All posts in WordPress

Security Reward for new Google Authenticator Plugin

by Ian Dunn

I just released a new plugin into the WordPress.org repository, and am fairly confident that it’s secure, but since it modifies some of the default login behavior, I’d love to get some extra eyeballs on the code. To that end, I’m offering a $150 Amazon.com gift certificate* to anyone who can find a significant vulnerability. By “significant”, I’m talking about… [more]

Reusing P2’s ajaxUrl Short-Circuits Other AJAX Requests

by Ian Dunn

I just spent awhile tracking down some odd AJAX behavior that was puzzling me, so I thought I’d share the solution. I was working on a plugin to extend P2  and my AJAX requests were always responding with -1. After a lot of digging and some trial-and-error, I figured out that it was happening because I was using P2’s ajaxUrl variable…. [more]

WordCamp Columbus 2013 Slides

by Ian Dunn

I’ll be speaking at  WordCamp Columbus 2013 this Saturday on implementing the Model-View-Controller pattern in plugins. If you’re attending and would like to follow along, you can  check out the slides .

WordCamp Seattle 2013 Slides

by Ian Dunn

I’ll be speaking at WordCamp Seattle 2013 tomorrow on creating object-oriented WordPress plugins. If you’re attending and would like to follow along, you can check out the slides .

WordPress’ Insularity and Architectural Shortcomings

by Ian Dunn

Even though a huge fan of WordPress and have chosen to develop for it exclusively, there are still some big areas where the underlying architecture is out of step with modern development practices. Mike Toppa just wrote a great response to that “Dire State of WordPress” article that’s been going around, where he defends WordPress against some of… [more]

How WordPress Saves Lives: Freedom, Hope and Custom Post Types

by Ian Dunn

Paul Clark’s presentation at WordCamp Phoenix 2013 is a must-watch for any developer who’s interested in using technology to advance human rights and social justice. He describes how his team used open-source technologies to help a human-rights organization in Burma manage their information in ways that have a direct impact on their mission and the lives of the people they support.

The Social Dynamics of Open-Source Contributions

by Ian Dunn

Diaries of a Core Maintainer #6: A Tale of Two Developers makes some insightful points about different approaches towards contributing to open source projects, and how collaboration and social dynamics can play a big role in whether or not the contributions are accepted. It’s written by a Drupal dev, but I’ve seen the same things at work in the WordPress community.  

Negativity and Meanness in Online Communities

by Ian Dunn

Here’s a thoughtful and insightful post by Jen Mylo on negativity and meanness in online communities .

Notices are Errors

by Ian Dunn

One of my big pet peeves with WP plugins and themes is that so many of them trigger PHP notices and warnings by failing to check if array indices exist before referencing them, or checking if a file exists before including it, etc. It may seem trivial, but even if you don’t care about the… [more]

Using Singletons in WordPress Plugins

by Ian Dunn

Eric Mann and Mika Toppa have been creating a interesting conversation about the use of the Singleton pattern within WordPress plugins. Eric started it with his article in defense of the pattern , and then Mike wrote a thoughtful response . Both make compelling cases for their position, and both avoid the teenage dickery that often accompanies these types of debates. The comments on each… [more]

Creating Object-Oriented WordPress Plugins That Implement MVC

by Ian Dunn

I’ll be giving a presentation at the  Seattle WordPress Developers Meetup tomorrow about how to write WordPress plugins that are both object-oriented, and implement the Model-View-Controller pattern. If you plan on attending, you can follow along with the slides and download the lab files .

Grandchild Themes in WordPress

by Ian Dunn

It’s not possible to create grandchild themes in the same way that you create child themes, but you can use a plugin to dequeue/enqueue stylesheets and scripts, and also override the locations of the main query templates. It’s obviously not the ideal solution, but there are cases where it may be the least-bad one.

Preventing a Plugin from Automatically Updating

by Ian Dunn

In an ideal world you’d never have to fork a plugin, because developers would always make their plugins extensible with hooks , just like WordPress itself does. But unfortunately that’s not usually the case, and it’s sometimes necessary to directly modify a plugin to make it do what you need. In those cases, you want to make sure that the plugin… [more]

XML-RPC Enabled by Default in WordPress 3.5

by Ian Dunn

XML-RPC will be enabled by default in WordPress 3.5, but I personally think that’s a bad idea from a security perspective. A fellow Seattle WP developer, Ben Lobaugh, explains why on the Trac ticket .. Luckily, it’s easy to disable it. Just add this to a plugin: I’ve added that to my security checklist for new installations, and updated my installation skeleton to include… [more]

Designing Object-Oriented Plugins for a Procedural Application

by Ian Dunn

Note: This was originally a post to the Seattle PHP Meetup mailing list, but I’m reproducing it here to generate a discussion about the topic with people outside the meetup. * * * * I write a lot plugins for WordPress, and I like to make them object-oriented, even though WordPress itself is mostly procedural. I think it… [more]

The Importance of Usability Testing

by Ian Dunn

Shane Pearlman just published an article on the importance of usability testing that has some good advice. One of the tools mentioned is usertesting.com , which looks like an easy way to get feedback on projects.

Don’t Move wp-config.php Outside the Document Root

by Ian Dunn

Most WordPress security guides recommend moving wp-config.php outside of the Apache document root in order to prevent the database password being exposed if the PHP engine fails to parse the file, or from being readable to infected scripts running in the domain. Despite the conventional wisdom, though,  this technique doesn’t solve those problems , and can actually create new problems if… [more]

WordPress Bug Causes Error in XML-RPC Clients

by Ian Dunn

I’ve been having a hard time figuring out an error that a client’s been getting in the Android and iOS apps for WordPress, but finally found the reason. The problem was that, when adding new posts with images, the post would be saved and the image would be uploaded and attached to the post, but… [more]

Getting Pricing Right

by Ian Dunn

Code Poet just released a free eBook called Getting Pricing Right that interviews Mark Jaquith, Remkus de Vries and Shane Pearlman on setting consulting rates and miscellaneous related topics. It’s short and contains a lot of good advice, as well as links to a lot of resources.

Add this ribbon to your WordPress website re-abolish slavery