builder2

WP Help: A Simple Plugin for Documentations

I’m sure you’ve had a need for something like this. While building WordPress–powered sites and blogs for other people, you sometimes need to provide some documentation for them to use the site correctly. A “style guide” is the first thing that comes to mind—like how authors should format their headlines as well as structure their post content. The WP Help plugin by Mark Jaquith solves problems like this, as described:

Administrators can create detailed, hierarchical documentation for the site’s authors and editors, viewable in the WordPress admin.

Now if you’re building a custom WP site with lots of customizations and tweaks, the WP Help plugin will make things easier for you and your users.

Secure WordPress upgrades

I’m sure that like a lot of bloggers out there, you’re using WordPress to power your blogs. And because WordPress is now the de facto choice for self–hosted blogging apps, it is now a favorite target for various security attacks. It’s like every ill–willed hacker is busy trying to find vulnerabilities in it.

The recent news of a fake WordPress site distributing a backdoored and fake WP 2.6.4 version is a significant concern for all users of the application. However, it seems that someway, somehow, someone will find a way to maliciously exploit WordPress. Here are some tips to avoid exposing yourself to problems like this:

  • Upgrade the application as often as there are new versions. This includes even point releases that may seem unnecessary, updates are there for a reason.
  • Download only from wordpress.org. This becomes even more important if you can hardly understand code. Get your updates from legitimate sources only.
  • Only use trustworthy themes and plugins. Now this is not exactly easy, but knowing where to get them is half the battle. Always start your search from WordPress Extend and reliable third–party sources like WTC.
  • Update your plugins. And themes too. As everyone tries to make WordPress useful to others, some tend to release not–too–ready code. Some of these introduce vulnerabilities, but are typically updated prompty. Don’t forget to upgrade.
  • Deactivate unused plugins and delete them. Unused plugins do nothing, and they just increase the load WordPress puts on your server processes. The less plugins, the better. And make sure you delete them, even deactivated plugins can be executed without you knowing it!

Now those are just some tips to keep in mind. If you have other reminders for fellow WordPress users, share them by leaving a comment.

WordPress themes made for developers

Looking for WordPress themes that are best suited for your customized designs? Here’s a list of custom themes for us developers that should help us get our blog designs running almost instantly.

The best about these themes, especially Sandbox, is that there already are several themes and designs based off it and you can use these “mods” to as a base for your customizations.

Are there other themes and frameworks you could recommend?

First step in using WordPress 2.6

Every other sites has reported on the release of WordPress 2.6, just like I did in my other blog. However, there’s something we are all overlooking — what are we supposed to do once we install/upgrade to 2.6?

Well here’s my first step: go to Settings → Writing and under the Remote Publishing options, make sure you uncheck the two fields named Atom Publishing Protocol and XML-RPC (you can’t miss them, there’s only two of them) if you don’t use them at all. If you have no clue what they’re there for, chances are you don’t need or use them at all and you can safely keep them disabled. This step is a must to reduce any possible security holes in your site as they have been a favorite target for hackers since the early days of WordPress.

WordPress 2.5.1 + more fixes

Not too long after WordPress 2.5 was released, update 2.5.1 followed soon thereafter containing significant updates for the lots of new things in the 2.5 series. But even just after 2.5.1, some problems were exposed, notably the one that requires you manually resetting your passwords because the password recovery links wouldn’t work as designed. The patched files can be downloaded from the user who discovered the problem, and used on your site, replacing the 2.5.1 versions.

Additionally, there is also a fix to allow users to revert to the old image uploader if a browser is not flash enabled. This can be very helpful especially if you update your blog using different PCs with various configurations. The fix is now available as a plugin.

WordPress MU 1.3 is now out

WordPress MU logo.

The latest multi–user version of WordPress is now out. WordPress MU 1.3 contains several MU–specific changes, as listed by Donncha:

  • Better admin controls for the signup page. It can be disabled in various ways.
  • Upload space functions have been fixed.
  • The signup form is now hidden from search engines which will help avoid certain types of spamming.
  • Profile page now allows you to select your primary blog.
  • Database tables are now UTF-8 from the start.
  • If you’re using virtual hosts, the main blog doesn’t live at /blog/ any more.
  • The WordPress importer now assigns posts to other users on a blog.
  • A taxonomy sync script is included in mu-plugins but commented out. It hasn’t been tested much but if your site has many hundreds of blogs it might be worth spending some time on a test server. Replicate normal traffic patterns and see if the server can cope with the upgrade process. If not, then look at the sync script, uncomment it and iterate over all your blogs with a script.

WordPress MU is the base of the code is used on WordPress.com, and allows anyone to publish their own hosted blog service quite easily.

WordPress 2.3 coming September 24

WordPress logo. With the weekly update to the 2.3 beta, WordPress 2.3 will be available as a final release on the 24th of September. Several bugs were fixed in the period between Beta 1 and Beta 2, and more should surface and be fixed before the final release is made available for public download.

WordPress users will be pleased with additions and improvements in this version, namely:

  • Tagging
  • Improved Post and Draft Management using filters
  • Improved publishing workflow with a new post status of Pending Review
  • WordPress and plugins upgrades available notification

To help in the beta program, download the latest beta and report any bugs or problems you may find. For developers, note that there are some database changes for this version, and plugin compatibility should be checked. Here are more notes on WordPress 2.3.

Structure of a WordPress Plugin

Are you writing your first WordPress plugin? One way of the best ways to learn how is to read other plugins’ code; most of which you need to do has probably been written by someone else before. You can also use this code generator that produces a template for your WordPress plugin, which you can fill with your code and distribute to the community.

But why would you want to write a WordPress plugin? There are enough reasons to get you started, not to mention that it’s fun and quite easy to do with all the resources available.

WordPress Monkey

WordPress is really the “in thing” nowadays that even old school favorite webmonkey has a site building article using the popular blogging software. Theme installation and customization is pretty much covered along with a brief intro on WordPress plugins, nifty little extensions that could make or break (literally!) your site.

This new article almost coincides with the recent release of WordPress 2.0.3 which addresses several bugs and important security concerns. If you’re running the WP2 codebase on your site, be sure to get this maintenance release.