Regolith

I just finished the first version of a new WordPress installation template called Regolith. I’ve been using my personalized fork of Mark Jaquith’s WordPress Skeleton for the past several years, but recently came across Bedrock and really liked it. I started playing around with it, but quickly discovered that the tools and practices it embraced were a bit overkill for […]

Continue reading...

Preventing a Plugin from Automatically Updating

In an ideal world you’d never have to fork a plugin, because developers would always make their plugins extensible with hooks, just like WordPress itself does. But unfortunately that’s not usually the case, and it’s sometimes necessary to directly modify a plugin to make it do what you need. In those cases, you want to […]

Continue reading...

WordPress Plugin and Theme Security

Mark Jaquith recently gave a good presentation on writing secure WordPress themes and plugins at Wordcamp Phoenix 2011. The notes are also available. The main points are: Protect against SQL Injection by using the API whenever possible (because it automatically handles data sanitization). If the API can’t do what you need, use $wpdb->prepare(). Protect against […]

Continue reading...