Exposing Custom Post Type Meta for Only a Single API Endpoint

I ran into an undocumented and unexpected problem when registering custom post type meta fields for the REST API. register_meta() exposes meta fields in all REST API endpoints, which can lead to privacy leaks. To avoid that, it can be called conditionally.

Continue reading...

`WP_Widget::form()` returns a value

Ever wonder why your IDE complains that your widget's form() method isn't returning a value?

Continue reading...

Accessing Post Meta and More Via $post->meta_key

It turns out there's a much better way to fetch post meta than get_post_meta( $post->ID, 'foo', true ): $post->foo.

Continue reading...

Using git-svn to Manage Plugins in the WordPress.org Repository

Unfortunately, the WordPress.org plugin repository doesn’t provide a way to maintain your plugin with Git. In the past, I’ve either just used Subversion, or hosted an extra copy on GitHub, and setup Git and SVN side-by-side in the same directory. Awhile ago, I briefly considered using git-svn, because it would allow me to avoid using Subversion entirely, […]

Continue reading...

Finding all Sites That have a Plugin Active

I wanted to find out which sites in a Multisite network had a certain plugin active, but couldn't find an existing solution I was happy with. So, I wrote a WP-CLI command to do the job.

Continue reading...

Rename WordPress’ Database Prefix with WP-CLI

I wanted to update the database prefix one this site, but most of the tutorials out there have you do it manually. There are some plugins available, but I didn’t trust most of them, and the ones that I did were kind of bloated with other features, and I didn’t want to mess with the […]

Continue reading...

WordCamp Seattle 2016 Call for Speakers

We’ve opened the call for speakers for this year’s WordCamp Seattle. Give it a shot if you have any ideas, best practices, use cases, or stories you want to share with the community. I think people are often hesitant to put themselves out there, and that’s definitely understandable, but the WordPress community is really welcoming, and I think […]

Continue reading...

Regolith

I just finished the first version of a new WordPress installation template called Regolith. I’ve been using my personalized fork of Mark Jaquith’s WordPress Skeleton for the past several years, but recently came across Bedrock and really liked it. I started playing around with it, but quickly discovered that the tools and practices it embraced were a bit overkill for […]

Continue reading...

Generating Dynamic Placeholders for $wpdb->prepare()

$wpdb->prepare() is often called with each un-sanitized value explicitly passed as an individual argument; for example: $wpdb->prepare( "SELECT id FROM wp_posts WHERE id > %d AND `post_status` = %s", $min_id, $status ) The function will also accept an array of un-sanitized values, though, like this: $wpdb->prepare( "SELECT id FROM wp_posts WHERE id > %d AND […]

Continue reading...

Logging WordPress REST API errors

I wanted a simple logger for errors in REST API requests and didn’t find one online, so I wrote this one:

Continue reading...

Quick Navigation Interface

I just pushed a new plugin to the WordPress.org repository that lets you quickly navigate around wp-admin using just the keyboard, similar to Dash/HUD in Ubuntu or Spotlight in OS X:

Update: Version 0.2 is out now, and it’ll also include your posts, pages, and other content types in the results.

Challenging Your WordPress Assumptions from 2009

Nacin gave a great talk at php[world] dispelling a lot of the myths about WordPress that still exist in the developer community.

Flushing Rewrite Rules on All Sites in a Multisite Network

TL;DR: View the code on Meta Trac. Every once in awhile I’ll run into a situation where something will break permalinks on all the sites in a WordPress Multisite network, like a plugin network-activation gone wrong. On a single site, it’s easy enough to fix by manually visiting Settings > Permalinks, which will flush and rebuild the rewrite […]

Continue reading...

Why Websites Get Hacked

Why Websites get Hacked is a good high-level article to sends to clients or friends who don’t understand why someone would want to attack their site — and therefore doesn’t see the need to protect it — or are curious about how it happens.

Internet Slowdown

Today is the Internet Slowdown, to show support for Net Neutrality.

If you want to participate, you can install the Cat Signal plugin on your WordPress.org site, or enable the setting for your WordPress.com blog.

Attaching Uploads to Custom Post Types

I’m working on a plugin that implements a custom post type, and it doesn’t need the editor, but I do want to upload files. I setup the everything like you normally would, but I noticed that the files weren’t being attached to the post when they were uploaded. I couldn’t find anything online, so I dug through […]

Continue reading...

Progressive Enhancement with Backbone.js

I’m mostly focusing on back-end development these days, so I’m a bit behind the curve on a lot of the recent front-end practices, but I’ve been playing around with Backbone.js a bit, and one of the things that’s been nagging me is the hard dependency on JavaScript for the core functionality of the site. Looking around for some […]

Continue reading...

Preventing Clickjacking on WordPress Sites

WordPress already sends the X-FRAME-OPTIONS header for wp-login.php and the Admin Panels in order to prevent clickjacking, but it doesn’t send it on the front end because that could interfere with remote services that legitimately frame parts of a site. That’s only relevant for a small number of pages, though, so I’ve added a snippet to my functionality plugin skeleton […]

Continue reading...

WordPress.tv Developer Presentation Roundup

I’m one of the mentors for WordPress’ SupportPress project in this year’s Google Summer of Code, and I wanted to put together a list of WordPress.tv videos to help introduce Varun to the WordPress community and some development best practices. I figured it’d be good to save it for future reference, so I’m also posting […]

Continue reading...

Challenges for the WordPress Community as it Matures

Mike Jordan’s post on the WordPress community has some great insight and challenging thoughts. The truth is, however, that our community does not have these rare traits simply because its members are just that awesome. The primary reason that our community is so approachable, is that for the first several years of its life we had to […]

Continue reading...