Capturing WordPress Plugin Activation Errors

If you’re developing a plugin and there are any PHP errors/warnings you’ll get a message like this when you activate it: The plugin generated [x] characters of unexpected output during activation. If you notice “headers already sent” messages, problems with syndication feeds or other issues, try deactivating or removing this plugin. You don’t actually see […]

Continue reading...

Directory Permissions for WordPress under Plesk/Linux

Jason Diehl describes the right way to setup directory permissions on a Linux box running Plesk so that WordPress can automatically create the directories it uses to store uploads. Basically, you need to make sure that PHP’s safe mode is turned off and that wp-content is owned by apache, in the apache group, and chmod’d to 777.

WordPress Plugin and Theme Security

Mark Jaquith recently gave a good presentation on writing secure WordPress themes and plugins at Wordcamp Phoenix 2011. The notes are also available. The main points are: Protect against SQL Injection by using the API whenever possible (because it automatically handles data sanitization). If the API can’t do what you need, use $wpdb->prepare(). Protect against […]

Continue reading...

Body Classes Instead of Conditional Stylesheets

I’m thinking I should create a, ‘Duh, why didn’t I think of that?’ category for this. Instead of using conditional stylesheets or CSS hacks to fix Internet Explorer’s obnoxious lack of support for standards, you can conditionally set a class on the html or body tag and target that in your normal stylesheet. This is better for […]

Continue reading...