WordCamp Melbourne 2011 went off

Last weekend was WordCamp 2011, Lots of things were said and done, there was an afterparty that not many talk about (and many suspect the organisers were still drunk the next day), and of course – there were talk from a lot of interesting people.

But of course, this isnt to write about those people, the events, or anything else, this is purely a post to post up a few things which I mentioned.

First part, My presentation: How to become a WordPress Surgeon: An introduction to WordPress Core Contributing. – in reality, it was decided 5 minutes before hand the content, so give me some slack :)


Direct Link: http://wcmelb.blip.tv/file/4826938/

Now the links I promised:

  • Search and Replace – An excellent plugin for replacing text throughout WordPress, good for updating old links from other domains
  • Core Control – A Plugin of mine which allows you to see inside a bit of WordPress, The main use for this today is determining which HTTP Transport is in use, and the ability to disable those which are malfunctioning.
  • Theres another plugin which is useful when changing permastructures to distinctivly different structs, in most cases the canonical redirect takes care of it, but it’s not 100% perfect, I cant find the plugin, but Advanced Permalinks looks like it’ll do the job, But might not be compatible with 3.0/3.1, and might be overkill really.. but search the Permalinks tag on the extend directory and see what you can find.

And links that are just awesome:

Disable plugin update notification for a specific plugin in WordPress 3.1

Just  quick sniplet of code to drop into a plugin file to disable plugin update notifications.

The reason i’ve written this is a plugin which has been heavily modified has a update, and, wanted to stop hearing about it; Sure, I could’ve just changed the name, but this felt more Politically Correct (and isn’t that what we’re all supposed to do!?)

So, The code:

add_filter('site_transient_update_plugins', 'dd_remove_update_nag');
function dd_remove_update_nag($value) {
 unset($value->response[ plugin_basename(__FILE__) ]);
 return $value;
}

Have fun, and happy Hacking!

Numbers… Plugins.. WordPress.

So, I’ve tried to write this post a few times so far, and never fully finished it. So this post is a bit of a cobbled together quick post, to finally get it all out there.

First up, My WordPress Plugins.

Many of you who use my WordPress plugins will surely know they solved a single simple problem rather well. Many of you will however realise that they’re severely lacking in features, bugs, and keeping up with WordPress Core..

Quite simply, I’ve had little time to dedicate to my plugins, and for that fact, to anything WordPress related. And one very strong feeling is coming out of it, I want to work on WordPress and new experiments, but my old Plugins really do not take my fancy that much.

I’m coming up to close to 110k downloads of my plugins in total,  that must mean a large chunk of users have them installed still.. Thats a mighty lot of people to leave out in the cold if a security issue comes up..

So today, I’m calling for volunteer’s who I can add as Contributors to my Plugins (and any other project I’ve got going for that matter). The idea is simply, I dont have time, They’re Open Source, People use them, Surely there has to be someone else out there willing to put a few hours in every month to take care of them? Some Plugin Developers can afford the time to fix up plugins, I cant, I’d rather spend it on Core..

There are a few rules which I’ll be enforcing however:

  • You need to run it by me before you make a new Release of the plugin (that’ll be relaxed if you show you know what you’re doing, and I trust your judgement)
  • You need to retain the current naming, licence, and Commit-often strategy to the Plugin’s repo.
  • You need to respect the code and functionalities offered, as well as the users of the plugin, Upgrades to new versions MUST work nicely with users existing data, re-writing the plugin from scratch will not be taken nicely (But refactoring is fine, and there will be exceptions of course)
  • You MUST follow the WordPress coding standards
  • You cant just work on new features and ignore any present bugs, Sorry, but both need your attention.

If you’re feeling up to the task, Feel free to leave comments here, or contact me privately (wordpress@dd32.id.au) to discuss it. Recognising your name will be a plus, But please do include some kind of  reference (ie. “Plugins X, Y and Z are mine”, “I’ve submitted x patches to trac recently” etc, I need to know you can actually code with WordPress..)

A List of my recent/active plugins:

  1. Add From Server – 38,720 downloads
  2. Core Control – 8,263 downloads
  3. TwentyTen: No Max Editor Width – 327 downloads
  4. Revision Control – 41,683 downloads
  5. WP-Su – 62 downloads
  6. dDeviantart – 3,032 downloads – This is a good one, I dont know if there is something else out there now, But I know a lot of people would love a more recent version of this plugin!.

Next, WordPress Involvement

Over the last few months, Well, Since WordPress 3.0 was released really, I’ve not been involved in WordPress that much, The number of commits I’ve made in that time has been well  below what I’d have previously had even just patched and posted to trac.. I’m getting rusty.

Last night I changed that, Starting from now, I’m going to attempt to slide back into the groove of working on 3.1, starting with [15651] and [15652] as well as 12659.diff. Finally giving Hierarchical Taxonomies Hierarchical URL’s (That needs testing Btw!)

I’m only following the SVN Commits mailing list, and Trac tickets which I have personally commented on, So if you’ve got a ticket related to Upgrades, Filesystem, HTTP, Taxonomy, or something else I might be interested in, Please leave a comment pointing it out, If its up my alley, I’ll look at it, It’s going to take some time to go through the 2,000 open tickets on Trac.. I used to keep up with it by watching the WP-Trac mailing list, Every comment would come through my inbox, I cant do that right now, so this is the next best thing.

Numbers

So there we have it, 2 Important things to me, and a tonne of numbers

  1. 110k – Well, 107,498 exactly
  2. 3.0
  3. 3.1
  4. 15651, 15652, 12659
  5. 23. Today I’m 23 years old, And I’m sitting here getting rid of things that I should’ve done in the last year
  6. 5. 5 Numbers? :)
  7. 854MB/day remaining Internet Quota until next month, Telstra, I HATE YOU. Stop charging your wholesale clients more than you reail services for!
  8. 9. In 2 weeks, I’ll have been able to commit to WordPress for 9 months, I can’t remember my first patch, but, Will certainly find it shortly.. From memory, My first ticket was closed as invalid, and the second was wontfix..  A idiotic thought on the first, and a removed feature on the 2nd (PressIT if you’re wondering, It didn’t work well in Opera)

Well, Thats all Folks, I think I’ve typed enough for today, It’s probably more than my previous years worth of blog posts put together really.. Even though it barely catches up to 900 words, That just shows you how much I blog. I must change that someday too I guess :)

What version of WordPress is behind that website?

Hi all, Dion here, Recently there’s been a few “security through obscurity” discussions going around, I’m sick of them, It doesn’t work, and this is my proof.

There are a few Plugins out there which hide the version number of WordPress, The first example i found was  Secure WordPress, It has over 170k downloads, But does it actually do what it claims?

Hiding the version number is Security through obscurity, You’re not making the install any safer, you’re merely not advertising the fact of which version you’re using.

But, do i hear you ask, “But if they dont know the version, doesnt that mean I’m safer?”
The answer to that is 3 fold:

  1. Just because they (the mystical hackers) cant see the version of WordPress you’re using, doesnt mean they’re not going to try the same attacks anyway, afterall, its only an extra 3 mouseclicks to run every exploit against every plugin known to man..
  2. Most  exploits in the WordPress world will be related to plugins, this is only due to the sheer number of them out there
  3. And finally, because hiding the version number doesnt hide the version of WordPress you’re using, which is the point of this tool/site

To use an example, It’s like walking through a battlefield with your gun hidden, just because they cant see your gun, doesn’t mean you’re going to be able to walk through the middle fo the battle, chances are, you’ll be shot anyway. Exploits are the same, they’ll attack anything that moves, the number of Joomla! or Drupal exploit attacks i see against my WordPress installs daily is enormous, & I’m sure Joomla! and Drupal installs see significant exploits thinking that the site is running WordPress. My point is, Exploits dont care, they’ll attack anyway.

Type the URL of a site below, be it advertising the fact its WordPress or not, and I’ll tell you instantly which version, or which version its most likely to be running:

Example sites:

PLEASE NOTE: This tool uses NOTHING PRIVATE, This is not connected to any WordPress.org infrastructure or otherwise secret data, All information that this tool uses is gleamed from your WordPress installation, just the same as anyone else can do.

WordPress, What cant it do?

WordPress can do almost everything thanks to its great Plugin API system.. But now and then.. You just have to hack the core code to get what you want..

Left Bank Pictures has taken it a step further however, Welcome to Military hacking.. Strike Back style.

If you’re wondering where/when, It appears at the start and end of Episode 5 of Series 1. The changes have since been merged to WordPress as well/

A Call to Arms

WordPress 2.9 was just released, And several users have run into a bug. Surprising? Not really. Theres one simple reason for this, While thousands of people Test each and every WordPress release, These users are not You.

I’d like to use this as an example to all here, Why WordPress needs your help. No, I’m not talking about Coding help specifically, I’m talking about Testing. WordPress requires that users test the product throughout the development period.

WordPress is an open source application written by hundreds of contributors. While those hundreds probably use the Development version of WordPress every day, They do not use the same webhost as you, nor do they have the same theme, nor do they have the same requirements, They use different functions of WordPress than you.

During The beta and RC stages, thousands of people download and test, These testers are end users like you, In order to prevent these bugs getting into a released product, It requires that users actually take part in the developement of WordPress and report the bugs encountered.

Testing WordPress is not just something that Developers should do. If you use WordPress and enjoy using it, Please take some time once every few months to test WordPress, Its announced on the Dev blog when Beta’s are available, On a default install of WordPress, The Dashboard should have a RSS feed mentioning the releases too.

So please, For 3.0, When a Beta is released (Theres generally ~2-3 weeks of beta, with 2-3 beta’s from my quick recolection) Install it on your website, It doesnt have to be your main one, it can be in a subdirectory (ie. your usual one at http://my-site.com/ and the test at http://my-site.com/testing/), and test that things works ok for you, and your plugins, This does take an hour out of your time, and i realise not everyone can afford it, But it may spare you 2-3 hours of your time, when after a release, a bug that affects you is found, that a Developer had not noticed.

WordPress requires your input, Whilst I agree there are some downfalls in reporting bugs sometimes (Please do not flame me with related messages here, I’m not after that, This is mearly a request for more contributions) overall, your contributions would be greatly appreciated by all.

In order to make it easier to test Beta’s and nightly versions, Westi wrote this great plugin It allows you to use the inbuilt upgrader to upgrade to a beta, to make it easier for you, to be involved with the project you love using.

How to do it right! (Part 0)

And another series is born.

How to do it RIGHT.

My writing skills are severely lacking, And so is my ability to explain things sometimes,  and i’ve not contributed much back into the developing community of recent.. So this has spawned my new idea..

The series will be aimed at explaining how to achieve things in WordPress in a up to date manner, Aimed more at Theme Functions.php and Plugins rather than a Theme perspective.

So, To those few who are currently subscribed, Please comment with any ideas of what you’d like to see me write about, I’ll be starting off with some rather basic postings, but aim to keep the technical level around mid-range, with more advanced topics covered as well.

It is likely that i’ll repeat what is said in a few other blogs, but i hope to write it in a more understandable, and future proof manner, without the ancient hold-overs which I’ve seen over the past year..

My other thought was writing a sample plugin, and using that as the basis for the entire series, or maybe thats a different series, To build a semi-complex system, from the ground up, to solve a problem, and looking at the steps needed to solve it.. Any suggestions for plugins? I have something in mind, specifically, solve those problems some people think “Just can be done with WordPress”.