WordPress Security – Version 4.7.2 Fixes Vulnerabilities

WordPress Security Update

WordPress Security is very important.  Wordpress is great, but since it is the most popular web publishing system in the world, it is makes WordPress a hackers biggest target.

Luckily the people at Automattic keep on top of the issues and release Security and Bug updates.

WordPress 4.7.2 Security Release is an example. It closes some potential Security holes.

To prevent getting hacked, it is important to keep your software up to date.

Some best practices to prevent having a VERY bad day:

  1. Keep your WordPress and Plugins up to date
  2. Choose plugins that are currently being maintained, and compatible with your current WordPress (this is not always possible, but a good ideal)
  3. Always have a backup – offsite from the server you host your website
  4. Host with someone who knows security – server network, server software and WordPress

Some people do it themselves, others hire someone to do it. (obvious pitch: Quadshot has WordPress Hosting and Maintenance Programs.)

Here’s a writeup from ZDNet about the potential dangers:

WordPress patches dangerous XSS, SQL injection bugs | ZDNet

WordPress has patched three security flaws including a cross-site scripting (XSS) vulnerability and SQL injection problem which could lead to the creation of new vulnerabilities. Last week, the content management system’s (CMS) developers said in a security advisory that the new fixes resolve three important security issues, all of which impact WordPress versions 4.7.1 and earlier.

Quadshot’s Favorite WordPress Plugins

wp logo Here’s some of our team’s favorite WordPress Plugins:

OpenTickets Community Edition – A plugin very close to our Quadshot hearts ever since we released it to world and the WordPress community in 2014. OpenTickets Community Edition is a free event management and online ticket sales platform, built on top of WooCommerce. Yes, that’s right we are the creators of this amazing easy to set-up, easy to use, easy to manage online ticket sales plugin. Downloaded OpenTickets and sell tickets and/or products to your very own event today. Chris Webb, Co-Founder and CTO said, “OpenTickets Community Edition is flexible, easy to use, and provides me hours of interaction with random people in the world.”

Advanced Custom Fields – At the very core this plugin provides developers with intuitive and easy to use fields. Advanced Custom Fields is the perfect solution for providing more flexible data to your website. The API allows you to quickly display field data in your theme and you can format the value depending on the field type, making development quicker and easier. Quadshot Developer Robert Gillmer said, “It makes it easy for me to look like a Rockstar. It’s the best way to make navigating the back-end as easy as possible for the clients.”

Buddypress – Social networking is one of the main components today in building your business. Buddypress can do this with your WordPress website with member/membership profiles, user groups, private messaging, activity streams, notifications and many more amazing social networking features. Senior Developer, Tom Smith considers this to be is favorite big WP plugin.

WooSlider – The ultimate responsive slideshow plugin created by WooThemes for WordPress is one of the most used plugins by our team on sites requiring a slideshow. Easy to use, this paid plugin will run you around $49 – $149 depending on the license you need. Create and add a responsive slide-show anywhere on your website using the WooSlider widgets or shortcodes. Quadshot’s Founder, Michael Cremean said “It lets the customer control content in unique ways and it is very easy to customize. We love when the customer can control their own content”

Features by WooThemes – This plugin allows you the ability to feature products, offers, sponsors and even companies by using a widget, short-code or template tag. A free plugin, Features can create unique display areas on your pages with the opportunity to link these areas back to any page you like. Display images and/or content, manage how data is shown and the use of categories allows for additional display options. This is actually my favorite WordPress plugin. I have used this plugin in most of the sites that I have worked on. It’s so easy to use and gives me great display effects.

Quick Tip: You can also find most of Quadshot’s favorite WordPress Plugins by going to your plugins tab > add New Plugin > to the left of the search bar you will sell the tabs Featured | Popular | Recommended | Favorites > click Favorites > type in Quadshot.  This will display some of the main plugins that we use when building sites for our customers.

Getting Requirements Right First Time

It is less expensive and certainly more efficient to get requirements right the first time.   It is a truism that trying to change a computer system AFTER it has been built can be much more expensive than having done it right the first time. This is even true of systems built using Content Management Systems like WordPress – although WP does make this much easier!

Oftentimes the reasons why systems are built that end up having to be changed is because we don’t ask the right questions, and listen to what the client THINKS they want – not what they really NEED. As techs we can also sometimes be caught up with all the bells and whistles that can be built into a system, rather than concentrating on what is actually needed and the business processes involved.

If you were a tractor-mower salesman trying to sell to a potential customer, you might be tempted to blind them with features – particularly if you were hustling a more expensive model.

You might ask questions like:

  • What power engine do you want?
  • How wide a blade do you need?
  • Do you want power start for the mower?

These are issues that need to be resolved, but your potential customer may not have a clue how to answer them.
How much BETTER would it be if you asked questions like this:

  • How BIG is your yard?
  • Is there any slope on your lawn?
  • Are there any trees in the way?

You can see that these are questions your customer can easily answer, and will guide you as to the best model for the job.
Similarly, questions about computer systems and websites should be couched in terms that show an understanding of the goal a potential client wants to achieve, rather than blinding them with science and techno-babble.

Asking the right questions instead of selling a bill of goods can ensure that you get the Requirements right the first time.

 

Writing a WordPress Plugin – Where to Begin

How do you starting writing a WordPress plugin?

Today, I started writing a post about the beginning steps of making a WooCommerce Extension, when suddenly it occurred to me that I should start from the beginning instead.

What are some skills you needed in writing a WordPress Plugins? What are some things you need to think about when starting? There is a lot to cover just in these basic questions.

Making a simple plugin is actually easy. Truthfully, there are resources available to you on WordPress.org which detail everything you need to actually commit the act of writing a plugin. The gist of the article is that there are a few simple steps:

  • Choose a unique name. Usually this means having a unique identifier that shows your plugin was written by you, and a generic name appended to that which describes the function of the plugin. For example, I might call my plugin ‘loushou-hello-world’, “loushou” being my screen name on WordPress.org, and “hello-world” being a description of what the plugin does.
  • Create a directory in your /wp-content/plugins/ folder using that name. In my case I would use /wp-content/plugins/loushou-hello-world/.
  • Create a file in that directory using the name of your plugin. In my case: /wp-content/plugins/loushou-hello-world/loushou-hello-world.php
  • Add some header comments to that file that tell WordPress a little about your plugin:
    <?php
    /**
     * Plugin Name: Loushou - Hello World
     * Plugin URI: http://quadshot.com/hello-world-plugin/
     * Description: Adds a 'hello world' message to the admin.
     * Version: 0.1.0
     * Author: Loushou
     * Author URI: https://profiles.wordpress.org/loushou/
     * License: GPL2
     */
  • Add some functionality to your plugin so that it does what you say it does…

They make it pretty simple. With that in mind, you may be wondering ‘what skills do I need to make one of these things?’ The bottom line is that you at least need some skills with PHP to make a plugin. ‘Nice to have’ skills are HTML, Javascript and CSS. In very rare other situations you may need other programming language skills.

You need to have a strong ability to figure out and solve problems. You also need to be able to ‘forward-think’ because you don’t want to have to keep rewriting your plugin from scratch when you want to add something awesome to it. So basically, you need to be a programmer with a skillset centered around PHP development.

In addition, if you want to make the plugin available on WordPress.org, then you will also need at least a basic understanding of SVN and how to use it (or at least the ability to Google it).

The requirements seem pretty straight forward to this point, huh? Great. Well, now that we are past that, there are several things to think about when making a plugin. Everyone’s list is different, but this is my list of things you should know or seek out before you write a plugin:

  • What version of PHP and MySQL should I be compatible with, when I make a WordPress plugin? You can find this answer in the Requirements page on WordPress.org, but the short answer is PHP 5.2.4 (PHP 5.4 or higher is recommended) and MySQL 5.0 or higher.
  • What types of environments should I make my plugin compatible with? All kinds. You have no idea where your plugin will be installed, what software they are using on that system, and the OS could even be something you’ve never heard of. An experience PHP programmer knows how to make their code cross platform compatible, which is not necessarily as easy as it sounds.
  • What programming techniques should I use when making the plugin? Remember, WordPress uses PHP 5. That means that you have an Object Oriented language to work with. I cannot tell you how many times I see plugins that are written like they have been around since PHP 4. There is no reason to make a completely procedural plugin. Use your PHP 5 knowledge and make your plugin a class or object (or series thereof), not a list of functions that have your pseudonym in the function name. Using OOP can give you access to all kinds of time and resource saving techniques, and it can help organize your code. So if you want to make a good plugin, stop using PHP 4 style programming.
  • What are Actions and Filters in WordPress, and how do I use them? You can find out the basic information on the Plugins API page, but the gist is that they are key to building in your own functionality or modifying the existing functionality. It is also very important that you understand how to incorporate these into your plugin, because you never know how it may be used or what functionality someone may want to add to it.
  • How do I find out how something works in core WordPress? I would say this is by far the most important thing on the list. You have to not only have a need to go looking for the information, but you need to be bold enough to actually go looking, to find what you need, and to fiddle with it to figure out how to use it. DO NOT be afraid to hunt something down in core, because it will always give you awesome information you never knew before, that you can use now and in the future.
  • Where can I ask questions? If you cannot figure something out, do not be afraid to ask. The community is very knowledgeable. If you have a problem, or need an answer to something, either someone out there has already asked the question or someone out there knows the answer. That is not to say ‘start by asking’. Explore on your own first, checkout the Documentation since there is a probably a page that explains what your are looking for, and if you hit a road block, ask. Everyone needs a hand sometimes, and asking the community will almost always get you some help.

That’s it for now. Hopefully you have an understanding of what types of information you need to gather before starting to write a plugin, and maybe you have a few new resources to pull from. Next time, we will go through actually creating a basic plugin. That process should get you a solid footing on making your own. Past that, we will talk about OpenTickets Community Edition, and some of the obstacles we had to overcome when making that plugin.

WordPress creator Automattic valued over $1Billion

Automattic raised $160 Million in funding - WordPressWordPress was started over 10 years ago. My, it has grown.

From humble beginnings as a simple blogging platform, WordPress now powers 1 in 5 website.

Automattic, the company behind WordPress, has raised $160 Million in venture funding since Matt Mullenweg, one of the original authors of WordPress, took back the reins as CEO.  This funding round values the company at over $1 Billion.

One of the  big companies that uses WordPress is Time, who wrote a great article about Automattic’s funding round.

Item added to cart.
0 items - $0.00