Doing Web Stuff

Hello world! It’s been a while since I’ve posted. I’m currently working on my portfolio site. I haven’t had a whole lot of time available to focus on it over the past year, but now I do. In the mean time please check out what I’ve been keeping up with on Facebook:

And look at my most recent work on LinkedIn:

I’m Redoing my Portfolio Site

My portfolio site is down as I redo it to show my new skills, so I’m redirecting you to my humble blog. If you want to see what I can do and the quality of some of my work, please refer to the links in the side navigation here. Also feel free to poke around on my DeviantArt, where I put all sorts of stuff I’m working on, from digital painting, photography, logo design, game design; really whatever I feel like getting into at the time.

Also check out this site I launched last week with Arnolds Office Furniture!

Another way to keep up with me is through social media. Find me on:


Arnolds Office Furniture is Launched!

Today we finally launched the site we’ve been working on for months! With direction from the owners and our Marketing Director, and collaboration between us, I designed and developed this eCommerce WordPress site. It is the first major site I launched completely on my own.

Check it out at:

Arnolds Office Furniture

I Learned a lot!

I dove into the deep end of WordPress, the WordPress Codex, plugins, themes and PHP. I had experience with WordPress before but not this extensive. We started with a fresh WordPress install, and we purchased the Shopifiq theme. From there I modified, created, styled and fabricated designs in order to make this site unique.

There were a few scares, our dev site was hacked! I learned a lot about WordPress and server security the hard way. Word to the wise, run a malware scan on your server at least once a week.

Mega Menu

mega menu

Check out this sweet drop down mega menu! What baffled me about this part of development was learning when to resort to PHP or when to resort to good ‘ol CSS. Since this is my first time really immersed in PHP, I had to learn when to dynamically pull info versus when setting a style was appropriate. I found for the first time in my dev knowledge a way to balance this. I still have a lot to learn about the power of PHP, but this was definitely eye opening.


Photographs of Arnolds Workers

One of the most fun things I got to do during this whole process was take pictures of team members. Here is a screenshot of the refurbishing page: Refurbishing. I was rusty with a camera but I think I got some nice shots. I also took the images into Photoshop to brighten them up and enhance them. This has inspired me to start saving up for a camera of my own.

The Dreaded Quote Form

Request a Quote

Quote forms are always difficult to nail down. You want the user to fill it out and provide quality information, but you don’t want to make the form so long that no one takes the time to fill it out. Check out Arnolds’ Quote Form. I think the Marketing Director and myself came up with a pretty good solution. We have some information optional, and hidden by default. It’s clear that there is more info to be filled out but the user has to click to expand it. That way the form doesn’t look so long that people just skip it.

All in all, I think the site is a success. We will continue tracking, tweaking, rethinking and testing so it is always a work i progress. But for my first major site launch outside of a team, I’m very excited with it.

The Ghosts of Internet Past: Things that were cool when I was 12

I don’t know what motivated me to check, but I just had to look and see if this website I made when I was 12/13 years old was still alive. I made it on, sitting at home on my awful shoebox of a computer. I would sign into AOL and wait for the dial up modem to connect. If for some reason someone was trying to call my house at the same time I was trying to get online, I would get booted off. I was dabbling in HTML at that age. For some perspective I’m 27 at the time of this post. I didn’t have Photoshop, (I didn’t even know what it was at the time) so I was in MS Paint instead, and I didn’t know any web ethics or design best practices so my sites were disgusting. But they were also hilarious. Check out this site I made when I was 13. I fearlessly allow you to see this mess and mock me. Go on, I can take it.

The Demented Playhouse

Ridiculous site from the 1990's early 2000's

OK, just by the name I think you get the idea just how terrible this site actually is. My cousin Matt and I were inseparable at the time and he’s the one hanging himself with the leis. I had dripping blood gifs, a JavaScript drop down menu that changed the site’s background to puke worthy colors, and I had a page dedicated to dolls I made. Do you remember dolls?! Some of their clothes I took from Hot Topic’s website at the time. I was a mall goth. These things happen.

Do you remember dolls were a thing?

Apparently I won awards for the site? At the time I was flattered but looking back I have no idea what these were awarding. I think they were just a way for other sites to get me to link to their site. I’m sorry CoolDog, I don’t remember who you were.


But enough about me, let’s look at other digital artifacts.

I used to frequent this site for graphics. How is it still up? It’s glorious.

Super old graphics online

Click on the image to check out the site

Also check out their Midi page: ( the midi “Darkangel” used to be one of my favorite songs and to this day I can’t figure out what it’s from. Do you know? Please tell me!

Geocities closed in 2009

So all Geocities sites Rick Roll you in the face:

Catch the fuzzy

This horrible horrible Tripod site has you click on a stupid gif and tells you that you missed somehow. I CLICKED RIGHT ON IT.

Angel’s Doorway Bubble Magic

Some sort of magical new age, bubble color reading that obviously hasn’t been updated since 1995. Somehow their copyright goes from 1995-2014 though.

The Third Eye Chakra

The blues on this site hurt my sensitive two eyes. If I had a third eye my head might explode.

Name that candy bar

Want to look at unappetizing pictures of your favorite candy bars and guess which ones are which?

5 Great Places to Learn Front-End Development for Free Online

Whether you’re looking to develop a new skill set or to enhance your current programming chops, here are some great places to get started for free. These free online courses and resources cover HTML, CSS, JavaScript, APIs and other Front-End Development code and tools. Enjoy!

1. MDN – Mozilla Developer Network

Shared knowledge for the Open Web

2. Codeacademy

Learn to code interactively, for free.

3. tuts+

Free online Web Dev tutorials

4. Codecombat

Learn to code by playing a game

5. Sitepoint

Sharing Our Passion for Building Incredible Internet Things

WordPress and Hacking: How to fix and prevent a hack – Part 2

If your site is hacked, here's how to fix it

In my previous post on this topic, WordPress and Hacking: How to fix and prevent a hack – Part 1, I talk about how to prevent a WordPress hack. If your site has been hacked, please refer to that post and make sure those things are in place. Because what’s the point of fixing your site if it’s just going to get hacked again?

This is a list of things I had to do personally to get my site back to 100%. This is just my limited experience dealing with one site. There may be a better way, and your situation may be unique and not covered by the scope of this post. Regardless I hope you find this helpful.

1. Determine if the site was hacked in the first place.

Say you come in to work one day like I did, you got your coffee and you get settled in. You open your site to see a blank screen. WUT?! You panic, like I did. The first thing I did was contact anyone and everyone who might have accidentally fiddled with the site when I was away from it. No one had tampered with it, and I know I was the last to touch any php files. Something was wrong.

Here is a screenshot of what the hack code looked like in my PHP files:

Malicious code in a PHP file

Click to Enlarge

The WordPress Codex has a very helpful Hack FAQ here: However, I didn’t look through this list. I was on the phone with my hosting provider immediately. They were the ones who knew right away that it was a hack. If you suspect a hack, I highly recommend calling them and running your own malware scan. I recommend Sucuri. It’s free, and will list out the files that you need to replace.

Your hosting provider will most likely have better scanners, though. If you’re willing to shell out the extra cash for a more in depth site scan, go for it, can’t hurt! But when you’re on a budget like I am, if you can get a quality service for free, you should take advantage of it. Our site is currently hosted at Nexcess, and their support emailed me a list of every single file that was infected. It was a lot. The support person I was dealing with was able to tell immediately by looking at the code. It was a long string on random numbers and letters at the top of my PHP files.

2. It’s time to scrub.

Look for weird variables and code in your PHP files. Hackers may not have made their hack so obvious, and planted hidden code in your files. This will cause the infection to just repopulate. Some examples are:

  • The eval( ) command
  • base64_decode( )
  • k1b0rg

Here is a great article on scrubbing your site after a hack:

There’s no real short cut for this. You have to visually scan the infected files and remove anything suspect. For good measure I checked files the scanner didn’t even red flag, but I’m not sure you need to go as far as I did.

3. Make sure your other sites weren’t compromised.

Every time I did a clean up, the malicious code would come right back the next day. It was getting extremely frustrating. My company purchased the Sucuri Pro plan and they would remove the malware only for it to repopulate. It turned out that the other sites on our server were infected also, and since we only purchased Sucuri for our one site, they were not scrubbing the others. They eventually did do this as a courtesy to us, and provided a great link on how website Cross Contamination is a problem:

4. Do your research.

For my lack of knowledge on this subject, I would like to compensate by providing great resources/articles I’ve come across that have a lot of advice to offer I may not have covered here.

WordPress and Hacking: How to fix and prevent a hack – Part 1

Keeping your WordPress site Secure

This past Friday I came into work at my day job to find the dev site I had been working on for about two months was completely down. A novice at WordPress and especially PHP, I did not set up my WordPress site the way I should have. Since WordPress is such a popular CMS, it is the target of many hackers. Especially eCommerce sites, where customers are bound to enter sensitive personal information at some point in their visit.

Before I even started, I should have made sure a few preventative measures were put in place. Hindsight is always 20/20, and this has certainly been a learning experience! This is certainly case of “the best offense is a good defense.” Set up a good defense system, make your site secure, and you will not have to worry about cleaning up the mess (like I had to do.) First I will start with the preventative measures you should take as a developer, and then I will get in to what I had to do to clean my site of all malware.

1. Look into how WordPress friendly your hosting service is.

WordPress itself recommends Bluehost, DreamHost and Laughing Squid. Check out the documentation here: Though not personally experienced with WPengine, I have worked with people who swear by it. They say they have never had a client hacked on that platform.

That isn’t to say you have to use any of those providers. They are just a few suggestions. Your current provider may be WordPress friendly. Reach out to their sales or support and ask them about how easy it is to install WordPress on their platform, and what preventative security measures they have in place. As a developer it is mainly your responsibility to lock down your site, but it is nice to know your hosting provider has your back. They should save a back up copy of your site files every day, so if the worst case scenario happens, they can revert to an older version of the site, one before the malware took it’s course.

2. When setting up your WordPress CMS, do not use the username “admin”

The username “admin” is the default setting in WordPress, and few bother to change it. That is why it is so often the target of hackers and their malicious bot minions. Create a unique username along with a strong password.

Once created, in your admin settings, create a limit on how many failed login attempts you’re allowed. Hackers create bots that will try to login as many times as they are allowed to try, which could be infinite if you don’t set a limit. They will try and try again until they crack your password without even lifting a finger themselves.

3. Install some plugins that prevent attacks, and scan for malware.

Wordfence is one of the most widely used and highly rated security plugins out there. It’s completely free and will not only prevent infections, it also secures your site.

Sucuri will run scans for you and provide detailed audits, as well as send you notifications. Download both Word Fence and Sucuri for extra security umph.

4. Put Captcha on all of your forms.

This is important. A lot of business owners/marketing professionals seem really opposed to this in my experience, because it’s so hard to get a user to fill out a form in the first place, why make it harder? They fear this will effect leads. I won’t get into the anatomy of forms and leads here, but I will say that captcha is a very effective security measure.

Bots will autofill text fields with malicious code and submit forms over and over and over again until they crack into your site. There are a few ways to verify whether or not an actual human is submitting the form, here are a few options:

  • Traditional Captcha – you know, the annoying “type what you see here” and it’s a bunch of squiggly letters.
  • Timed submission – Force users to wait 10 seconds to be able to submit a form. This allows enough time for them to type out/select their responses, but a bot will not be able to submit instantly.
  • Simple math equations – Ask a user to supply the answer to something like 8 – 2 = ?

4. Update all of your themes and plugins when updates are available.

Make sure you create custom templates, do not override your template files with custom code. This will ensure that the themes and plugins are update proof. If you create a “custom.css” instead of adding your styles to your themes main “style.css” for example, the next time you install your theme’s update you won’t lose all of your CSS!

Keeping your WordPress version, themes and plugins is important. The new releases and versions not only fix bugs and styles, they also add in new security measures to keep the hackers at bay. The developers may have found a vulnerability they needed to patch up, and included the fix in their new release. Do not skip this step!

Next: Part 2 of WordPress and Hacking: How to fix and prevent a hack