Flushing Rewrite Rules on All Sites in a Multisite Network

TL;DR: View the code on Meta Trac. Every once in awhile I’ll run into a situation where something will break permalinks on all the sites in a WordPress Multisite network, like a plugin network-activation gone wrong. On a single site, it’s easy enough to fix by manually visiting Settings > Permalinks, which will flush and rebuild the rewrite […]

Continue reading...

Attaching Uploads to Custom Post Types

I’m working on a plugin that implements a custom post type, and it doesn’t need the editor, but I do want to upload files. I setup the everything like you normally would, but I noticed that the files weren’t being attached to the post when they were uploaded. I couldn’t find anything online, so I dug through […]

Continue reading...

Progressive Enhancement with Backbone.js

I’m mostly focusing on back-end development these days, so I’m a bit behind the curve on a lot of the recent front-end practices, but I’ve been playing around with Backbone.js a bit, and one of the things that’s been nagging me is the hard dependency on JavaScript for the core functionality of the site. Looking around for some […]

Continue reading...

Preventing Clickjacking on WordPress Sites

WordPress already sends the X-FRAME-OPTIONS header for wp-login.php and the Admin Panels in order to prevent clickjacking, but it doesn’t send it on the front end because that could interfere with remote services that legitimately frame parts of a site. That’s only relevant for a small number of pages, though, so I’ve added a snippet to my functionality plugin skeleton […]

Continue reading...

WordPress.tv Developer Presentation Roundup

I’m one of the mentors for WordPress’ SupportPress project in this year’s Google Summer of Code, and I wanted to put together a list of WordPress.tv videos to help introduce Varun to the WordPress community and some development best practices. I figured it’d be good to save it for future reference, so I’m also posting […]

Continue reading...

Challenges for the WordPress Community as it Matures

Mike Jordan’s post on the WordPress community has some great insight and challenging thoughts. The truth is, however, that our community does not have these rare traits simply because its members are just that awesome. The primary reason that our community is so approachable, is that for the first several years of its life we had to […]

Continue reading...

Hide PHP Warnings and Notices from Poorly Written Plugins

Update: Zack Tollman wrote a plugin called Ostrichize that does an even better job of this, so I’ve reverted my version out of my functionality plugin skeleton and will use his in the future. Pro tip: search for existing code before writing new code ;) * * * There are a lot of WordPress plugin and theme […]

Continue reading...

The Right Way to Customize a WordPress Plugin

Video: I presented on this topic at WordCamp Dayton 2014. It’s very common for developers to customize and extend existing plugins to fit their own needs, which is one of the great advantages of using open-source software. They often do it by making their changes directly to the plugin, though, which creates a security vulnerability […]

Continue reading...

Security Reward for new Google Authenticator Plugin

I just released a new plugin into the WordPress.org repository, and am fairly confident that it’s secure, but since it modifies some of the default login behavior, I’d love to get some extra eyeballs on the code. To that end, I’m offering a $150 Amazon.com gift certificate* to anyone who can find a significant vulnerability. By “significant”, […]

Continue reading...

Reusing P2’s ajaxUrl Short-Circuits Other AJAX Requests

I just spent awhile tracking down some odd AJAX behavior that was puzzling me, so I thought I’d share the solution. I was working on a plugin to extend P2 and my AJAX requests were always responding with -1. After a lot of digging and some trial-and-error, I figured out that it was happening because I was […]

Continue reading...