Tag Archives: WordPress

WordPress Post Thumbnails: Migrating from Custom Fields to the Featured Image API

I had post thumbnails on this blog a long time before the feature became a part of the WordPress core. Some of you out there may have, too. The technique that was generally used before the friendly “Featured Image” box, and its associated theme API, was added to WordPress, we generally just pasting image URLs into custom fields and outputted them into an image tag in the theme. Basically, like I recommended in this old post from 2008.

When WordPress 2.9 was released, bringing with it an “official” way to handle thumbnails, I was a little bit annoyed. I had tons of posts where I had existing thumbnails that would have to be somehow updated, or else I would have to come up with some clever way to be backwards-compatible. So I just put it out of my mind and left things the way they were…until this year.

Redesigning gave me an excuse to modernize a lot of the stuff going on behind-the-scenes, and one of the things I improved was the handling of post thumbnails. The solution was easy: write a function to handle two methods of applying a thumbnail, and check both places for a thumbnail. The code looks something like this:

Continue reading →

Launch: A Free WordPress Tumblog Theme

Looking for a stylish microblogging theme for WordPress, so you can mix in some Tumblr-style posts with your longer writings? Themezilla’s “Launch” theme is a fresh choice. It supports the post formats API, and even includes the PSD source files if you want to customize it beyond what the theme options allow.

I might have used Launch for my personal blog if it had been released before I made my new custom theme.

Full Circle: The Return of Static Blog Generators

WordPress is the most popular blogging software today, powering a majority of the top one hundred blogs. Like many of the systems that are popular nowadays, it’s dynamic. The server pieces together pages on the fly when they are requested, pulling content from the database, processing it, and wrapping a template around it before sending to the user’s browser.

Back in the earlier days of blogging, things were different. Most of the popular content management systems that blogs ran on were static page generators, like Movable Type, the package that previously held WordPress’s throne, before a price increase caused a mass exodus in 2004. Movable Type stores your content in a database, like WordPress, and it has an administration panel where you manage your content and adjust settings. But that’s where the similarities end. Instead of assembling pages dynamically, the blog engine compiles them into static HTML pages ahead of time, so the web server can just throw them back to users instantly. It’s a lot easier on the server that way, which can result in a snappier web site and less chance of your site going down from a social media bump.

This is, of course, something of a simplification. Many WordPress users, especially those with larger sites, use caching plugins like W3 Total Cache to have the best of both. The dynamic model is used, but frequently-accessed pages are statically cached for performance.

Continue reading →

Crowd Favorite’s WordPress Post Formats Admin UI

Back in WordPress 3.1, a new feature called Post Formats was added to enable theme developers to more easily denote different types of posts in order to make “tumblog” themes. But the feature is lacking as it stands today. The UI is simply not as nice as services like Tumblr, and there isn’t really a set of prescribed standards for how to use Post Formats. So some themes store link URLs in Custom Fields, while others grab the first URL out of the post body. That sort of inconsistency makes portability between themes a nightmare.

Alex King and his company Crowd Favorite have a proposed solution. Their plugin adds a really nice UI to the New Post screen, with tabs that appear depending on which Post Formats your theme enables and different input fields that change depending on which tab is selected.

 

In addition to the way cool plugin, they have a sensible naming convention for custom fields to go along with it. I think it would great if the Core team adopted that as a recommendation for theme developers, and incorporated the UI plugin into WordPress proper.

Alex King did say, back in November, that he planned to suggest it to the Core developers once WordPress 3.3 shipped, so keep your fingers crossed.

WordPress Post Formats Admin UI [Alex King]

Easily Embed Whole Tweets in Your Blog Posts With Tweetable 1.2.4

Have you ever wanted to embed an entire tweet into a WordPress post for some reason? Maybe you were doing a short write-up about a recent news story, and wanted to quote someone’s amusing tweet on the matter. You could just use a simple blockquote, and link to the tweet, but wouldn’t you rather embed the whole thing, complete with information about the user and interactive buttons?

The latest version of my Tweetable plugin, version 1.2.4, includes support for Twitter’s new embedding API, which enables you to do that with minimal effort. If you have the plugin installed (and “Auto-embeds” is turned on in the Media page of your Settings), you can just paste a properly-formatted URL from Twitter onto a new line in your post. After you hit Publish, it will appear in your post, thanks to the magic of oEmbed.

The best part? This is going to be built-in to WordPress 3.4, so you have ensured forward-compatibility. Otto, one of the major contributors to the WordPress core, has already worked up a patch and it is currently slated to be included in version 3.4. Beat me to it. :P

Using Google-Hosted jQuery With a Local Fallback

Referencing commonly-used JavaScript libraries, like jQuery, stored on Google’s CDN is a good way to speed up your site. Many popular websites do so, which means the chances of a user having jQuery sitting in their browser cache already is pretty high. It doesn’t make a whole lot of sense to download it all over again for another website, does it? Using the copy on the Google Libraries CDN just makes a lot of sense.

But what if the servers Google has hosting it went down for some reason? Given Google’s track record, it’s not likely to be an issue, but it’s a good point. Fortunately, you can easily reference a backup. You can have a copy of jQuery on your server, and use a little bit of JavaScript to load it only if the Google one doesn’t load for some reason.

This little snippet, found in HTML5 Boilerplate, will do just that:

<script src="//ajax.googleapis.com/ajax/libs/jquery/1.6.4/jquery.min.js"></script>
<script>window.jQuery || document.write('<script src="js/libs/jquery-1.6.4.min.js"><\/script>')</script>

This should even work with WordPress, if you put the second script line right before the </head> tag in your theme.

The Hidden All Settings Screen in WordPress

WordPress uses a universal system known as wp_options to store data values for core functions as well as plugins. If you modify an option in the Settings section, it’s processed and stored in the wp_options database table. Plugins usually operate in the same way, handing off settings and other information to wp_options for storage or retrieval.

Not everything in wp_options has a corresponding UI, though. What if you had reason to modify an API key a plugin is storing, but the plugin doesn’t give you a UI option to update it? Or maybe some information is being cached and you need to blast it out while you’re working on a new theme.

WordPress actually has a page where you can see everything in wp_options, as well as edit the values. (You can’t mess with serialized data, though. You would need to use open phpMyAdmin for that.) You can access it by visiting the following URL, replacing example.org with your own domain, of course:

http://example.org/wp-admin/options.php

Obviously, you should be careful with this. You could break some things in your WordPress installation if you don’t know what you’re doing. So if you don’t know what you’re doing, you should probably not be messing around with the values…

WooThemes Launches Free E-Commerce Plugin WooCommerce

WooThemes recently announced the launch of their free WordPress e-commerce plugin, WooCommerce, along with a few themes with built-in integration.

This is one of our biggest release to date and it’s absolutely free. WooCommerce is an all-new plugin application and library of integrated themes for WordPress that help individuals and businesses turn their sites into professional, e-commerce stores. Our aim for WooCommerce is to be an e-commerce toolkit that allows anyone to sell anything online. View the WooCommerce page to see all the powerful features packed into the plugin.

WooCommerce is a fork of the lesser-known Jigoshop plugin, with a bunch of nice additions. This has been the cause of some controversy about the “ethics” behind the decision, despite it being 100% legal under the GPL. Personally, I can see merits to both sides of the argument, but I think it should encourage competition. The Jigoshop team should be able to absorb some of the improvements WooThemes made to their fork back into Jigoshop as well.

How to Add A Floating Social Media Widget Box to Your Blog

Now that most blogs are starting to pare-down their social media buttons and go with the dynamic widgets offered by the three or four largest social media sites, you’ve probably seen a few sites with a floating box that hovers along the left side, staying in the viewport as you scroll.

How do you make one of those?

If you don’t mind making your own from scratch, Michael from Pro Blog Design has a great tutorial. His floating box looks nice, moves smoothly and is very customizable, since you’re adding it directly to your theme.

If you need a plugin, Sharebar and Digg Digg both create a similar result with much less effort, but they don’t look quite as nice.

WordPress Admins Can Post JavaScript in Post Comments

Here’s an interesting fact about WordPress: users with Administrator or Editor privileges are allowed to post unsanitized JavaScript or markup in Post comments.

I discovered this by accident when I was leaving a Facebook API example for a commentator, and posted a code snippet that included the <script> tag referencing http://connect.facebook.net/en_US/all.js#xfbml=1. To my surprise, a Facebook Comments widget appeared within my comment!

I did some testing with a fresh WordPress installation and ensured that it wasn’t related to any of my own customizations or installed plugins, and that only high-ranking user accounts could do it.

This could potentially be a Cross-Site Scripting (XSS) vulnerability, as a user with Editor privileges could conceivably “go rogue” and post malicious JavaScript in comment threads. This could be used for any number of nefarious things, such as injecting a malware loader into the page or inserting spam links.

So I did some digging, wondering whether I should report the issue to the core developers, and found this:

Users with Administrator or Editor privileges are allowed to publish unfiltered HTML in post titles, post content, and comments. WordPress is, after all, a publishing tool, and people need to be able to include whatever markup they need to communicate. Users with lesser privileges are not allowed to post unfiltered content.

[…] Regardless, an Administrator has wide-ranging super powers among which unfiltered HTML is a lesser one.

In WordPress multisite, only super administrators can publish unfiltered HTML, as all other users are considered untrusted.

It makes sense that Administrators be able to do that, as they have unfettered control over everything else. (And there are probably some cool things you could do by inserting JavaScript into your comments, like placing polls without having to use a plugin.)

So, the lesson here is to be cautious with who you assign Editor privileges to. If you don’t trust them, don’t give them an Editor account. Besides, a rogue Editor could play havoc on posts and comments even without being able to paste-in malicious code. ;)