New book on WordPress Theme Development: WordPress Themes In Depth

Protection for WordPress Pingback Vulnerability

It was recently reported about a WordPress Pingback Vulnerability, whereby an attacker has four potential ways to cause harm via xmlrpc.php, which is the file included in WordPress for XML-RPC Support (e.g., “pingbacks”). In this post, I offer a simple .htaccess technique to lock things down and protect against any meddling via the xmlrpc.php file. Note: this technique is only recommended if you aren’t using XML-RPC for anything (e.g., pingbacks, Blogger, MovableType, etc.). Update: Check out the alternate method to whitelist specific IPs while protecting against threats. Read more »

WordPress Plugin: Simple Basic Contact Form

Simple Basic Contact Form is a clean, secure, plug-n-play contact form for WordPress. Minimal yet flexible, SBCF delivers clean code, solid performance, and ease of use. No frills, no gimmicks, just a straight-up contact form that’s easy to set up and style for any theme. For a contact form with more options and features, check out Contact Coldform, or continue reading to learn more about Simple Basic Contact Form. Read more »

CSS Hooks for User Submitted Posts

Here is a list of all CSS hooks available for the User Submitted Posts submission form. If you notice any errors or if I’ve missed anything, please let me know with a comment or by sending an email via my contact form. Thanks! Read more »

WordPress Plugin: Simple Ajax Chat

Simple Ajax Chat displays a fully customizable Ajax-powered chat box anywhere on your site. SAC makes it easy for your visitors to chat with each other on your website. There already are a number of decent chat plugins, but I wanted one that is simple yet fully customizable with all the features AND outputs clean HTML markup for easy styling. Simple Ajax Chat is based on Jalenack’s Wordspew (aka AJAX Shoutbox), which I’ve been using on my sites since the plugin was released back in 2005 (ish). Wordspew works great even today, but it hasn’t been updated in seven years, […] Read more »

WordPress Plugin: Show Support Ribbon

Show Support Ribbon displays a customizable “show support” ribbon, banner, or badge on your site. Show support for your favorite cause, event, charity, political event, or anything else that’s awesome. Show Support Ribbon includes four built-in ribbon styles and makes it easy to customize with your own CSS. Read more »

WordPress Plugin: Simple Blog Stats

Simple Blog Stats is a free WordPress plugin that provides a wealth of shortcodes and tags to display a variety of unique statistics about your site. Stats about your blog include total number of categories, comments, posts, users, tags, and more. SBS also displays recent comments and recent posts in posts, pages, and anywhere in your theme. Read more »

BBQ: Protect Against Malicious URL Requests

Block Bad Queries (BBQ) is a simple script that protects your website against malicious URL requests. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like eval(, base64_, and excessively long request-strings. This is a simple yet solid solution that works great for sites where .htaccess is not available. The BBQ script is available as a plugin for WordPress or standalone script for any PHP-powered website. Read more »

WordPress Plugin: Simple Custom Content

Simple Custom Content is a free WordPress plugin that makes it easy to add custom content to your posts and feeds. SCS enables you to add custom content to all of your posts and all of your feeds, and provides several shortcodes for adding custom content in specific posts, pages, and just about anywhere. Read more »

WordPress Plugin: Simple Feed Stats

Simple Feed Stats is a free WordPress plugin that makes it easy to track your feeds, add custom content, and display your feed statistics on your site. Simple Feed Stats (SFS) tracks your feeds automatically, and provides a wealth of tools and options for further configuration and management. Read more »

SFS Open Tracking

In the Simple Feed Stats plugin, Open Tracking enables you to track any web page or feed anywhere on the Web. This is done by using the open-tracking URL as the src for any <img /> tag. The SFS plugin then collects and displays the data, and provides shortcodes and template tags to display your feed stats anywhere on your site. In this post, we’ll see how to implement Open Tracking, walk through some examples, and glean a few tips along the way. Read more »

bbPress Theme Template Files

For those getting into bbPress for hosting your own forum, customizing your bbPress theme files can be difficult if you don’t know which page to load. Many of the bbPress theme template files contain enough clues to figure things out, but not every template file is used by default, or even at all depending on how you’ve configured bbPress. Themes may contain different template files, but the default “bbPress (Twenty Ten)” theme (included with version 2.1.1) may be considered a complete set. Read more »

Clean Markup Widget for WordPress

When adding content to your sidebar, it’s nice to be able to output clean, well-formatted markup. There are several ways to do this, including adding HTML directly in the theme template, installing a plugin, or simply using a widget. Widgets provide a great way of customizing sidebars and other widgetized areas, but as you may have seen in the source-code, the HTML is treated with all sorts of additional attributes, elements, and classes. Sometimes, you just need a widget that outputs exactly what you tell it to, without adding or changing anything. Read more »

Ron Paul 2012 WordPress Plugin

Update (2012/11/08): Well the elections are over and Ron Paul was not elected to be the next president of the United States. Deeper implications aside, the Ron Paul 2012 plugin is now discontinued. If you’re looking for a WordPress plugin to display a banner, button, or badge on your website, check out my new plugin Show Support Ribbon. I wanted to show support for Ron Paul on my WordPress website with a simple badge or button. Surprised at not finding any plugins for Ron Paul in the Directory, I decided to be the first. You can grab it here: http://wordpress.org/extend/plugins/ron-paul-2012/ […] Read more »

WordPress Add-on for 5G Blacklist

Ill requests and malicious scans have been spiking recently, to the point where server performance was really taking a hit. One scan in particular hammered the server with thousands of bad requests in just a few minutes. There are people out there with strong scripts and small minds that are constantly scanning sites for vulnerabilities, and much of what I’ve seen is aimed primarily at WordPress. Read more »

Redirect WordPress Date Archives with .htaccess

Restructuring a WordPress website may involve removing the subdomain from URLs/permalinks. For example, I recently removed the original WP-install subdirectory from Perishable Press to simplify site structure and optimize WordPress permalinks. There are PHP scripts and WP plugins that might work for this, but in most cases .htaccess is optimal when changing URL structure and redirecting traffic. Here’s a quick example to help visualize the concept: Read more »

Latest Tweets $10 discount code for USP Pro: USP10 plugin-planet.com/usp-pro