Are Your Plugins Secure? Part 2: Permissions and Nonces

Are Your Plugins Secure? Part 2: Permissions and Nonces

As a plugin developer, you have a responsibility to keep your plugins secure for your users. Ryan takes a look at permissions and nonces, two important tools in your security toolkit.

Following on from “Are your plugins secure?, this post is a simple breakdown on what to look for security-wise when auditing plugins. In the previous post I covered basic data santisation, however that sort of protection means diddly squat if a plugin allows a random member of the public is able to do do something only meant for you!

For WordPress plugins to allow user submitted inputs, it either needs to allow anyone to submit data, or it needs to perform some sort of authentication to prove that the user submitting the data is indeed who they say they are. Keep reading »

Find the Words to Match Your Code Poetry

Find the Words to Match Your Code Poetry

Do you follow standards for writing documentation? No? Well maybe it's about time you got started. Christine provides a few pointers on writing useful documentation for your code.

A few weeks ago, 200+ WordPress enthusiasts geeked out at WordCamp Vancouver and then attended the first ever BuddyCamp. For me, the highlight of the weekend was listening to John James Jacoby’s (AKA JJJ) presentation about proper documentation. His talk reminded me, that last year at WordCamp Toronto, Chip Bennett also gave a great presentation discussing documentation, and over in Montreal, Joey Kudish discussed the merits of becoming a better developer by writing better code. Weird how you need to hear the same thing three times to finally actually “hear it”. Well after WordCamp Vancouver, I finally started and I’m now documenting my themes properly.

I don’t know about you, but back in 2004 when I started working with WordPress, I didn’t pay much attention to standards, documentation, or the proper way to do things. But now, it seems as though the entire WordPress community is now working towards adopting the same standards. Keep reading »

The Ten Commandments of WordPress Development

The Ten Commandments of WordPress Development

Do you incorporate best practices into your development process? Floris didn't used to. But after getting some help on the best approach for WordPress, he's got ten commandments that can help you to get better.

About a year ago I made an inventory of all the WordPress websites I created together with my colleagues over the past few years. I found out that we used a lot of different approaches. It lacked standardization. What we needed was a uniform approach to development and, of course, a philosophy. At first I was a little flabbergasted, I really did not know where to start. Of course we all knew about the Codex, the forums and tutorial websites, but we did not have any contact with the WordPress community at all. Keep reading »

Are your plugins secure?

Are your plugins secure?

It's fantastic that we can be confident that WordPress core is secure. The core team are security conscious, and patches for holes are pushed out quickly. But what about your plugins and themes? Can you be so confident? Ryan gets into detail about what you should be looking out for.

WordPress has an irritatingly bad reputation for security. This is mostly due to misinformation and partly due to WordPress taking the rap for flawed security either at server level, or at the theme/plugin level. Server security issues can be reduced by using a well respected webhost such as HostGator or WP Engine. Theme and plugin security can be much harder if you are unable to security audit the code you are using. A quick search through the WordPress plugin repository by a trained eye can show up a scary proportion of plugins with security flaws. Unfortunately, unless you understand how security attacks occur and what type of code causes security flaws there is no way to know if a plugin is usable or not. Keep reading »

Announcing BuddyPress Corner

Announcing BuddyPress Corner

Tammie introduces the latest additional to WP Realm - BuddyPress corner! It will be (unsurprisingly) dedicated to BuddyPress, everyone's favourite social networking plugin. Learn all about how awesome it will be!

We love BuddyPress at WP Realm and we thought it was about time we started a regular section devoted to BuddyPress. We’re pleased to announce today the launch of BuddyPress corner. From today, every other Friday will have a post dedicated to all things BuddyPress. Keep reading »

100% Guaranteed SEO Bullshit

100% Guaranteed SEO Bullshit

You know the emails: something lands in your inbox with promises of increasing your SEO Ranking with some sort of black magic. We've all received those emails - but does everyone think that they're bullshit? Christine takes a look.

Earlier this week I woke up to find not one, but two spam emails in my inbox offering “100% Guaranteed Seo Results”. I’m not sure why gmail decided that all of a sudden I needed to see these, but I just marked them as spam and proceeded to read the rest of my emails. However, a few hours later, a random email landed in my inbox: Keep reading »

Building a Multilingual Website? These are the Questions to Ask.

Building a Multilingual Website? These are the Questions to Ask.

When you're embarking on your first Multilingual website it can be difficult to figure out the best approach to take. Floris runs through your options and looks at some questions that you can ask.

Throughout the years I have created several multilingual websites using WordPress, and I have tried different methods to achieve my goals. As you might know, WordPress does not offer a simple solution for creating multilingual websites. Yet since you can create virtually everything using WordPress, just a little effort is needed to achieve your goals. There are several ways to create a multilingual website. Keep reading »