Blog

A Cookie is a small piece of data that websites store in your browser so they can remember previous activities.  My plugin, Contact Form 7 Multi-Step Forms use cookies to store form data when going from one form to another.  Each form can know a previously submitted form’s data by looking at these stored cookies.  On the last step of a multi-step form, the cookies are read and an email with that data is sent.  On normal use this is ok, but what is normal?

Some users experienced missing data when the email was sent.  Random fields were not included in the email.  After much research, I concluded this must be due to the size limitation of a cookie.  Browsers generally limit the size of a cookie to 4,093 bytes which is roughly 4,000 english characters, which is roughly one typed page double-spaced.  So it’s kind of a lot.  However, some websites do require large multi-step forms.  For those websites I’d recommend going with a different plugin called Formidable Pro.  It has helped me tremendously doing an online application.

If you still would like to use Contact Form 7 Multi-Step Forms, lucky you, there’s now a Pro version available.  Contact Form 7 Multi-Step Forms Pro uses Session Storage which can hold 5 MB of data.  That’s about 1,000 times more than a cookie (or 1,000 pages double-spaced)!  It works similarly to the free version except that it will work on large forms.

An application form can span multiple pages on paper.  It has things like personal information, education history, employment history, reasons why you want the job, reasons why you left your job, and achievements.  This form can get pretty long and on a website it isn’t ideal to have all this on one page.  I have done a multi-step form plugin, but this form would require saving the entry to the database.

If only there was an easy to use, affordable plugin that offered multi-step forms spanning multiple pages, saved the entry, conditionally showed and hid other fields based on the user’s responses, and sent an email at the end.  Oh wait there is…  Formidable Pro.  With this plugin I could drag and drop fields and create a simple multi-step application form within minutes.

The employment history section needed to dynamically add sections so the applicant could add as many or as little employment experience as they needed.  This could be achieved by repeating sections now, but at the time this feature was not available yet.  Instead I conditionally hid about 7 or so employment sections and whenever the add button was pressed I incremented a counter and conditionally showed another section.

Another issue with the form was collecting the social security number.  This needed to be encrypted and kept safe as much as possible.  With the hooks provided by Formidable it was fairly straight forward to intercept the SSN and encrypt it before it was saved to the database.  Now we needed to limit viewing of that SSN.  Whenever the form was viewed online you wouldn’t want the SSN showing and also you wouldn’t want that long string of garbage characters from the encryption showing.  So, again, using hooks provided by Formidable and help from their awesome support, I could intercept what would be shown and replace it with “***-**-****”.

It would be nice if the applicant’s data could be downloaded as a PDF and viewed like a normal paper-form.  At the time of developing this, again, Formidable did not have too many options that I liked, so I made my own.  Using domPDF and Formidable’s views I got the data to download as a PDF.  Formidable has these “views” where you can display your form any way you want.  But I needed to know if the view was being used for the PDF vs just online viewing.   Within the PDF would be the only time the SSN would show in its true form.  Formidable’s support forums was a lifesaver figuring this one out.  Once downloaded the form was scheduled to be deleted in 24 hours as an extra precaution.

The last issue was uploading the Resume.  While this is built into Formidable and the upload was as simple as dragging a control onto the form in the Form Builder, WordPress naturally does not protect uploads.  Luckily I had made another plugin to protect the WP-Content folder.  All I had to do was activate and set this.

This application form was quite the task and I seriously would have taken double or triple the time if it wasn’t for the Formidable Pro support team.  I have tried competing form plugins and they are nowhere near as helpful and their code is a mess.  In contrast, the Formidable team provided priceless help and support while maintaining beautiful code.

I had a small client where they had half a theme completed and needed another developer to complete and launch their site.  I was given instructions on logging into a Linux server where I would have to set up cPanel, MySQL, PHP, etc.  Server setup is not my specialty so I recommended we move to GoDaddy.  (At the time I was still using GoDaddy’s shared hosting services because it was an affordable solution for my smaller clients.  Their servers “just worked” without needing any server modifications.)

I got a huge backlash from both the client and former developer (who was still managing their server).  Rightly so as they were on Amazon Web Services (AWS).  The problem I had was if I were to take over the project I would have to setup and manage the server.  These tasks are very different from my main focus of developing WordPress themes and plugins.  Anyway we got it sorted out;  The former developer set up the server and he would maintain it.  All was fine and dandy.

A few times before launch the server went down with some “Error establishing a database connection”.  The former developer would just restart the server and we’d be up and running again.  He said he would look into the problem.  After launching the site every few months I’d get an email from the client saying “the website is down!”.  For a full year I’d get these emails and I’d forward them to the former developer.  Finally, the former developer responded by saying he’s no longer associated with the project.  The server was restarted, but that would be the last time.  Enter WPEngine.

I usually would not recommend a smaller client like this to go on WPEngine as it is costly, but the client’s opinion about GoDaddy and shared hosting in general had not changed.  So my second job for this client was to move the site from AWS to WPEngine.  In personal interest I took a screenshot of the Google Page Speed score of the site on AWS before moving it and on WPEngine after moving it.

I’m not sure why or how an AWS server would get a “Reduce Server response time” flag, but it just goes to show even a good host can be set up incorrectly.  AWS is a very speedy and reliable hosting service if you know what you’re doing.  The problem is if you need to set everything up yourself.  And if you run into any problems, you need to fix it yourself.  Even if you set up a server correctly there may still be things you can do to optimize it for specific CMS’ like WordPress.

Update:  This change in page speed is actually very common among clients I move from shared hosting and dedicated servers alike.  WPEngine just has their servers optimized to serve WordPress as fast as possible.

A client had an existing website and came to us wanting a redesign.  However, in the early stages of the project the client’s existing website was hacked.  I don’t recall what host they were with, but they wanted something to provide more security than what they had.

I needed to find a “secure” host.  Of course that would be all hosts since they all say their servers are secure.  And no host is 100% secure.  So I chose by reputation and what the host stated on their website.  WPEngine at the time stated the following about their security:

• Daily Backups
• WordPress security updates (this was before WordPress 3.7 when automatic updates were introduced)
• Malware Scanning
• Firewall
• If your site is hacked, we’ll fixed it for free

What got me was the last statement, which granted, was pretty vague, but caught my eye and would please the client.  And also the WordPress security updates was a plus too.  In a time when most WordPress installs weren’t updated automatically, this was a pretty important feature.  Besides all this, it was comforting that WPEngine was backed by Automattic, the company supporting WordPress.

Like I said before, any hosting company can claim they have secure servers.  WPEngine is the first hosting company I’ve been with that has convinced me of it.  They continuously blog about how they implement their security and explain why they do it.

• Secure WordPress Hosting on WPEngine
• WPEngine’s Security Environment
• The Detailed Story of our New Security System

Plugins are often the cause of why WordPress installations are hacked.  WPEngine stays on top of the latest news in the community and will notify you of any critical fixes so you can update any plugin you are using.  This is crazy good!  It’s like subscribing to a newsletter but only receiving the emails that pertain to you.

So this post pretty much turned into a WPEngine promotion… Not much more to say about the client’s website.  After moving to WPEngine, the site hasn’t been hacked again.  so far…

Disclaimer:  I’ve become such a fan of WPEngine that I signed up for the affiliate program and thus have affiliate links on this page and throughout my website.