corenominal

Full stack web developer, interested in all the things, but especially the web, code, design, Linux, OS X, PHP, WordPress, JavaScript & robots.

Tagged: wordpress

Target Browser Coverage image/svg+xml

Previously, we discussed the new editor and browser support within WordPress core. Following up on those conversations, we are officially ending support for Internet Explorer versions 8, 9, and 10, starting with WordPress 4.8.

Microsoft officially discontinued supporting these browsers in January 2016, and attempting to continue supporting them ourselves has gotten to the point where it’s holding back development.

Great news.

4 Key Misconceptions about WordPress Development Debunked image/svg+xml

Powering nearly 27.5 percent of the web, WordPress is one of the most popular Content Management Systems (CMS) available. However, not everyone is familiar with the wide-range of functionality it offers. Worse yet, the internet is crawling with ‘alternative facts’ about its features and development that could stop you in your tracks.

Fortunately, these myths and misconceptions don’t hold water. In reality, WordPress is a great fit for all manner of sites, and developing for the platform is a breeze.

A good effort at debunking some common misconceptions about WordPress.

WordPress REST API Vulnerability Exploits Continue image/svg+xml

Over the weekend the attacks increased and WordPress security firms have seen more attempts blocked by their firewalls. Sucuri, the website security firm that reported the vulnerability to WordPress, was tracking the “Hacked by w4l3XzY3” campaign last week and estimated 66,000 defacements. That particular campaign has now passed 260,000 pages indexed by Google. It is one of nearly two dozen defacement campaigns targeting the vulnerability.

Ouch! The WordPress REST API has certainly gotten off to a rocky start. Personally, I love the REST API, but I’m thinking this hasn’t helped convince its detractors that it should remain as part the WordPress core.

Ignorance is Bliss? An Enormous WordPress Zero-Day has Been Secretly Fixed image/svg+xml

WordPress 4.7.2 fixed the issue, but it was a “silent patch”. The fix was hidden within other issues in order to give everyone time to patch their systems.

At the time of 4.7.2’s release details of the flaw were kept secret, as the security community raced to ensure that as many sites were protected as possible as Aaron Campbell explained in a WordPress blog post.

Sounds like a rather nasty flaw, so it’s understandable that a “silent patch” was applied.

UPDATE: More detailed information available here.

Conditionally include additional CSS and JavaScript for page templates in WordPress

I’m currently working on a large’ish WordPress theme that has a number of custom page templates. The custom page templates require their own CSS and JavaScript files, so I’m using the following code to enqueue the additional files. This allows for a file structure like so:

themes/mytheme/page_template_foo.php // custom page template
themes/mytheme/css/page_template_foo.css // additional CSS
themes/mytheme/js/page_template_foo.js // additional JS

The code should be self-explanatory, but see the comments for explanations as to what’s happening.

Notes: this method increases overheads as it tests for the existence of files, if you’ve only got a couple of custom page templates, you’d be better off hardcoding. That said, if you’re using caching it shouldn’t be a big deal. Also, unless you’re using HTTP/2, you’ll probably want to use something like Autoptimize to concatenate the CSS and JS files.

The State of WordPress Security image/svg+xml

WordPress is not as insecure as its reputation would suggest. Rather it is a top target due to its incredible prevalence. Yes, there are a lot of vulnerabilities in the WordPress ecosystem, but most of them are in a small percentage of the plugins. While many plugins do not contain vulnerabilities at all because of their small size, the ones that do have issues, have a lot of them. The more lines of code a plugin has, the more vulnerabilities it has on average.

I would have thought that would be pretty obvious. Still, it’s an interesting read, if only to get a list of plugins you’d probably want to avoid.

Interview with Matt Mullenweg on the new WordPress release cycle and more image/svg+xml

I had the opportunity to interview Matt Mullenweg at the end of WordCamp US 2016, and we chatted about the new WordPress development cycle, the WordPress REST API, and more.

Following on from State of the Word, 2016, it’s good to see Brian and Matt discussing the announcements in a less formal manner. Their discussion around the REST API and defining its success (starts around 11:50) was most interesting, although I found Matt’s answer somewhat woolly. Authentication issues aside, I’m wondering if the slow adoption of the REST API is related to a lack of firm commitment to the feature? Or maybe it’s just too advanced for the majority of WordPress users. Regardless of the reason, it would be good to hear a solid commitment to it.