Tag Archives: WordPress

Integrate Twitter @Anywhere into Your WordPress Comments

You may have noticed that, a few weeks ago, I added a new field to the comment form here on Webmaster-Source. A new “Twitter ID” field lets you input your Twitter username so it can be displayed next to the name you enter, complete with hovercards from Twitter @Anywhere.

I shared the code I had thrown together with Ben Gillbanks of BinaryMoon, who now has an easy to follow tutorial available on his site. Ben cleaned the code up a bit and made some enhancements, such as some sanitization and a cookie to make the form field remember the user’s input.

If you want to add some additional social media integration to your blog, be sure to give the tutorial a look.

How to Integrate Twitters @Anywhere with your WordPress Comments [BinaryMoon]

Michael Martin of Pro Blog Design to Launch PliablePress

On May 10th, Michael Martin, the blogger and designer behind Pro Blog Design, will launch his latest business venture: PliablePress.

PliablePress is going to be a purveyor of quality WordPress themes, particularly ones that “aren’t simple little themes that you can turn out in a weekend.”

The themes will all be based upon the custom “Chameleon” framework. It offers some functionality along the lines of Thesis or the WooFramework, letting the end user make customizations without digging into the template files.

Even though all of our other themes use Chameleon as a groundwork, you can use it on its own as well.

On its own, Chameleon is an ultra-clean, professional looking site. You might find that it’s already everything you want in a web design

I’m looking forward to seeing what the PliablePress themes, and the framework itself, will be like. It should be interesting.

Will Automattic Launch a Hosted BuddyPress to Replace Ning?

Ning users were less than happy when the niche social network provider announced that they where ending their popular free service and forcing everyone to either pay up ($4.95-$24.95 per month) or leave the service.

The most-suggested alternative is none other than BuddyPress, the “social networking in a box” system built atop of WordPress.

This lead me to an interesting thought. While I generally advocate the purchasing of one’s own domain and hosting, this isn’t always within the financial or skill range of the individual seeking to launch a small social network for a group of friends. I wonder if Automattic has thought to capitalize on Ning’s mass exodus of users by launching a hosted BuddyPress service, a la WordPress.com?

It doesn’t sound all that far-fetched of an idea. Of course, I don’t pretend to know what the Other Matt and company deem to be a smart business move. I also don’t know if they would consider the platform to be mature enough yet.

Anyway, if Automattic doesn’t do it, I imagine some enterprising developer would sooner or later.

I’m Going to be Working with WordPress for GSoC

Some of you may have seen my tweet yesterday. I’ve been accepted into the Google Summer of Code program by the WordPress project. You can read the announcement, with all 15 of the chosen applicants, on the WP development P2 blog.

Matt Harzewski, comment moderation improvements and associated dashboard improvements. Mentor: Austin Matzko (filosofo).

Wow. I’m still a little bit surprised, and excited. 79 submissions seemed like such a big number.

I may end up posting a little less over the summer as a result, as GSoC will cut into my time a bit. (I’m not stopping entirely, I promise. Just a post or two less each week.) I’ve been blogging almost daily here for four years, so I don’t think it’s too unreasonable to dial-back the frequency of my posting for two months. :)

Twitter @Anywhere Plugin for WordPress

Want to easily add the basic features of Twitter @Anywhere to your WordPress blog? There’s already a plugin for that. It adds the requisite JavaScript for you, allowing you to enable or disable features with simple options in the WordPress Admin.

Currently it supports the auto-linking of Twitter usernames and the nifty “hovercards” feature of @Anywhere. It also can add a tweet box below you blog posts, making it easy for your visitors to update their Twitter statuses.

Some features I would like to see in future releases are:

  • Custom selectors for linkifying and hovercards. A form field could allow the administrator to enter CSS selectors, one per line, and the values would be dumped into the JavaScript function as an argument. (It’s a simple matter of using PHP’s explode() and implode() functions to replace the linebreaks with comma delimiters.)
  • An option to define a default template for the tweet box. E.g. “Reading: {post_title} {short_link}.” That way, visitors would be presented with a predefined tweet to customize, increasing the likelihood of your post being tweeted.

It’s a good start for a plugin, particularly one based on a platform so newly released. Hopefully its development will continue once its approved into the plugin repository.

It’s a Hosting Issue, Not a WordPress One

There has been some misinformation going around about an alleged security vulnerability in WordPress 2.9.2. A bunch of websites were recently compromised, and some people have tried to assign the blame to WordPress. The issue, however, comes from shared web hosts not taking the proper precautions to prevent users from accessing configuration files they shouldn’t have filesystem permissions for.

The exploit, in essence, involves capturing a WordPress blog’s database details from wp-config.php by having a hosting account on the same server, and building malicious script to open files outside of the zone that should be permissible. (Think along the lines of ../../other_users_files/wp-config.php.)

Some misinformed publications are claiming that it’s a WordPress vulnerability stemming from wp-config.php’s plain-text storage of  database passwords…something that every database-using script has to do in order to function. Any reversible encryption scheme is just as easily reversible by someone who can access you filesystem, and the one-way hashing used for users’ passwords doesn’t work in this sort of situation. The file should never be directly accessibly by anyone other than the creator on a properly-configured server.

A new post on the WordPress development blog is attempting to clear-up the misunderstanding.

WordPress 2.9 has Thumbnail Support. What Does This Mean for Existing Themes?

When WordPress 2.9 came out, one of the touted features was the “official” support for post thumbnails. Instead of storing URLs in custom fields, a new method with an easy UI was added. This is great for one major reason: now your thumbnails are less reliant on your theme. If you change your theme, you don’t have to worry about editing it to use the same custom field as your previous theme. Plugins, also, can now easily retrieve post thumbnails, as they don’t have to guess at your custom field.

Unfortunately, this new feature raises a new problem. What if you already have an existing, custom field-based, thumbnail solution? How can you easily (and optimally) move from one to the other?

I have another blog running a plugin called Wordbooker. It automatically syndicates links to my posts on Facebook. It can include the posts’ thumbnails when it does so, but it relies on WP 2.9’s way of doing things. Facebook “fans” won’t see the nice images by the links unless I were to migrate from custom fields to the new built-in thumbnail feature. How do I do that?

I could update my template to use PHP “if” statements to determine which method it should use for each post, and just use the new thumbnails for new post. That seems a little clunky though. Another, cleaner, option would be to have a look at the SQL columns and build a query to create the new thumbnails.

This seems like a great opportunity for a plugin developer. A single-use “importer” that reads an inputted custom field and iterates through all of your posts, creating the new thumbnail entries.

Use Google-Hosted jQuery in Your WordPress Theme

How many sites use popular JavaScript libraries like jQuery? A lot. That’s why Google hosts many of them on their speedy CDN, so browsers only have to download jQuery or Prototype once in a day, instead of once per site.

How can your WordPress-powered site benefit from this? Digging into WordPress has the answer:

if ( !is_admin() ){
   wp_register_script('jquery', ("http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"), false, '1.3.2');

This little snippet goes in your functions.php, where it deregisters WordPress’s internal copy of jQuery and references Google’s. Unfortunately, it’s not set up for the handy no-conflict mode that lets you use Prototype scripts on the same blog.

VaultPress: Comprehensive WordPress Backup

I’ve said this many times: back up your blog on a regular basis. Unfortunately, not many bloggers keep daily backups. It’s time-consuming, and it’s something that should really be automated. Unfortunately, it’s not very easy to roll your own automated backup system. You need a VPS, and the skills to setup a cron script that packages everything up (database included) and ships it off to a remote server, such as Amazon S3.

Automattic has the solution. Their new beta service, VaultPress, is a WordPress plugin that ensures all of your data is safe. It syncs your files to Automattic’s servers, as well as two other cloud services run by other companies.

Here’s where it gets interesting. Not only does VaultPress back up your data, it does it in real-time. If you upload an image or write a new post, it’s backed up within minutes. There’s no storage cap, and “[it’s] going to do more than just backup. The VaultPress engine will be able to push hotfixes to zero-day security vulnerabilities, for example.”

The service is currently in beta, meaning you don’t have to pay anything if you manage to snag an invitation. If their signup page is anything to go by, it will cost around $15/month. Not bad for a comprehensive off-site backup plan.

Backups are essential when you’re running a website, and while $15/month may seem a little steep, it won’t after you have the inevitable server meltdown. As Mullenweg says:

The only thing I’d add for that is that I don’t want to entrust my backups to a free service. I want to know there’s a business on the other end whose livelihood is making sure my backups are 100% secure as long as I can pay them, not just until their VC funding runs out or they figure out how to monetize the eyeballs of all their free users.

WordPress HTTP Request Class

Many WordPress plugin and theme developers eventually find the need to have their application make HTTP requests to a remote server. One example would be to make calls to the Twitter API, which involves making GET and POST requests and collecting the XML/JSON response.

There are many ways to make HTTP requests with PHP, such as cURL or fopen(), but the problem is that not everyone has the same server configuration. Some users may not have cURL installed, others may have fopen() or file_get_contents() disabled by their host. How do you find a solution that can accommodate everyone? You could write a set of functions that check to see which HTTP request components are available and then choose one to make the request. Or you could take the easy route and use the handy class built into WordPress.

The WP_Http class is an easy way to avoid the rigamarole and get back to the fun part of programming. It serves as a wrapper to separate the how from the equation, creating an abstract device to handle the requests.

$url = 'http://search.twitter.com/search.json?q=from%3Aredwall_hp&rpp=5';

$request = new WP_Http;
$result = $request->request($url);
$content = array();

if (isset($result->errors)) {
 // display error message of some sort
} else {
 $content = $result['body'];

After Ben Gillbanks’ post pointed this class out to me, I did some searching and found Ozh’s more in-depth post, which shows how to send POST requests and HTTP headers.