Tag archive: WordPress

Force Strong Passwords multisite support

I no longer use my WordPress plugin Force Strong Passwords, since that functionality’s included in Wordfence. However, the plugin is quite popular, and one aspect of it that has suffered due to my lack of experience is multisite support.

On GitHub, Damien Piquet has submitted a simple fix in a pull request, which I’ve accepted. I’m not in a position to properly test this, so if anyone uses Force Strong Passwords on multisite installations, please grab the code with this commit and test away. Providing no issues arise, this will soon be released on wordpress.org.

Comments will be closed here – please give any feedback via GitHub.

Setting the image crop position in WordPress

Here’s a nice addition to WordPress, which I missed in last year’s 3.9 release. Now, when you define an image size with add_image_size, instead of just saying ‘soft crop’ (keep proportions) or ‘hard crop’ (fit to area), you can now also pass an array to define where you want a hard crop to attack the image from. For example:

add_image_size( 'custom-size', 220, 220, array( 'left', 'top' ) );

The first element in the ‘crop array’ can be ‘left’, ‘center’, or ‘right’; the other can be ‘top’, ‘center’, or ‘bottom’. Nice!

As an image size bonus, here’s what I came up with recently when I wanted all WordPress image sizes to be controlled via custom theme code (not just the custom sizes).

Anyone know their way around the WordPress 3.5+ media upload API?

Version 1.0 of the Developer’s Custom Fields plugin is in development. I’d hoped that the core Metadata UI API would have made progress enough for me to revamp DCF in light of the new core functionality, but that’s not looking likely. DCF 1.0 won’t be a major update, but I’m hoping to get some significant things sorted out.

The most important, I think, is getting the file field type working with the new (well, introduced in WordPress 3.5) media upload API. It’s pretty much there, but I’m looking for some help with it. Does anyone know the media upload API well?

Read more »

Multiply WordPress posts in testing

Very often while building a WordPress site, I need to see how a layout works with a load of posts. Maybe 4, maybe 40. In any case, it’s tedious creating dummy content.

There’s a number of dummy content dumps out there to use, but often we’re working with custom post types and we need particular custom fields working right.

This bit of code will allow you to add a particular argument to the query (WP_Query, get_posts, etc.) to artificially multiply or repeat the posts returned.

Read more »

Wordfence’s false positive issue with Developer’s Custom Fields

I use the Wordfence plugin on my WordPress sites for extra security. Generally it’s great, but it can be a bit over-sensitive (granted, it’s best to err in this direction with security!).

Just now I did a scan on a site and it came up with a “critical” “suspected malware URL” issue with a file from my Developer’s Custom Fields plugin. Now, whenever I use a bit of code from somewhere on the web, I always include a link in a comment, both in order to credit the person it’s from, and for future reference. I grabbed a bit of code for this plugin, to read URL parameters in JavaScript, from papermashup.com. It seems that Google has recently flagged this domain as being susipicious, citing unpromted malware downloads while also saying “this site has not hosted malicious software over the past 90 days”.

Anyway, however dangerous (or not) this site is, the URL in the JS file is utterly harmless – it’s in a comment. Furthermore, the URL is only in the dev version of the script. Only the minified version – stripped of comments – actually gets used on live sites.

I’ve removed this URL from the latest version of the plugin on GitHub, but it might be a little while before it gets rolled out on wordpress.org. Until then, please ignore this issue if Wordfence flags it up for you.

Force Strong Passwords for WordPress 3.7

The upcoming 3.7 release of WordPress is getting a new password strength meter, using the zxcvbn library from Dropbox.

It’s a great improvement. However, my Force Strong Passwords plugin is based on replicating the JavaScript password strength check in PHP. And zxcvbn.js is 683 KB (minified). I’m simply not going to be able to convert this to PHP, and I can’t see anyone else taking the challenge on.

So what I’m doing is adding some JavaScript for 3.7+ which simply passes the results of the client-side strength meter through to the server for the enforcement check. This should be fine. Of course, a tech-savvy user could manually bypass the check. But without a PHP port of zxcvbn, I think this’ll have to do.

The new version isn’t up on the wordpress.org repository yet, but you can download it from GitHub. If anyone’s using the beta of 3.7, do please give it a whirl and let me know if there’s any issues. Any other feedback regarding this development is also most welcome.

Developer’s Custom Fields 0.8.4

Developer’s Custom Fields 0.8.4 is now available. There’s a couple of new features:

  • The abbreviate_option_labels parameter, which is true by default. This is partly a stop-gap measure for this issue, which involves posts with duplicate titles getting missed out of options populated with options_query. Being able to switch off the abbreviation of titles for the options reduces the chance of this happening.
  • The sortable parameter is now availabel for multiple checkbox fields. This makes use of jQuery UI Sortable to make the checkboxes drag-and-droppable. An extra hidden field is automatically created to store the order. When a sortable field’s values are returned using any of this plugin’s functions, they are returned in the right order. The ordering can be obtained independently with the slt_cf_field_values_order() function.

Complete archive

Main index