On certain server setups, WordPress is vulnerable to an email interception attack. Basically WP uses the
$_SERVER['SERVER_NAME'] variable for the "From" header in email notifications. On certain systems this can be exploited by an attacker to gain access to your site. This issue has been known about since WP 2.3, but nothing has been done about it. So I decided to write a plugin to fix it up.
With each passing day, strong security becomes more important. This article explains some ways to keep WordPress secure while improving the overall security of your WordPress-powered site. Most of the tips provided here are practice-based security steps that require no plugins or hacks. The idea here is that you don't need to make changes to any code, or modify WordPress in any way in order to maintain strong security. These are security steps that most any WordPress user can use to help protect their site and keep WordPress safe and secure.
After months of hard work, I am excited to announce the launch of my new video course on developing WordPress plugins. It covers the entire process of building, securing, and optimizing your own plugins, including 50+ ready-to-go demo files, examples, and plugins. The course is focused on developing plugins using the WP API and Standards. Covers basics and gets into advanced topics like HTTP API, REST API, and WP Cron. Truly packed with practical examples and techniques to help you create your own awesome plugins. Check it out at Lynda.com »
In my recent post, DIY WordPress Popular Posts, I share a simple, two-step technique for tracking and displaying popular posts on your WordPress-powered site. That post describes everything needed to fully implement DIY popular posts, but some folks wanted an easier (more convenient) way to display the list of popular posts on the front-end (instead of using template code).
Pleased to announce the Pro version of my WordPress security plugin, Blackhole for Bad Bots — now available from Plugin Planet. Blackhole Pro stops bad bots, spammers, scrapers, and other automated threats. Trap bad bots in a virtual Blackhole and save precious server resources for your legit visitors.
Going into the redesign, the goal was twofold: 1) visually keep things as focused and clean as possible, and 2) under the hood, unify everything and simplify down to an absolute minimum. As with any eight-year-old website with over 400 posts and integrated e-commerce system, there was an enormous amount of work required to get the job done.
Quick post to announce updates for all DigWP themes, free and exclusive. All of our themes are current with the latest version of WordPress, and include lots of new features, bug fixes, and enhancements. 100% ready for action :)
The free themes are all free and open-source for everyone, and the exclusive themes are included with purchase of Digging Into WordPress. If you own the book, you can log in and download the updated themes in the DigWP Members Area, at your convenience. Now let's check ’em out..
Launching my 20th WordPress plugin! Prismatic makes it easy to display beautiful syntax-highlighted code using either Prism.js or Highlight.js. Also includes a "plain flavor" option for escaping code without syntax highlighting. Prismatic is fast, flexible, and 100% free! :)
For years WordPress post navigation has been possible thanks to a flexible set of five functions, including
next_posts_link(). These navigational functions continue to work great in many WordPress themes, but there are newer, even more flexible functions available to theme developers. Introduced in WordPress 4, these new navigation functions can make it easier than ever to display nav links for your WordPress-powered posts.
I guess what I was trying to get at with my previous poll about too many plugins was the idea that a lot of WordPress sites that I see these days are just absolutely trashed in the Admin Area due to inconsiderate, poorly planned plugins and themes. For users, a few wrong turns when choosing plugins can leave the streamlined, easy-to-use Admin Area an absolute mess of annoying ads and discordant design. So this DigWP post is encouragement for plugin and theme developers to please STOP ruining the WordPress experience with aggressive marketing tactics, endless nagging, and other obtrusive nonsense.
Launch! Lynda.com just released my new course, WordPress: Developing Secure Sites, featuring over 30 video tutorials. The course is jam-packed with 10+ years worth of frontline WordPress experience, and is loaded with tips, tricks, and techniques for keeping your WordPress site safe and secure.
Digging Into WordPress is updated for WordPress version 4.6. The new version is a FREE download for everyone who owns the book. This is the the book's 19th update! Log in to the Members Area to download the latest version, or if you don't own the book you can get it here.