This latest product is a continuation on my streak of other plugin releases that also deal with the topic of user session security.
The idea here is pretty simple.
If you have registrations open on your WordPress site, chances are there is a decently-sized group of users that have simply gone MIA. They have accounts, and they might come back later, but you’re just not sure when that will be.
The fact of the matter is, the more active login accounts you have on your site, the more potential opportunities there are for break-ins. And once a hacker is authenticated inside WordPress with the right kind of capabilities, the more opportunities there are to do some real damage.
Three years ago, in July 2011, I started a theme shop. It was an era where many people in smaller niches were yet to be discovered by developers as a force to be reckoned with. The “The Long Tail” principal hadn’t yet sunk in, at least not enough for churches to have viable WordPress theme options available to them.
Churches were being grossly under-served in every WordPress theme marketplace. The most common option for them was to customize their favorite “photography” or “design agency” theme, somehow seeing past page after page of irrelevant stock imagery and the thousands of “shortcodes” they wouldn’t be using. Sprinkle in a few plugins, and say a prayer – maybe, just maybe, this would work.
We all know you can use wp_get_attachment_url() to return an attachment’s URL by passing in the ID, but what about the reverse scenario?
There are a lot of long-winded examples of how to get an attachment ID by URL floating around the interwebs. Most of them limit results to only returning images or use expensive DB queries. Really, there should be a function for this in core, but there isn’t.
Needless to say, I wasn’t really happy with any of the solutions I found people using, so I decided to take a stab at it.
Below is the most lightweight method I’ve come up with (so far) to get an attachment ID by passing through an attachment URL.
Just as an example, this would echo the attachment ID integer of test-image.jpg onto the page:
Sometimes it’s best – especially when you’re using WordPress as a CMS – to remove those unwanted admin menus that create clutter for clients. They are never going to use them so why confuse their admin experience? For example: if the client isn’t going to blog, why include Posts or Comments in the menu at all?
Just insert this code into the functions.php file of your WordPress theme and *bam!* no more clutter. Please note that we are not going to restrict the Administrator user experience, this will just affect logged in users who can’t manage options.
(Make sure to edit the $restricted array with the items you want to hide, this is just an example so you can see what’s possible) Enjoy!
I had neglected to prefix the post type names in some of my themes, and as it turns out, so did another popular WordPress plugin. Long story short: this plugin became unusable when running my themes, and this did not make my users very happy.
It became clear that I needed to bust out some ninja moves to overcome this dilema.
The code below is the solution I drafted – maybe it will help you too. It’s a function that runs when the theme is in use, and rewrites the post type names in the database with any prefix you choose.
After the theme is activated the specified post types will be renamed to: fjarrett_acme, fjarrett_foo and fjarrett_bar.
Sadly, there is not yet a hook that will fire only when themes are activated/updated. The after_setup_theme action is a little misleading in that it fires when WordPress sets up the current theme, not when an admin activates and/or updates the current theme.
So, it’s basically firing with every load of WordPress when the theme is active. Someone first made a patch for this 3 years ago and it looks like it’s finally being revisited.
For that reason, this is by no means the most resource-friendly solution, but we are killing the script if the prefixed post type already exists – which requires an additional query – but this is crucial for two reasons:
So we’re not attempting to update the database with every page load – after the original post types are given prefixes the database update will never run again.
So other plugins/themes (like the one I was in conflict with) can be installed later, creating their blasphemous post type names, and we won’t attempt to rewrite them.
Hopefully this is helpful to you and your project in some way. If so, please tell me about it the comments!
Did you know that your WordPress version number is visible to everyone?
As Matt Mullenweg rightly pointed out several years ago, simply hiding your WordPress version number is not enough by itself to stay protected from potential threats (you should always be keeping your WordPress installation up-to-date).
But perhaps you have a client who has specifically requested its removal or maybe you just like keeping things on the safe side, either way there are a lot of tutorials out there on how to remove it from various areas but none that I’ve found showing how to remove it from every area at the same time.
The WordPress version number appears in three areas:
If a script or style does not specify a version number when enqueued, the current version of WordPress is used.
One Block of Code to Rule Them All
Just enter this into your functions.php file and your WordPress version will be safely hidden from the public.
However, there is one small caveat to be aware of when using this method: This function will check to see if the ver query string matches the WordPress version number, so if the version of the enqueued script happens to be the exact same as the WordPress version then its version string will be removed as well.
This will occur rarely (if ever), especially when the current WordPress version is a point release, such as 3.3.2.
Last night was a very memorable night for me as my friends at X-Team unveiled my inner superhero, dubbing me as The Solution!
When Frankie Jarrett isn’t living his passion for working in WordPress or making music, he’s the problem solving hero known as, The Solution!
He was born with the amazing cerebral super power to solve any problem. Frankie can always figure out a way to communicate clearly with anyone. He is often there to listen and offer support to others, no matter how difficult their situation. Often Frankie only needs to say, “I’ll have to think about this problem a little”, and soon he has an exciting solution!
No situation is too big or too small and there is no danger too great for him to face. Whether you are having a tough time remembering trigonometry for your math test, or you are stranded on the roof of a burning building, The Solution can always figure out the best way to rescue someone.
Our hero also has the natural ability to inspire others, whether leading musical worship in his church or jamming with friends, Frankie uses his voice and musical talents to uplift and inspire those around him.
When not saving the innocent, Frankie spends his time watching the History channel with his wife, whom he absolutely adores.
Being HEROized is a true honor, and I am grateful to Dave and the rest of the team for recognizing me in this way.
So you’re a pixel-perfect designer who wants to keep control over your WordPress loop styles? Hell yeah! You’re already pretty cool in my book.
You’ve probably got a fancy post separator, or a brilliant doodle to fit between your last post and the comments. Whatever the reason, you don’t have CSS class selectors for targeting the first or last posts in your archive – and you really need them.
First, insert this function into your functions.php file.
Now, open up loop.php and replace post_class() with the newly created fjarrett_post_class().
This new function accepts the same parameters as the original function, so you can use it the exact same way. The only difference will be that the first and last posts will be marked automatically with an appropriate class name. Enjoy total control. 🙂
If this helped you in any way I’d love to hear about it in the comments!