heartening reminder that there always have been and still are many who will fight for the best of what it is to be human.

We had a day together in which to explore. The Liberty Bell was a ‘must see’. Benjamin Franklin’s printing press resonated well with our attendance at WCUS. After all, WordPress specifically seeks to democratize publishing. Franklin’s grandson’s statement on the freedom of the press is as relevant now as it as ever been.

His Press Shall be Free

WCUS itself was a fascinating experience for someone who functions at the edge of the WordPress community. What stays with me is the depth of commitment to making WordPress accessible to all. In 2016 there were 115 WordCamps in 41 countries, with close to 90% of the costs (though not the travel) covered by sponsors.

WordPress is available in 50 languages and there is a strong push for internationalization and accessibility. All this exists in the context of a code-base  written by volunteers (Paul has ‘core commits’ in a number of WordPress releases).

The third day of the conference was ‘Contributor Day’. Hundreds of people gave a full day of their time to coding, bug fix, testing, review, documentation, translation and more. In five years, the WordPress market share has grown from 13% to 27% of the web and this effort is what underpins it. What a fantastic model for social co-operation!

While Paul focused on the more technical sessions and networking, I tapped into the wider content. Topics included ‘Version Control Your Life’, ‘Five Newsroom Tips for Better Website Content’, ‘Care and Feeding of Your Passion’, as well as a really helpful session on releasing a WordPress product.

‘Darth Vader wins over Yoda every time!’

Perhaps most pertinent to world events was a great talk on ‘The Dark Side of Democratization’. It seems that content that elicits emotional response is what goes viral, particularly if it arouses anger (hence the headline quote!). Therefore we all need to cultivate an ability to evaluate both our emotional response to content and the ‘facts’ in a post-truth world. An interesting suggestion was the importance of monitoring ‘news’ from sources that reflect the people who don’t think like you, engaging with understanding and tolerance, not judgement.

You can find’ the full 40 min session at https://dennis.blog/democratization/,  together with a great set of resource links including fact checkers.

Partying with dinosaurs

WCUS - partying with dinosaurs at the Academy of Natural Sciences

The ‘corridor stream’ is always a key element of any WordCamp and the after-party is a fun extension of this. In this case, we partied with dinosaurs at the Academy of Natural Sciences, making some useful contacts while were were about it!

 

(This review of WCUS 2016 was originally published as part of a longer article on Gina’s personal blog.)