Tag archive: plugins

Update on my plugins

I’ve been very busy with my work at The Bureau, and my plugins have been a little neglected of late.

I knew the release of WordPress 5 — with Gutenberg — would necessitate a bit of updating. In the sense of letting people know that there’s no immediate plans to support Gutenberg. All sites I work on are using the Classic Editor plugin for now to avoid Gutenberg.

I’ve been prompted into action just now because Developer’s Custom Fields was completely removed from the wordpress.org repository, without letting me know first. An over-enthusiastic check for no-longer-maintained plugins falsely flagged this one, and it took a little negotiation to get it back. It’s back with a ‘disabled’ status — I can release fixes but it’s closed to new installations.

Anyway, here’s a summary of where each of my plugins are at now.

Read more »

WordPress plugin to help repair serialized arrays in custom fields

I just launched a project, and despite using a heavily tried-and-tested script for dealing with serialized data in migrating, we ended up with some custom field values that weren’t being output (in admin or on the front-end) because the serialized values had become corrupted. I think it must have been something strange to do with characters pasted in from Word, maybe in conjunction with the recent WP core upgrade to handling utf8mb4 data. I’m not sure.

In any case, I found a PHP script that repairs serialized data, and turned it into a plugin: Repair Meta.

Read more »

Hide recurring events in admin for The Events Calendar

I’m just getting going with Modern Tribe’s The Events Calendar plugin, and so far it’s very impressive.

As with any plugin, however good, it’s got its idiosyncracies and annoyances. I’ve just been looking into how to hide recurring instances of events in the admin list. It seems the plugin used to include admin list filter options, but they’ve recently been taken out of this plugin and shifted to their Advanced Post Manager plugin.

Now, I use Codepress’ Admin Columns, and I don’t have time for weighing these two up right now. Generally I’m very happy with what I’ve got. But I think loading both plugins at once might lead to messiness. Maybe I can just whip up a little bit of code for now to add this simple feature?

Read more »

Developer’s Custom Fields 2.0 – a rewrite

Together with Adrian Toll, I’m starting to plan a new, mostly rewritten version of the plugin Developer’s Custom Fields.

Despite the obvious power and sophistication of plugins such as Advanced Custom Fields, we both prefer the lighter, more developer-friendly style of our own plugin. And while the proposed metadata UI for core seemed promising for a while, it seems to have stalled for now, or at the very least slowed down considerably. So, we’ve decided to revamp to give this plugin a healthy lease of life until a rival solution does a better job for us.

Read more »

Letting go of Force Strong Passwords

For a while now, I’ve been using the Wordfence plugin to add extra security to my WordPress sites. Since this plugin includes (among other things) the ability to force users to choose strong passwords, I’ve stopped using my own plugin, Force Strong Passwords.

Because of this, I’ve decided to transfer it to someone else. Jason Cosper has kindly stepped up. Jason’s a senior engineer at WP Engine, who I gather use the plugin on their network. With this vested interest in the plugin, I trust it’s in good hands.

Force Strong Passwords multisite support

I no longer use my WordPress plugin Force Strong Passwords, since that functionality’s included in Wordfence. However, the plugin is quite popular, and one aspect of it that has suffered due to my lack of experience is multisite support.

On GitHub, Damien Piquet has submitted a simple fix in a pull request, which I’ve accepted. I’m not in a position to properly test this, so if anyone uses Force Strong Passwords on multisite installations, please grab the code with this commit and test away. Providing no issues arise, this will soon be released on wordpress.org.

Comments will be closed here – please give any feedback via GitHub.

Anyone know their way around the WordPress 3.5+ media upload API?

Version 1.0 of the Developer’s Custom Fields plugin is in development. I’d hoped that the core Metadata UI API would have made progress enough for me to revamp DCF in light of the new core functionality, but that’s not looking likely. DCF 1.0 won’t be a major update, but I’m hoping to get some significant things sorted out.

The most important, I think, is getting the file field type working with the new (well, introduced in WordPress 3.5) media upload API. It’s pretty much there, but I’m looking for some help with it. Does anyone know the media upload API well?

Read more »

Wordfence’s false positive issue with Developer’s Custom Fields

I use the Wordfence plugin on my WordPress sites for extra security. Generally it’s great, but it can be a bit over-sensitive (granted, it’s best to err in this direction with security!).

Just now I did a scan on a site and it came up with a “critical” “suspected malware URL” issue with a file from my Developer’s Custom Fields plugin. Now, whenever I use a bit of code from somewhere on the web, I always include a link in a comment, both in order to credit the person it’s from, and for future reference. I grabbed a bit of code for this plugin, to read URL parameters in JavaScript, from papermashup.com. It seems that Google has recently flagged this domain as being susipicious, citing unpromted malware downloads while also saying “this site has not hosted malicious software over the past 90 days”.

Anyway, however dangerous (or not) this site is, the URL in the JS file is utterly harmless – it’s in a comment. Furthermore, the URL is only in the dev version of the script. Only the minified version – stripped of comments – actually gets used on live sites.

I’ve removed this URL from the latest version of the plugin on GitHub, but it might be a little while before it gets rolled out on wordpress.org. Until then, please ignore this issue if Wordfence flags it up for you.

Force Strong Passwords for WordPress 3.7

The upcoming 3.7 release of WordPress is getting a new password strength meter, using the zxcvbn library from Dropbox.

It’s a great improvement. However, my Force Strong Passwords plugin is based on replicating the JavaScript password strength check in PHP. And zxcvbn.js is 683 KB (minified). I’m simply not going to be able to convert this to PHP, and I can’t see anyone else taking the challenge on.

So what I’m doing is adding some JavaScript for 3.7+ which simply passes the results of the client-side strength meter through to the server for the enforcement check. This should be fine. Of course, a tech-savvy user could manually bypass the check. But without a PHP port of zxcvbn, I think this’ll have to do.

The new version isn’t up on the wordpress.org repository yet, but you can download it from GitHub. If anyone’s using the beta of 3.7, do please give it a whirl and let me know if there’s any issues. Any other feedback regarding this development is also most welcome.

Developer’s Custom Fields 0.8.4

Developer’s Custom Fields 0.8.4 is now available. There’s a couple of new features:

  • The abbreviate_option_labels parameter, which is true by default. This is partly a stop-gap measure for this issue, which involves posts with duplicate titles getting missed out of options populated with options_query. Being able to switch off the abbreviation of titles for the options reduces the chance of this happening.
  • The sortable parameter is now availabel for multiple checkbox fields. This makes use of jQuery UI Sortable to make the checkboxes drag-and-droppable. An extra hidden field is automatically created to store the order. When a sortable field’s values are returned using any of this plugin’s functions, they are returned in the right order. The ordering can be obtained independently with the slt_cf_field_values_order() function.

Complete archive

Main index