XML-RPC Enabled by Default in WordPress 3.5

XML-RPC will be enabled by default in WordPress 3.5, but I personally think that’s a bad idea from a security perspective. A fellow Seattle WP developer, Ben Lobaugh, explains why on the Trac ticket.. Luckily, it’s easy to disable it. Just add this to a plugin: add_filter( 'xmlrpc_enabled', '__return_false' ); I’ve added that to my […]

Continue reading...

Designing Object-Oriented Plugins for a Procedural Application

Note: This was originally a post to the Seattle PHP Meetup mailing list, but I’m reproducing it here to generate a discussion about the topic with people outside the meetup. * * * * I write a lot plugins for WordPress, and I like to make them object-oriented, even though WordPress itself is mostly procedural. […]

Continue reading...

Designers Shouldn’t Write Code

A discussion came up recently on the Seattle WordPress Meetup discussion board that hits on a big pet peeve of mine — designers writing code. After replying with my own thoughts, I wanted to see what other people were saying about the topic, so I did some searching and came across this essay by Davide Casali. […]

Continue reading...

(Well Organized) Options, Not Decisions

The “Decisions, not options” philosophy argues that giving users too many options can make tweaking a piece of software a difficult and frustrating experience. When a user wants to make a small change, and they find themselves presented with five pages of disorganized options, many will simply give up rather than wade through each one […]

Continue reading...

Don’t Move wp-config.php Outside the Document Root

Most WordPress security guides recommend moving wp-config.php outside of the Apache document root in order to prevent the database password being exposed if the PHP engine fails to parse the file, or from being readable to infected scripts running in the domain. Despite the conventional wisdom, though, this technique doesn’t solve those problems, and can actually […]

Continue reading...