Where is the WordPress framework used?

Am now at the stage in my learning cycle where I’m examining websites to see how they are built. Am mainly interested WordPress, but am also interested in learning where other frameworks are being used.

To do so, I’m using the following tools:

  • ScanWP – Enter a URL at this site and it will generate a report as to theme and plugins used.
  • BuiltWith – Returns an analysis of the backend tools used. Doesn’t report on the actual website code framework. The site also has reports regarding usage patterns over time.
  • Wappalyzer – a browser extension that reports on what software technologies and frameworks are used within a site.

My intent in using these tools is to learn what works when and where – and to be better able to recommend tool use to others.

Starting a nonprofit in Birmingham, AL

A couple of people have asked me what one must do to start a nonprofit in Birmingham, AL. This post documents what we learned (and did) during the Red Mountain Maker startup. The snarky answer is $150/hour. There are many steps to the process – and costs and complexity will vary depending on the municipality in which you are incorporating. 

All costs mentioned are as of 2013 & 2014, when the Red Mountain Makers filed our applications. I will update this guide as I confirm additional details. If you have additional information you would like to share, please email me at shirley at velochicdesign dot com.

Questions you should ask yourself before starting a new nonprofit

You have a mission, an objective. The first question to ask (and research): is someone else in the community already doing this? If they are, great!

Joining and expanding an existing program is going to take far less effort (and resources) than growing a new one from scratch. Economies of scale (spreading overhead costs over more deliverable things, whether programs, goods, or social outreach) apply to nonprofit organizations as much as for-profits.

Contact the existing organization and find out if they are interested (or open) in expanding into your neighborhood and how you can help them do so. The help required may range from fundraising to grant-writing, to organization of volunteers or program development within your local neighborhood.

Any existing organization is going to already be stretched, so you need to be prepared to do this. The work required will be as intensive as starting your own nonprofit – but you will likely be able to get results sooner. I strongly encourage you to take this approach. Birmingham has many, many small nonprofits in operation, that could be more effective as larger coalitions with more communication across the city. Overhead, fundraising and administration absorb smaller portions of operational costs in larger organizations. Starting a nonprofit is a lot of work – and not to be undertaken lightly. I’m organizationally agnostic at this point – organization counts whether for profit or non-profit – what changes is a part of your regulatory environment – but less than you would think.

Incorporation

Nonprofits must be incorporated. Surprised? Don’t be. The only real difference between for-profit businesses and nonprofits is what you do with the difference between your income and expenses. Businesses have to either reinvest the profits, build cash reserves or split them between the business owners or shareholders. Nonprofits retain their excess income and either use it to build reserves, reinvest for equipment replacement or expansion of programs. No money is paid out to ownership.

The purpose of incorporation is to isolate the organization from the organizers’ personal assets – and to create it as a specific legal entity. There are two ways to do this – pay someone (usually a lawyer) to handle your incorporation, or do it yourself. A lawyer will get it done quickly and correctly. Costs will run around $800 US to register (and incorporate) the organization. You will receive guidance and checklists as to what you must do during your first years of existence. (Keeping yourself in legal compliance with tax and reporting requirements is a good thing!)

You can also do it yourself. This will take longer – and you may make some mistakes along the way. Use a nonprofit startup guide. We used the Everything Guide to Starting and Running a Nonprofit (getting a little old now), or Nonprofit Businesses for Dummies, one of many available guides. Harbor Compliance has put together an excellent state level guide with all the steps required. The nonprofit startup guide should contain instructions and model documents for the following:

  • Articles of Incorporation
  • Governing bylaws
  • Board of directors – you’ll need to gather names and addresses, along with social security and driver’s licenses for your founding board
  • Guides to governance, budgets, business plans, staffing, bank accounts, insurance and personnel issues

You will also need to develop (much of this after the incorporation is filed):

  • A mission statement
  • Policies for document retention, anti-harrassment, and anti-descrimination (last two required by your insurance company as part of risk reduction)
  • Record-keeping systems
  • Budgets
  • Business and marketing or outreach plans

Once you have your model documents written, vetted and you are happy with them, you can file for state incorporation at the Jefferson County Courthouse.
<costs, costs for expedited filing, link to application form>

Once you exist as a legal entity at the state level, you may apply for recognition as a nonprofit by the IRS.
The Alabama Association of NonProfits is a good resource*, as is the local Small Business Administration. Many of the issues for small business and nonprofits are the same – revenue must be more than expenditure if one’s mission is to be served in the long term. The excess goes into cash reserves to smooth up the bumps in income and need. Good bookkeeping counts, and careful husbandry of resources is necessary.

You will want to develop a business/operations plan in order to identify need, risks to the mission, resources, and strengths. (SWOT analysis).
It took me about two months to research and write a first draft of the Red Mountain Makers business plan, which we then revised with a more accurate market assessment one year in.

Be prepared to revise your business plan on an ongoing basis. The Red Mountain Makers is doing so annually. Depending on scale of operations, you may do so every six months. Your predictions as to expenses and income will become more accurate with time. This is because as your organization develops, you have more expense data for historical reference. If your predictions match outcome within 10% +/-, you are doing really well.

Budget for 2% cost increases per year (standard allowance for inflation), and build them into your approval processes so as to lessen approval hassle for your organization, boards and management.

For cash reserve modeling purposes, the standard expected return on managed investments (your future reserves) has historically be 8%. Given current low interest rates, when you have reserves and require some short term liquidity, you should conservatively model an expected rate of 3 – 5%, and 1 – 2% for short term certificates of deposit (CDs). Better to be safe regarding these income projections!

If you know your local needs and risks well, you can write a much shorter plan. The point of the business plan is not to create paper, but to do the research necessary to reduce the risk of failure. Your research may show you that you don’t know local needs as well as you think you do, or that there are local obstacles to service delivery that need to be dealt with before you can be effective. These are all good reasons to write that plan before you begin to commit money and resources to action.

Get a website up (start with a Wix or WordPress site) to tell your story, and to start looking for your community partners. If you can do it yourself – awesome! Otherwise, you will need to budget $400 – $1500 for an initial website, donation/payment system and mailing list framework.

As in business, for nonprofits, scale counts. It’s hard getting things going, but as you grow a service base, things get easier. While you are establishing yourself, set up a fiscal sponsorship with another nonprofit or umbrella organization to manage donation collection, grants, bookkeepings and tax reporting. Woodlawn United is the example that I know – a good local one. They will handle this for a small service fee, which will range from 10% of incoming grants and donations to 1%. Look for one in the 1 – 2 % range – they’re handling your money, not getting it for you.

Things you need to do at state, city and county levels:

Please note that the following is specific to Alabama, Jefferson County and the City of Birmingham. Requirements at the county and municipal level will vary depending on where you live in the state.

State:

Register your nonprofit at your local county courthouse. For us, this was the Jefferson County Courthouse. Cost was $142 and will take 10 – 14 business days. You can pay a premium to get things done faster (we opted to do so as we needed our status established to move forward on finding a rental space). You will be given a state Entity Identification Number (EID). The EID is required for all tax reporting. The process is complete when your organization is listed at the Alabama Secretary of State site.

Be aware that as your organization grows older, your board will change. Members come and go. You are required to keep this information current. You must file each change at the local courthouse. Processing fees are $44 per change. If you have frequent board changes, this can become expensive. Our practice (so far) is to file for the change prior to when we need to file additional documentation. We’ll likely do it every few years going forward.

Federal:

Once your nonprofit is a recognized entity, you can apply for charitable status with the Internal Revenue Service (IRS) at the federal level.
If your expected revenues are less than $50,000/year, you can use the 1023-EZ. This is a shorter form which requires you to provide less initial documentation. The understanding in the submission is that you will complete all the documentation (as required by the longer form) and hold it for review – if requested. You’ll want to write the documentation eventually – it’s regarded as good governance by outside organizations to whom you may be applying for grants.

If your expected revenues will be more than $50,000/year, you need to use the 1023 proper with significant documentation. The IRS estimates that this will take 16 hours to prepare – but in my experience (especially if you are new to this and need to create some of the required documents) it will take much longer. The IRS wants to know that you are “for realz”. If using this longer process, I recommend purchasing access to a step-by-step guide. Google has a good initial guide. Legal Zoom has also created an automated process (Wasn’t available when the Red Mountain Makers incorporated. Would be interested in hearing from people who’ve used it.)

Our 1023-EZ was processed within one month of filing. The standard form is supposed to take four to six months.  We had to apply separately to get a copy of our 501(c)3 letter. You must include the letter (once received) with all grant applications, applications for sales tax exemptions, applications for reduced service fees with businesses, state, local and county filings.

Jefferson County:

If you are employing staff, Jefferson County requires you to report salaries paid and collect an occupational tax. You will need to set up an account with them and get a taxpayer ID number. If you are running solely on volunteer labor and aren’t selling anything on which sales tax revenue is collected, you don’t need to register.

City of Birmingham:

If you have a physical address in the city of Birmingham, you need to apply for a business license. This will cost $200 annually, and must be applied for in the same year that you start operations. The city will issue you a taxpayer ID, and will require you to report salaries and sales revenue monthly on the 20th of the month – and to submit the payments due to the city. There is a $50 penalty for each month that you fail to do so – even if you have no paid staff and no sales! In our experience, this is the most difficult part of regional compliance as it can’t be automated through and application programming interface (API) or bank payment – and someone has to actually log on to the site to do so. This has been the Red Mountain Makers’ most troublesome and persnicketty administrative task.

I’ve been told that it’s possible to arrange quarterly reporting – but that wasn’t pointed out to us at City Hall when we renewed our business license. I’ll update this post when I have more information.

*At time of posting, the Alabama Association of Nonprofits is due to relaunch their website by February 2016. I’ve been told that the new site will be easier to navigate and will include model documents specific to Alabama.

WordPress user orientation

I’ve been running through TreeHouse’s Learn WordPress tutorial path, to see what they have available to get site owners up to speed and comfortable using their sites. Zac Gordon and his team have put together a useful set of tutorials. They cover the essential basics of site administration and user roles in about four hours of video and interactive instruction. They also have an excellent WooCommerce orientation for those wishing to setup online sales. I recommend this track for new WordPress site owners.

Treehouse has a lot of good tutorials suitable for teens and adults learning to programming and to work on projects. They also have an excellent GitHub tutorial, introductions to web frameworks (Flask for Python, Ruby on Rails and the Java stack), Android and iPhone OS development in both Swift and Objective C, Ruby, Python, PHP, and Java. Great place to get started!

CS Unplugged

Working on some lesson plans for teaching introductory computer science concepts to middle and high school students this afternoon – and revisiting the CSunplugged.org website for the first time in a long time.

If you haven’t learned the underlying concepts, have a family member who would like to learn (child _or_ elder), the series of videos on the site (also the participation activities and lesson plans) do a really good job of explaining how binary encoding works, compression, image representation, parity (checksums), as well as explaining the origin of many words.

This is a really good series, which demystifies a lot of the techniques developed over the past sixty years that allow us to program computers effectively. Watch it. Even old school pros will be enlightened.

 

WordPress Security

I run a couple of WordPress websites.

I started as user seven years ago, progressed to maintaining sites for a few organizations and am now moving into installation and development for others.

WordPress is one of the most popular open source content management systems currently in use. (There is a great summary of it’s history, strengths and weaknesses on Wikipedia). That’s great in that it means that there is a large community focused on ongoing development, security patches and plugin development to extend framework capabilities. It’s bad in that it presents a large target for hacking and malware attacks. Kevin Muldoon’s piece over at the WPMU dev community is a great summary of WordPress’s vulnerabilities and the tools available to fend off attacks. The short version is that no one action will prevent a skilled determined hacker from getting in – but a layered approach will slow him (or her) down and make the effort much less worthwhile.

The following is a list of security practices that I find useful.

  • Use a reputable hosting company. I use Dreamhost. It’s good value for the money, scales (for when a business takes off and needs more server capacity) and has good automation and documentation. It also provides the CloudFlare content distribution network (CDN) to account holders to capture and push out to distribution points static versions of your dynamic pages. CloudFlare provides an additional layer of protection in that hackers hit the static pages, not the dynamically served pages coming from your ISP.
  • Purchase an SSL certificate and use it on your site. SSL (Secure Socket Layer) ensures that all traffic to and from your site is encrypted in both directions, from a user’s machine to the site and from the site back to the user. It ensures that passwords are never sent in the clear, even over unsecured wifi service points, such as those still found in many coffee shops and public work spaces. When a site’s URL starts with https, that site has a security certificate.
  • Set and use your WordPress security keys.
  • Keep your WordPress installation up-to-date. Along with performance improvements, the updates are also released to plug identified vulnerabilities.
  • Only install the themes and plugins you need. If you need to try out a gazillion plugins (we’ve all gone through that phase) please do it on your development server, or locally on your development computer with a LAMPMAMPWAMP, XXAMP or AMPPS stack.
  • Customize your database table prefixes. All WordPress database installations name the installed tables with the initial prefix “wp_”. Hacking tools and scripts look for this prefix. You can alter the table names during installation to a customized table prefix. It’s a simple, but it makes the hacker take some additional steps to correctly ID your database.
  • Don’t use WordPress plugins that aren’t updated regularly. They may not have been patched for recently identified security vulnerabilities.
  • Use plugins from the WordPress plugin repository and themes from the WordPress theme repository, or from reputable vendors. These plugins and themes are tested for code quality as part of the repository approval process.
  • Test your installed plugin code with the Plugin Check plugin to check for security vulnerabilities. Test your installed themes with Theme Check. These plugins examine the customized PHP within your plugin or theme for known security vulnerabilities.
  • Pay for reputable plugins and themes – or throw some cash at the free ones in the repository once your venture has some positive cash flow. Development takes time and money. By paying the developer, you support them in doing better work – and in patching the most recently identified security vulnerabilities promptly!
  • Set appropriate file usage permissions. According to WordPress, you should use the following permissions on a WordPress site:
    • All directories should be 755 or 750
    • All files should be 644 or 640
    • wp-config.php should be 600
  • Use your htaccess files to control access to your site. You can do a lot with this one little file.
  • Use MX Toolbox to check your site and email addresses to see if they are on blacklists.
  • Limit login attempts. The default is 20. I’ve set some of my sites to 10 – and others even lower.

Then there are the basics:

  • Don’t log in over an unsecured network (no encryption).
  • Ensure that no one sees you enter usernames and passwords.
  • Ensure that your machine is free of viruses and malware, through the use of antivirus software.
  • Use a secure file transfer protocol (SFTP) such as FileZilla to upload and download files from your site.

The following are techniques and tools that I plan to explore over the next few weeks.

  • Turn off error reporting.
  • Setting up two-factor authentication.
  • Hiding the login page.
  • Removing the WordPress version number from public view.

 

Case study – the Red Mountain Makers startup

Have finally summarized the Red Mountain Makers startup into a case study. You can find it here.

Mediawiki – the good, the bad and the ugly

Will be giving a talk on the Mediawiki framework Monday, June 29th at the Birmingham Open Source meeting. Working title is “Mediawiki – the Good, the Bad & the Ugly“. If you’re in the ‘ham – come on out!

Web and HTML refreshers

Web is where I started coding – and the current projects I need to finish fine-tuning and tweaking are all web sites, wiki and CRM-related. So, I’ve been running through Code School’s tutorials to refresh my acquaintance with material I first read and started working with prior to heading back to school. My objective is to write some necessary backend tweaks to the Red Mountain Maker site and work up some portfolio samples.

A code skills to-do list

Parking this here until I can circle back around to it. Swiped from an article about Pop Up Code’s offering in Huntsville. Things to learn for web development:

• Ruby on Rails
• HTML and CSS (first checked off, know the second, just need to work with it more . Edit – as of May 27th, have done a fair amount of review and am ready to start building some little samples and templates.)
• Twitter Bootstrap (yeah…..)
• Domain modeling for database-backed web applications
• Understanding and utilizing APIs (well along on this bit)

 

 

Making a makerspace – part 2

I’m one of the founding members at Red Mountain Makers. This series of blog posts details our startup process over the past eighteen months.

We had early media coverage (WBHM and the local paper, the Birmingham News) but other than that, have stayed out of the spotlight while building out  infrastructure.  Establishing our permanent workshop has been delayed because of the requirement for structural repairs to the floor over the old coal cellar at the back of the space. The break our landlord gave us regarding rent also means that the space isn’t high on his priority list for repairs.  It’s a significant handicap – and one which we can’t control easily.

There is pent-up regional demand for kid’s and teen’s tech classes, but we are no where near ready to provide them. In the space we are renting, there is unencased lead paint on doors and trim, and we haven’t yet installed a ventilation system. We don’t consider the space suitable or safe for younger children at this time. We have started building email lists, are looking for grants for a mobile class kit, and we are looking for community partners with whom to schedule local classes.

“Stuff” has been a problem at the space – as in old computers and equipment that need to be repaired or parted out, but which, in the meantime, is taking up too much room. We recently purchased racking and are now holding regular parting out work parties to break down the non-working computer towers and other donated electronics into usable parts. It’s much easier to use the hardware hoard when you can actually find a specific part. 9-volt power supply, anyone?

We’re lagging in detailing our safety protocols – and in doing a formal equipment inventory. Both are big jobs, and not easy to do. We are detailing the individual pieces of equipment with their manuals in the wiki, and as demand rises, are beginning to schedule tool use classes for the shop equipment. So far, we’ve found it easiest to simply train on demand as individual members need to learn to use tools for specific projects. Most members have been very good about only using tools with which they are familiar.

Our long-term intent is to be the fun, helpful and curious part of regional tech education. With that in mind, we are establishing relationships with our local high school and middle school,  the City of Birmingham school system, the University of Alabama at Birmingham’s art department and engineering school, and are establishing sponsored teacher memberships at the space. This is so that area teachers can come, learn and tap into member knowledge as to where to find appropriate inexpensive resources and tools.

Securing 501(c)3 status

Last November, we were _finally_ at a point where we felt ready to start the 501(c)3 application process. The IRS’s documentation requirements for a regular application are extensive – and I was two weeks into preparing them when one of members, John Rhymes, pointed out that the IRS had implemented a simplified process for smaller organizations during July 2014 – and that we qualified. With a great sigh of relief, I filled out the paperwork and popped it in the mail with a check. We were actually provisionally certified as a 501(c)3 last December, but our listing at the IRS website didn’t show up until late February. We requested our authorization letter mid-March and as of last Monday, have it in hand. We’re currently in the middle of updating our information on Guidestar, an independent nonprofit governance evaluation and ranking site.

Preparing for growth

For the next while, we’re focusing on group activities, running classes, and growing membership. We still have quite a bit of infrastructure work to do, but it’s getting easier as our supporting membership grows. We have assembled three movable circuits workstations with parts storage. Smoke detectors are going in this week. We have bio and photo labs due to be completed by May, and as soon as surplus equipment is parted out or racked, a room in which to set up the circuits lab. Next,  sturdier workbenches and storage within the existing temporary workshop will be built in preparation for being moved into the permanent workshop, and we will begin fundraising for CNC (computer numeric controlled) laser cutting and routing equipment, a set of classroom laptops, Arduinos and Raspberry Pis. We will be working with UAB to start a guest lecturer series on DIY computing topics.

We are aiming for 75% growth in membership this year, and the same increase in our operating budget. I personally want to start introductory and short topic-focused programming classes for non-traditional students; these won’t necessarily be held at the space, but they will be under the Red Mountain Makers banner.

Our goal is to attain a makerspace of 100+ makers and members within the next two years.

« Older posts

© 2016

Theme by Anders NorenUp ↑