The WordPress edit_plugins capability

I’ve been finding more and more WordPress plugins that, when they check if the current user should be allowed to view / edit the plugin’s settings page, check whether the user has the edit_plugins capability. I think this is a bad practice; let me explain why.

Read more »

WordPress core 101

Last night’s London WordPress meetup was good. Hosted by a company called Headshift, we got a quick-fire run through beginner, intermediate and advanced-level topics. Emily Weber gave an overview of how, as a non-techie, she got the social networking site yeah! Hackney going using BuddyPress. Keith Devon heroically compressed WordPress theme development into 20 minutes. And Chris Adams gave an equally succinct tour of the WP core. This is an important topic for budding WP developers, I think. Do check out Chris’ slideshow for some good pointers about where to look to start to understand the important aspects of the process that the core goes through when processing a request:

And come along to the next meeting!

Add wmode parameter to WordPress oEmbeds

OK, so we know how to solve the Flash and z-index problem, right? But how to make WordPress add the solution—the wmode parameter—to its auto-embedded videos?

This should help:

add_filter( ‘oembed_result’, ‘slt_wmode_opaque’, 10, 3 );
function slt_wmode_opaque( $html, $url, $args ) {
if ( strpos( $html, ‘|’, ‘‘, $html, 1 );
if ( strpos( $html, ‘

Get post ID from custom post type URLs as well

url_to_postid is a great core WordPress function. Give it a URL (from your own site!) and it’ll return the ID of the post or page it refers to. I’m using it so clients can paste a URL into a custom field (easy for them), then I can get other stuff related to the content using the ID (easy for me).

But it doesn’t seem to handle custom post type URLs. So I wrote a little workaround…

Read more »

Force display of description field in WordPress menus

A very small but very good discovery I made at this year’s WordCamp Portsmouth was thanks to Robert O’Rourke. I never knew that if you folded down the Screen Options at the top of the Appearance > Menus admin screen in WordPress, you get a few extra fields for menu items. They’re hidden by default.

The big one for me is “Description”. I’ve often used a menu for managing the items (i.e. posts and pages) that are featured in a carousel on the home page of a site. I wrote my own code to populate the menu query with information from the posts the menu items refer to—specifically, a description or extract to use as teaser text. Well, this little discovery that I can allow clients to set (or override) the teaser text right there while they’re managing the carousel “menu” is small; but I think little things like this really help clients when they’re busy managing their site.

But if you have to explain to them to open Screen Options and check a box to do something that might be important, it’s two steps forward and one step back. A bit better, but not ideal.

What if you could force “Description” to be checked?

Read more »

WordCamp Portsmouth UK 2011

Just back from this year’s WordCamp in Portsmouth. Had a great time—met some interesting people, learned loads of new stuff, and verily soaked up the ongoing good vibes in the WordPress community.

I did my first WordCamp talk, ‘Beyond the 5-minute Install’, which was aimed at beginners who wanted to know the non-standard but nigh essential things to do when installing WordPress to make things secure and hunky dory. There were also tips to make things easier for developers. It went down pretty well—thanks to everyone who bothered to say hi and give me feedback! I’ve posted the slides here on SlideShare. There’s not much text there, and I don’t think the talk was recorded. I might get round to writing an accompanying tutorial, but don’t hold your breath! Hopefully it’ll be of some use for people who weren’t there, as well as a good reminder for those who were. To grab the code snippets, copy from the SlideShare transcription, but beware of the syntax and any funny characters—grab the code from there, but check against the slides. Let me know if you’ve any problems with the code.

There were a bunch of great talks, though the really good stuff was in the panel discussions, the “site doctor” session, and down the pub. Rather than do a run-through of the actual talks, I’m just going to rattle through the highlights of what I learned:

  • Responsive web design. I really need to get my shit together and learn this stuff properly! I suspect how soon this happens will be dictated by how soon I work on a project that has a significant mobile audience. Let’s see.
  • SEO is dead. Well, of course it’s not dead. We still need to do the basics. But those basics, which have served people who know them so well so far, are pretty much common knowledge now. The edge is in generating organic conversations about your stuff. My guess is this makes it harder for this stuff to be “forced”—but those giving it a go will be more and more insidious.
  • LinkedIn. Apparently this is a hot place for business networking. I’ve always just had a profile there because I may as well. If I was looking for business contacts, given what people in the know were saying, I would definitely be working my profile more.
  • is big news. Google, Microsoft and Yahoo! have put differences aside for this specification for structured data for search engines. Bearing in mind some caveats, this is really interesting.
  • WordPress menus have a description field! Who knew? Robert O’Rourke did. All you have to do is fold out the Screen Options when you’re on the menus page, and switch on the description. Great!

I guess the large amount of non-WordPress-specific stuff in the above list reflects my growing knowledge of all things WordPress. But I also think it’s to do with WordPress’s growing maturity. There’s always things to discover about it; but the platform is settling down a bit, with much core “full CMS” functionality now in place, and people are thinking more about what they are doing with the platform, rather than the platform itself.

But hey, there’s always space at a WordCamp to find out about some juicy plugins you’ve not heard of before! Here’s my discoveries:

  • Jigoshop: “A WordPress eCommerce plugin that works.” Not tried it, but it looks interesting.
  • EG Attachments: I’ve got a bit of code that does this—lists files attached to a post. But this looks good, I might use it.
  • Front End Editor: Wow. Crikey. This is interesting. It’s a front end editor. Lets you edit, WYSIWYG style, on the front end. I’d be wary of something like this, but it’s written by some guys who know their WordPress stuff. One to watch.
  • Very Simple Post Images: Only on github for now, this was being developed at WordCamp, and is a very promising improvement to the WordPress images / gallery management interface.
  • WP Document Revisions: Also still in development, also very promising.

Many thanks to all the organisers for pulling of another brilliant weekend, and thanks to Richard Boakes for getting it all sorted in Portsmouth. See you next year!

Coming up, there’s more WordPress London Meetups a one day WordPress & business event in Brighton on 23rd September. Hopefully see you there, too.

Force Strong Passwords plugin

I’ve just released a new little plugin: Force Strong Passwords.

The code has been part of my custom themes for a while, and I realized it should be a plugin as I’ve been preparing my talk for this weekend’s WordCamp (eek!). Anyway, the basic idea is that it enforces the password strength indicated by the little meter on the WordPress user edit screen. It only forces strong passwords for users who can do stuff, i.e. change the live site in some way.

There’s all sorts of scope for options, etc., but this has been serving me well for a while. All in good time. For now, it’s an easy way to combat one of the largest vulnerabilities in client sites: people who use weak passwords.

Leaving MediaTemple

I’m finally moving my hosting away from MediaTemple.

They been a pretty good host in all, with a bunch of niggles of course. I think hosting is probably like FTP clients—you’re lucky if you find something half-decent, and you’ll never be satisfied.

The main reason for my dissatisfaction has been the slow server response times, which may be to do with the much-criticized Grid Service I’ve been on, but is probably also a lot to do with them being on the other side of the world. I’d been hankering to make the move closer to home (London) for a while. The straw that broke the camel’s back recently is a bit of blatantly terrible service that’s worth shouting about.

Read more »

Blog archive