I recently did some time in Microsoft Excel, preparing large CSV files for import into WordPress. Each of these CSV files contained data for 1000 WordPress users. Here is a screenshot showing the structure of the file:

Conceptually, the idea is simple: import the data to create actual users for a WordPress-powered site. The trick is to clean the data as much as possible to ensure valid username and password information. Once the data is good, importing is easy using a plugin.

Here is a step-by-step tutorial that combines WordPress and Excel techniques to register users en masse from a CSV file.

Continue Reading

Just a note to let everyone know about the new printed editions of Digging into WordPress 3.0. This is the latest version of DiW, featuring revamped core content, new graphics, popouts and asides, as well as a new chapter devoted entirely to WordPress 3.0. It’s certainly packed with WordPress goodness, with nearly 450 pages of practical, hands-on tips, tricks, and information. The PDF is awesome, but seeing it all printed up in full color on quality paper and heavy, glossy card-stock cover is enough to make you drool:

Continue Reading

It’s here! Digging into WordPress Version 3.0 is packed with goodness, including a new chapter on WP3, updated core content, and a super-sleek new cover.

DiW3 cover by Chris Coyier

Updated Core Material

Much has changed with WordPress since our previous book update (v2), so for version 3.0 we went through the book and updated/removed outdated core content. Everything is now hot-wired and fine-tuned to the latest version of WordPress, with new popouts and fresh links throughout the book. Here’s a shot from one of the updated core pages (a flow-chart for page templates – more graphic wizardry from Chris!):

New Chapter on WordPress 3.0

WordPress 3.0 is better than ever. Released on June 17th 2010, WP3.0 features tons of new functionality and CMS capabilities. So much good stuff, that we added an entire chapter covering all the best new WP3.0 features:

• New default theme
• Custom Admin usernames
• How to customize your background
• How to setup and use WP MultiSite
• Custom taxonomies, menus, and post types

Plus other great stuff like how to use the built-in shortlink feature, author templates, comment-form template-tags, and more. It’s 20+ pages of new WP3.0 content.

Continue Reading

For the upcoming Digging into WordPress update for WordPress 3.0, I have been working with WordPress’ multisite functionality. Prior to version 3.0, WordPress came in two flavors: “original” and “multisite” (MU). Most designers probably work with regular, one-blog installations of “regular” WordPress. The htaccess rules for all single-blog installations of WordPress haven’t changed. They are the same for WordPress 3.0 as they are for all previous versions.

But now that multisite has merged with regular-flavored WordPress, we can stick with single-blog installs (which is how things are setup by default), or we can activate multisite functionality and create an unlimited network of sites. The process is still new and there are bugs that need to be worked out, but eventually it will be a widely used WordPress feature. That said, the htaccess rules used for WordPress Multisite may change as the software continues to evolve.

Continue Reading

Jeff Morris recently demonstrated a potential issue with the way WordPress handles multipaged posts and comments. The issue involves WordPress’ inability to discern between multipaged posts and comments that actually exist and those that do not. By redirecting requests for nonexistent numbered pages to the original post, WordPress creates an infinite amount of duplicate content for your site. In this article, we explain the issue, discuss the implications, and provide an easy, working solution.

Understanding the “infinite duplicate content” issue

Using the <!--nextpage--> tag, WordPress makes it easy to split your post content into multiple pages, and also makes it easy to paginate the display of your comment threads. For both paged posts and paged comments, WordPress appends the page number to the permalink. So for example, if we have a post split into 3 pages, WordPress will generate the following set of completely valid permalinks (based on name-only permalink structure):

Continue Reading

The updated book is looking better than ever! A little over 3.5 months after Digging into WordPress v1, Chris and I have updated the book, the site, and everything else for DiW Version 2. Both PDF and printed-version of the book now include two new chapters and two free themes. We have a new “Bonus Tricks” chapter with some awesome theme techniques, and another chapter on “WordPress Updates” that explains how to use all the latest WordPress features. Along the way, we also discuss the two free themes that are bundled exclusively with DiW Version 2. We even updated the printed version of the book, which is now available.

Free Lifetime Updates: If you have already bought the book, you should already have gotten an email with a download link for the new version, which also contains the new bundled themes.

Continue Reading

Congrats to Oliver Edwards for winning the randomly selected book giveaway! Oliver Edwards will receive a complimentary printed edition of Digging into WordPress along with the digital PDF version. Thank you to random.org for the true random number generator.

Continue Reading

I have a free print version of Digging into WordPress to give away to one lucky winner. To qualify for the giveaway, simply leave a comment on this post stating your absolute favorite thing about WordPress. The winner will receive a free printed copy of DiW shipped to their door, plus a lifetime subscription to the PDF version of the book. I will announce the randomly chosen winner next week. – Good luck! :)

Nearly six weeks after releasing the electronic version of Digging into WordPress, Chris and I are proud to announce that the printed version is now available.

Beautiful custom design with full-color printing on every page

Beautiful custom design..

Make no mistake, this is a beautiful, custom-designed book that makes it fun and easy to soak in the wisdom and advance your WordPress skills. Every detail has been carefully crafted — from the landscape page-orientation and color-coded chapters to the lay-flat spiral binding and large, easy-to-read text — this book is truly a pleasure to experience.

Continue Reading

A few months ago, many WordPress sites were attacked with some extremely malicious code. While searching for a good solution, I discovered the following gem of a plugin in the pastebin repository:

<?php /* Plugin Name: Block Bad Queries */

if (strlen($_SERVER['REQUEST_URI']) > 255 || 
	strpos($_SERVER['REQUEST_URI'], "eval(") || 
	strpos($_SERVER['REQUEST_URI'], "base64")) {
		@header("HTTP/1.1 414 Request-URI Too Long");
		@header("Status: 414 Request-URI Too Long");
		@header("Connection: Close");
		@exit;
} ?>

This script checks for excessively long request strings (i.e., greater than 255 characters), as well as the presence of either “eval(” or “base64” in the request URI. These sorts of nefarious requests were implicated in the September 2009 WordPress attacks.

Continue Reading

One of the most popular articles here at Perishable Press is my January 2005 post, Stupid htaccess Tricks. In that article, I bring together an extensive collection of awesome copy-&-paste HTAccess code snippets. Four years later, people continue to tell me how much they enjoy and use the content as a bookmarked reference for many of their HTAccess needs. The article was even published in a book on Joomla! Security.

This is very inspiring to me, so I have decided to create a similar post for all of the useful WordPress code snippets, tips and tricks that I have collected while working on Digging into WordPress, the new book by co-author Chris Coyier and myself that really “digs in” to all of the awesome ways to get the most out of WordPress. While writing the DiW book, I collected hundreds of incredibly useful WordPress tips and tricks. After packing the book with as many of these techniques as possible, I decided to share the “best of the rest” here at Perishable Press.

If you are one of the millions of people who use WordPress, this article will help you improve the appearance, functionality, and performance of your WordPress-powered websites. Each of these “stupid WordPress tricks” is presented as clearly and succinctly as possible, including as many notes, instructions, and pointers as needed for successful implementation. Of course, keep in mind that we are only scratching the surface here. For a much more complete resource that is packed with tons of tasty techniques, you need to get Digging into WordPress.

Continue Reading

After nearly a year of production, Chris Coyier and I are stoked to announce our new book: Digging into WordPress! It’s nine jam-packed chapters (400 pages!) stuffed with everything you need to take your WordPress skills to the next level and really get the most out of WordPress. We take you through everything — from setting up for success and creating the perfect theme to optimizing performance and tightening security, Digging into WordPress delivers the goods. You’ll learn how to harness the full potential of WordPress with all of the tips, tricks, and code you need to make it happen.

Continue Reading

When developing the colorful Quintessential Theme (opens in new tab), I initially planned on displaying five random posts from each of my most popular tags and categories in the super-slick sliding-panel sidebar. Because I am running an older version of WordPress, however, this task proved to be quite the educational experience.

In newer versions (from 2.5 I think) of WordPress, the query_posts() function enables users to display posts in random order using the orderby=rand parameter. This would have made my life easy, as I could have included the following code for each of my random post lists:

Continue Reading

Our recent quest to find a publisher has finally paid off. After spending a few weeks checking out different publishers and myriad publishing options, Chris Coyier and I have decided to go the DIY-route and publish the book ourselves as a PDF. The book is titled “Digging into WordPress,” and is due out late Summer or early Fall of this year. It’s going to be packed full of juicy WordPress goodness and I hope that you check it out when it’s released.

In the meantime, while we are busy working behind the scenes to make the book the best it can be, we have launched an accompanying DiW website that focuses on WordPress, the book, and how to take your WordPress-powered sites to the next level. Here is a screenshot of the site, which is located at DiggingIntoWordPress.com:

Continue Reading

I finally broke down and uninstalled Alex King’s once-great “Popularity Contest” plugin for WordPress.

The plugin had been installed here at Perishable Press for over two years, and had provided fairly consistent and apparently accurate statistics.

Unfortunately, there were serious errors involved with the plugin way back during the WordPress-2.3 upgrade that were never addressed by the plugin author. There was an interim version of the plugin that had patched the error until an official update was released, but sadly and almost two years later this has not happened. I don’t know about you, but I really don’t like running abandoned plugins on my site.

Continue Reading

Normally, when visitors post a comment to your site, specific types of client data are associated with the request. Commonly, a client will provide a user agent, a referrer, and a host header. When any of these variables is absent, there is good reason to suspect foul play. For example, virtually all browsers provide some sort of user-agent name to identify themselves. Conversely, malicious scripts directly posting spam and other payloads to your site frequently operate without specifying a user agent. In the Ultimate User-Agent Blacklist, we account for the “no-user-agent” case in the very first directive, preventing a host of anonymous visitors from hitting the site.

In addition to empty user-agent strings, malicious requests for site content frequently fail to provide any referrer information. Unless special privacy software is being used, the web page from which a visitor has arrived at your site will be specified in the header information for that request. Likewise, when a visitor posts a comment at your site, the referrer string for that post request will be the URL of that particular page. Thus, as with blank user-agent requests, no-referrer requests are frequently indicative of spam and other malicious behavior.

Another important piece of information provided by all legitimate clients is the host request header. The host header specifies the Internet host and port number of the requested resource. This information is required for all clients making HTTP/1.1 requests. Thus, requiring the host request-header field for all posts to your site safely eliminates illicit requests from hitting your server.

Continue Reading

When designing sites, it is often useful to identify different pages by adding an ID attribute to the <body> element. Commonly, the name of the page is used as the attribute value, for example:

<body id="about">

In this case, “about” would be the body ID for the “About” page, which would be named something like “about.php”. Likewise, other pages would have unique IDs as well, for example:

<body id="archive">
<body id="contact">
<body id="subscribe">
<body id="portfolio">

..again, with each ID associated with the name of the page. This identification strategy is useful for a variety of reasons, including the following:

• Page-specific control over CSS via descendant selectors
• Page-specific DOM manipulation via JavaScript
• Page-specific control over the navigational interface, current-page highlighting et al
• Page-specific content-inclusion via conditional PHP if() statements

For page-specific control over your design, using the current page name as the body ID will certainly do the trick. The question is, what is the best way to go about defining the different attributes? For static sites or for sites with only a few pages, it might be easiest to just add the IDs manually. For larger, dynamic sites, however, you can automate the process with the magical powers of PHP.

Continue Reading