Articles

Insights to the world of content management.

Chrome browsers
29 August 2024

Critical Update for a Blitz Blunder

Sites on which Blitz was installed between the 7th of April and the 26th of August 2024 sent incorrect Cache-Control headers that could cause pages to be stored in a visitor’s local browser cache. Keep reading for the full details of this issue, or jump straight to the sections that explain what this means and whether it affects you.

Read more »

Vienna city
12 August 2024

Vienna Craft CMS Meetup 2024

This year we’re once again organising a local, in-person meetup to discuss all things Craft. If you’re in and around Vienna and Austria, come join us!

Read more »

Htmx 2
15 July 2024

Sprig 🖤 htmx 2

htmx 2 is now available, and both Sprig 2.9.0 and 3.1.0 now include it by default. Not a lot has changed and everything should continue to just work in your Sprig projects, so let’s explore what has changed, and why.

Read more »

Gmail email sending requirements
15 April 2024

Complying with Gmail & Yahoo's Email Sending Requirements

Email sending best practices” are becoming requirements when sending to Google and Yahoo, who collectively control around a third of the email client market share. So to ensure your email campaigns land in your subscribers’ inboxes, you’ll need to ensure you’re complying with several email authentication and spam prevention practices. 

Read more »

A cairn consisting of 5 stones
8 April 2024

Should you be using Craft 5?

Craft 5 recently landed, and it is a content authoring experience designer’s dream. What Pixel & Tonic have managed to pull off in Craft 5 is truly remarkable. So in case you were wondering whether you should already be using it, the answer is, absolutely!

Read more »

Blitz diagnostics photo
9 January 2024

Introducing Blitz Diagnostics

The new Blitz Diagnostics utility, released in version 4.10.0, helps you better understand how your site’s cached content is structured, allowing you to optimise the caching strategy and overall performance of your site.

Read more »

Queue runners
12 December 2023

Queue Runners and Custom Queues in Craft CMS

Queue jobs piling up or timing out are a common pain point for Craft CMS sites. But with a daemonised queue runner and job priorities appropriately set, you can alleviate this concern, guaranteeing a seamless content authoring experience. And with custom queues, you can configure multiple queues to run in parallel for an even smoother control panel workflow.

Read more »

Htmx dot all presentation 2023
6 November 2023

htmx has a JavaScript API, btw

htmx is an excellent JavaScript library for building reactive front-ends and sending HTML over the wire. But it’s far more capable than that. It also comes with its own lesser-known JavaScript API that can replace the need for writing Vanilla JS or using an additional library such as Alpine.js.

Read more »

Vienna city
30 October 2023

Vienna Craft CMS Meetup 2023

We’re organising a local, in-person meetup to discuss all things Craft, in and around Vienna and Austria. If you’re in the area, come join us!

Read more »

Dot all 2023 talk
9 October 2023

Dot All 2023 – The Big Reveal

Dot All 2023 took place in Barcelona last week and it was an incredible experience to attend and to speak at. Among the things revealed were Craft Cloud, Commerce 5, Craft 5 and a little surprise of my own!

Read more »

Craft cms security vulnerability
14 September 2023

Critical Craft CMS Security Vulnerability

A critical security vulnerability was fixed in Craft version 4.4.15, meaning that sites running Craft 4 version 4.4.14 and below are open to anonymous remote code execution attacks. We’ve analysed the vulnerability and below are our findings.

Read more »

Tree trunk closeup
8 August 2023

Cracking Automated Software Testing after 20 Years

It’s not easy to admit this, but I’ve been doing testing wrong for the past 20 years. A recent revelation allowed me to cut through the noise (and the bullshit) and come out the other side feeling confident that my new approach to automated testing is finally aligned with my goals for it.

Read more »

Tech talk audience bw
10 July 2023

Notes to Self on Presenting at Tech Conferences

When giving a technical presentation, deliver a clear and meaningful message to avoid polarising the audience. With your message underpinning your content, engage your audience, provide them with something novel and beneficial to take away, and evoke emotion.

Read more »

Self hosting
16 June 2023

Replacing Google Analytics with Self-Hosted Analytics

With Universal Google Analytics being shut down” on the 1st of July, 2023, I decided to bypass a GA4 migration and explore moving to a self-hosted analytics solution instead. Within a few hours I had my own low-cost VPS running open-source, privacy-focused, cookie-less web analytics handling multiple sites. 

Read more »

Craft cms 10 years timeline
28 May 2023

Craft CMS: A 10 Year Timeline

It’s been 10 years since I published an article entitled Why I’m So Excited About Craft (and why you should be)” – you really should go check it out – and to my surprise, my excitement during that time has hardly waned. Here’s why.

Read more »

Learn french with alexa
11 April 2023

Email Marketing for “Learn French With Alexa”

How our plugins are used in the wild is one of the most valuable insights we can get from our customers. Learn French With Alexa is a hugely popular French language learning site with over 1.5 million YouTube followers. In this article, John Baxter of LuckyTurn Media, a U.K. based web development agency, explains how they leveraged email subscription capabilities using the Campaign plugin to help grow their client’s company and user-base.

Read more »

Stacked coloured containers
1 March 2023

Cache Me If You Can: Solving Hard Problems in C(M)S

As the joke goes, there are 2 hard problems in computer science: cache invalidation, naming things, and off-by-one errors.” In this article, we’ll skip over why computer science only has one joke and instead focus on what makes cache invalidation hard” and demonstrate how it can be solved in the context of a content management system.

Read more »

Blitz dashboard widget
7 February 2023

Blitz 4.3 Feature Release

Blitz 4.3 has been released and it packs some important features including a dashboard widget, new include functions with SSI and ESI support, as well as a PHP equivalent of server rewrites. In this article we’ll run through when and why you might want to use each of them.

Read more »

Leafcutter ant
2 January 2023

Load Testing Craft CMS

The Performance Testing Craft CMS with Blitz article sparked intense discussion among colleagues, especially the observation that Craft CMS demo site we used barely managed to serve 3 successful requests per second without caching. In this article, we collect the most thought-provoking ideas and attempt to address them with, you guessed it, more load tests!

Read more »

Robot waving to the setting sun
1 January 2023

ExpressionEngine Add-ons Acquired

We’re pleased to announce that our last remaining ExpressionEngine add-ons, Sitemap and Snaptcha, have been acquired by BoldMinded. This marks our complete exit from the EE ecosystem.

Read more »

Load testing craft cms with blitz
16 December 2022

Performance Testing Craft CMS with Blitz

We invited an independent contractor to measure the performance of a Craft CMS demo site and the impact of using Blitz, paying for their time and agreeing to publish their words without further influence or agenda. This is what they wrote.

Read more »

Bike lock
22 August 2022

Overview of Security Best-Practices

I was recently invited to give a presentation on my thoughts about security best-practices for the Charlotte Craft CMS Developers Group. I ended up giving a high-level overview of what I believe are the most important things everyone must understand in order to build secure sites and software.

Read more »

Phishing
27 July 2022

Gone Phishing, Catch you Later

Stanford University runs a Phishing Awareness Program that aims to train participants in how to recognise, report and avoid phishing attacks. Given that email is the entry point for 91% of cyber attacks and therefore every organisation’s biggest vulnerability, perhaps we can all benefit from increasing our phishing awareness.

Read more »

Needle in haystack
12 July 2022

Adding Logging to Craft Plugins with Monolog

Logging plays an essential part in leaving an audit trail of what events take place in a CMS. Monolog is a logging library that ships with Craft CMS 4, which can be customised to make logs easier to read and parse when used in plugins and modules.

Read more »

Requiring a forked repo with composer
9 July 2022

Requiring a Forked Repo with Composer

If you ever find yourself having to modify a Craft plugin, or any composer package for that matter, then you can do so using a fork. A fork is a copy of a repository that you manage. Forked repositories let you make changes to a package without affecting the original repository.

Read more »

Restful api
1 June 2022

Building a RESTful API in Craft CMS

There are times when you want to make data and actions in Craft available to external services. Fortunately, Craft’s URL manager (or more accurately Yii’s) makes handling the routing of requests straightforward, so you can define and route your API endpoints with just a few lines of code.

Read more »

Securing your craft site
24 May 2022

Securing Your Craft Site in 2022—Part 3

The infamous Murphy’s Law states that Anything that can go wrong, will go wrong”. Having an up-to-date security policy helps ensure that there are steps in place to prevent a catastrophe and that you can react responsibly if and when things do go south.

Read more »

Ballroom blitz
16 May 2022

Ballroom Blitz

After 2 years and over 2,500 active installs in the plugin store, we’ve decided that the time is finally right to bring templating performance hints, previously provided by the Blitz Recommendations plugin, directly into Blitz. There is now no excuse for not eager-loading elements in your Twig templates, as the new utility keeps track of opportunities as pages are visited and tells you about them!

Read more »

Plugin roadmap 2022
18 April 2022

Plugin Roadmap 2022

With the release of Craft 4, we’re rolling out major version releases of all our plugins, including some big features in Blitz and Campaign. Our release schedule will fall into step with that of Craft CMS, as will our maintenance and support periods.

Read more »

Clownfish
30 November 2021

A First Look at _hyperscript

_​hyperscript is a scripting language for adding interactivity to the front-end. You guessed it, yet another JavaScript library. But what makes hyperscript unique is that it provides a natural language syntax for optimal readability, reusability and maintainability, arguably the most important qualities of any programming” language. 

Read more »

Halloween
31 October 2021

Common Security Vulnerabilities in Craft CMS Plugins

I’ve said it before and I’ll say it again: never trust user input. This is one of the golden rules of security, yet when designing plugin APIs, we often tend to favour flexibility over restriction, which can get us into trouble if we are unaware of the data or endpoints we are exposing.

Read more »

Canary media preview
5 October 2021

Bridging the Phases of a Web Project, with Kyle Cotter of Happy Cog

I recently sat down with Kyle Cotter, Author Experience Lead at Happy Cog, to hear about the process of building and launching Canary Media on Craft CMS. It turns out that the bridging of the discovery, design, development and DevOps phases is what stands out as the most intriguing thing about this project. And by the end of it, Kyle has me convinced that a successful project is one in which each phase receives the attention it needs, the tasks are rigorously prioritised and the features that make it into launch and those that don’t are, once decided, indisputable.

Read more »

Secrets
6 July 2021

Storing Secrets in Craft CMS

The most secure way of preventing secrets from being revealed is, well, not storing them at all. But assuming you need to access sensitive secrets in your PHP code, such as credentials to an online bank account, then storing them encrypted is much more secure than in plaintext.

Read more »

Jenga tower
10 May 2021

Leveraging Craft CMS Plugins for Horizontal Growth

Having spent a decent portion of my career building client sites, one thing that always struck me as dangerous was the unsustainable cycle that web agencies tend to fall into. Chasing the next big project, rather than producing the best quality work, often becomes the primary objective of stakeholders. Avoiding this trap is possible by focusing on horizontal” growth and one way to do this is by leveraging plugins.

Read more »

Securing frontend forms in craft
4 May 2021

Securing Front-End User Profile and Entry Forms in Craft

Every Craft site that allows public registration implicitly grants its users elevated privileges. Specifically, users have the ability to update all custom fields on their profile, as well as in any entries that they have permission to edit. If you use custom fields for private” admin use only, then you may be leaving your site open to abuse. 

Read more »

Snaptcha error
13 April 2021

Snaptcha 3 Released

Snaptcha 3 adds more control over which form submissions and users to validate, as well as a fail-safe method for dealing with false negatives (submissions that are incorrectly believed to be spam). 

Read more »

Php security release
5 February 2021

PHP 7.3, 7.4 and 8.0 Security Release

If you host any sites on a VPS that you manage then this PHP security update very likely affects you. The severity of the update is unclear, but fortunately, it is a simple patch.

Read more »

Securing your craft site
26 January 2021

Securing Your Craft Site in 2021—Part 2

Using software you trust is key to increasing your chances of keeping your site secure and lowering the chances of introducing a vulnerability. But how exactly do you know which software (and developers) are trustworthy and which are not?

Read more »

Sherlock scan result
20 January 2021

Stepping Up Security with Sherlock 3

Security is one of those things that can be difficult to prioritise on a client project. Today we released Sherlock 3 which aims to change that. It’s time to start taking security seriously.

Read more »

Securing your craft site
13 January 2021

Securing Your Craft Site in 2021—Part 1

Cybersecurity often feels like another world, yet in recent years it’s a topic that I’ve become mildly obsessed with. As web and software developers, security is an integral part of what we do, but for the most part it is self-contained in terms of the code that we work on directly. That has to change.

Read more »

Sprigcart preview
23 November 2020

Sprig 1.1.0 adds Features & Security

Sprig 1.1.0 adds new features as well as some important security improvements. Most notably, Sprig now uses htmx 0.4.0 and adds template variables to paginate element queries, push URLs into the history stack, redirect and refresh the browser, trigger client-side events and more securely add values to a request.

Read more »

Sprig playground
9 November 2020

Sprig and the Joy of HTML

I love the simplicity of HTML. Take a web site from 1999 and it will still render in a modern web browser. Sure, it will look antiquated, but it will work. HTML is the backbone of the web and it is making a comeback as a language. 

Read more »

Jedi embracing jamstack
10 December 2019

Blitz 3 – Embracing the JAMstack

Blitz 3 brings innovations and features that empower you to be the Jedi developer that you are. Deploy bat-out-of-hell-fast sites using Twig and your favourite Craft plugins, serving them from edge CDNs with continuous deployment, version control and one-click rollbacks.

Read more »

Craft deploy to Netlify with Blitz
29 November 2019

Deploying a Craft site to Netlify with Blitz 3

Using the Git Deployer that comes with Blitz 3, you can now set up Craft CMS to automatically deploy to Netlify Edge (the super-charged CDN). The entire process takes around 20 minutes, excluding DNS propagation time. 

Read more »

Remote deployment services
15 October 2019

Blitz 3 is Here: “Hello, JAMstack”

Blitz 3 is here (in public beta) and allows you to bring your Jedi Twig templating skills to the JAMstack!!

Read more »

Dotall 2019 walking tour
25 September 2019

Takeaways from Dot All in Mon­tréal

Dot All 2019 recently wrapped up and it did not disappoint!! Dubbed the JAMstack conference” by attendees, there were some big announcements like Craft CMS 4 and Craft Cloud. All in all though, this conference was about the people, their stories and the community.

Read more »

Redesign 2007-2019
11 September 2019

How The Web Moves On, And Doesn't

Today we are overjoyed to launch a new major redesign. Huge thanks to Seamus Holman, Sarah Waring and Jana Grabner for helping to make this a reality!!

8 years ago today we revealed our first major redesign to the PutYourLightsOn brand. To my surprise, while taking a trip down memory lane, I realised that even though the web has really moved on since then, design really hasn’t that much.

Read more »

Project config database
15 April 2019

A Technical Rundown of How Project Config Works

As of Craft 3.1.0, Project Config” is a thing. Here’s a technical rundown of how it works.

Read more »

Project config control panel
20 March 2019

Understanding Project Config in Craft CMS

Craft CMS 3.1 introduces some big features, most noticably Project Config. Project Config is a configuration setting which, when enabled, turns a .yaml file into the single source of truth for a site’s schema.

Read more »

Static file caching
22 November 2018

Static File Caching with Craft CMS 3, aka The Best Of Both Worlds

In a recent redesign of the PutYourLightsOn website, we decided to start with a blank slate. It became an excellent opportunity to re-evaluate the state of web publishing tools in 2018 with the aim of utilising the best possible means to build a lightning-fast site that would still enable a great authoring experience.

Read more »

Dotall 2018 ben croker 03
15 October 2018

The Mystery of Presenting at Tech Conferences Revealed

This article was written after the DotAll Conference 2018. The developer community I refer to is the incredibly supportive Craft CMS community.

Read more »

From The Archives #

ExpressionEngine Conference 2014
1 October 2014

Upcoming ExpressionEngine Conference

In just a few days I will find myself amongst my peers at the biggest ExpressionEngine event of the year, and I couldn’t be more excited about it. A lot has happened in the CMS world over the past year and I feel that the conference is a great way to come to terms with some of these changes and to check in” with the community and with the team behind EE.

Read more »

Craft plugins launched 02
3 September 2014

Craft Plugins Launched

Today marks the beginning of an exciting time for us. We have just taken 2 of our Craft CMS plugins, Snaptcha and Sitemap, out of private beta, and the 1.0.0 releases are now available.

Read more »

Sales support post visualisation
4 March 2014

Add-on Support Visualised

Lately I’ve become more aware of a pattern that seems to be quite common among software within the ExpressionEngine community, and it not only appears within third-party add-ons but stems all the way from the core product itself.

Read more »

Multi language 1
18 June 2013

Multi Language Module Now Free For Everyone

The Multi Language Module has been free for non-profit organisations since it’s release nearly 4 years ago, but as of today we are making it a free add-on for personal and commercial use as well.

Read more »

Eeci
12 June 2013

Sponsoring ExpressionEngine Conference 2013

PutYourLightsOn is proud to be an official sponsor of the ExpressionEngine Conference 2013!! The conference will take place on the 14th and 15th of October in Portland, Oregon, and has a great line up of speakers.

Read more »

Craft publish
28 May 2013

Why I’m So Excited About Craft (and why you should be)

In the past couple of weeks I’ve spent more and more time playing with Craft, the new CMS by Pixel & Tonic. When I say playing with, I really mean working with, but since it is proving to be such a joy to use, I feel that playing” is a more appropriate word.

Read more »

Ben eeuk 01
22 May 2013

EEUK & Open API Revealed

I had the pleasure of revealing Open API, my latest creation for ExpressionEngine, in my presentation at EEUK 2013. Open API is a front-end, http-based API for ExpressionEngine that provides authentication and CRUD (create/​read/​update/​delete) functionality to content and data in the CMS.

Read more »

Donation
13 December 2012

All Add-on Income Donated On 13.12.11

To celebrate the large success of Expresso and our other add-ons this year, all income from sales of all PutYourLightsOn add-ons today (13.12.11) will be donated to charity (supporting education programs in West Africa).

Read more »

Frosty
11 December 2012

End of Year Round-up

2012 seems to have flown by rather quickly but it has been an action-packed year. We released three add-ons this year, two of which have been nominated for the devot-ee AcademEE Awards. We attended EECI Europe and I had the honour of speaking at EECI U.S.

Read more »

Eeci us 2012 presentation sized
22 October 2012

EECI US 2012

I was lucky enough to go to both EECI’s this year, the European one in Leiden and the US one near Austin which happened last week. In fact I was invited to speak at the US one and felt very honoured to present to my fellow EE community members. I gave a talk on the developer’s track and it was a full house, standing room only!!

Read more »

Devotee sales 1
29 February 2012

Visualising Devot-ee Sales

If like me you sell your ExpressionEngine add-ons on devot-ee then you are definitely familiar with the sales reports page. It gives a quick overview and tabular report of the selected month’s sales. But if you want to properly analyse your sales then you simply need to visualise them. I’ve written a small php script to do just that and frankly I’ve surprised myself with how insightful it is.

Read more »

Responsive cp 2
22 January 2012

Responsive CP Finally Released

Responsive CP is an ExpressionEngine theme that I started working on over a year ago but that I only released to the public as a free add-on last week. You may have already noticed it in the various screenshots of our add-ons. The theme has two main goals – to provide a more professional looking control panel and to work well on desktop as well as mobile devices with small to medium screen sizes.

Read more »

EECI 2011 cheat sheet
31 October 2011

Highlights of EECI 2011

Wow what a week! EECI in Brooklyn was a huge success and the ExpressionEngine event of the year. Great speakers, great people, great organisation and an amazing venue! Below are some of my personal highlights.

Read more »

Redesign 2011
11 September 2011

Another Year, Another Redesign

Another year has past and since the summer a redesign of PutYourLightsOn has been in the works. Today I am proud to finally make it live!

Read more »