WordCamp Austin Was a Blast!

WordCamp Austin 2013

Austin has always been on my list of places to visit, and now that I did I know it was totally worth the long travel. Huge WordPress community, very friendly people and a well organized WordCamp, not to mention that wonderful food experience.

I met and chatted with a lot of new folks – developers, designers, bloggers, business owners and beginners eager to use and learn WordPress. It was so overwhelming, in a good way obviously, and the BBQ – so delicious! The unofficial CigarCamp was the perfect way to end the day.

Dev Day on Sunday was a total blast, that’s where all the super geek talk happened over pizza. That’s where I was able to get a few minutes on stage to talk about contributing to WordPress and encouraged people to chime in.

So huge props to everybody who made it happen: organizers and volunteers, speakers, sponsors, attendees, and a very special thanks to the WP Engine folks for hosting Dev Day.

Hope to make it next year!

Don’t Hide the Fact That You’re Using WordPress

There are quite a few blog posts, plugins and hacks suggesting to hide the WordPress version number, or hide the overall fact that you’re using WordPress. Don’t do it — it’s pretty useless.

There are hundreds if not thousands of ways to not only find out the fact that you’re using WordPress, but also find out the exact version number, regardless of any plugins or hacks changing or hiding the “generator” meta tag, the readme file and so on. A great post by my brother Gennady illustrates that.

Security

Most of these “hide my WP” solutions tend to market themselves from a security standpoint, especially with the recent botnet attack on WordPress sites. The truth is that these attacks don’t really care which version of WordPress you’re running. In fact, they don’t even care whether you’re running WordPress at all! How? Well that’s easy, they just take your domain and blindly fire POST requests to a file called wp-login.php, even if you’re running a non-CMS pure HTML website.

The same applies to known theme and plugin vulnerabilities. Go ahead and check your web server’s access logs, there’s a pretty good chance you’ll find requests to timthumb.php even though none of your themes or plugins use the TimThumb library.

So from a security perspective, the secret sauce is to use a strong password, as well as keep your themes, plugins and especially WordPress core up to date. Plugins such as Google Authenticator and Limit Login Attempts can give you that little extra protection.

The Ferrari Analogy

Sometimes people try hide the fact that they’re running WordPress because they’re afraid other humans will spot that and think they’re “unprofessional” or cheap. Well WordPress is the most professional content management system known to human kind, trusted by some of the largest companies worldwide and although free and open source, certainly not cheap.

When you buy yourself a new Ferrari, do you remove the Ferrari logos before showing it to your friends? No. Although if you did, it would still be obvious.

To wrap that up — don’t hide the fact that you’re using WordPress. Use a strong password, keep it updated and drive it with pride. If you bought a premium “hide my WordPress” plugin, you should ask for a refund and buy something useful instead.

Using get_template_part within Shortcodes

The get_template_part function is one of the most useful things available to WordPress theme developers. Although mostly used in themes for public, get_template_part is often used in custom WordPress websites as an alternative to the PHP include or require.

When using get_template_part with the Shortcode API, there are two things you should always keep in mind:

get_template_part executes .php files which (most likely) generates output
shortcode callback functions are expected to return a string and not generate any output

So when calling get_template_part within a shortcode callback function, you’ll see that all the output generated by get_template_part is output before the post content, and not replaced inline.

The solution is to use PHP’s output buffering. Create a buffer in your shortcode callback before running get_template_part, clear the buffer and return the content right after. Here’s a quick example with an ads shortcode, which can insert your theme’s ads.php file contents anywhere within a post or page:

function my_ads_shortcode( $attr ) {
    ob_start();
    get_template_part( 'ads' );
    return ob_get_clean();
}
add_shortcode( 'ads', 'my_ads_shortcode' );

The ob_get_clean() function stops buffering and returns whatever was output to the buffer after ob_start(). The same approach could be used with other functions and statement that generate output, such as include and require.

Attending WordCamp Austin 2013

Texas has been on my list for a while now and Austin sounds like a great place to start. Looking forward for some sunshine, good company, great food and an exciting WordCamp Austin 2013. Maybe even a roundhouse kick to the face.

Columns for WordPress

Sometimes you need to split your content into two or more columns, perhaps for a list of features on your front page. Unfortunately the standard WordPress editor does not support that out of the box (yet) so you turn to plugins.

With quite a few options available, it’s not easy to make the right choice, plus, there’s almost always a learning curve involved, especially with shortcodes like:

[fourcol_two_last]

I crafted an experimental columns plugin quite a while ago, which hopefully simplifies the shortcodes to a bare minimum, and makes them look slightly more like HTML. Put as much columns as you want into a column group, and it can figure out the rest:

[column-group]
    [column]This is my first column[/column]
    [column]This is my second column[/column]
[/column-group]

Hopefully this is much easier than memorizing cryptic shortcode names, and even if you end up deactivating the plugin in the future, you can always run a (fairly) simple regex search and replace to “lock yourself out.”

I recently released the plugin for public use. It’s called Columns (duh!) and it’s available at the WordPress.org plugins directory. Give it a spin and let me know what you think!

On $matches in preg_match functions

I’ve seen many people define an empty $matches variable before using it in preg_match and preg_match_all functions in PHP. I’ve done it myself, and I was quite surprised to learn that you don’t really have to — even if there’s no match, you will not get an undefined variable notice.

Maintaining a Local WordPress Subversion Repository

When working with WordPress core, you often have to go back and forth through commits, scroll or search through revision logs, switch between tags and branches and so on. This can be annoying with a slow Internet connection and impossible without a connection at all, but what if you’re working on a core patch on a plane or a submarine?

Continue reading →

Konstantin Kovshenin

WordPress, Automattic and Open Source