Sal Aguilar's Adventures in IT

computers are easier to deal with than people

#BlogsNI – Festival de Blogs de Nicaragua — September 18, 2016

#BlogsNI – Festival de Blogs de Nicaragua

What is #BlogsNI?

Next week, I set sail to the #BlogsNI, which is Nicaragua’s Blogs Festival. An event oriented to talk about the local nicaraguan blogosphere, a review of the past, present and future. The event will hold different local experts from Social Communication, Marketing and Technology,

What I would be doing on #BlogsNI?

I was invited by the organizers to participate on the event on the technology side of things. After all I’m an IT guy that loves teaching about WordPress. I will represent Sucuri (talk to me if you need help with WordPress & Website Security) and I will be giving a talk about WordPress and e-Commerce and I will give a WorkShop about Advanced WordPress. Below is the full agenda and the banner for my workshop.

#blogsni - agenda

Join my workshop if you want to learn further about WordPress!

#BlogsNi - Advanced WordPress

More info on the event:


  • September 21 – #BlogsNI Workshops
  • September 22 – #BlogsNI Talks


Universidad Centro Americana. UCA. Managua, Nicaragua.

Facebook Page:

Facebook Event:

Be sure to contact me if you want to setup some time to talk!



WP Nicaragua: walking towards a WordCamp in Nicaragua on 2017 — August 25, 2016

WP Nicaragua: walking towards a WordCamp in Nicaragua on 2017

First I must admit that I love that as part of my job in Sucuri I get to  assist to WordPress events like WordCamps. I had the opportunity to assist the first WP Campus in Sarasota, Florida. This event was for all the Universities and other Higher Education entities that use WordPress on their campus for their websites. It was pretty cool to see all the talks from Developers from 10up, Modern Tribe,, WP Engine, Pantheon and other companies which made the event possible.

This year, I met the organizer of the Costa Rica WordPress group , Roberto Remedios, and I had the opportunity to give a talk remotely to their group, and after that I realized that he was organizing the WordCamp San Jose, Costa Rica 2016 and I offered my assistance as a volunteer and to speak at the event.

WordCamp Nicaragua 2014 – Suyapa Beach, Las Peñitas

As a Nicaraguan, I’m truly excited to have a WordCamp in Central America. We did hold a WordCamp here in Nicaragua in 2014 and also in 2013, and we will he hosting a DrupalCon as well on Nicaragua this year, but I don’t have much details for now, but I will make a post as soon as I get all the inside scoop.

This year we are trying to push for at least a monthly meetup in our Managua WordPress Group, and we have had a good discipline and have held all the following meetups:

And this month we will held another, to keep meeting and sharing good practices and cool new tricks about WordPress, come and join us:

The ultimate goal, for us as a group/community is to hold a WordCamp next year, so we do not compete with Costa Rica for speakers or sponsors. So we are meeting regularly and have started the talk about who would volunteer to help organize such event in Nicaragua, so we can plan ahead, and have a great event as well as a good attendance from other Central American countries like Guatemala, El Salvador and Honduras.

If you would like to help organize, speak or sponsor our event, you can contact me, or go to our MeetUp page and click on contact:

We are going to try to push for WordCamp Nicaragua, WordCamp Costa Rica and then WordCamp El Salvador, and hopefully in 2018, hold our very first WordCamp CentralAmerica, were we can gather as a region instead of separate small countries so we can have a higher traction in assistance and sponsorship!

If you are from Guatemala or Honduras, and need help on setting up your WordPress community or want to be part of the WordCamp CentralAmerica, ping me on twitter or email me. I will be cool to gather as one!

I look forward to your comments!

What I’ve learned about people from providing support to Wordpress Users — August 16, 2016

What I’ve learned about people from providing support to Wordpress Users

WARNING: This is a rant. Read at your own discretion!

For the past 5 years my work has been focusing on WordPress, started a web development agency, then worked for mexican integrator, then moved to the web hosting world and now, at I work at a website security company called

It’s been a great ride and have managed to see several aspects from WordPress users, I have seen the n00bs, I have helped developers, I’ve crashed my head against the wall while working with Marketers and I have shouted to my computer while working with website owners who don’t want to do anything, but have everything fixed at the point of a click.

I wanted to write a fun article about the frustrations of providing support to WordPress users and below are some of the things I’ve learned:

People don’t read

WordPress is pretty well documented, any bug, issue can easily be resolved by doing a search on any search engine. But no, WordPress users rather call (wait online on hold music), email (expecting a response within 5 seconds after sending it) or chat (expecting the rep to solve everything with a single click).

In any of my previous jobs, I would get the customer email/ticket/chat, and I would try go gather as much information from the issue before start troubleshooting. Then I would check what the problem is, try to replicate myself, then analyze what might be causing it. If I was not very familiar with the issue a quick search online would be enough to find the issue. I would try to apply the patch/change suggested and if it would work would give the article to the customer for them to read and understand what happened. I would also provide a link with my suggestions on how to avoid the issue from happening. But the customer would come back a few days/weeks/months with the exact same problem, claiming the last person he talked to said it was solved but is still happening. Facepalm.

People sometimes don’t read, even when you ask them to because it would save them time and it would avoid them being hacked. But they do not read and do not want to be told to read. It worries me because I am a self taught IT guy, I love learning and trying stuff; I’m the kind of guy who can learn programming from YouTube or reading a book and hacking his way into things. It is so sad that some website owners can read entire books of marketing, Improve your SEO on Google and Pay Per Click Advertising, but they neglect to read a single page that will help them on protecting their brand, reputation and website.

If you are one of those, please, I beg you, read the links that your web advisor, web developer, security analyst, web hosting provider sent. And if you do not understand ask questions. We are here to help you, but we can’t do everything for you. Please help me so I can help you.

People don’t care about security

You can see that by the amount of websites that get blacklisted on Google each week. People just have websites done, they only care about being flashy, nice and have information there. I have not seen a customer on my web developer experience to ask about having a website secure and protected by hackers. They just don’t. You installed WordPress 4 years ago, and is working but suddenly, you have VIAGRA ads on your website and you see that a new administrator user has been added. You then get a call from a provider saying that they get a warning when they try to access your website. You then panick! You open Chrome and try to visit the website, and you too get the warning. You don’t know what is going on. You try to login to your WordPress using admin and 12345 as password and you see lots of pages and blog posts that you have not added. It is until then when you start thinking about security.

That story happens very often, it even happened to a colleague of mine in Sucuri. And it is until we make the mistake that we realize how easy was to take us down, and how easy would have been to prevent this from happening. You do not have to be a web expert or a security ninja to be able to have security put in place. You can opt for services like Sucuri, that provide a managed security service to protect your website. That way you can focus on your business and we will manage security and let you know of any issue that we see that requires your attention.

Visit for more info!

People don’t care about what is under the hood

Customers pretty much just needs something that works and does the job. They don’t care if its WordPress or Joomla or Drupal. They don’t. They will trust the web agency or web advisor doing the work. Plus they would probably do a search online. They do not know about security, so it is the responsibility of the person or company doing their website to provide the proper guidance. Most of the cases they would choose WordPress over Drupal merely due to cost. They want the most BANG for the buck. And we can all relate to this.

However after the website is done, the customer must be advised that he needs to do maintenance to his website, which is just like a car, that needs some tune up to keep it working well, having all security updates in place to correct any vulnerability and make sure that his SEO and brand reputation is not harmed.

People blame 3rd parties instead

While working at Site5, I faced many customers that were angry because we didn’t stop the hackers from defacing his website. Which is funny to me and the perfect analogy I gave them, is like complaining to your land lord who rented you that house, when burglars break in and steal your stuff. Web hosting providers are responsible for the security of the servers, not for the security of the applications. They protect their servers from being accessed on their core, not on user accounts. I remember when Site5 started blocking IPs of people trying to access several times with the wrong FTP passwords, we had tidal waves of complains and just 1% of people really appreciated the security measure imposed.

In Sucuri, is a different story, people come with actual problems, websites infected with malware, hacked, or blacklisted and we need to help them. I work with customers and the first thing I need to clean a site is access to the website files, but many people do not know what an FTP account is and we provide them an explanation, and offer them to possibility of reading a tutorial on how to get the FTP account, or to simple give over his web hosting account login details so we can figure out the rest. At least 80% of the times, they would give you their web hosting account details, with the same passwords, and they do not change it after we use it. Which is very dangerous.

Once I am in, I have problem because some scripts are really really old, and they have tons of vulnerabilities, but upgrading them it causes hell, because it breaks plugins and themes, leaving most of the times the websites with the dreaded white screen of death. So I have to be careful about removing the infection. Reinstalling the specific WordPress version to make sure that we have clean core files. And finally checking the plugins and themes to advise which really need an update.

From time to time, cleaning malware breaks the functionality of a plugin or a feature of the website that I honestly overlook, and people come back reporting that, as a precaution we always take backups of everything we modify, so we can always roll back. Although there are very very rate times when the site was so infected and corrupted that the only choice is to update everything and we suggest to work with a developer or rebuilding the site and provide several suggestions on how to avoid this from happening again.

I try to do my best always, but sometimes, that is not enough. People whose website I’ve cleaned, do not read the suggestions, and get reinfected, and I am the one to blame for not doing my job right. Its like going to a physician because you had a cold after jogging under the rain, and after getting cured, go jogging under the rain again and then complain and blame the physician. We helped you, we cleaned the site, we told you how to avoid this from happening again. You didn’t listen or didn’t care and now we are to blame. But not worry, we will AGAIN, clean your site and AGAIN provide the suggestions hoping this time you will follow them.

That’s all folks!

These are a few of the things I’ve learned from working with people who have WordPress website around the world. Some have made me laugh, some have annoyed me at first, but from both I’ve learned and adapted my feedback to them so they can be better protected.

If you want to talk more about this, invite me for a beer and let’s hangout!

How websites get hacked? And Wordpress meetup Managua — June 11, 2016

How websites get hacked? And Wordpress meetup Managua

On May, I had the opportunity to participate on Desarrolladores WordPress Nicaragua (You can find them facebookmeetup ) monthly meetup.

Both my business partner and co-founder of and myself gave talks. While I talked about How Websites get Hacked, Kharron talked about Developing a Mobile App using WordPress as the backend.

My presentation was based out of the work that I do each day as part of the Remediation team in Sucuri. You can find my presentation here:


Special thanks to:

  • Daniel Gordon & Steven Hansen from Rain for sponsoring the venue, sodas and pizzas.
  • Tom Sepper @ Site5 for sponsoring the web hosting accounts



Tapping on all Wordpress users, what is your focus ? — February 26, 2016

Tapping on all Wordpress users, what is your focus ?

Top 5 Wordpress Tools for any Wordpress Developer — February 18, 2016

Top 5 Wordpress Tools for any Wordpress Developer

As a professional working on WordPress sites, I wanted to share what are the tools that I use on my day to day WordPress Development and Management tasks, I hope these tools will make your life easier, as they did to me, so without further comments, let’s begin:

Chrome Developer Tools

It’s incredible that many people who do WordPress sites are not aware of how useful your Chrome browser is. Google has made very great things with it and Dev Tools is a biggest part of it. You can find Javascript errors, see HTTP headers, do performance analysis and much much more. Its an essential part of what I use to diagnose issues with websites.



wp-cli: Command Line Interface for WordPress


If you are a console lover like me, you’d appreciate this tool very very much. wp-cli is a terminal application built on PHP, that allows you executing a lot of wordpress management tasks such as updating & install plugins, adding users, password resets, etc and everything from the comfort of your favorite shell environment (I use and ❤ Oh my zsh). It requires you to have a unix like environment and PHP installed.


Twitter: @wpcli


YouTube: WP-CLI – A Practical Guide For The Rest of Us WordCamp

Wocker: Docker for WordPress

Wocker Rapid development environment for WordPress

Wocker is a rapid development environment for WordPress. It’s based on Docker. It works on Linux and Mac. Since I am using a Mac, it made my life easier as I don’t need to setup Apache and MySQL each time I have to setup a new WordPress boilerplate! (AWESOME)

This allows you a great way to locally develop a site and then you can migrate it over to your web host using any of the available methods!

Author: Kite Koga (@ixkaito)

YouTube Tutorial:


WordPress Codex

One thing I love the most about WordPress its all the documentation is available online, and codex @ is the best online resource for anything wordpress documentation, whether you are starting or you need a quick reference about any function of the CMS. +1 to Automatic for making such an awesome resource online available to us all.


The IDE: PHPStorm by JetBrains vs SublimeText


I know this is a very personal decision for each one of you, but to me PhpStorm is better than SublimeText when it comes to being a real IDE. Sure SublimeText has a lot (I seriously mean A LOT) of plugins that extend its functionality, but PHPStorm comes with everything I need from scratch.

Download PHPStorm:

PHPStorm & WordPress Tutorial: WordPress Development using PhpStorm

Download SublimeText:

SublimeText & WordPress tutorial: Setting Up Sublime Text for WordPress Development


This are the tools that I use and work for me, let me know if I missed other tool that you use on your daily tasks that simplify your work with WordPress. I would love to learn new tools!

Wordpress Security: your responsibility as a website owner — February 17, 2016

Wordpress Security: your responsibility as a website owner

As part of my job, I help customers on a daily basis to overcome hacks, defacement and malware infections on their WordPress. Most of them are just business owners or WordPress developers who don’t mind much about security.

A website is like a car, if you don’t do regular maintenance then you can’t expect it to last forever. The software: WordPress, themes and plugins,  have bugs that are discovered thru time and that is why WordPress is updated pretty often and same for themes and plugins.

Since WordPress makes up for the 25% of all the website in the world wide web, it has become an usual attraction for hackers and script kiddies looking for an ego boost, or simply to use your site as a proxy to attack someone else.

I regularly have a tough time trying to explain this, but I was lucky enough to find this amazing talk by Tony Perez, the CEO of Sucuri (@perezbox on twitter). Sucuri is one of the leading Malware cleaning companies that are helping website owners and developers to protect their sites & help them recover from malware infections.

Below is his talk from a WordCamp from 2015:

Navigating Today’s Website Threats!! – A Stroll Through WordPress Security vs – An Idiot’s Guide — February 6, 2016 vs – An Idiot’s Guide


For you that are starting with WordPress and you are trying this on your own, let me help you on clarifying this:

WordPress is a Content Management System (CMS) that is built on PHP (one of the most popular programming languages, see for more info) and using MySQL as the database to store your user info, settings, posts and other information.

The company that developed WordPress is Automatic, they are the ones that coordinate the development of WordPress. And have made (and acquired) other popular WordPress plugins such as bbPress, BuddyPress, Jetpack, etc.

As many open software companies, they created a community version of WordPress which is open source and whose source code is hosted on GitHub and they made a commercial service that provides a hosted WordPress service that has both FREE and PAID plans. The service

For novice (n00b) users, I strongly suggest that they start experimenting with which already comes with many of the features someone would need to start a blog or website. You would get familiarized with the setting and would probably fall in love with Calypso which is backend GUI. Since the service is free and already comes with SSL, you would not have to worry about hacks, or performance, or security like you would do when you are using the open source version.

Sites like CNN, Time, UPS, Chrysler and NBC run on WordPress VIP, which is a paid version of WordPress that is made to provide the highest quality of service, no wonder why the pricing starts at USD 5,000 a month (Five Thousand US Dollars).

The FREE version of is limited. Well if it’s free it has to have some limits don’t you think? Well, at least I do. So what are the limits:

The limitations of

  • Limited availability of plugins. Only a small list of preapproved plugins.
  • Limited availability of themes.
  • You can’t edit the themes much.
  • You can’t run or place Ads on any site you create here.

The awesomeness of

  • Works straight up. No much setup needed.
  • It comes with FREE SSL (Wildcard SSL *
  • No SysAdmin work needed: security, upgrade, performance, everything is managed by them.
  • Callypso is so much cooler.
  • Built In stats
  • Social Media syndication

What’s the ideal usage for

If you want to run a blog and only want to care about writing contents, with limited features and you do not want to worry about server & software maintenance. Or big companies with lots of cash, who need dedicated and professional hosting and support for their highly visited websites. The software is where the software that is the core of lives. The difference is that is not an integrated platform, but a software that you can install on any server as long as it can interpret PHP nad have a MySQL database.

WordPress is pretty extendable and is sitting on 25% of all websites in the world. People have build business websites, helpdesks, knowledge bases, ecommerce stores and even social networking sites with it. Since it’s FREE, and you have thousands and thousands of both themes and plugins, is pretty popular amongst developers and non-IT folks.

The limitations of

  • It requires a lot of things and concepts to be learned: php, mysql, etc.
  • It does not come with a good security protection from scratch
  • It requires constant upgrading and sometimes this results on broken themes and plugins.
  • Has a lot of XSS Cross site Scripting exploits
  • Common target of hackers and script kiddies

The awesomeness of

  • Since its open source, you can use it however you like & customize it
  • It has thousands and thousands of plugins and themes available
  • Its easier to get assistance on than
  • It can be used to build almost every type of website.

What’s the ideal usage for

A web designer or business owner that wants a tool for his business to use for sales (ecommerce, product catalog, services showdown, etc), marketing or other things like CRM and even social media. Someone looking for incredible flexibility and easy to change.


If you basically want an easy way to publish your stuff online, then go with But if you have a vision and would like way more flexibility, and be able to upload custom plugins, then I definitely suggest you go with

What about you guys ? What is another difference between them?

Happy 2016 & update Wordpress! — January 8, 2016

Happy 2016 & update Wordpress!

It’s January, it’s 2016. If your site survived the holidays without going down or getting hacked, Congratulations!

If you are not aware WordPress recently released an update, which honestly is just a maintenance and security update to fix 52 bugs from WordPress 4.4 aka Clifford which was released on December 2015.

So if you want to keep your WordPress secure quickly run to your site WordPress Admin and then update it. But wait!!! Do you have a backup ? If not then do it RIGHT NOW before it’s too late.


So what is coming up on this blog? Well I do have a few ideas about articles to post on the future, some of my rough drafts are:

  • vs – an idiots guide!
  • BulletProof Security vs Wordfence
  • W3 Total Cache with CloudFront – an easy guide
  • W3 Total Cache with Memcache – simple steps
  • Debugging on WordPress

I’m also exploring other topics, if you have any suggestion, drop me a note or comment below.

By the way, we are close to officially launch Señ this year and we do have a couple of projects to finish before we do the launch party! So if you need professional WordPress support and implementation, contact me or contact If you refer my blog you would get a special discount from yours truly!

Overcoming the Wordpress’ white screen of death — November 18, 2015

Overcoming the Wordpress’ white screen of death

Yesterday’s incident with La Prensa Nicaragua reminded me that I wanted to write about this 6 months ago. So I took some time and wrote this up. I really hope this helps someone.

If you have ever played with WordPress, plugins and themes a bit, it is very likely that you have faced the dreadful white screen of death. This can be very frustrating and even irritating if you do not know where to look for clues. So below I’m sharing a few tips for what I normally do on these cases.

Option 1: Enabling WP_DEBUG on wp_config.php

The file named wp-config.php is where all the important settings are for your site are stored. You will find the database hostname, name, username and password for the MySQL instance that your site is using. But it also holds some other very important features, and one of them is the one we need to enable with the following line:

define( 'WP_DEBUG', true );

By default your wp-config.php comes with this setting set to false, just change it to true to enable the debugging feature. Once the debugging mode is enabled, your wordpress instance will now show you on screen all the errors from themes and plugins.

You can alternatively also enable the feature for wordpress to write a log of all the errors and not show them on screen; this is especially handy if you are debugging on a production environment and you do not want the visitors to notice the errors. You do that adding the following code to the file:

// Enable WP_DEBUG mode
define('WP_DEBUG', true);

// Enable logging to the /wp-content/debug.log file
define('WP_DEBUG_LOG', true);

// Disable display of errors and warnings 
define('WP_DEBUG_DISPLAY', false);

Once you have added this to the wp-config.php file, you can check all the error messages of your site on the file located on /wp-content/debug.log. You can now find what is the error that you are getting and start fixing it.

Option 2: Troubleshoot with a plugin

If you search on the WordPress’ Plugin repository you will find that there are several plugins that help you on your troubleshooting tasks. So if you still have access to the WordPress Dashboard, then you use any of the plugins.

To start up with I suggest you try one of these plugins:

If you are running a Multisite instance of WordPress, then I suggest you use a plugin that was done specifically for networks and super admins, and is called Debug This.

I suggest you try them and based on your preferences you pick your favorite and start finding all the errors.

Option 3: Check the Error log on your web hosting Control Panel

This works if you are using whether cPanel or Plesk.

cPanel instructions

On your cPanel go to Logs and then Error Log.

Plesk instructions

Go to Files, then on the left side select the Logs folder, and then scroll down to find the file named error_log.

For other web hosting control panels, you would have to do an online search to find the proper instructions where to find the error log. The same it goes if you are using a Linux instance without any control panel. Please look for your linux distribution to find the error log of the web server (either Apache or NGINX).

Other things you can do

Disable plugins

Sometimes upgrading the plugins can break your site. It sucks but its true. So you can simply disable any of them by renaming the folder of the plugin to something else.

A radical measure its just to rename the entire plugin directory (/wp-content/plugins/)

Disable the themes

Yup, even some themes have caused the White Screen of Death many times. Easiesy way to disable it, just like with plugins is to rename the theme folder (/wp-content/themes/yourtheme).

You can also go to the MySQL database for this wordpress website, and look for the table wp_options, and change the theme to one of the builtin themes like twenty fifthteen, twenty fourteen & twenty thirdteen.

.htaccess issues

This is another of the most common issues, faulty rules on .htaccess. It can be a wrong rewrite, redirect or even a wrong add directive.

The good news is that errors caused by .htaccess are visible on your error_log. You can find that file based on your system configuration (cPanel, Plesk, Linux, Windows, etc).

Be sure to check Apache’s documentation for .htaccess. Or simply grab a clean version of the htaccess from WordPress’ Codex and backup the one you have for security purposes. Using the clean version of .htaccess will most likely solve the errors if you do not have time to troubleshoot and need the site back online asap.

If you want me to lend you a hand, contact me so we can take a look at your issue.

%d bloggers like this: