Posted on

WPMU DEV’s Client Billing Makes Managing Clients and Processing Payments Hassle-Free (and Fast!)

Imagine a room full of accountants, bookkeepers, and invoicing agents billing your clients, collecting, processing, and instantly depositing their payments into your bank account. That’s what WPMU DEV’s Client Billing does.

Client Billing is an integrated solution that is easy to set up, easy to use…and completely free!

In this article, we’ll explore the full gamut of top-notch features and show you how to set up and automate your client billing by integrating your services, pricing, and clients, with your payment processor account.

“Just now I input all of my websites and hooked it up to client billing, to see my MRR right there motivates me so much I think I will upgrade to the agency plan and push hard with business.” – Web Host Wizards (WPMU DEV Member)

Here are the topics we’ll cover:

There’s a lot to cover, so let’s dive right in.

Feature-packed: Clients & Billing is Loaded

We weren’t kidding when we set out to make an elevated experience out of the customer billing and payment process.

Look at all the features included in Client Billing:

  • Bill Clients Fast – Create profitable subscription plans, and track your recurring revenue.
  • Invoice with a Click – Professionally branded invoices, automated and ready to send in minutes.
  • Clever Client Management – Includes everything you need to monitor clients, invoices, and subscriptions.
  • Profitable Plans & Subscriptions – Create tiered plans unique to your business, and maximize revenue.
  • Personalized Client Portal – Branded, user-friendly access for clients to remit payments securely.
  • Streamlined Payments – One-time or recurring payments, the latter of which auto-charge clients after the first invoice is authorized.
  • Per-Client Site Billing – Link subscriptions and invoices to site-specific products or services.

The above features are all part of The Hub, our all-in-one WordPress site management tool.

If you’re a member, you’ve already got access to this power performer. And if you’re not, sign up – it’s free – and The Hub & Client Billing are included.

Configuring The Components in Clients & Billing

Because there’s so much you can do in the Client Billing module, I wanted to lay out how we’ll go through the touchpoints.

  1. Connect your Stripe account.
  2. Initial setup of clients and products.
  3. Branding and your business profile.
  4. Create and customize invoices.

There’s a lot of great material to unpack, so let’s have at it. :)

Connecting To Your Stripe Account

Client payments in The Hub are currently made through the Stripe payment platform. Additional payment options (such as PayPal) are on the table for future inclusion, so stay tuned.

To start accepting payments in Clients & Billing, you’ll need to connect your Stripe account, so that’s our first order of business. And don’t worry; if you don’t yet have a Stripe account, you can easily create one through the Hub’s integration wizard.

Login to your WPMU DEV account, then navigate to The Hub > Clients & Billing.

From the Getting Started wizard, click the Connect with Stripe button.

Enter the Email and Password fields, using those you want associated with your Stripe account, then click the Log in button.

If you happen to have more than one Stripe account associated with the email address you’ve entered, they’ll be presented here.

stripe account selection
Account selection in Stripe setup.

Select the account you want from the listed options, then click the Connect button.

Continue with any additional steps in the setup wizard. (If you need to start over at any point, just click Return to WPMU DEV on the left side of the screen.)

Upon completing the wizard, you’ll be directed back to the Getting Started screen in your Hub, and prompted to select the currency you want to use in your Client Billing portal.

Click on the box denoting awareness of currency not being changeable later, then you’ll be able to hit Finish Setup.

choose billing currency
Your connected Stripe account will automatically import after you select currency.
client billing configure tour
The purple dot is for a Client Billing popup tour, which you can choose to skip.

If you don’t don’t already have an account with Stripe, the Getting Started wizard will prompt you to create one. It’s a quick and simple process, which puts you right back in The Hub upon completion.

stripe account thru wpmu dev integration
Creating a Stripe account through The Hub integration.

If you prefer you can go directly to Stripe’s site, set up your account there, then return to the wizard in the Hub and complete the connection there.

create account on stripe's site
Creating an account directly on Stripe’s website.

Note that you can only connect one platform to any Stripe account at any one time. (This is due to Stripe’s policies.)

Initial Setup of Clients & Products

All of the tools you need to manage the Stripe account connected to your Clients & Billing, such as your business profile, your custom branding, the importing of products and clients, and more, are housed here.

Let’s look at them now.

Managing Your Billing Account

From the Hub’s Clients & Billing page, under Configuration > Billing Account, you’ll see the info associated with your Stripe account (name, email, and connection date).

stripe account settings in the hub clients+billing
Stripe account settings in The Hub’s Clients & Billing.

The Payment Preferences section beneath shows the currency you selected, as well as the business name that will appear on your clients’ bank or credit card statements.

If you want to change the statement descriptor, just click on the name or arrow to the right of this row, and edit as desired.

stripe payment prefs & addtl tools
Stripe payment preferences and additional tools.

Finally you’ll see Additional Tools at the bottom, which is where you can import customers or products & services from your connected Stripe account, if there are any associated with it.

To import clients or products & services, click on Import or the arrow to the right of the row.

From the resultant popup, select any clients you’d like to import, by checking the box preceding their email address. (Or, click the checkbox to the left of the email address header to select them all.) Then click the Import button at the bottom, which will reflect the total number of clients you’ve selected.

stripe import clients
Client importing in Stripe.

The clients you imported will be listed under the Clients tab, where you can manage all activity relevant to your Hub business. You can also Add New Clients from the Clients tab. (See Adding Clients Manually for details.)

Lather, rinse, repeat for Importing products.

stripe import products
Product importing in Stripe.

Pricing plans associated with an imported product will be imported automatically.

You can also create new pricing plans from the Products & Services tab. (See Adding Products Manually for details.)

Understanding Client Roles & Access Permissions

There’s another element we should take a look as it pertains to our clients: assigning roles.

It’s important to define and understand what the purpose of a client’s site access will be.

For some clients, you’ll want to allow access to billing only. For others, you may want to give access to a couple of different sections, but not full run of the house.

And others still, you may want to allow them to view and edit everything.

Assigning roles gives you complete control over what views and actions clients will have in your branded Hub. This has the following benefits:

  • Omits unnecessary distractions and clutter; clients see only what you need them to see.
  • Protects against unintentional actions with potentially dire consequences. (They can’t break what they can’t touch.) This gives you and your client great peace-of-mind.
  • Allows clients to feel connected to their account information, and see the value of what they’re getting through you.

For illustrative purposes, we’ll target three arbitrary types:

  1. Regular Client = needs access to billing only (to view & pay online)
  2. Hosting Client = needs access to billing and hosting
  3. SEO Customer = needs access to billing and SEO for their website

Example #1 – Regular Client

Regular clients are the ones you’ll be doing all of the WordPress development for. You’ll provide reports, do site edits, and run the entire show. The only thing these clients will need is access to billing information.

Therefore, you just want them to be able to pay their invoices.

Clients & Billing in the Hub comes with three pre-established system roles, which are:

View All & Access Billing: client can access and manage their billing and view site data.

Edit All & Access Billing: client can view, edit, and take action regarding anything on their site and manage their own billing.

Access Billing Only: client can view and manage their own billing.

These preset roles can’t be edited or altered; that’s where custom roles come into play (which we’ll get into later).

Navigate to The Hub > Clients & Billing > Clients > Roles, and select Access Billing Only.

roles client roles
Access Billing Only is one of three predefined roles.

Based on the premise that our Regular Client type will need to Access Billing Only, we’re going to select that as our default by clicking the Make default text in its row.

Now when you add new clients, it’s already established that this is their role. Of course this is editable should we need to change it at any time.

Example #2 – Hosting Client

This client plans on focusing some of their business on hosting in addition to billing. For this case, the client would need access to the following 4 areas:

  • Sites — to view the list of sites
  • Hosting — to view the hosting options
  • Site Billing – to view billing at site level
  • Access Billing – to view the Billing tab and pay invoices from either the site billing or the global billing tab

Start by clicking on + Create New Role.

roles create a new role
It’s just a few clicks away from creating a new role.

Give it a Name (in this example, we’ll call it ‘Hosting’) and select what access the client will have. We’ll enable the 4 areas as listed above.

roles example hosting client
An example of a Hosting Client, and the roles you would enable for them.

Customize even further when clicking on each category dropdown. You can select View & Edit, View Only, or Custom.

If you select Custom, here’s a look at all the options you could select for the client to have access to in custom role creation, pertaining to Hosting.

roles create a new role custom
Select any hosting options you want.

Customize further by clicking the dropdown in each specific category (Staging, Analytics, Logs, Emails, etc), and selecting any/all of the options.

Here’s what Staging looks like:

roles create a new role custom staging
There are plenty of options for Staging.

Once you have everything customized, click Save – and that’s it! You now have a new, customized role you can assign to any client.

roles create a new role role added
As you can see, Hosting is now a client role.

Example #3 – SEO Customer

This client wants to view SEO details, in addition to billing. We can take the same approach we just took with our hosting clients: create a new role, name it, and select SEO as an option available to the client.

Specifically for this case, access to the following 4 areas would need to be enabled:

  • Sites — to view the list of sites
  • SEO — to view the SEO options
  • Site Billing – to view billing at site level
  • Access Billing – to view the Billing tab and pay invoices from either the site billing or the global billing tab
roles create a new role seo
In our SEO client example, we would select the SEO option (instead of Hosting), along with the other 3 options mentioned above.

If you choose to customize your SEO options for your client, they’ll be able to view SEO information, run new SEO Crawl, Apply config – basically anything you select here in permissions.

roles create a new role seo selections
Choose any options you’d like.

Hit Save, and the new role is now available.

Of course, this was just a demo of three random client types. You can set up ANY client type and customize it to fit your business needs.

For more information on setting up Users & Roles in The Hub, see How to Simply Set Up Users & Roles in The Hub for You and Your Clients.

Customizing Your Emails

Prior to inviting our clients to the portal, let’s customize the emails we’ll be sending.

If you’d like, you can configure an SMTP plugin that allows you to enable your own domain address as the sender email. That would result in a from address like this: admin@yoursitename.com

While your own domain as the from address is the most professional, it isn’t required. Without any changes, your from addresses will be something like these:

  • Sent from a site without our hosting: wordpress@yoursitename.com
  • Send from a site with our hosting: noreply@yourwpsite.email

You can use any SMTP plugin of your choice; we recommend our (free!) Branda plugin, which handles this task with ease, and comes fully loaded with additional white-labeling features. Check out this how-to guide on activating SMTP mode in Branda, and this helpful walk-through on SMTP setup through Gmail.

There are a number of different emails that are sent from The Hub Client to you and to your clients, depending on various triggers.

Emails that come to you will be branded with WPMU DEV, while emails that go to your clients will be branded with the logo & colors set up in your Business Profile.

email settings
Branding and footer settings for your Hub emails.

Two additional informational pieces can be included or excluded from your email notifications:

  • Business Branding – toggle for your logo & brand color (from Business Profile).
  • Emails Footer Note – add a custom message at the bottom of all emails.

Here is an example of an email your clients could get:

email payment issue
A sample email clients could get for a payment processing issue.

Of course any of the placeholder text in double brackets would be auto populated by the associated data in your hub before it is sent to you or your client.

Alright, roles have been considered and created accordingly, emails have been formatted… let’s put the finishing touches on our business profile.

Branding and Your Business Profile

Break out the logos and color codes! We’re going to make these billing materials our own.

From the Configure screen, click on the Business Profile tab.

In the Branding section, you’ll decide on the branding that will appear in your business invoices, emails, and billing receipts. It takes only a few seconds and minimal clicks.

Click on the right side of the Brand Logo row to upload your visual identity; likewise on Brand Color, to select your shade match via color selector box or hex code.

biz profile configure branding
Branding your business documents.

The logo you select will also appear in the top right corner of your clients’ profile menu when they log into your Hub via WPMU DEV.

Now we’ll add our business coordinates in the Business Info section – which will appear in any client documents you produce.

Simply click on Add or the arrow to the right of any row, and you’ll be able to enter every available field. (This info will have been imported if it was set up in your Stripe account, but is always fully editable.)

config business profile
Adding your business information for inclusion on client docs.

If you created custom fields for your Business Profile, they will appear beneath the main Business Info, under Additional Info.

config business info additional info
Custom fields allow for additional information you deem pertinent.

To add or edit custom fields, click on the Custom Fields tab, and enter as many additional items as you’d like in Business, and/or Client Profiles.

config business custom fields
Adding Custom Fields is as simple as click, type/select, save.

Creating and Customizing Invoices

Now that we’ve got our documentation branding in place, let’s create an invoice that uses it.

This is what you’ll send to your actual clients, and there’s a lot you can personalize.

Under Configurations, click on Customize Invoices. Click on any of the arrows or toggle buttons from the right-side menu column.

You’ll be able to select your numbering format, add a footer note, choose default language, add a logo, brand color, business name, and client information, as well as any custom fields you have added.

When you’ve got the content the way you want it, click on the Preview Sample button for a quick look-see, and it will open in PDF format.

invoice sample
A sample customer invoice easily produced in Clients & Billing.

With an Invoice template created, let’s make one for a specific client.

Click on the + Bill Client button at the top of the page.

bill client button
Billing a client in The Hub’s Clients & Billing section.

From the modal popup, take the following actions:

  1. Select the Client from the dropdown.
  2. Select the Website from the dropdown (optional).
  3. Select a Product/Plan from the dropdown, and change the quantity if desired.

    bill client 1
    Creating an invoice, steps 1-3.
  4. Add another Product/Plan if desired; repeat this step as needed.
  5. Add a Tax if desired, and repeat this step as needed.
  6. Click the blue Continue button.
bill client 2
Creating an invoice, steps 4-6.

This will open the invoice that you’ve created thus far. You can check and see if the content is as you’d like it to be, and add a note if desired.

At this point, you can Preview the invoice, Save as Draft, or Send Invoice.

invoice confirm & send
Confirming an invoice prior to sending.

Click Send Invoice, and we’ll send a white-labeled email to the client you selected. From the Invoices tab, you’ll be able to see it listed now, with status Payment Due.

invoice list summary
The list summary of clients billed in Invoices.

Here is the email your client will see:

email invoice
Client email for a billed invoice.

The client can simply click on the Pay Invoice link in the email, and it will take them to your branded hub, where they can quickly & easily remit payment to you.

That’s a wrap on the initial set up and configurations in Clients & Billing. Now we’ll move on to…

Upkeep and Management of Clients and Billing in The Hub

We’ve completed all of the preliminary steps in Clients & Billing! Now you can quickly and easily bill clients, collect payments, and manage your customers, all from one convenient area.

Of course you’ll want to continually manage this content – from client contact info changes, to invoicing and payment status changes, and your own business details as well.

We’ll look at what’s involved in the continued management of these features, so we can keep all of our information current.

Overview Summary

The Overview section in Clients & Billing allows you to see a collective summary of key data and settings in your portal.

One of the coolest things about Client Billing in the Hub, in my opinion, is the ability to get to everything you want almost instantly.

The Overview section gives you an at-a-glance, sectioned view of the most important details, as well as a path to access these elements on the spot. Revenue, products & services, clients, account configs, billing activities – it’s all here.

This is a clever convenience that makes it a stand-out.

hub client overview
The Clients & Billing Overview screen is a detailed dynamo.

Let’s take a closer look at the displayed sections in the Overview.

Revenue

  • Monthly Recurring Revenue (MRR) – the combined total monthly revenue from all active subscriptions, regardless of billing periods
  • Active Subscriptions – the total number of active subscriptions from all clients
  • Net Billing – the combined total amount billed for all subscriptions and other products (excluding refunds)

Clients

This module displays three items:

  • Total Clients – the total of all active, inactive, & pending clients
  • Average Billing per Client – Net Billing divided by total number of clients
  • Clients with Active Subscriptions– the total number of clients with active subs

All of the summary totals above do not include any taxes.

To see the full list of Clients in your billing portal, click View All.

Products & Services

This module displays three items:

  • Total Products/Services – the total number of products & services combined, including those with no pricing plans attached
  • One Time Plans – the total number of active one-time pricing plans
  • Recurring Plans – the total number of active recurring pricing plans

To see the Products & Services section in your billing portal, click View All.

Configurations

This module displays the name of the Stripe account you’ve connected to your Clients & Billing portal, and its status. A green check mark verifies that the account is active.

Click any of the configuration line items to see/edit the associated information.

stripe configurations overview
Managing Stripe Configurations from the Clients & Billing Overview.

Managing Clients

As discussed prior, clients must confirm your invitation to be able to access their billing portal in your Hub.

There are three different ways you can send clients an invitation: 1) when you’re initially adding them; 2) from the dropdown menu in the main client screen; or 3) in their individual client overview screen. In all cases, just click Invite/Invite Client.

invite client from summary list
One of three ways to invite a client to your branded portal – from the client summary list.

This will generate a white-labeled invitation email to that client, which will look like this:

client email invitation
A branded client invite to join your portal, sent in a formal but friendly email.

The Clients tab will populate with summary info about each client, once you have added one or more to The Hub.

Here is the information you will see in the Client overview section in The Hub:

  • Client Info – the client’s name, email, and Gravatar (if available)
  • Account Status – status of client email invite acceptance (Active/Pending), or if invite email has not been sent (Inactive)
  • Sites – the total number of sites managed by this client
  • MRR (Monthly Recurring Revenue) – this client’s average monthly revenue for all subscriptions (excluding taxes)
  • Net Billing – the total amount this client has been billed to date, including taxes
client summary list
A summary list of your clients, with billing details associated to each.

You can access client management options by clicking on the ellipsis icon to the right of any client row.

If you select Manage Client from this dropdown menu, you’ll go to the Overview screen for that client. From here you can view and manage all aspects of the client’s account and subscriptions.

indiv client overview
Individual client overview.

Managing Products & Services

Now we’ll look more closely at the Products & Services section.

This is where you’ll manage all the products & services that you offer to your clients within the Hub.

If you hadn’t yet imported products in the Configure module, you’d be prompted to add your first one – either manually, or as an import from Stripe.

We already did that, but I’ll show you how to manually add a product here.

Click the + New Product/Service button, and enter the form fields info in the popup.

Under Pricing Plans, you’ll want to create at least one plan to associate with the product.

create a product or service
Creating a product or service, primary modal.

There are two billing types: Recurring and One Time.

Bill Every and No. of Billing Cycles only appear if you’ve selected Recurring as the type.

  • Bill Every is the period of time that repeated billing will occur; options are: Day, Week, Month, and Year.
  • No of Billing Cycles is how many times a client would be billed for a recurring plan before their subscription expires. (Leave this field blank if you want the plan to auto-renew until it’s canceled).

One time billing services are used for creating a single instance of a service rendered, such as a set up fee, or a site creation.

After you’ve added your first plan, click + Add Another Plan for each additional one you’d like to create. You can make as many as you want.

add another plan
You can add as many pricing plans as you’d like under each service.

Once at least one product has been created, you’ll see it on the Products & Services screen, along with its status and the number of pricing plans associated with it.

In the below example, we created a single product – Support Only – with 2 recurring pricing plans – Yearly and Monthly.

products & services summary list
Click Show Plans to view or edit Services nested under Products in the summary list view.
products & services menu access
Accessing menus is a click away in the Product summary.

To manage options for any product, click the ellipsis icon and select any option from the dropdown menu: View/Edit, Add a Pricing Plan, Duplicate plan, or Archive Product.

edit product or service
Editing a Product or Service couldn’t be easier.

As before, you can manage options for any pricing plan by clicking the ellipsis icon and selecting the desired action from the dropdown menu.

plan summary details & menu
The Plans summary offers slightly different menu options.

The Archive option will deactivate a product or plan, making it unavailable for selection when billing a client. It won’t affect any existing client subscriptions.

When editing a product or plan, only the name & image of a product/plan can be changed. (This is a limitation of the Stripe API, so we are unable to modify it.)

There is an easy workaround though. If you want to make a change to non-editable settings in an existing plan, just make a duplicate, then edit the desired fields of the duplicate before saving it. Afterward, you can archive the original.

A note about deletions: You cannot delete a pricing plan from the Hub. That action must be done directly through your Stripe account, with the caveat that the plan hasn’t been used in a transaction. If it has, then archiving is your sole option.

Subscriptions

Because of the fluid manner of subscriptions, keeping track of them is a necessity. Luckily, managing subscriptions is a piece of cake in Clients & Billing.

Subscriptions are viewable by client. To see them, click on any client, then from the top menu sections – Overview, Products & Services, Invoices – click on Products & Services.

This page will display three Subscription Types, broken out into tabbed subsections, as follows:

  • Current Subscriptions
  • One Time
  • Inactive Subscriptions
subscription status and menu options
Subscription summary in Products & Services.

Current Subscriptions

This is where you’ll see any current subscriptions for this client. The status column will show as Active or Pending.

One Time

Sometimes the need to bill a client for a one time service will come up again. Say, for example, you do another site set up, and need to invoice them for it again.

When this happens, you don’t need to recreate the entire product or service. Just click Bill Again from the ellipsis dropdown menu on the desired line item. This will automatically bill the client again for the same one-time product.

Inactive Subscriptions are any subscriptions that were at one time active, but are no more. The status column will show as Canceled or Expired.

hover for products popup
Hover your mouse over the row number beneath the Products column for a popup listing of all products contained in that subscription.

You can easily reactivate any subscription for a client.

subscription reactivate inactive
Reactive subscriptions in a snap.

Click the ellipsis at the end of the desired row, and select Reactivate Subscription from the dropdown menu. When you reactivate a subscription, it will send a new invoice to the client and create a new subscription, which becomes active upon the client paying that invoice.

Managing Invoices

The more your business grows, the more invoices you will be sending out, and the more they will accumulate for record keeping.

While this could create a cluttered mess of paperwork and file folders, it’s carefully and neatly organized in The Hub’s Client Billing.

Everything is found in the Invoices tab of each client, and the content included is straight forward.

For a quick assessment, a red notifier icon on the Invoices tab header indicates the number of currently unpaid invoices for that client.

On the main Invoices page, you’ll see a summary list of all of the invoices for this client.

Click anywhere on a row to view the actual invoice, or, click on the ellipsis icon at rows’ end to show the dropdown menu for other actions. Depending on the status of a given invoice, the options available will vary.

invoice list summary
Invoice list summary.

If you’d like to read more about Clients & Billing in The Hub, see these articles on Fee Free Client Billing, and Getting The Most Out of Client Billing.

Client Billing by WPMU DEV is the custom labeled, payment making, subscription managing, email automating, keeper of all things in the accounting realm of your business.

Ok, it won’t file your taxes, but it does allow for including them on a client invoice.

From branding, to invoicing, to automated emails, and in-app, trusted payment methods, the features you can offer your clients (and yourself) in Clients & Billing are hard to match.

Offering both in-depth and at-a-glance views, you get to present visually customized elements to your clients, and maintain them through your professional services (while we handle everything behind-the-scenes).

All that and more is built into the Hub’s Clients & Billing experience. And it’s included at no extra cost in your WPMU DEV membership, along with our 5-star, expert support.

Include our fast-growing, highly-rated hosting, or go for the membership only – either way, you’d be hard pressed to find a better value. (Plus, full refunds are given if you’re not thrilled.)

Set your sites on the most enjoyable billing experience you’ve likely ever had!

Posted on

How To Create A Fully-Branded, Customized Client Portal With WPMU DEV

Learn how to give your clients an easy and professional white label portal experience where they can access their account, sites, and pay you via a secure and self-hosted checkout.

Imagine having your own unique portal where your clients can login, access their billing accounts, even make payments – all hosted on your own site, with your own branding.

Well, good news, with WPMU DEV it’s possible and simple! And in this article we’re showing you how to create the client portal of your dreams.

You’ll learn:

  • How to create custom login pages for clients,
  • How to invite clients to your portal using branded emails,
  • How clients can make payments to you quickly and easily.

By the end of this article you will have set up a sleek portal under your own brand that clients can use to access information about their sites and make secure payments for your services.

Here are the section breakouts:

And we’re off!

What You Will Need To Create Your Portal

Before we get started, here’s what you’re gonna need if you want to follow along, or eventually create your own portal:

1. The Hub, to establish the base of your portal and integrate billing tools

The Hub is your central interface as a WPMU DEV user, and it’s where our web developer members manage every aspect of their client sites.

You can learn more about how it works in our how to get the most out of The Hub article.

This all-in-one site interface also includes a built-in client management and billing dashboard – where you can invoice clients, set up subscriptions, track monthly recurring revenue (MRR), and more.

And most importantly and relevant to this article… you can invite your clients to have customized access to your billing dashboard (and specific areas of your overall Hub), where they can view their account and subscription info, and even pay invoices directly via a built-in Stripe checkout.

All of the above lays the groundwork for your white label client portal. But it’s still all under WPMU DEV’s branding up until this point.

That’s where this next tool comes into the equation…

2. The Hub Client, to brand your portal as your own

The Hub Client allows you to take your Hub interface, including billing tools and checkout, and white label the entire thing with your own branding, logos, etc.

This instance will be on your own site at your own domain, so when your clients login they see your brand, not ours.

3. A Hosted Site For Your Portal

Finally, you’ll also need a hosted site to host your client portal…

This can be either a 3rd-party hosted site, or there’s always our own dedicated WordPress hosting, which you can also manage right from your Hub dashboard.

All of the above tools are included with the WPMU DEV Agency plan, which you can also trial for free right now.

Okay, now that you know what’s needed, we’ll get down to it!

How To Create and Brand Your Client Portal

Okay, first things first… since the white label client experience comes courtesy of The Hub Client, we want to install and configure that straight away.

Once you’ve signed up for a paid WPMU DEV membership, The Hub Client plugin will be available to install for free via the plugin landing page, The Hub plugin manager, or the WPMU DEV dashboard plugin (shown below).

hub client wpmudev dashboard install
Installing The Hub Client from the WPMU DEV WordPress dashboard.

Once activated, click on it to see the Welcome screen, then click on Get Started. This puts you directly into Settings.

By default, your Hub Client will inherit the Brand Name and Logo you have set in your own Hub, but you can customize it to be whatever you like.

hub client branding page & preview
The Hub Client settings in WordPress, default view.

We’ll quickly set up our first three brand customizations under Site Profile.

  1. Click the arrow icon for Brand name, type what you’d like to call it, and Save Changes.
  2. Next, click the arrow icon for Your Logo, upload your graphic, and Save Changes.
  3. Under Color Scheme, click the arrow icon for Navigation Background, select desired shade from the color picker, then Save Changes. You can also select your Navigation text and Navigation text selected & hover colors here, to match your fully branded color scheme.

You can see all of your changes in real-time via the Preview strip at the top of the Settings page.

the hub client settings wp dashboard
The Hub Client Settings main screen, customized to your brand.

Configuring Menu Navigation Items

We want to make getting around in our branded portal a satisfying, sensible experience for our clients.

We can easily accomplish this through the Hub Client’s settings.

Let’s look at personalizing the rest of the branded portal for your clients.

First up, we’re going to set up what will be displayed as the main menu of your branded portal.

From the main screen in The Hub Client; scroll down to Configuration, and click the chevron arrow to the right of Navigation.

Select from the dropdown options, or create a site specific menu in WordPress’ Appearance > Menus, then come back to this page and select it.

select the Navigation menu in client portal
Selecting the Navigation menu in your client portal.

Now we’ll set the client page as the hub.

Click the chevron arrow to the right of Client Page, and from the resultant popup, select as desired from the dropdown options, then Save.

select Client Page to be replaced with your client hub
Selecting the Client Page to be replaced with your client hub.

Now you’ll see this additional linked text – View Page, next to Client Page, along with the name of the page you selected to the right. In this case, “hub”.

config nav client page view page text in menu
We’ve set the client page as the hub.

Click on View Page and it will open this instance of the Hub in a new webpage, where you’ll see the page you selected, with the menu you selected at the top of the site.

branded hub client view
The Client’s view of your branded hub.

You can also customize the link used for the Back text on your Client Login page. We’ll knock that out right now.

From the WP Dashboard > The Hub Client > Settings > Configurations > Home Site URL, click Add to open the configuration module.

Enter the site URL and site name (Title), and Save changes. (You can also click the checkbox to Open in a new tab prior to saving, if you prefer.)

customizing site home URL for back button
Customizing the site home URL for the back button in the Hub Client.

Note: if no customizations are made here, the back button will direct to the default home page for that site.

If you ever want to revert back to the default state, simply click the Reset button.

Setting Up a Help Button

Having help resources readily available for your clients is a big plus. It goes a long way to making them feel calm and collected, knowing answers are just a click away.

“Provide enough customization options so that we can tweak the look and feel of the interface to some degree. And the ability to put in our own info, such as contact info and links to our own help pages/customer support and things like that.” – Julian (WPMU DEV member)

Getting the Help Button in The Hub Client is a cinch. I’ll walk you through how to do that now.

From the WP Dashboard > The Hub Client > Settings > Configuration; to the right of the Help Button, click Add.

Enter the URL for your Help page, then Save Changes.

Tada! You’ll now have a floating help bubble on your Hub page that when clicked, will direct the user to your chosen URL. By default, the Help page will be opened in a new tab.

Once you’ve set up your Help Button, it will display in the lower right corner of The Hub main page, ready for action.

help button client portal view
Adding a Help button to your sites in The Hub.

Integrating Live Chat

Live Chat is a fantastic feature to provide to your clients. And The Hub Client offers three highly-rated chat platform integrations to choose from.

If you head over to the WordPress dashboard, The Hub Client > Settings > Integrations, you can configure a Live Chat widget on your Hub Client.

Three of the most popular third-party services are available: LiveChat, Tawk.To, and HubSpot.

Live Chat logging in for Tawk.to
Live Chat in the Hub Client, logging in for Tawk.to.
tawk.to customized live chat preview
Tawk.to’s live chat appearance settings and preview.

Depending on which live chat service you choose, the setup will vary.

If you’d like a basic walkthrough on setting these up in The Hub Client, read How to Set Up Live Chat on WordPress. Or get the full rundown in our Integrations help docs.

Inviting Clients To Your Custom Portal

Time to roll out the red carpet! With customizations set, we’re ready to bring our clients inside.

Let’s start by manually adding a new client.

Navigate to The Hub > Clients & Billing, and click + New Client.

adding a new client
Getting a client set up takes only a few clicks.

Enter all the client’s required (and optional, as desired) information in the form fields.

User Roles play a very significant part in Client setup. Basically, these decide what each client will have access to in your hub, in terms of viewing and taking action. You have full control on these by selecting permissions.

We’ll take a deep dive into User Roles in our upcoming Clients & Billing article. For now, click on the dropdown arrow under User Role, and select View All & Access billing.

add client user role dropdown
You decide what your client has access to by applying a user role.

If you opt for a Custom Role – you can make one on the spot by clicking on + Create custom user role.

This will bring up the screen where you can select options from the main and nested menus. Name your new role, and save it.

Now if you go back to that client, you can assign this custom role to them.

While adding a client, you will also determine what Primary Hub they’re associated with.

If you have more than one Hub, it will be available in the dropdown. If you are using The Hub Client on a site, and select it as the Primary Hub, when that client clicks on a Confirm Invitation or Pay Invoice link from your Client & Billing automated email, they’ll be taken to the your white labeled Hub site instead of wpmudev.com.

add client select primary hub
Whatever Primary Hub you choose will sync the communication preferences that will occur from that Hub (e.g. emails, invoices, etc.).

At the bottom, switch the Invite Client toggle to on, then click Add.

invite client from add client window
Invite a client from the Add client window.

Boom! Client has been added, and sent a white-labeled invitation to your client portal, which will look like this:

email confirm invitation

Once the client confirms by clicking the Confirm Invitation link in your email, they’ll have access to your branded portal.

If they already had an existing Hub account with you, it will take them directly to the login page of the Hub they were invited from.

If they’re new to your account, they’ll be taken to the account creation page of that Hub instance.

From the account creation page, they’ll get a popup modal with their email address already in the form field. They’ll just need to create a password, then click the Create Account button.

create account (from email invite)
Client account creation in your Hub.

What Your Clients Will See Inside Their Portal

Every client experience in your portal will be unique to them.

Your branding will be prevalent throughout, and what your clients will be able to view and access is dependent on the permissions you’ve granted them through User Roles.

It’s a fantastic way to custom serve each client a perfect fit for your combined business interests and needs.

The Client Dashboard

Once your clients have logged into your client portal, they’ll be greeted by a dashboard with access to any content you’ve given them permissions for.

portal initial view
A client’s-eye view of your custom branded portal.

Clients can organize single or multiple sites in your portal, and organize them in their dashboard area as they see fit.

portal multi sites
Clients can favorite sites, color labels, and more in your branded Hub.

The roles you’ve assigned to a client are editable by you and can be changed at any time in the management and billing platform.

For example, if we assign Billing permissions to a client, he/she will have the ability to view and edit anything in that section, but they’ll be cut off from any other pages/screens in Client Billing.

plugins, manage existing
Clients can be given access to modify and view, or view only, making it possible to hide screens like Plugins entirely.

Read this post for a closer look at User Roles and Permissions.

Letting your clients view and manage their own billing details saves you the time and effort you would otherwise spend on their admin activities, and allows them to feel connected to their account.

There is a lot your clients can accomplish here. For example, managing their billing info and account details, viewing their services and subscriptions, filtering on payment status (due or paid), assessing what their average spend is, and much more.

billing details client view
The Billing Overview section gives clients a quick but informative top-level view of their account(s).

In the billing section, clients can see all of the details by drilling down through the various menu options.

current subscriptions
The Products & Services page allows views by breakout sections for subscriptions, both active & inactive, and one-time services as well.

Any line item here can be clicked on for full details, and/or to take certain actions. For example, canceling a subscription.

view subscription details
Details on a particular client subscription, with an option to cancel it.

Invoices can also be examined in full detail.

invoices summary list mixed pay status
The client invoice summary list, with easily visible status and amounts for each.

The built-in filter functionality is great, offering distillation options for date, payment status, and website.

filter on invoices
Even archived invoices can be located fast using the robust filter.

If you’ve given them permissions to do so, clients can view details and take action on services and bills, such as making payments or downloading PDF versions of invoices.

filter on invoice menu options
Every line item has quick actions via the popup menu, such as making a payment or viewing a subscription.

Client Profile

Clients can freely edit their personal content – profile info (including their profile pic, if they have one set in Gravatar), make a password change, setup 2FA (requires an authenticator app), or sign out, all through the cog icon menu in the upper right corner.

client profile edit
Clients can easily edit their own profile information.

Everything updates in real time. For example, if the client changes the email addy in their profile, it will also update in their billing profile, since the Hub and Clients & Billing profiles are synced. Easy peasy!

Clients Can Pay Invoices via The Client Portal

With the Clients & Billing modal, your client will have the convenience of paying you directly through your branded client portal (with secure Stripe checkout fully integrated)!

As mentioned earlier, all client management activities including payments take place securely inside your own domain and fully custom-branded screens.

hub URL
Everything happens at your chosen domain URL.

Throughout the course of their business journey with you, clients are kept in the loop with automated emails, which reflect your custom brand and company details.

email pay invoice
Email communications and invoices are triggered automatically and remain on-brand, taking that task off your plate.

Clients can readily make payments by clicking on the invoiced email link, taking them to the payment portal.

client invoice payment in portal 1
Clients give a final check to their invoice details, then click the Make Payment button.

The client can enter their payment information, then click the Pay button, which will have specific information on it regarding the amount of money and service they are approving.

Note, if they previously added a payment method, it will auto populate here, with an option to change it if desired.

client invoice payment in portal 2
Client payment process in The Hub, continued.

The client can check all of their info on the next page, then click to pay.

client invoice payment in portal 3
Client payment process in The Hub; one last visual check, pre-pay.

With the payment made, the invoice will load up, reflecting the details and paid status.

client invoice post payment details
Client invoice details; status: paid.

Now if you go to the Invoices tab, you’ll see all current and outstanding invoices.

invoice summary list status all paid
Client invoice summary list in the Hub.

In the Status column, red indicates payment is due, and green indicates payment has been made.

The top-level Invoices menu has a notifier icon (a number in a red circle), indicating the quantity of outstanding invoices – for quick visual reference.

The client can download a copy of any paid invoice by clicking the PDF Invoice button at the top-right of the invoice screen.

Clients Can Access Invoices Directly in The Billing Modal of The Hub

Your clients can easily view and manage billing activities from any sites in their Hub, related to specific billing. It will be nearly identical to what you see in your Hub Billing area, of course specific only to their site(s).

Clients can use the left sidebar menu to navigate to their billing section.

Clients need only click the Billing link in the sidebar menu of any site they’re viewing to get started. Any invoices you’ve sent to them will be accessible to them here.

client billing overview with sidebar
Client overview screen in your branded Hub.

Clients who you’ve added a website for but haven’t yet sent an invoice to will still see the site, it just won’t have any specific billing info.

Once the first site-specific invoice has been paid, data will immediately populate in the Summary section, along with the Products & Services and Invoices sections’ Status, which will reflect as Active and Paid.

If you’ve stuck with us through the full breakdown, congrats! You’re now very well versed in many of the great features in the Client Portal – ie your branded Hub. We have no doubt you’re going to do amazing things.

If you do ever need an assist, reach out to our highly-trained (and top-rated) support team. They’re always on, 24/7/365.

For a complete guide to everything on the client portal, see The Hub Client documentation.

Giving Your Clients a More Customized Experience with The Hub Client from WPMU DEV

The Hub Client lets you run WPMU DEV on your own domain as a 100% white label experience for your clients.

You can fully customize your branding, colors, links, logins, emails, and users access…even allow clients to edit certain areas at your discretion.

“It’s like giving your clients backstage access, but as a VIP experience.” – Josh Hall (JoshHall.co)

Check out our Hub Client plugin through a trial of one of our paid plans, or our Hosting – fully dedicated and optimized for WordPress. We offer a 100% satisfaction guarantee, and our support team helps with all things WordPress, not just our products and services.

See you on the inside!

Posted on

Unconscious Biases That Get In The Way Of Inclusive Design

As designers, we want to design optimal experiences for the diverse range of people a product will serve. To achieve this, we take steps in our research and design decisions to minimize the risk of alienating product-relevant social identities, including but not limited to disability, race/ethnicity, gender, skin color, age, sexual orientation, and language.

According to psychologists, we all have unconscious biases. So, designs are often biased, just like we are. This article is for anyone involved in the product design and development process — writers, researchers, designers, developers, testers, managers, and stakeholders. We’ll explore how our biases impact design outcomes and what we can do to design more inclusive experiences.

Once we recognize our unconscious biases, we can take steps to reduce their influence on our decision-making, both as individuals and as collective development and design teams. In this article, we will discuss six unconscious biases that commonly result in delivering user experiences that fall short of being inclusive.

Let’s discuss the six most common unconscious biases are:

Confirmation Bias

This is probably one of the most well-known biases, yet we tend to underestimate how much it impacts our own behavior. Confirmation bias is the tendency to unconsciously look for and give more weight to data, feedback, and users’ behavior that affirms our existing assumptions.

What Is The Impact?

When we approach our work with a confirming and validating mindset, we are more likely to skew our research plan and ignore or minimize any findings that contradict our beliefs. These flaws undermine the purpose of doing research — the goal of inclusive design — and can result in building the wrong thing or the right thing the wrong way. It can also create overconfidence in our assumptions and incline us not to conduct any research at all.

Abercrombie & Fitch dominated the teen clothing market in the 1990s and early 2000s, promoting a very exclusive, all-American, cool-kid image. In the early 2010s, when consumer preferences shifted, the company failed to listen to consumers and maintain its exclusive brand image. After three years of declining sales and pressure from investors, CEO Mike Jefferies resigned. The new CEO, Fran Horowitz, rebranded the company saying, “We are a much more inclusive company, we are closer to the customer, we’re responding to the customer wants and not what we want them to want.”

What Can We Do?

  • Be curious.
    Approach conversations with users with a curiosity mindset and ask non-leading and open-ended questions. Having someone else take notes can serve as an accountability partner as you may hear things differently and can discuss them to clear up discrepancies. And, as much as possible, document exact quotes instead of inferences.
  • Be responsive.
    View each design idea as a hypothesis with a willingness to change direction in response to research findings. Until we conduct primary research with users, our design concepts are merely our best guess based on our own experiences and limited knowledge about our users. We start with that hypothesis as a prototype, then test it with a diverse cross-section of our audience before coding. As quoted by Renee Reid at a UX Research Conference, we should “investigate not validate” our design concepts.

Optimism Bias

While optimism has been linked to many health benefits, optimism bias can be detrimental. Our tendency to minimize the potential of negative outcomes and underestimate risks when it comes to our own actions is referred to as optimism bias. Teams will optimistically think that overlooking socially responsible design will not adversely affect our users’ experience or the bottom line.

What Is The Impact?

As a result of optimistic bias, we may skip user research, ignore accessibility, disregard inclusive language, and launch products that don’t account for the diverse people who use the product.

It turns out that people want and expect products to be designed inclusively. A 2021 survey found that 65% of consumers worldwide purchase from brands that promote diversity and inclusion. And a study by Microsoft found that 49% of Gen-Z consumers in the US stopped purchasing from a brand that did not represent their values.

What Can We Do?

  • Recognize the powerful influence of negativity bias for those on the receiving end of our optimistic bias.
    Psychologists’ research has consistently affirmed that people expect to have good experiences and are more unhappy about bad experiences than good ones. So, one bad interaction has a much greater impact on our users’ perceptions about their experiences than multiple positive interactions.
  • Prioritize impact over output.
    Nobel Prize-winning psychologist Daniel Kahneman suggests running a project premortem. He has extensively researched optimism bias and ways to reduce its influence on our decision-making. Premortem is a loss aversion technique that encourages us to brainstorm potential oversights and identify preventive measures early in our processes.
Omission Bias

Similar to optimism bias, omission bias pertains to our expectations of outcomes. Omission bias occurs when we judge harmful outcomes worse when caused by action than when caused by inaction. This bias can lead us to believe that intentionally deceptive design is a greater offense than failing to implement inclusive design practices.

What Is The Impact?

When we allow our omission bias to prevail, we feel reassured by an illusion of innocence. However, delivering products to market without considering diverse user expectations has the risk of creating harmful user experiences.

This bias is a possible catalyst for skipping user research or leaving inclusive UX work in the product backlog. Some companies profit off this bias by providing accessibility overlays as a post-production solution. These third-party tools attempt to detect accessibility issues in the code and fix the problem for users on the website in real time. Unfortunately, accessibility overlays have been widely documented as problematic and can worsen access.

What Can We Do?

  • Remember that inaction is not without consequence and no less damaging to our users than deliberately harmful actions.
    When our product or service creates barriers or exclusion for our users, whether intentional or unintentional, the effect of the experience feels the same.
  • Plan for inclusive research and design by factoring the necessary time, people, and money into the product roadmap.
    Studies have found that the business cost of going back to fix a design can be 100 times as high as it would have been if the work was addressed during the development stage.

False Consensus Bias

The next two biases, false consensus and perceptual biases, are influential in how we think about others. False consensus bias is when we assume that other people think and behave the same as we do. Jakob Nielsen is known for the clever phrase, “you are not the user,” which is derived from this bias. Our false consensus bias can lead us to think, “well, I’m a user too,” when making design decisions. However, we all have a varied mix of identities — our age, ethnicity, abilities, gender, and so on — which are attributed to our unique needs and expectations.

What Is The Impact?

We design for a broad range of people, most of whom are not like us.

That is illuminated when we consider intersectionality. Law professor Kimberlé Crenshaw coined the term intersectionality “to describe how race, class, gender, and other individual characteristics ‘intersect’ with one another and overlap.”

In early 2022, Olay’s senior design strategist Kate Patterson redesigned the packaging for their facial moisturizer. The new Easy Open Lid not only has side handles allowing a better grip for dexterity challenges but also has the product type in Braille and larger lettering with higher contrast for vision impairments. The product was released as a limited edition, and the company has a feedback form on its website to get feedback from users to make improvements for a second edition.

What Can We Do?

  • Avoid relying on personal preferences.
    Start with conventions and design guidelines, but don’t rely on them solely. Design guidelines are generic, so they don’t, and can’t, address all contextual situations. Optimal user experiences are the result of context-sensitive design.
  • Let go of the notion of the average user and engage with users in interviews, accessibility and usability testing, and other empirical research methods.
    Conducting primary user research is immensely insightful as it allows us to learn how intersecting identities can vary users’ expectations, behavior, and contextual use cases.
Perceptual Bias (Stereotyping)

Continuing with biases that distort how we think of others, perceptual biases include halo effect, recency bias, primary effect, and stereotyping. Regarding biases that get in the way of inclusive design, we’ll address stereotyping, which is when we have overgeneralized beliefs about people based on group attributes.

What Is The Impact?

How we gather and interpret research can be greatly influenced by stereotyping. Surveys, for example, typically don’t reveal a person’s motivations or intent. This leaves room for our speculations of “why” when interpreting survey responses, which creates many opportunities for relying on stereotyping.

The Mr. Clean Magic Eraser Sponge advertisement, “This Mother’s Day, get back to the job that really matters,” reinforced antiquated gender roles. A Dolce & Gabbana campaign included an Asian woman wearing one of their dresses and trying to use chopsticks to eat Italian food while a voiceover mocked her and made sexual innuendos. Designing based on stereotypes and tropes is likely to insult and alienate some of our user groups.

What Can We Do?

  • Include a broad spectrum of our users in our participant pool.
    The more we understand the needs and expectations of our users that are different from us (different ages, ethnicities, abilities, gender identities, and so on), the more we reduce the need to depend on generalizations and offensive constructs about various social identities.
  • Conduct assumption mapping which is an activity of documenting our questions and assumptions about users and noting the degree of certainty and risk for each.
    Assumption mapping can help us uncover how much we’re relying on oversimplified generalizations about people and which segments of the audience our design might not be accounted for and help us prioritize areas to focus our research on.

Status Quo Bias

Lastly, let’s look at a decision-making bias. Status quo bias refers to our tendency to prefer how things are and to resist change. We perceive current practices as ideal and negatively view what’s unfamiliar, even when changes would result in better outcomes.

What Is The Impact?

When we rely on default thinking and societal norms, we run the risk of perpetuating systemic social biases and alienating segments of our users. Failing to get input and critique from people across a diverse spectrum can result in missed opportunities to design broadly-valued solutions.

It took Johnson & Johnson 100 years to redesign their skin-tone colored adhesive bandages. The product was released in 1920 with a Eurocentric design that was optimal for light skin tones, and it wasn’t until 2020 that Band-aid added more shades “to embrace the beauty of diverse skin.”

What Can We Do?

  • Leaders can build non-homogenous teams and foster a workplace where it’s safe to question the status quo.
    Having team members with diverse lived experiences creates a wealth of variance and opportunities for divergent perspectives. Teams that are encouraged to challenge the default and propose alternatives have significant potential to minimize the risks of embedding biases in our UX processes.
  • As individuals, we can employ our System 2 thinking.
    Psychologist Daniel Kahneman popularized two modes of thinking in his book Thinking, Fast and Slow to encourage us to move beyond our visceral thoughts to slower, effortful, and analytical thinking. In this mode, we can question our default System 1 thinking, which is automatic and impulsive, awaken our curiosity about novel ways to approach design challenges, and find opportunities to learn about and engage with people outside our typical circles.
Summary

Designing for many means designing for demographic groups whose needs and expectations differ from ours. Our unconscious biases typically keep us in our comfort zones and stem from systemic social constructs that have historically been an anti-pattern for inclusivity.

Unconscious biases, when unrecognized and unchallenged, seep into our design practices and can insidiously pollute our research and design decisions.

We start to counter our unconscious biases by acknowledging that we have biases. You do. We all do. Next, we can take steps to be more mindful of how our designs impact the people who interact with our products so that we design inclusive experiences.

Additional Resources

  • Learning to Recognize Exclusion
    An article by Lesley-Ann Noel and Marcelo Paiva on what it means to exclude, why we do it, and tips for moving out of our comfort zones.
  • Biased by Design
    A website with information about other biases that influence the design and links to additional resources.
  • Coded Bias
    A Netflix documentary investigating bias in algorithms after M.I.T. Media Lab researcher Joy Buolamwini uncovered flaws in facial recognition technology.
  • Thinking, Fast and Slow
    A book by Daniel Kahneman about how thinking more slowly can help us reduce biased decision-making.
  • Design for Cognitive Bias
    A book by David Dylan Thomas that discusses how biases influence decision-making and techniques for noticing our own biases so we can design more consciously.
Posted on

Docker Desktop vs Rancher Desktop

I’ve been regularly asked about comparisons between Docker Desktop and Rancher Desktop. As I have moved off of Rancher Desktop to work on other things at SUSE, I figure now is a good time to write up some of my thoughts. Note, there is an amazing team working on it now. They are incredibly talented and have made it better than I imagined.

First, I need to say what respect I have for the people who have worked on Docker Desktop. Having worked on a cross-platform container desktop app, I’ve learned about so many nuances you have to deal with. They’ve done a lot of subtle work that I’ve learned to appreciate.

Posted on

Using Rails Service Objects

If you're developing web apps using Ruby on Rails, you probably already know that Rails is an MVC (Model-View-Controller) framework, which means that you have your Models responsible for data, Views responsible for templates, and Controllers responsible for request handling. But the bigger your app gets, the more features it has - the more business logic you will have. And here comes the question, where do you put your business logic? Obviously, it's not viewed that should handle it. Controllers or Models? That will make them fat and unreadable pretty soon. That's where Service Objects come to the rescue. In this article, we'll find out what are Rails Service Objects and how you can use them to make your app cleaner and keep it maintainable.

Let's say you have a project for handling cab trips; we'll take a look at the particular controller action, which updates trip records. But it should not only update trips based on user input params (e.g., starting address, destination address, riders count, etc.), but it should also calculate some fields based on those params and save them to the database. So, we have a controller action like this:

Posted on

Top 3 Service Mesh Technologies for Microservices and Kubernetes

Service mesh is the next best move that enterprises can take to overcome security and networking challenges obstructing Kubernetes deployment and container adoption. Check out some popular tools for deploying service mesh here in this blog!

What Is a Service Mesh?

Before we read about these tools, let's know what Service mesh is in Kubernetes. A service mesh is a technology pattern that can be applied to microservices-based applications for managing networked communication between services. It ensures that the communication between the services within the containerized infrastructure is fast, reliable, and secure.  

Posted on

2 Tier Architecture vs 3 Tier Architecture in DBMS

There are multiple ways to fetch the data stored in the Database management system. We have classified the architecture of DBMS based on their structure. 

Multiple architectures are used for various purposes, and I have discussed their structure, advantages, features, etc., in this article. 

Posted on

Collective #731

Codrops Collective 731 item image
Our Sponsor

Apple Device Management Made Easy

Managing your business’s Apple devices is time-consuming, especially when employees are WFH. Jamf Now is a mobile device management solution that simply sets up, connects, and secures your devices from anywhere; no IT experience required! Codrops readers can manage up to 3 devices for free today!

Sign Up Free Today

Codrops Collective 731 item image

The 2022 Web Almanac

A new edition of the Web Almanac, the annual state of the web report combining the expertise of the web community with the data and trends of the HTTP Archive.

Check it out

Codrops Collective 731 item image

Neodrag

Lightweight multi-framework libraries for draggability on the web. By Puru Vijay.

Check it out

Codrops Collective 731 item image

Learn HTML

The latest course in a series of courses on web.dev to help get you up to speed with modern web development.

Check it out

Codrops Collective 731 item image

figr.app

You can work together in real time with this simple and advanced calculator.

Check it out

Codrops Collective 731 item image

Enhance

Enhance is a web standards-based HTML framework. It’s designed to provide a dependable foundation for building lightweight, flexible, and future-proof web applications.

Check it out

Codrops Collective 731 item image

KREA

Explore millions of AI generated images and create collections of prompts. You can now also access the data they have built it with: Open Promts.

Check it out

Codrops Collective 731 item image

Hologram

Maxime Heckel is exploring Three.js render targets and layers in R3F in this remake of Patrick Schroen’s hologram scene.

Check it out

Codrops Collective 731 item image

Nightdrive

James Stanley made a JavaScript simulation of driving at night time on the motorway.

Check it out

Posted on

An In-Depth Guide to PHP 8.1: Enums

Enums or enumerations are a new feature introduced in PHP 8.1 that contains a defined number of possible values you can use. When creating an app, you often come across scenarios where you have a predetermined list of options to select from, for instance:

  • A blog entry can be published, in the draft, or in review.
  • A player may be a medic, soldier, engineer, 
  • A ticket may be VIP, standing, or seated, 
  • and so on ...


Posted on

Building Your Security Strategy (Case Study)

This article is a sponsored by Wix

What should you focus on when designing your security strategy? This question becomes more and more tricky as your organization grows and matures. At an initial stage, you might be able to make due with a periodic penetration test. But you will soon find that as you scale up to hundreds and thousands of services, some of the procedures have to change. The focus shifts from project-based assessments to building and maintaining a lasting mindset and framework with security at the core, so you can minimize risk across your environment.

In this article, we’ll share some guiding principles and ideas for incorporating security by design into your own development process, taken from our work at Wix serving 220M+ users.

First And Foremost: Security By Design

Also known as security by default, security by design (SbD) is a concept in which we aim to “limit the opportunities” for making security-related mistakes. Consider a case where a developer builds a service to query a database. If the developer is required (or allowed) to build queries “from scratch” writing SQL directly into his code, they can very well end up introducing SQL Injections (SQLI) vulnerabilities. However, with a security by default approach, the developer can get a safe Object-Relational Mapping (ORM), letting the code focus on logic where the DB interactions are left for the ORM libraries. By ensuring the ORM library is safe once, we are able to block SQLI everywhere (or at least everywhere the library is used). This approach might restrict some developer liberties, but except for specific cases, the security benefits tend to outweigh the cons.

That previous example is rather well known, and if you use a mature application development framework, you’re probably using an ORM anyway. But the same logic can be applied to other types of vulnerabilities and issues. Input validation? Do this by default using your app framework, according to the declared var type. What about Cross-Site Resource Forgery (CSRF)? Solve it for everyone in your API gateway server. Authorization confusion? Create a central identity resolution logic to be consumed by all other services.

By following this methodology, we’re able to allow our developers the freedom to move quickly and efficiently, without needing to introduce security as a “blocker” in later stages before new features go live.

1. Establish Secure Defaults For Your Services

Take the time to ensure that your services are served by default with secure settings. For example, users should not need to actively choose to make their data private. Instead, the default should be “private” and users can have the option to make it public if they choose to. This of course depends on product decisions as well, but the concept stands. Let’s look at an example. When you build a site on our platform, you can easily set up a content “Collection”, which is like a simplified database. By default, editing permissions to this collection are restricted to admin users only, and the user has the option to expose it to other user types using the Roles & Permissions feature. The default is secure.

2. Apply The Principle Of Least Privilege (PoLP)

Put simply, users shouldn’t have permission for stuff they don’t need. A permission granted is a permission used, or if not needed, then abused. Let’s look at a simple example: When using Wix, which is a secure system with support for multiple users, a website owner can use Roles & Permissions to add a contributor, say with a Blog Writer role, to their site. As derived from the name, you would expect this user to have permissions to write blogs. However, would this new contributor have permissions, for example, to edit payments? When you put it like this, it sounds almost ridiculous. But the “least permission” concept (PoLP) is often misunderstood. You need to apply it not only to users, but also to employees, and even to systems. This way even if you are vulnerable to something like CSRF and your employees are exploited, the damage is still limited.

In a rich microservice environment, thinking about least permission might become challenging. Which permission should Microservice A have? Should it be allowed to access Microservice B? The most straightforward way to tackle this question is simply starting with zero permissions. A newly launched service should have access to nothing. The developer, then, would have an easy, simple way to extend their service permission, according to need. For example, a “self service” solution for allowing developers to grant permissions for services to access non-sensitive databases makes sense. In such an environment, you can also look at sensitive permissions (say for a database holding PII data), and require a further control for granting permissions to them (for example, an OK from the data owner).

3. Embrace The Principle Of Defense In Depth (DiD)

As beautifully put by a colleague, security is like an onion — it’s made of many layers built on top of layers, and it can make you cry. In other words, when building a secure system, you need to account for different types of risk and threats, and subsequently you need to build different types of protections on top of others.

Again, let’s look at a simple example of a login system. The first security gateway you can think of in this context is the “user-password” combination. But as we all know, passwords can leak, so one should always add a second layer of defense: two-factor authentication (2FA), also known as multi-factor authentication (MFA). Wix encourages users to enable this feature for their account security. And by now, MFA is pretty standard — but is it enough? Can we assume that someone who successfully logged into the system is now trusted?

Unfortunately, not always. We looked until now at one type of attack (password stealing), and we provided another layer to protect against it, but there are certainly other attacks. For example, if we don’t protect ourselves, a Cross Site Scripting (XSS) attack can be used to hijack a user’s sessions (for example by stealing the cookies), which is as good as a login bypass. So we need to consider added layers of defense: cookie flags to prevent JS access (HTTP only), session timeouts, binding a session to a device, etc. And of course, we need to make sure we don’t expose XSS issues.

You can look at this concept in another way. When writing a feature, you should almost protect it “from scratch”, thinking all defenses might have been broken. That doesnt mean writing every line of code again, it just means being aware that certain assumptions cannot be made. For example, you can’t assume that just because your service does not have an externally reachable endpoint, it has never been accessed by malicious entities. An attacker exploiting Server-Side Request Forgery (SSRF) issues can hit your endpoint any minute. Is it protected against such issues?

At Wix, we assume a “breach mindset” at all times, meaning each developer assumes the controls leading up to the application they’re working on have already been breached. That means checking permissions, input validations and even logic — we never assume previous services are sensible.

4. Minimize Attack Surface Area

What’s the safest way to secure a server? Disconnect it from the electricity socket. Jokes aside, while we don’t want to turn our services off just to ensure they’re not abused, we certainly don’t want to leave them on if they serve no real function. If something is not needed or being used, it should not be online.

The most straightforward way to understand this concept is by looking at non-production environments (QA, staging, etc). While such environments are often needed internally during the development process, they have no business being exposed such that external users can access them. Being publicly available means they can serve as a target for an attack, as they are not “production ready” services (after all, they are in the testing phase). The probability for them to become vulnerable increases.

But this concept doesn’t apply only to whole environments. If your code contains unused or unnecessary methods, remove them before pushing to production. Otherwise, they become pains instead of assets.

5. Fail Securely

If something fails, it should do so securely. If that’s confusing, you’re not alone. Many developers overlook this principle or misunderstand it. Imagining every possible edge case on which your logic can fail is almost impossible, but it is something you need to plan for, and more often than not it’s another question of adopting the right mindset. If you assume there will be failures, then you’re more likely to include all possibilities.

For instance, a security check should have two possible outcomes: allow or deny. The credentials inputted are either correct, or they’re not. But what if the check fails entirely, say, because of an unexpected outage of electricity in the database server? Your code keeps running, but you get a “DB not found” error. Did you consider that?

In this particular instance, the answer is probably “yes”, you thought of it, either because your framework forced you to consider it (such as Java’s “checked exceptions”) or simply because it actually happens often enough that your code failed in the past. But what if it is something more subtle? What if, for example, your SQL query fails due to non-unicode characters that suddenly appeared as input? What if your S3 bucket suddenly had its permissions changed and now you can’t read from it anymore? What if the DNS server you’re using is down and suddenly instead of an NPM repo you’re hitting a compromised host?

These examples might seem ludacris to you, and it would be even more ludacris to expect you to write code to handle them. What you should do, however, is expect things to behave in an expected manner, and make sure if such things occur, you “fail securely”, like by just returning an error and stopping the execution flow.

It would make no sense to continue the login flow if the DB server is down, and it will make no sense to continue the media processing if you can’t store that image on that bucket. Break the flow, log the error, alert to the relevant channel — but don’t drop your security controls in the process.

6. Manage Your Third-Party Risk

Most modern applications use third-party services and/or import third-party code to enhance their offering. But how can we ensure secure integrations with third parties? We think about this principle a lot at Wix, as we offer third-party integrations to our user sites in many ways. For example, users can install apps from our App Market or add third-party software to their websites using our full-stack development platform called Velo.

Third-party code can be infiltrated, just like your own, but has the added complication that you have no control over it. MPM node libraries, for instance, are some of the most used in the world. But recently a few well-known cases involved them being compromised, leaving every site that used them exposed.

The most important thing is to be aware that this might happen. Keep track of all your open-source code in a software bill of materials (SBOM), and create processes for regularly reviewing it. If you can, run regular checks of all your third-party suppliers’ security practices. For example, at Wix we run a strict Third-Party Risk Management Program (TPRM) to vet third parties and assess security while working with them.

7. Remember Separation Of Duties (SoD)

Separation of duties really boils down to making sure tasks are split into (and limited to) appropriate user types, though this principle could also apply to subsystems.

The administrator of an eCommerce site, for example, should not be able to make purchases. And a user of the same site should not be promoted to administrator, as this might allow them to alter orders or give themselves free products.

The thinking behind this principle is simply that if one person is compromised or acting fraudulently, their actions shouldn’t compromise the whole environment.

8. Avoid Security By Obscurity

If you write a backdoor, it will be found. If you hard-code secrets in your code, they will be exposed. It’s not a question of “if”, but “when” — there is no way to keep things hidden forever. Hackers spend time and effort on building reconnaissance tools to target exactly these types of vulnerabilities (many such tools can be found with a quick Google search), and more often than not when you point at a target, you get a result.

The bottom line is simple: you cannot rely on hidden features to remain hidden. Instead, there should be enough security controls in place to keep your application safe when these features are found.

For example, it is common to generate access links based on randomly generated UUIDs. Consider a scenario where an anonymous user makes a purchase on your store, and you want to serve the invoice online. You cannot protect the invoice with permissions, as the user is anonymous, but it is sensitive data. So you would generate a “secret” UUID, build it into the link, and treat the “knowledge” of the link as “proof” of identity ownership.

But how long can this assumption remain true? Over time, such links (with UUID in them) might get indexed by search engines. They might end up on the Wayback Machine. They might be collected by a third-party service running on the end user’s browser (say a BI extension of some sort), then collected into some online DB, and one day accessed by a third party.

Adding a short time limit to such links (based on UUIDs) is a good compromise. We don’t rely on the link staying secret for long (so there’s no security by obscurity), just for a few hours. When the link gets discovered, it’s already no longer valid.

9. Keep Security Simple

Also known as KISS, or keep it simple, stupid. As developers, we need to keep users in mind at all times. If a service is too complicated to use, then its users might not know how to use it, and bypass it or use it incorrectly.

Take 2FA for example. We all know it’s more secure, but the process also involves a degree of manual setup. Making it as simple as possible to follow means more users will follow it, and not compromise their own accounts with weaker protections.

Adding new security functionality always makes a system more complex, so it can have an unintended negative impact on security. So keep it simple. Always weigh the value of new functionality against its complexity, and keep security architecture as simple as possible.

10. Fix Security Issues, Then Check Your Work

Thoroughly fixing security issues is important for all aspects of a business. At Wix, for example, we partner with ethical hackers through our Bug Bounty Program to help us find issues and vulnerabilities in our system, and practice fixing them. We also employ internal security and penetration testing, and the security team is constantly reviewing the production services, looking for potential bugs.

But fixing a bug is just the start. You also need to understand the vulnerability thoroughly before you fix it, and often get whoever spotted it to check your fix too. And then, when a bug is fixed, carry out regression tests to make sure it’s not reintroduced by code rollbacks. This process is crucial to make sure you’re actually advancing your application security posture.

Conclusion

By implementing security by design at Wix, we were able to build a robust and secure platform — and we hope that sharing our approach will help you do the same. We applied these principles not just to security features, but to all components of our system. We recommend considering this, whether you build from scratch or choose to rely on a secure platform like ours.

More importantly, following security by design instilled a security mindset into our company as a whole, from developers to marketing and sales. Cybersecurity should be top priority in everyone’s minds, as attacks increase and hackers find new ways of accessing sensitive information.

Taking a defensive position right from the start will put you at an advantage. Because when thinking about cybersecurity, it’s not if a breach happens. It’s when.

  • For more information on security by design, visit the Open Web Application Security Project. This non-profit community is dedicated to securing the web, and produces a range of free open-source tools, training and other resources to help improve software security.
  • To learn more about secure practices at Wix, check out wix.com/trust-center/security.
Posted on

High-Frequency Data Analysis: Working With Pivoting

For high-frequency data in financial markets, each record typically holds the information of a stock at a specific timestamp. We often need to rearrange a column (or the calculation results involving multiple columns) into a matrix or table with the timestamps as row labels and security IDs as column labels. This operation (referred to as “pivoting”) can be achieved with the SQL pivot by keyword or the pivot function in DolphinDB. The result can be used in vectorized operations for optimal performance. 

1. Calculating Pairwise Correlations of Stock Returns

In pairs trading and hedging, we often need to calculate the pairwise correlations of multiple securities. Traditional databases are not able to perform such complex calculations. Using statistical software would require data migration between systems, which can be very time-consuming with a large amount of data. In DolphinDB, pairwise correlation can be calculated with the help of SQL pivot by clause.

Posted on

How to Use Hugging Face Models for NLP, Audio Classification, and Computer Vision

Those who have spent any time studying models and frameworks for things like audio classification projects, NLP, and/or computer vision, are likely wondering how to use Hugging Face for some of these models. Hugging Face is a platform that serves both as a community for those working with data models as well as a hub for data science models and information.

When using Hugging Face for NLP, audio classification, or computer vision users will need to know what Hugging Face has to offer for each project type as opposed to other options. Users will also need to have a deeper understanding of what a Hugging Face model is and how to use Hugging Face for their own data science projects.