Make theme by TTF was reviewed by Justin Tadlock and Emil Uzelac. Some interesting insights worth reading for WordPress Theme Developers.
A few months ago, we asked Justin Tadlock and Emil Uzelac, of Theme Review, Co. to undertake a code review of Make and Make Plus. For those who don’t know, both are senior reviewers at WordPress.org (and Emil is now a reviewer at Envato). It was humbling — and also a great experience to have these two well-respected theme experts in the WordPress community take a deep dive into our code and scrutinize every line. Now that we’ve had some time to collect our thoughts on the process, here are some of the things we learned from Justin and Emil’s feedback, that we think will help other theme developers better their own code.
Translated strings should be escaped too
Justin and Emil noted that we had done an excellent job escaping output from the database and user inputs. This is a standard practice for keeping code secure and preventing XSS vulnerabilities. However, one area that we had overlooked in some cases was translatable strings. Any string that’s included inside one of the translation functions, such as
__( ‘Hello world.’, ‘make’ )
will be replaced with the corresponding string in an .mo file, if it exists. Each language has its own .mo file, usually provided by a different translator.
Alex was a synonym for WordPress to me in the early years. RIP.
Alex speaking at WordCamp SF 2009 One of the original WordPress developers, Alex King, has passed from cancer at far too young an age. Alex actually got involved with b2 in 2002 and was active in the forums and the “hacks” community there.
Alex had a background as a designer before he learned development, and I think that really came through as he was one of those rare people who thought about the design and usability of his code, the opposite of most development that drifts toward entropy and complexity. One of my favorite things about Alex was how darn tasteful he was. He would think about every aspect of something he built, every place someone could click, every path they could go down, and gave a thoughtfulness to these paths that I still admire and envy today.
As an example look at his project page (essentially a category archive) for the Post Formats Admin UI, isn’t that clever and intuitive how the posts connect together, and when more time passes in the thread it’s shown as a break. It’s classic Alex: something simple and thoughtful that in hindsight is so gobsmackingly obvious you wonder why everything doesn’t work that way, but you never would have imagined it beforehand.
Alex King, one of the original contributors to WordPress, founder of CrowdFavorite, and all around nice guy has passed away after a battle with cancer.
With the launch of Apple's OS X El Capitan, Safari introduced Pinned Tabs with Icons. Here's how you can add one for your WordPress site, by Yoast!
With the release of Mac OS X 10.11, Safari finally got pinned tabs. While all other browsers use a site’s favicon for the pinned tab, Apple deemed that “not esthetically pleasing enough” and created a new type of icon for it, which they call a “mask-icon”. By default, they’ll use the first letter of your domain if you don’t have such an image. You need a black SVG image, a hover color and some time to do a tiny bit of coding. Should you do this? Yes. Of course. Anywhere where you can control the branding of your site, where you can make it easier for people to recognize you, you should. Just compare our nice logo to the bland “Y” in the image below:
The required SVG image
Per the guidelines, the image needs to be a square SVG image, with a transparent (or simply: no) background, and all vectors 100% black. I had to try a few times before I got it working due to having some leftover (empty) vectors in there that weren’t set to black. You also need to determine which color you want to use on hover and for the active state of the pinned tab.
The mask-icon line of code needed
The line for the mask-icon is simple:
Just add it in your
Every member of the team here does their coding in PhpStorm. They love it. I'm the only holdout still clinging to Sublime Text, but Iain's article this week does tempt me to make the switch. The code sniffing, hook code completion, and hook navigation are all very impressive and not available in Sublime Text as far as I know. Check it out...
The majority of the Delicious Brains team use (everyone except Brad!), the PHP IDE from JetBrains, as their go-to code editor, development environment, and all-round PHP best friend. Many people (like Brad!) swear by using a lean and fast code editor like Sublime Text, and would find PhpStorm much slower, larger and possibly daunting to use. However, as an integrated development environment, PhpStorm offers so much more than just editing code.
In this article I will walk you through some the features that make it great for WordPress development and show you why I, and many others, love it.
As of version 8.0, PhpStorm introduced some very neat WordPress integration which makes using PhpStorm for WordPress plugin, theme, and site development even easier. A complete rundown of the new WP features can be found here.
PhpStorm now recognizes a WordPress related project and will ask you to point it in the direction of your installation path. It will also check to see if you want to add the installation to the PHP Include paths:
This will enable the IDE to fully understand the WordPress codebase giving you some excellent benefits. If your wp-content directory is outside
Getting responsive images functionality baked in the core is really important for WordPress theme standards to move forward. Get involved #feature-respimg on Slack. Or try the plugin at GitHub.
The RICG WordPress Team is proposing a partial merge of the RICG Responsive Images plugin into core in version 4.4. Specifically, we are proposing to add native srcset and sizes support to WordPress (ticket #33641). Purpose
As of today, the average web page currently weighs over 2 MB with the majority of those bytes being attributed to images. Screen density and display sizes continue to increase and site owners are including larger image assets to keep up, causing slower page load times for people on smaller/older devices and on slower/expensive network connections. We have the opportunity to make a huge impact on the ~25% of the web that runs on WordPress by adding responsive image support out of the box so sites can serve appropriate sizes images to all users.
The initial plugin idea was conceived by Tim Evko and Chris Coyier in April of 2014 before becoming the basis for the official WordPress implementation from the Responsive Images Community Group last November. Since that time, the plugin has been downloaded over 40,000 times and is actively installed on over 10,000 WordPress sites. We’ve gotten input from many WP core committers during regular meetings in
A different take on embeding links to WordPress posts. Instead of oEmbed endpoint, this plugin uses the Open Graph data, that is available on most modern websites already.
Today, I’d like to introduce our latest addition to the 40k+ pile of plugins in WordPress.org repository – Content Cards. As it says in the description, this plugin makes ordinary web links great by making it possible to embed a beautiful Content Card to link to any web site. Unlike the oEmbed API feature plugin, that was just proposed to be merged into the WordPress Core, Content Cards tackles the problem of creating rich content cards out of simple links from the other end. Instead of trying to provide a new way for the embeding side to get information (oEmbed endpoint), we focused on using the information that most modern websites already provide – Open Grahp meta data.
Open Graph is a meta data format, that was introduced by Facebook and is now used by most mayor social networks to generate those nice, rich link previews whenever you try to share a link. Like in a picture below. You only paste in a link, and Facebook grabs an image, a title and a description from the website automatically.
For this system to work, the website in question has to provide the required information via special in its HTML. There are quite a few WordPress plugins that set those tags for you automatically
BEM is a logical standard of writing CSS it helps make CSS more Semantic. BEM's hierarchical naming convention helps a team of developers to understand the structure of a website and to work uniformly.
If you develop WordPress themes, you already have some kind of a workflow. But, what about CSS? As far as I know, some developers choose to write CSS with frameworks like Bootstrap, Foundation and what not, while other’s don’t. I belong to the later type, people who don’t use CSS frameworks whatsoever. Which is why I end up reading a lot about standard practices of writing CSS because let’s face it, screwing up is real easy when you don’t know the standards. If you are not a Copy Paste Programmer, then you should care about stuff like this.
Again Why Should I Care?
TL;DR You should care because I have seen too many front-end developers who know less about CSS and more about Bootstrap, which limits their thinking and we all end up with boring web design.
Apparently if you have the Contact Forms module active and are using forms, there's another XSS vulnerability.
Jetpack 3.7.2 is available for download and patches two security vulnerabilities. The first is a cross-site scripting vulnerability in the contact form due to improper input sanitation that affects Jetpack 3.7.0 and below. Marc-Alexandre Montpas of Sucuri is credited with responsibly disclosing the vulnerability. The second is an information disclosure vulnerability present in certain hosting configurations responsibly disclosed by Jaime Delgado Horna of Listae. In addition to patching the vulnerabilities, 3.7.2 also fixes an error with the REST API that creates multiple drafts and published posts. Other notable fixes includes:
Updating the Google+ logo in our sharing buttons.
Adding custom capabilities for module management for multisite installs.
Fixing a bug that was sending the contact form response fields in the wrong order.
Montpas has additional information on the cross-site scripting vulnerability discovered in Jetpack on the Sucuri blog, including a timeline of events. Please update to Jetpack 3.7.2 as soon as possible to protect your sites.
A list of the hottest-trending WordPress plugins and themes — each week. The list is ranked by active installs across GoDaddy’s millions of WordPress installations as measured by the greatest net gain in the number of active installs from the previous week.
Copyright © 1999 - 2015 GoDaddy Operating Company, LLC. All Rights Reserved.
The issue with db.php drop-in and how we dealt with it in VersionPress 2.0
In VersionPress 2.0, apart from sync / staging and revamped UI, we also took a look at a long-standing issue we have with the db.php drop-in. This blog post will be a bit technical but the TL;DR is that we will now be able to run side-by-side with some popular plugins like W3 Total Cache or Query Monitor and generally work on sites that need to use the database drop-in for some reason. The problem
VersionPress needs to observe database operations quite closely because whatever goes there, also needs to be potentially stored in the Git repository. Some other plugins like VaultPress depend solely on WP hooks & filters but that was not good enough for us for two main reasons:
Hooks don’t cover everything. While they might cover a lot, maybe something like 95%, we need to track the site as a whole, i.e., 100%.
Third-party plugins are a problem here because they usually don’t provide hooks, or not many of them.
So we need to be quite close to the database and observe the traffic that goes into it. Unfortunately, while WordPress provides many extensibility points at a higher level, there are very few of them at the low, database level. In fact, there are only two, both added way back in 2007
Offering top-notch support is essential if you're going to make your plugin a success. This article describes three of the leading solutions in the field.
Successful WordPress developers agree – a great customer support system is mandatory if you want your plugin to make it in the market. There are lots of great customer support solutions out there but which platform is best for you? You’ll want to choose one that best complements how you work and what your customers need while also matching your budget and customer service priorities.
In this article we’ll step through the features of popular customer support systems from Help Scout, Zendesk and Desk.com to help you decide which one is right for you.
Let’s get going!
Help Scout Is an Easy-to-Use and Collaborative Support Platform
Users love because it’s easy to set up and offers an intuitive layout. This service provides a shared inbox for you and your team which lets you collaborate on customer response. Help Scout offers email, phone and ticketing options but not live support.
This scalable customer support system lets you assist customers across a wide range of platforms: Windows, Windows Mobile, Android, iPhone and iPad options are all supported in addition to standard desktop browser access.
Help Scout offers full support for users in the USA, UK, Canada, Europe, Australia, and
WooCommerce is the most popular free eCommerce plugin for WordPress. The WooCommerce plugin was launched back 2011 and now it has approximately 10 million downloads and 4.5-star rating on WordPress.org, with 1000+ reviews. . Although the basic WooCommerce plugin is totally free, you do have the option to extend its functionality using WooCommerce extensions. In fact, if your goal for your e-store is to reach enterprise levels, then it’s always a good idea to invest in couple of these extensions to help expand your business.
There are many Open Source ecommerce building software available on the web these days and each has its own unique following. Building and maintaining an ecommerce store is not an easy task as it involves regular troubleshooting and updates. You may want to add new features as the time passes by. Plus, there is always the need of optimization. On top of everything, you need to make sure your visitors find your web store simple and efficient.
To create a simple store, you will most probably be using WooCommerce, the fastest growing and most-used ecommerce plugin for WordPress.
[Read: How to setup a WooCommerce store]
WooCommerce powers almost 22% of the ecommerce stores on the web. It is popular because of its powerful and easy-to-use features that usually come out of the box. Furthermore, the features of WooCommerce can be further extended by adding extensions.
[Read: Got a WooCommerce design problem? One of these agencies may help you out.]
In this post, we are going to explore WooCommerce extensions that you can use to add more features and make your life easier.
UltimateWoo is a plugin suite for WooCommerce. It’s something like Jetpack for WooCommerce. Though I generally do not prefer
We had a great chat with Jason Resnik last week and he is been so amazing to share about his journey in the WordPress world. He told that he started working with WordPress when he was an employee at agency back in 2007. He use to setup blogs on websites. In 2012, he totally shifted his focus to WordPress. The reason behind that shift was WordPress provides powerful user interface and the tight-knit community.
With more than 16 years of experience as a web developer under his belt, Jason Resnick is one of the most famous WordPress mavens in the community. He is currently associated with Wajig, an evolving WordPress company, as a solutions specialist. He is also the owner of a firm that provides security solutions for WordPress websites. He is a devoted family man, who enjoys playing hockey, football in his spare time. We at Cloudways thank Jason Nick for sharing with us his precious time for our trademark interview series. In this interview, he has spoken at length about his early freelance experiences, business ventures, interests, and above all his motivation for living the life to the fullest. You can catch him live at WordCamp NYC 2015.
Cloudways: Jason, you are a development virtuoso. With 16 years of experience in web development under your belt, share your journey with us. How did you come across WordPress? What other platforms have you worked on?
Jason: Thanks so much for the kind words! One day, while I was sitting at my desk at the agency I was working at full time, I was literally starting to nod off looking at a screenful of code. I could barely keep my eyes open, even with the
Would you like to live customize the styles of your Contact Form 7 Forms? Well, that's what I have built, and it's free.
We always hope for the easy fix: the one simple change that will erase a problem in a stroke. But this is not a good strategy, though, to be honest, almost every theme I build I end up providing my clients with some basic styling for their use of Contact Form 7 plugin — the easy fix. I suppose it is tempting, if you are any good at development, to treat everything as if it were a product you plan to build next, and then there is this sound of your inner self, telling you to stop doing whatever you’re up to and “You know what I should build a plugin to solve this problem!“.
The only thing more frustrating than a problem is knowing that you can solve it. Best products are built when you solve a problem. That’s what I did here. I have built a plugin which you can use to customize your contact form 7 forms, regardless of the theme you are using.
So, yes! I decided to listen and do what I feel like doing. I knew that the lesson will always repeat itself unless I see myself as the problem–not others. You must be thinking what lesson? What is all this? What about CF7 Customizer. So, let’s put an end to this horrid description of how I started building Contact Form 7 customizer and move on
A team of WordPress contributers ask to consider extending the built-in oEmbed feature by merging the oEmbed API plugin into WordPress core. This allows you to embed WordPress posts in your WordPress posts.
For the past 6 years, users have been able to embed YouTube videos, tweets and many other resources on their sites through a nifty feature called oEmbed. Today, we (mainly me, @pento and @melchoyce) ask to consider extending this feature by merging the oEmbed API plugin into WordPress core. This plugin allows anyone to embed posts from your site by just pasting its URL. We’ve been working hard on it for months and are now eager to hear your feedback.
Purpose & Goals
While I initially built an early version of the plugin about a year ago, it was @melchoyce who kicked things off with #32522. Her idea was simple: When you can embed almost anything in a WordPress post, why aren’t we able to embed WordPress posts themselves in another WordPress post?
That’s exactly what we’re aiming for. Our goal is to allow a big portion of the web to easily and securely embed such post previews.
Have a look at this post to see the user flow for this feature (and a live demo!):
Embedding content from a random source on your site depends on lots of trust. We take precautions to make the whole process as easy as possible. It’s worth noting that:
We use iframes with the sandbox attribute
Some fun and quick tips to make WordPress easier and faster to use, each with an animated GIF. Nice post to share with clients.
RSS and email subscribers may need to view this one in a browser. It should be worth it. WordPress does a lot of things! It helps you build features, write and edit content, manage all that information, and even interact with visitors through comments. When you’re starting to learn WordPress, there’s so much to take in! Oftentimes, some of the nicest small features—the ones that either improve the interface or save you time—get lost in the shuffle. So here are my favorites, each provided with a real visual walk-through of the tip.
In a first for my blog, I’ve created GIFs to show you how each feature actually works! Click any image and you’ll get a quick walk-through of the tip.
Let’s start with a bang. This is one of my favorite features of WordPress and it’s gotten better over time. Whenever you want to feature content from Facebook, Twitter, YouTube, Vimeo, Instagram, and a whole host of other sites, just paste the URL in your post!
SHIFT + ENTER
Sometimes, you really need a single line break in the editor.
Paste a URL to get a Link
Added in a recent version of WordPress, this tip will save you some time when you want to add a link.
Click Admin Bar to Scroll to Top
Caldera Forms form export are getting a lot shiny in Caldera Forms 1.3.1. Learn more here.
Important: the export functionality changed in Caldera Forms 1.3.1. In previous versions export as json was the only option. Caldera Forms provides two ways to export forms. The simplest way is to export it as a JSON file. This method is best for backups and moving form configurations between environments. In addition, you can export your form to a file that can be added to a plugin. This is a more advanced option for developers.
Exporting A Form
In the main Caldera Forms admin page, each form is listed with various options underneath it. This includes an “export” link. When you click this link, you will see a new modal. The default option is “Backup/ Importable (json)”. This is the option that you will use most of the time.
Simply click the “Export Form” button to download your form. This file can be used as a backup. It can also be used to import the form into another site or the same site, using the “Import” button at the top of the main Caldera Forms admin page.
Using export files is an excellent way to create backups and perform simple migrations or versioning form configuration.
Exporting As A PHP File
By default Caldera Forms configuration is stored in the database. While this
Jeff Chandler has been talking a lot about Comments in WP. He has experimented and found these 6 plugins to be really useful. His thoughts about these plugins have a 'must read' status for me.
Last week, I shared the lessons I learned and the drawbacks to moderating comments in WordPress. In this post, I highlight six plugins that solve a problem I encountered or enhance comments for both readers and site administrators. All of the plugins are free of charge and available from the WordPress plugin directory. Problem Solvers
I discovered that not all comments need to be moderated. , by Postmatic, gives readers the ability to report comments they feel don’t adhere to a site’s commenting policy.
When enabled, a new option is displayed on the General – Discussion settings page. You can configure how many reports a comment needs before it’s sent to the moderation queue and whether administrators should be notified when it happens.
If an administrator approves a comment that’s in moderation due to hitting the threshold, it won’t end up back in the moderation queue. This gives administrators the last word on whether a comment is acceptable or not.
If you think a comment needs an administrator’s attention or does not adhere to the WP Tavern commenting policy, hover over the comment and click the report button. A new column is added to edit-comments.php that displays
In May 2014 we published Nelio External Featured Image, a plugin for using any image in the world wide web as your post's featured image. A few weeks ago, we released a new version of the plugin to improve its compatibility with certain themes. Unfortunately, things did not work as we expected... We'd like like to share the experience. In particular, we'll share how the plugin works, why it needed the update, what went wrong, and how we fixed it.
As you may already know, you can only set the featured image of your posts using the images available in the Media Library. In May 2014 we published a simple, yet very powerful plugin to overcome this limitation: Nelio External Featured Image (NelioEFI for short). With NelioEFI, you can use any image in the world wide web and set it as your post’s featured image. Since we first released NelioEFI, the plugin has been downloaded over 18,000 times and it’s currently active in more than 5,000 WordPress installations. A few weeks ago, I released a new version of the plugin to improve its compatibility with certain themes, but things didn’t work out as expected. Today, I’ll help you to understand how the plugin works, why it needed the update, what went wrong, and how we fixed it.
How Featured Images Work
By default, if you want to set the featured image of a post, you can only use one of the images available in the Media Library. As I already said, our plugin tries to overcome this issue and extend the functionality to any image… but before diving into the details of our plugin, I think it’s worth taking a look at how WordPress deals with the images you upload to the Media Library. When
63% of online shopping carts are abandoned, this is a plugin I use to greatly reduce that on my site.
Abandoned shopping carts are a growing problem for online retailers, an Abandoned cart is when a site visitor adds items to their cart but then leave the site without making payment and completing the purchase. Approximately $4 trillion worth of merchandise will be abandoned in online shopping carts this year, and about 63% of that is potentially recoverable by savvy online retailers, according to BI Intelligence estimates. Source.
63% is a huge amount of sales going uncompleted, if you think about it, for every 100 people who visit your site and add at least one item, 63 of them will leave without purchasing – imagine if you could convert those customers who leave ? That’s a big boost to your sales.
So why do shoppers leave without completing their purchase ? Take a look at this survey’s results conducted by WorldPay:
As you can see, some of the top reasons are related to pricing – the top result is unexpected costs ( postage too much? ), Found a better price elsewhere and overall price too expensive.
Today we are looking at a plugin called “Abandoned Cart Pro” which is designed to help you convert those shoppers who leave without completing their purchase into paying customers. It
There are many ways to harden the security of any WordPress site and here are a few proven solutions that will enhance your WordPress security.
There are many settings, code tweaks and security solutions that can go a long way to making a WordPress site as secure as possible. BUT… if users on a WordPress site are using simple passwords it really doesn’t matter how secure you make the site.
Let’s all take a quiz together:
Does your WordPress user password contain uppercase and lowercase letters, numbers, and symbols?
Does your WordPress user password not contain any real words that can be found in the dictionary?
Is your WordPress user password unique and not used on ANY other website or login?
Do you have different passwords for your web host control panel login, for your FTP access (or SSH access), your login password to your domain registrar (and any place that might also handle your DNS information), and for your email address that might be linked to that WordPress website?
Strong Passwords are the Best WordPress Security
If you answered YES to all four of these questions… congratulations, you are using strong passwords in the best possible manner in which to enhance your WordPress security.
In the most recent update to WordPress, strong passwords are now a requirement for WordPress security. But the problem with this new
John Blackbourn is part of the effort to improve how WordPress works with HTTPS. The core team is looking for sites that have an "interesting HTTPS configuration".
An ongoing goal of WordPress is to improve the way it works for sites that use HTTPS, and more specifically sites that run a mixture of schemes (for example, HTTPS in the admin area but HTTP on the front end). One of the most visible bugs currently is that media in an HTTPS admin area is served over HTTP unless the ‘WordPress Address’ setting (siteurl) also uses HTTPS, which means that the FORCE_SSL_ADMIN constant isn’t a complete drop-in solution to securing your admin area.
Addressing all the possible configurations of HTTPS is difficult, so I’d like to put out a request for anyone who’s using a particularly interesting HTTPS configuration on your site to let us know what your setup is.
Of particular interest would be a site that’s using different domain names for HTTPS and HTTP, different domain names for the admin area and front end, different ports anywhere, self-signed certs for the admin area, HTTPS admin areas with additional access restrictions, multisites with and without domain mapping that use a mixture of HTTPS and HTTP, etc.
If your site has an interesting HTTPS configuration, and of course if it suffers from scheme related bugs as a result, please let us know in the comments
Includes React-based dev stack and a couple of new UI features
Share this:TwitterFacebookGoogleRedditLike this:…