WPBeginner, a website for beginner guides to WordPress, has published an updated and comprehensive guide to WordPress security – “The Ultimate WordPress Security Guide – Step by Step (2017)“. Most of the things are well known to seasoned WordPress users – keep things updated, use strong passwords, remove unnecessary plugins, make sure to pick the right hosting, add security enhancing plugins, etc. But it’s a good place to start for people who are not too technical and those who don’t think about security implications of having a publicly accessible website on a daily basis.
There are plenty of questions, answers, simple explanations, and links to other resources in the article. So even if you are an experienced WordPress user, you might find a useful thing or two in there.
You might also want to checkout my earlier blog posts:
Straight from the JSON Feed homepage:
We — Manton Reece and Brent Simmons — have noticed that JSON has become the developers’ choice for APIs, and that developers will often go out of their way to avoid XML. JSON is simpler to read and write, and it’s less prone to bugs.
So we developed JSON Feed, a format similar to RSS and Atom but in JSON. It reflects the lessons learned from our years of work reading and publishing feeds.
See the spec. It’s at version 1, which may be the only version ever needed. If future versions are needed, version 1 feeds will still be valid feeds.
Supercharge your ecommerce is a collection of reviews of some of the best ecommerce plugins for WordPress. It covers a variety of options from the most famous like WooCommerce to some less known ones. Here’s a list of of what’s reviewed:
Sara Rosso shares some thoughts on what to document and share, after publishing over a 1,000,000 words while working at Automattic. Here’s the gist of it:
- If you’re the go-to person for something in your company, consider how much of it is just gatekeeper information you could document properly to help someone else learn/grow from or work on independently.
- Separate out processes and historical background from your strategic expertise. Processes and backstory are not really ‘what you know.’ It’s much better to be a person someone asks ‘why’ or ‘when’ to do something vs. the logistics of a ‘how.’ How can and should be documented for others to build off of regardless of your involvement. This should free you up to be more involved in the why, the new, and the next of your work.
- If you’re repeating yourself in private chats or (gasp!) email on a specific topic, document it. That’s also what drove me to create this blog – being able to answer someone’s question with an answer you’ve already carefully crafted for someone else is a great feeling (and a great use of your time)!
- Will someone want to know why you decided or executed something a specific way later? Share as much background as possible so colleagues are brought up to speed immediately. Share the setup & thought process you went through, where to find more information, and even the facts, ideas, or information you considered but deemed outside of scope for the particular project. My goal is to hopefully never have someone ask “where did this come from?” or “what’s your source?” or “did you consider this?” (when I had) and instead focus on enriching the discussion or challenging my ideas vs. asking me for information I should have provided in the original post.
- Gather the best, most complete, or authoritative things you’ve authored and submit them as potential onboarding materials for new team members. Challenge them to ask questions and to find something you need to document.
- If important progress is made, be sure to update your documentation, or retire in favor of something newer or more complete. We do this by linking from old posts to new ones, and all it takes is a quick comment and a link on an old post.
As described in “Introducing WP Image Processing Queue – On‑the‑Fly Image Processing Done Right“, Image Processing Queue plugin tries to solve several issues with On-The-Fly Image Processing (OTFIP) in WordPress. Some of the things that it improves are:
- Response times for pages with non-yet generated thumbnails.
- Server CPU spikes for pages which use a lot of images on sites with a lot of configured thumbnail sizes (49? really? WOW! I don’t think I’ve seen more than 10 in the wild, which is still a lot).
- Server disk space issues caused by removed images and leftover thumbnails.
This is a very useful direction and I hope all the necessary bits will make it into the WordPress core. But even for those who don’t use WordPress, the whole discussion and implementation are a handy reference.
Charles is a web debugging proxy application for Windows, Mac OS, and Linux. Here’s a quick description from the project’s website:
Charles is an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP and SSL / HTTPS traffic between their machine and the Internet. This includes requests, responses and the HTTP headers (which contain the cookies and caching information).
And here are some key features:
- SSL Proxying – view SSL requests and responses in plain text
- Bandwidth Throttling to simulate slower Internet connections including latency
- AJAX debugging – view XML and JSON requests and responses as a tree or as text
- AMF – view the contents of Flash Remoting / Flex Remoting messages as a tree
- Repeat requests to test back-end changes
- Edit requests to test different inputs
- Breakpoints to intercept and edit requests or responses
- Validate recorded HTML, CSS and RSS/atom responses using the W3C validator
Pretty much every browser these days comes with developer tools (like Google Chrome, for example).
But these are mostly useful for requests made by the browser itself. Often, like depicted in “PHP and cURL: How WordPress makes HTTP requests” blog post from which I learned about Charles, one needs to examine requests made by the application itself – like WordPress in this particular case.
The developer tools of the browser won’t be very useful, but a proxy application like Charles would. Setting up a proxy will send all requests through it, allowing for easy inspection and debugging.
SitePoint runs through a few options that one can use to synchronize WordPress live and development databases. I’ve linked to some of these options before, but it’s nice to have them all conveniently together. The solutions discussed include WordPress-specific tools:
as well as generic tools, such mysqldump, mysqlpump, rsync, and git.
Overall, it’s a pretty complete list of tools. The one I’d like to add though is WP CLI, which allows a great deal of automation when it comes to WordPress, including things like database imports and exports, post and option management, and more.
I came across this article – “Dependency Management and WordPress: A Proposal“, which provides an excellent overview of some of the recent developments and discussions in the area of composer integration with WordPress, and even more generically, some of the issues around dependency management in an ecosystem as large and complex as that of WordPress.
It’s been a while since I checked what’s going on in this area. A couple of years back, I linked to an article that shows a way to use composer with WordPress, and since then I’ve built something similar for our use at work.
But it’s good to see that the problem is not tossed and forgotten, and that there are some very smart people still trying to work it out.
WP-CFM is a WordPress plugin which helps to manage and deploy WordPress configuration changes between different sites. I haven’t tried it myself yet, but it looks super useful as it allows to separate the configuration options from the content, both of which are stored in the database. The cherry on top here is the support for WP-CLI, command line interface to WordPress, which is frequently employed for automatically deploying WordPress to different servers and environments.
I have a feeling this plugin will be making its way into our project-template-wordpress setup pretty soon.
If Vim is your editor of choice, and WordPress is something you work with on a regular basis, then check out WordPress.vim – a Vim plugin for WordPress development.
Some of the features are:
- Auto-Completion for the WordPress API
- WordPress Hooks Integration
- WP-CLI Integration
- Jump to Definition in WordPress Core
- UltiSnips Snippets
- Syntax Highlighting for WordPress PHP files.
- Markdown Syntax Highlighting for readme.txt
- PHPCS Syntax Checker integrated with WordPress Coding Standards
- Search in Codex
- Integration with WpSeek API.
- Readme.txt Auto Validation.