News of the XSS bug in Subscribe2 didn’t show up in any of my RSS feeds or mailing lists, even though it’s a fairly popular plugin, so I wanted to make a note of it in case anyone else missed it. Version 8.2 has a fix for it .
All posts in WordPress
I just threw a couple small PHP classes up on GitHub that I use in almost every WordPress plugin I write. The first is IDAdminNotices , which is a clean and easy way for plugins and themes to send messages/errors to the user within the Administration Panels. The second is IDDescribeVar , which will outputs the type, length and contents… [more]
Many actions in WordPress will fire multiple times, which can lead to performance drags and undesired/intuitiveness results. Pippin Williamson points out that you can check how many times an action has already run , and modify your code to respond accordingly.
In the past I’ve used Login Lockdown and Login Lock to block brute force attempts against WordPress installations, but Login Lockdown isn’t actively maintained and Login Lock has some serious bugs/security vulnerabilities. Recently Daniel Convissor released a new plugin called Login Security Solution that has the same basic features of Login Lockdown and Login Lock, but without the problems they have. He’s also added several more… [more]
Normally any kind of global values that don’t change within a program’s execution should be defined as constants, but text domains within internationalized WordPress plugins are an exception to that rule. Mark Jaquith explains why it’s important to use a string instead .
I’ll be giving a presentation on building Child Themes at the Seattle WordPress Developer’s Meetup tomorrow . You can follow along with the presentation if you plan on attending.
BackPress is a useful project that packages the re-usable code from WordPress into an independent library you can use in non-WordPress projects.
Ok, so it’s already 2012, but I just came across an article comparing the three from last year and it was a good read. Like a lot of articles, though, the real value is in the comments more than the article itself. Going into it I had the impression that Joomla was a stagnant mess, but it sounds… [more]
Nathan Ingram put together a thorough post on backing up WordPress and a chart comparing various plugins and services .
Dave Clements has a great suggestion for adding snippets to a WordPress site in a way that will preserve them between theme changes: create a simple functionality plugin .
TJ Stein gave a really good presentation at WordCamp Chicago 2011 about scaling and performance issues with WordPress installations. He focuses a lot on using ngnix instead of Apache, but also covers PHP object caching, Varnish, CDNs, benchmarking, etc. It’s a good overview of current practices, but there’s also a lot of specific tips throughout.
Mark Root-Wiley wrote a great article on the pros and cons of using premium themes, writing child themes and writing themes from scratch . It’s discussed in the context of WordPress themes, but most of it is applicable to other CMSs as well. I think it’s a good introduction to give clients when discussing which method is best for their project.
This WordPress Answers page explains the differences between the query_post() and get_posts() functions, and their relation to the WP_Query class. They both use WP_Query internally, but should be used in different contexts. Using them in the wrong context could lead to bugs that are hard to track down.
I just released a new WordPress plugin into the repository that raises awareness about modern-day slavery by adding a “Re-Abolish Slavery” ribbon to WordPress sites. It’s running on this site, so you can see a live example by looking in the upper-right hand corner. The ribbon links to the Not For Sale campaign , which is one of the leading organizations involved in fighting human… [more]
Nikolay Bachiyski gave a good talk at this year’s WordCamp San Francisco about unit testing WordPress plugins . His method uses PHPUnit , which is an additional PEAR package you have to install on the server. You can then use MockPress to simulate WordPress in the tests. Another option is the SimpleTest for WordPress plugin , which uses SimpleTest instead of PHPUnit, doesn’t require installing a PEAR… [more]
Mark Maunder benchmarked several performance tuning measures with a WordPress installation on a VPS server to show which are most effective. The biggest improvements were from installing PHP-APC , setting up Nginx to proxy concurrent connections for Apache, and using MySQL’s query cache.
On its own wp_localize_script() can’t handle multi-dimensional arrays, but you can get around that by encoding the child arrays in JSON . That doesn’t handle HTML content very well, though, so another way to do it is to use the l10n_print_after parameter . That’s kind of ugly, but it seems like the best way available right now. It looks like WordPress 3.3 might have a wp_add_js_data() function , which would be much… [more]
When writing a WordPress plugin it’s considered a best practice to only include JavaScript/CSS/etc files on the specific pages that need them, rather than on every page load. This speeds up page load by reducing the number of HTTP transactions and also minimizes the risk of unnecessary conflicts between other files. There are two popular… [more]
I wrote a new WordPress plugin for a side project and just released it into the repository . It creates a custom post type for markers and then inserts them into an embedded Google Map, using the post’s featured image as the map icon. Note: all support requests should be posted to the support forums .
