Why Websites get Hacked is a good high-level article to sends to clients or friends who don’t understand why someone would want to attack their site — and therefore doesn’t see the need to protect it — or are curious about how it happens.
Category Archives: WordPress
Internet Slowdown
Today is the Internet Slowdown, to show support for Net Neutrality.
If you want to participate, you can install the Cat Signal plugin on your WordPress.org site, or enable the setting for your WordPress.com blog.
Attaching Uploads to Custom Post Types
I’m working on a plugin that implements a custom post type, and it doesn’t need the editor, but I do want to upload files. I setup the everything like you normally would, but I noticed that the files weren’t being attached to the post when they were uploaded. I couldn’t find anything online, so I dug through […]
Progressive Enhancement with Backbone.js
I’m mostly focusing on back-end development these days, so I’m a bit behind the curve on a lot of the recent front-end practices, but I’ve been playing around with Backbone.js a bit, and one of the things that’s been nagging me is the hard dependency on JavaScript for the core functionality of the site. Looking around for some […]
Preventing Clickjacking on WordPress Sites
WordPress already sends the X-FRAME-OPTIONS header for wp-login.php and the Admin Panels in order to prevent clickjacking, but it doesn’t send it on the front end because that could interfere with remote services that legitimately frame parts of a site. That’s only relevant for a small number of pages, though, so I’ve added a snippet to my functionality plugin skeleton […]
WordPress.tv Developer Presentation Roundup
I’m one of the mentors for WordPress’ SupportPress project in this year’s Google Summer of Code, and I wanted to put together a list of WordPress.tv videos to help introduce Varun to the WordPress community and some development best practices. I figured it’d be good to save it for future reference, so I’m also posting […]
Challenges for the WordPress Community as it Matures
Mike Jordan’s post on the WordPress community has some great insight and challenging thoughts. The truth is, however, that our community does not have these rare traits simply because its members are just that awesome. The primary reason that our community is so approachable, is that for the first several years of its life we had to […]
Hide PHP Warnings and Notices from Poorly Written Plugins
Update: Zack Tollman wrote a plugin called Ostrichize that does an even better job of this, so I’ve reverted my version out of my functionality plugin skeleton and will use his in the future. Pro tip: search for existing code before writing new code ;) * * * There are a lot of WordPress plugin and theme […]
WordCamp Seattle Call for Speakers
We just posted the Call for Speakers for WordCamp Seattle 2014. If you’ve got some knowledge or experience you’d like to share with the WordPress community in Seattle, check it out.
WordCamp Dayton 2014 Slides
I’ll be speaking at WordCamp Dayton 2014 this Saturday about best practices for customizing WordPress plugins. If you’re attending and would like to follow along, you can check out the slides.
Sexual Harassment at WordCamps
It’s really disheartening to read stories like this coming out of the WordPress community, but kudos to Sarah for speaking out about it. We all need to be more aware of these issues and look for ways to prevent things like this from happening in the future.
The Right Way to Customize a WordPress Plugin
Video: I presented on this topic at WordCamp Dayton 2014. It’s very common for developers to customize and extend existing plugins to fit their own needs, which is one of the great advantages of using open-source software. They often do it by making their changes directly to the plugin, though, which creates a security vulnerability […]
New RSS Feed for WordCamp Announcements
WordCamp.org now has an RSS feed that announces when new WordCamps are scheduled.
Programmatically Sign-on a WordPress User
I came across a post on WP Recipes about programmatically logging users in, but it seemed like a flawed approach because it duplicated parts of Core’s internals rather than using the API. So, I can up with my own version:
Video from MVC presentation at WordCamp Columbus 2013
The video from my presentation on the Model-View-Controller pattern at WordCamp Columbus 2013 is now available on WordPress.tv.
Security Reward for new Google Authenticator Plugin
I just released a new plugin into the WordPress.org repository, and am fairly confident that it’s secure, but since it modifies some of the default login behavior, I’d love to get some extra eyeballs on the code. To that end, I’m offering a $150 Amazon.com gift certificate* to anyone who can find a significant vulnerability. By “significant”, […]
Reusing P2’s ajaxUrl Short-Circuits Other AJAX Requests
I just spent awhile tracking down some odd AJAX behavior that was puzzling me, so I thought I’d share the solution. I was working on a plugin to extend P2 and my AJAX requests were always responding with -1. After a lot of digging and some trial-and-error, I figured out that it was happening because I was […]
WordCamp Columbus 2013 Slides
I’ll be speaking at WordCamp Columbus 2013 this Saturday on implementing the Model-View-Controller pattern in plugins. If you’re attending and would like to follow along, you can check out the slides.
WordCamp Seattle 2013 Slides
I’ll be speaking at WordCamp Seattle 2013 tomorrow on creating object-oriented WordPress plugins. If you’re attending and would like to follow along, you can check out the slides.
WordPress’ Insularity and Architectural Shortcomings
Even though a huge fan of WordPress and have chosen to develop for it exclusively, there are still some big areas where the underlying architecture is out of step with modern development practices. Mike Toppa just wrote a great response to that “Dire State of WordPress” article that’s been going around, where he defends WordPress […]