I just finished the first version of a new WordPress installation template called Regolith . I’ve been using my personalized fork of Mark Jaquith’s WordPress Skeleton for the past several years, but recently came across Bedrock and really liked it. I started playing around with it, but quickly discovered that the tools and practices it embraced were a bit overkill for my personal projects, so I… [more]
All posts tagged Mark Jaquith
In an ideal world you’d never have to fork a plugin, because developers would always make their plugins extensible with hooks , just like WordPress itself does. But unfortunately that’s not usually the case, and it’s sometimes necessary to directly modify a plugin to make it do what you need. In those cases, you want to make sure that the plugin… [more]
Normally any kind of global values that don’t change within a program’s execution should be defined as constants, but text domains within internationalized WordPress plugins are an exception to that rule. Mark Jaquith explains why it’s important to use a string instead .
Check out Mark Jaquith’s post on the PROTECT IP Act for a basic rundown on why it’s bad and what you can do to help stop it.
Mark Jaquith recently gave a good presentation on writing secure WordPress themes and plugins at Wordcamp Phoenix 2011. The notes are also available. The main points are: Protect against SQL Injection by using the API whenever possible (because it automatically handles data sanitization). If the API can’t do what you need, use $wpdb->prepare(). Protect against Cross-site Scripting by sanitizing any output with esc_html(), esc_url(),… [more]