Case Study: White label development for boutique investment house’s investor portal

Posted on by

Share Button

About the project

A boutique investment house needed an easy way to get documents to and from their clients. They also needed this investor portal to be both easy for investors to use and easy for portal admins who didn’t have a lot of tech-savvy.

Objectives for the Investor Portal:

  • Allow unlimited client accounts
  • Allow each client to login and view the client account(s) associated with them
  • Allow for multiple website users to view a specific client account and users to be able to be assigned to multiple client accounts
  • Allow for easy removal of a user from a client account
  • Allow for easy organization of files and storage of up to 5 years of files
  • Allow for file upload
  • Allow for central document area where all portal users could view these central documents
  • Allow for announcement to be sent to all portal users
  • Allow for private messaging system between portal admins & portal users


  • WordPress site
  • Responsive design
  • Easy for portal admins
  • Easy for portal users
  • Detailed user guide for portal admins
  • Quality Assurance
  • Speed Optimization

Defining Requirements

When the Agency brought us this project, they were in a bit over their head. They didn’t know what questions to ask or what would be involved.

We started with a design document, breaking down the functionality and discovering the truly needed functionality of the investor portal. With a few rounds of question & answer, we had a complete design document and firm quote & timeline for the Agency. The Investment House was so blown away by the level of detail and organization they signed the Agency’s contract immediately.

Building the Investor Portal

First, the client needed better hosting and a better theme. The Investment House was using cheap hosting with no backups or security. We got them moved to Flywheel hosting and changed out their theme and added a full security setup.

Users, Groups & Accounts

One of the challenging aspects was the need for multiple website users to view multiple accounts.

To solve this problem, Groups were used. Each individual website user could be assigned to one or many groups and then each group was assigned to exactly one account. This also resolved the issue for needing only logged in users to access the general downloads, all users were assigned to a group who could access that page.

File Storage

When we asked the client about how much file storage they would need, they really didn’t know, but thought likely quite a bit and that it would grow. They also needed to have users securely upload and download from just their own account.

We were dealing with regular people who were used to dragging & dropping, clicking, but not doing much fancier than that.

Announcements & Private Messages

Most online systems for financial matters allow you to message people and receive messages & announcements about your account. The key is that account details aren’t transmitted via email, instead, you receive an email letting you know you have a message.

Both private messages (which were restricted to between admin and regular user) and announcements were added. An admin could message all users of the site via an announcement, or just one user.

Detailed User Guide

It was quite possible that portal admins would go months without setting up a new user account, so documentation on how to set up an account was key. We built a 13-page user guide including screen captures and videos detailing each step in the setup process. We also updated their WordPress dashboard to display the link to the user guide as soon as they signed in.

Since users would also be going a couple of months between visits, we developed several videos for them and provided a lot of helpful links on the site.


The site was delivered on the 6-week timeline and on budget. This boutique investment house now has just what they need to make their documents available to their clients.

After Delivery

Now that the site is delivered, they have both a design document and a portal admin user guide. But, far more importantly, they have trust in the Agency to take care of them moving forward and we’ve been retained to provide regular maintenance and support for the site. It’s a win all around.

Share Button

Case Study: What one Agency discovered when they got their sites managed

Posted on by

Share Button

Recently, we onboarded a new Agency into a maintenance plan for their client sites. The agency thought they had things under control and were quite surprised when they discovered the truth.

The challenge

The biggest challenge was that the agency thought they had things under control. They were periodically updating sites, they even had a spreadsheet to let them know when they visited a site. This worked most of the time, however, from time to time clients would come to them saying a site was down or there was some other issue. They didn’t like that the client always had to tell them about things (and their clients didn’t like that either).

They had invested in improved hosting with Flywheel, which increased the stability and reduced the issues they had with hosting with their clients. So this agency was primed for moving to maintenance because they had already discovered some real wins by investing in better tools & services.

It really hit them they needed a better website management system when their accounting person needed to know which sites were using a particular premium plugin and they had no way to tell.

Onboarding 35 sites in 3 days

The agency expected that their sites would be needing updates when they moved to a maintenance plan, but they weren’t expecting to find that half their sites had security issues.

  • Number on blacklists
  • Number just needing updates
  • Number with vulnerabilities

The result of maintenance

Now that the sites have been onboarded and cleaned up, the agency is sleeping a lot better. They also have a full dashboard so they know for certain where all of their sites are at and an audit log of what’s been done. As a nice bonus, their clients are now getting maintenance reports, showing the results of their hard work.

Some key takeaways that add value:

  • They have a birds-eye view of what’s going on with all their sites.
  • In 3 clicks they can find out exactly which websites are using a given plugin, including version numbers and if updates are available.
  • Their websites are scanned daily for known security vulnerabilities & blacklists.
  • They are the first to know if a website goes offline.
  • They now have regular offsite backups for all of their client sites, without the need to figure out their own storage.
  • An audit log for every site, so they know exactly what was done and when.
  • Their clients get a monthly report to let them know what was done, without them lifting a finger.

The agency hasn’t tossed that old spreadsheet, it just now has the client name & email used for the automated monthly report. And they now can answer important questions like “which clients use this plugin” and “what was done last month on the website”.

Tired of dealing with WordPress challenges on your own?

Click here to get back hours of your life each month with Worry-Free Maintenance

Sample Client Report

Use the carousel below to see a sample of what their clients now receive every month. It’s these details that help to build confidence with clients.

Share Button

How to Post an Announcement to Your Website in Under 5 Minutes

Posted on by

Example of Announcement Display with QuickieBar
Share Button

Lots of business websites need to post a quick announcement. Maybe you’re closing for a holiday, maybe a major storm is causing problems, or maybe you’ve got a limited time special to announce. Whatever the reason, we get a lot of requests to add a simple announcement to websites.

So here’s a simple and fast way to add an announcement to your WordPress website.

Read More

Share Button

How to Fix WordPress Mail

Posted on by

Share Button

You’ve set up your WordPress site, there’s just one issue. You can’t send mail. This means your contact forms don’t work, new user emails don’t work, password reset requests can’t be sent. It’s not a good situation. The good news is, there’s a pretty simple fix.

Originally published Oct 14, 2014. Updated October 20, 2017.

Read More

Share Button

How to Select the Right Managed WordPress Hosting Company for You

Posted on by

Share Button

There are a lot of companies out there offering managed WordPress hosting now, but the question is, who’s the right company for your needs?

I’ve been working with WPEngine, Flywheel, GoDaddy, and Kinsta managed WP hosting for a few years now, so here’s my analysis of the companies and why they would or wouldn’t be a good choice for you. All of these companies have multiple levels of plans, so I’ve selected the plans most useful for a typical small business website.
Read More

Share Button

Chrome Browser to Flag non-HTTPS Sites as Insecure

Posted on by

Share Button

Chrome version 56 which is scheduled for release in January 2017 will be announcing to the world whenever it visits a webpage that transmits password or credit card information insecurely.  So what does that mean for you?

It means if you allow people to log into your website or you collect credit card information, you need to get an SSL certificate before that change goes into effect.

Here’s what the change is going to look like:

Google had previously announced in 2014 that HTTPS (SSL secured HTTP connections) was a minor ranking factor in search engine results.

For now it’s only a very lightweight signal—affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content—while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.

Back then in 2014, we were only recommending getting an SSL if you were accepting credit cards on your website because the rankings affected less than 1% of sites. However, with this new push to

However, with this new push by Google’s Chrome to start flagging sites as insecure, we are now strongly recommending anyone who has visitors logging in and anyone who does eCommerce to get an SSL certificate by January. 

Many of the WordPress managed hosting companies like Flywheel and WP Engine are providing free SSL certificates from Let’s Encrypt to their users. So we recommend anyone on those services to go ahead and get a certificate now, as it’s just a matter of time until Chrome starts to flag all websites with any form fields as insecure.

I expect other hosting companies to start coming out with free SSL certificates from Let’s Encrypt or to start including SSL certificates in their hosting plans soon. In fact, WordPress has announced that they will start to only promote hosting companies which include SSL certificates.

How do you get an SSL certificate for an HTTPS connection?

If you are using a hosting company like Flywheel or WP Engine which is offering the free Let’s Encrypt certificates it is extremely easy. Here are some screen shots of just how easy it is as Flywheel:

First, go to Add-ons and click on “Add SSL”. Then leave the Simple SSL selected and click on Configure SSL.


Then enter your information and click on “Complete SSL Setup”.


Once the form is completed, I see most certificates ready to use in about 5 minutes. After you have gotten your certificate, go to the advanced options and turn on Force SSL. Force SSL sends all requests coming in as HTTP to HTTPS.


Now check that your site is properly delivering HTTPS.

To do so, enter your URL into Why No Padlock. If everything is properly setup, you’ll see a list of green check marks indicating that everything is good.


If you see red error messages, then there are some items on your website which are being called insecurely and you’ll need to find and fix these. How to fix those errors will depend on the details of your website — you should contact a qualified web developer to assist you.

How to get a paid SSL certificate

If you need a wildcard SSL (an SSL which applies to more than one URL) or your hosting company doesn’t offer free Let’s Encrypt SSLs, you will need to purchase an SSL certificate.

If your hosting company offers SSLs, it is frequently less hassle to just get your SSL from them. If not, you may need to purchase an SSL elsewhere, such as your registrar.

I’ve purchased SSL from various sources before and have received vastly varied processes. For example, SSL certificates from GoDaddy normally issue in 1-2 hours, whereas when purchasing an SSL from Network Solutions it took over a week.

Your hosting company may also have other requirements when installing an SSL — for example, many low cost shared hosting plans do not even allow SSLs to be installed. You need to upgrade your plan and/or purchase add-ons before the company will even allow an SSL to be installed.

The typical cost for a basic SSL is $40-$100 depending on where you purchase it. This is normally a yearly fee. If you need a wildcard SSL, it will cost more.

You also need to keep an eye on your certificate once you have it.

If your certificate is not setup to auto-renew or your certificate is not through your hosting company then when the certificate expires you may suddenly get a lot of flags on your website about the site being insecure. Many browsers are now displaying large warning notices if an SSL certificate expires.

What if I don’t get an SSL now?

If your website doesn’t upgrade to an SSL now and it does accept passwords or credit cards, you’ll be losing business in January when the Chrome update rolls out. People are getting far more cautious about internet security and leaving sites to never return if their browser gives them a warning.

If you don’t have any password or credit card fields on your website, you can hold off for now but you’ll need to keep an eye out for future updates from Google to start flagging more sites for being insecure. Google is making a very strong push to make the entire internet over HTTPS and it’s just a question of when the next update will come out.

Share Button

WooCommerce Code Snippets

Posted on by

Share Button

This post with WooCommerce code snippets is mostly for myself, but I also answer questions at the WooCommerce Community Boards periodically, and this list of snippets can be useful for answering those questions.

 * Remove WooCommerce Updater Notice
remove_action('admin_notices', 'woothemes_updater_notice');
 * Code to fix HTTP Error on uploads
add_filter( 'wp_image_editors', 'change_graphic_lib' );

function change_graphic_lib($array) {
return array( 'WP_Image_Editor_GD', 'WP_Image_Editor_Imagick' );
/************* DECLARE WOOCOMMERCE SUPPORT ***************/

add_action( 'after_setup_theme', 'woocommerce_support' );
function woocommerce_support() {
    add_theme_support( 'woocommerce' );
 * Add notice to WooCommerce pages
function my_update_notice() {
    echo '<div class="update-nag notice">';
        echo '<p>';
        _e( 'In order for Room View to work properly with your artwork, you must enter your artwork size as HEIGHT by WIDTH. For example if you have a painting that is 20cm tall and 40cm wide, you would select your size as 020 x 40 cm', 'anphira' );
        echo '</p>';
    echo '</div>';
add_action( 'admin_notices', 'my_update_notice' );
 * Require image to publish product
function on_all_status_transitions( $new_status, $old_status, $post ) {

    /* If new status is draft and post type is product, then set original to manage stock & qty to 1 */
    if ( $new_status == 'draft' && !empty($post->ID) && in_array( $post->post_type, array( 'product') ) ) {

        $post = wc_get_product( $post->ID );

        if($post->get_type() == 'variable') {
            $variations = $post->get_available_variations();

            foreach ($variations as $variation) {

                if( ( ! isset( $variation->manage_stock ) || ($variation->manage_stock == 'no' ) ) && ($variation['attributes']['attribute_pa_type-slug'] == 'original') ) {

                    add_post_meta( $variation->id, '_stock', 1, true );
                    update_post_meta( $variation['variation_id'], '_stock', '1');
                    update_post_meta( $variation['variation_id'], '_stock_status', 'instock');
                    update_post_meta( $variation['variation_id'], '_manage_stock', 'yes');

    /* If new status is publish and post type is product, then require featured image */
    elseif ( $new_status == 'publish' && !empty($post->ID) && in_array( $post->post_type, array( 'product') ) ) {
        if( ! has_post_thumbnail($post) ) {
            $post->post_status = 'draft';

            // unhook this function so it doesn't loop infinitely
            remove_action('transition_post_status',  'on_all_status_transitions' );


            // re-hook this function
            add_action('transition_post_status',  'on_all_status_transitions', 10, 3 );
add_action(  'transition_post_status',  'on_all_status_transitions', 10, 3 );
Share Button

A/B Testing with Google Experiments on WordPress

Posted on by

Share Button

A/B testing is getting more and more popular, but typically in order to do so you had to add plugins to your site or use third party services. Now with Google Experiments, Google has integrated A/B testing right into their Analytics platform. What that means is you can easily test variations of your pages and have let Google use the data from your website to determine the winner.

Read More

Share Button

How to Fight Comment Spam on WordPress

Posted on by

Share Button

If there’s one thing that I hate even more than email spam, it’s probably comment spam. I’ve tried a lot of plugins over a lot of sites, and here is what I’ve found to be very effective.
Read More

Share Button

WordPress Hack Removal & Clean out: A Case Study

Posted on by

Share Button

A client recently came to me with an issue: one of her friends had a hacked WordPress site, and GoDaddy (their hosting provider) had restored the files, but the site still wasn’t working.

Unfortunately this example is far too common — what many people forget is that hosting companies maintain their servers, not your website. Which means they can do a restore, but after that you are on your own. Read More

Share Button