Force Strong Passwords plugin

I’ve just released a new little plugin: Force Strong Passwords.

The code has been part of my custom themes for a while, and I realized it should be a plugin as I’ve been preparing my talk for this weekend’s WordCamp (eek!). Anyway, the basic idea is that it enforces the password strength indicated by the little meter on the WordPress user edit screen. It only forces strong passwords for users who can do stuff, i.e. change the live site in some way.

There’s all sorts of scope for options, etc., but this has been serving me well for a while. All in good time. For now, it’s an easy way to combat one of the largest vulnerabilities in client sites: people who use weak passwords.

Leaving MediaTemple

I’m finally moving my hosting away from MediaTemple.

They been a pretty good host in all, with a bunch of niggles of course. I think hosting is probably like FTP clients—you’re lucky if you find something half-decent, and you’ll never be satisfied.

The main reason for my dissatisfaction has been the slow server response times, which may be to do with the much-criticized Grid Service I’ve been on, but is probably also a lot to do with them being on the other side of the world. I’d been hankering to make the move closer to home (London) for a while. The straw that broke the camel’s back recently is a bit of blatantly terrible service that’s worth shouting about.

Read more »

Lock Pages 2.0

I’ve just released a new version of my Lock Pages plugin for WordPress. I think it’s long overdue, and the plugin feels much more satisfactory to me now. Of course, any major revision brings the potential for new bugs, so do let me know about any glitches!

Improvements include:

  • Updated check for page edit screen for WP 3
  • Improved removal of Quick Edit functionality
  • Removed edit permalink elements, slug meta box, parent drop-down, status and password fields for locked pages
  • Added locking for page status and password protection
  • Created POT file for translations
  • Added Spanish translations (thanks to Javier G√≥mez Pose!)

You can install / upgrade via the WP plugins admin screen, or head over to the plugin repository.

A new breed of spam

In the past few weeks, this site has seen a drastic increase of comment spam.

Well, there’s always a lot of spam, most of which gets filtered well by Akismet. However, this recent round is insidious. In fact, it successfully blurs the line between spam and legitimate comments.

Read more »

File Select plugin

My Custom Fields WordPress plugin recently added the ability to select files from the Media Library into custom fields. To provide this functionality, I created a separate plugin, which can also be used in other contexts, e.g. a theme settings page.

File Select is available download. Let me know how it works for you!

Disabling WordPress plugin deactivation and theme changing

Someone asked in a comment here recently whether a WordPress plugin I’d posted could be adapted to work as theme code. The reasoning was that a client might deactivate a plugin, breaking some of the site’s functionality.

Careless clients clicking around in the admin interface can be a concern for a responsible developer. Of course, the primary way of limiting this kind of risk is to assign clients to appropriate roles. If the pre-defined roles don’t quite fit, Justin Tadlock’s excellent Members plugin can help you get it right.

But say you have a client to whom you want to give plugin activation / deactivation capabilities (so they can add new plugins themselves), but the site you’ve built includes certain plugins that really shouldn’t be deactivated. What then?

Read more »

Intercept WordPress 404s

So, I’ve got a WordPress site with a bunch of custom post types. On the archive pages for those posts, I have a taxonomy drop-down for a custom taxonomy called “theme” (I know, a slightly confusing label to use in WordPress, but that’s what it has to be). The idea is that you select the theme and the archive listing is filtered accordingly.

Now, for creating the drop-down I use get_terms. This has a hide_empty argument, which will omit terms that aren’t being used. The problem is, my “theme” taxonomy applies to all custom post types. So if a term is applied to any post anywhere, it is included, even if it’s not used at all for the post type being viewed, it appears in the drop-down. When you select it, you get a 404, because the request returns no posts.

How can I stay on the archive template and return a polite “There are no posts here for this theme”?

Read more »

SLT Custom Fields 0.4 (beta)

There’s a new version of my custom fields WordPress plugin. Development got slowed to a halt and I’ve not included everything I wanted to in this release, but I’ve put it out because it contains a fix for a bug someone kindly found.

There’s a bunch of new features, which need thorough testing to iron out any further bugs. Check out the changelog in the readme.txt for more details.

Thanks to everyone using the plugin and reporting bugs. I’m aiming to get the plugin into good shape for the WP repository soon. It’ll probably stay in beta for a bit after that, but at least we’ll be able to auto-update :)

Blog archive