I think many WordPress users probably underestimate the amount of data that is made available via the REST API. Just about everything is available to anyone or anything that asks for it: posts, pages, categories, tags, comments, taxonomies, media, users, settings, and more. For most of these types of data, public access is useful. For example, if you have a JSON-powered news reader, it can basically replicate your entire site structure virtually anywhere. But that easy access invites potential abuse. Just like with RSS feeds, RESTfully delivered JSON content is easily scraped and used for spam, phishing, plagiarism, adsense, and other foul things.
It's happening: WordPress is being forked. Meet ClassicPress. The original, Gutenberg-free WordPress publishing platform.
It's been a BUSY year! So far most of my work is focusing on WordPress plugins. Recently announced Disable Gutenberg and Gutenberg Custom Fields plugins. And now I am pleased to announce 5 more plugins designed to improve your WordPress workflow: Disable Responsive Images, Disable WP REST API, Enable Database Tools, WP Cron HTTP Auth, and the BEST for last: Contact Form X. Please check ‘em out, and THANKS for your generous attention.
Gutenberg soon will be added to the WordPress core. This is great news for some, not so great for others. With 99.9999% (estimate) of all WordPress sites currently setup to work without Gutenberg, the massive changes barreling down the pike are going to affect literally millions of websites. And as swell as the whole "Gutenberg" experience may seem, the simple truth is that a vast majority of site owners will not be prepared when it finally hits. Nor will many small business have time or budget to test and update client sites to accommodate ol’ Gut’.
Gutenberg is coming soon to your WordPress, whether you like it or not. Debate and drama aside, it's time that we start looking for practical ways to adapt current WordPress sites to the many imminent changes brought to us by G7G. One of these changes involves Custom Fields. Currently, and hopefully this will change in a future update, Custom Fields are not displayed on Gutenberg-enabled screens. Which is kind of a bummer, considering the millions of websites, plugins, and themes that make good use of them.
I've been working on updating my collection of WordPress plugins for the imminent Gutenberg update. So far it has not required much time to learn, and the API is straightforward. It will however take significantly longer to integrate Gutenberg support into 20+ plugins. To help keep things organized, I will be posting tips and snippets here at DigWP.com. Blocks are the foundation of all things Gutenberg, so this first post is all about block recipes. Some of these code snippets are far less useful than others, hopefully they will be useful to others.
Announcing my latest WordPress security plugin, Banhammer! It makes monitoring site traffic and banning unwanted guests waay too much fun. Navigate logged requests via slick Ajax UI, and enable sound effects for banning and warning bad users and bots. Check out the video on YouTube and download Banhammer from the WP Plugin Directory.
Update! Banhammer Pro now available :)
There has been lots of discussion about the new WordPress "Gutenberg" project. Some people love it, some hate it, and most WP users probably have no idea about it. And that's too bad, because it means many changes will be required for thousands of WordPress plugins and themes. We're talking about MANY collective work hours to make it happen, even in a best-case rollout scenario.
On certain server setups, WordPress is vulnerable to an email interception attack. Basically WP uses the
$_SERVER['SERVER_NAME'] variable for the "From" header in email notifications. On certain systems this can be exploited by an attacker to gain access to your site. This issue has been known about since WP 2.3, but nothing has been done about it. So I decided to write a plugin to fix it up.
With each passing day, strong security becomes more important. This article explains some ways to keep WordPress secure while improving the overall security of your WordPress-powered site. Most of the tips provided here are practice-based security steps that require no plugins or hacks. The idea here is that you don't need to make changes to any code, or modify WordPress in any way in order to maintain strong security. These are security steps that most any WordPress user can use to help protect their site and keep WordPress safe and secure.
After months of hard work, I am excited to announce the launch of my new video course on developing WordPress plugins. It covers the entire process of building, securing, and optimizing your own plugins, including 50+ ready-to-go demo files, examples, and plugins. The course is focused on developing plugins using the WP API and Standards. Covers basics and gets into advanced topics like HTTP API, REST API, and WP Cron. Truly packed with practical examples and techniques to help you create your own awesome plugins. Check it out at Lynda.com »
In my recent post, DIY WordPress Popular Posts, I share a simple, two-step technique for tracking and displaying popular posts on your WordPress-powered site. That post describes everything needed to fully implement DIY popular posts, but some folks wanted an easier (more convenient) way to display the list of popular posts on the front-end (instead of using template code).
Pleased to announce the Pro version of my WordPress security plugin, Blackhole for Bad Bots — now available from Plugin Planet. Blackhole Pro stops bad bots, spammers, scrapers, and other automated threats. Trap bad bots in a virtual Blackhole and save precious server resources for your legit visitors.