Multiply WordPress posts in testing

Very often while building a WordPress site, I need to see how a layout works with a load of posts. Maybe 4, maybe 40. In any case, it’s tedious creating dummy content.

There’s a number of dummy content dumps out there to use, but often we’re working with custom post types and we need particular custom fields working right.

This bit of code will allow you to add a particular argument to the query (WP_Query, get_posts, etc.) to artificially multiply or repeat the posts returned.

Read more »

Google Analytics Measurement Protocol plugin for WordPress

Recently I had a request from a client to trigger some Google Analytics events for things that were happening on the server. This sort of thing can be tracked indirectly through client-side JavaScript analytics code, with, for example, “success” pages where a user is redirected after the server-side event. However, it seemed to make more sense to look into proper server-side analytics for WordPress sites.

Read more »

Always test for existence of plugin functions

Like every developer, I’ve got a particular configuration for most sites I deploy. My WordPress sites are mostly all based on my Pilau parent/child themes, and I’ve a set of “usual suspect” plugins I include in most projects. Some plugins—in particular Developer’s Custom Fields—are pretty much indispensable to my work. So much so, that for a while I assumed, in my custom theme code, that the plugin would be installed.

More recently I’ve forced myself to follow best practices better. So, even if I know a certain plugin will be installed and active, because I manage the site, I still surround a call to a function from that plugin with a function_exists() test. I just found out why that’s a good idea.

Read more »

Wordfence’s false positive issue with Developer’s Custom Fields

I use the Wordfence plugin on my WordPress sites for extra security. Generally it’s great, but it can be a bit over-sensitive (granted, it’s best to err in this direction with security!).

Just now I did a scan on a site and it came up with a “critical” “suspected malware URL” issue with a file from my Developer’s Custom Fields plugin. Now, whenever I use a bit of code from somewhere on the web, I always include a link in a comment, both in order to credit the person it’s from, and for future reference. I grabbed a bit of code for this plugin, to read URL parameters in JavaScript, from It seems that Google has recently flagged this domain as being susipicious, citing unpromted malware downloads while also saying “this site has not hosted malicious software over the past 90 days”.

Anyway, however dangerous (or not) this site is, the URL in the JS file is utterly harmless – it’s in a comment. Furthermore, the URL is only in the dev version of the script. Only the minified version – stripped of comments – actually gets used on live sites.

I’ve removed this URL from the latest version of the plugin on GitHub, but it might be a little while before it gets rolled out on Until then, please ignore this issue if Wordfence flags it up for you.

Force Strong Passwords for WordPress 3.7

The upcoming 3.7 release of WordPress is getting a new password strength meter, using the zxcvbn library from Dropbox.

It’s a great improvement. However, my Force Strong Passwords plugin is based on replicating the JavaScript password strength check in PHP. And zxcvbn.js is 683 KB (minified). I’m simply not going to be able to convert this to PHP, and I can’t see anyone else taking the challenge on.

So what I’m doing is adding some JavaScript for 3.7+ which simply passes the results of the client-side strength meter through to the server for the enforcement check. This should be fine. Of course, a tech-savvy user could manually bypass the check. But without a PHP port of zxcvbn, I think this’ll have to do.

The new version isn’t up on the repository yet, but you can download it from GitHub. If anyone’s using the beta of 3.7, do please give it a whirl and let me know if there’s any issues. Any other feedback regarding this development is also most welcome.

Developer’s Custom Fields 0.8.4

Developer’s Custom Fields 0.8.4 is now available. There’s a couple of new features:

  • The abbreviate_option_labels parameter, which is true by default. This is partly a stop-gap measure for this issue, which involves posts with duplicate titles getting missed out of options populated with options_query. Being able to switch off the abbreviation of titles for the options reduces the chance of this happening.
  • The sortable parameter is now availabel for multiple checkbox fields. This makes use of jQuery UI Sortable to make the checkboxes drag-and-droppable. An extra hidden field is automatically created to store the order. When a sortable field’s values are returned using any of this plugin’s functions, they are returned in the right order. The ordering can be obtained independently with the slt_cf_field_values_order() function.

Responsive design 101

Recently I built my first responsive website. The project had a really tight deadline, so I didn’t have much time to experiment. I did some research and I think I hit upon some crucial tips that saved me a lot of hassle. I thought I’d document what I’ve learned from this first foray into adapting for mobile devices, and perhaps save someone else some time.

Read more »

Blog archive