10 Sep

Useful WordPress Code Snippets vol.1

Wordpress functions.php code

Here’s our first collection of WordPress Code Snippets which deserve a place in every WP developer’s toolbox. These are snippets of code that I myself find useful and use frequently.

Alot of the functionality from these code snippets can be done via plugins, but in the interest in keeping it simple and your installed plugin count down, it’s often better to simply paste these into your theme.  Unless stated otherwise, these snippets belong in your theme’s functions.php file.

1. Limit Max Width of Youtube Embeds

When faced with the issue of seeing Youtube videos I had embedded into a WP site were displaying with a width wider than that of the content area, I was surprised to see the maximum width for videos wasn’t in the core settings.

Drop the below snippet into your theme to overcome this problem, and define your desired maximum video width on the 2nd line ($maxw).
Read article

06 Sep

WP Plugin Exploits: Many Themes At Risk!

By: Nick Carter

Recently disclosed WordPress Plugin vulnerabilities/exploits have left over 1,000 Wordpress Themes vulnerable, and in turn many thousands of sites at risk. This is because the vulnerable plugins have been included with/integrated into many commercial WordPress themes.

These plugins are Revolution Slider and Showbiz Pro, both sold as standalone plugins on CodeCanyon.net, but also integrated into hundreds of WP themes sold on Themeforest.net.

Read article

Related Posts

06 Aug

WordPress Database Interaction with $wpdb.


There are a number of ways to interact with the database when developing for WordPress. Wherever possible, you should use the many core WP functions for working with database data, for example: get_pages can return an array of pages that meet criteria you specify.

However sometimes you may need to deal with the db a little more directly to craft queries that go beyond the scope of the standard core WP functions. Unfortunately we still see WP plugin or theme developers doing this in ways that are vulnerable to SQL injections, and it only takes one security hole to put your entire site at risk.

PHP MySQL Options

The old mysql_* functions should never be used – not only is there no prepared statement support meaning you are relied upon to carry out all sanitizations (or risk SQL injection), but these functions are deprecated in newer versions of PHP.

PHP’s newer mysqli_* functions are a vast improvement, with support for prepared statements, multiple statements, transactions, debugging capabilities, and it’s OO (object orientated).

There’s also PDO (PHP Data Objects) – a database abstraction layer, which provides a consistent interface which can be used with a variety of DB drivers (MySQL, MS SQL, Firebird, PostgreSQL and others). This means your PHP application can be run on a wider variety of server configurations in a consistent manner.

Using any of the above options for database interactions in WordPress would see alot of work from the WordPress core developers gone to waste. Here is a little reference guide to get you on the right track to deal with db calls the recommended, safest way – using $wpdb.
Read article

30 Jul

External Link Favicons in WordPress

Many favicons from random websites

Favicons (aka “favourites icons”) are small icons, typically 16 x 16 pixels, that represent your website in browser tabs, bookmarks, desktop shortcuts and more. They’ve been around since 1999, are in use by most sites, we’ve all seen them.

We are soon adding a links and resources page to CodePeach for web development, coding and design sites that we find useful. A page full of text links never looks appealing, so I thought one way of spicing up a links page visually would be to place each link’s small favicon image next to the link itself. It’s also a great way for users to visually relate to the linked websites.

So let’s look at how to create a shortcode to display the favicon for a remote website in our WP content.
Read article

Related Posts

19 Jul

WordPress 4.0 Features


WordPress is the most used CMS and blogging platform in the world, and a new major version – WordPress 4.0 – is not far away.

Scheduled for release on August 27, 2014 – the WP development team are working hard on the new features, with beta versions already available for beta testers and developers.

WordPress 4.0 Beta 2 Download

The latest WP4.0 Beta 2 can be downloaded for previewing and testing from this news post over at wordpress.org.

Read article

Related Posts

18 Jul

Coding your own WordPress Shortcodes

By: Alexander Gounder

WordPress shortcodes can be used within your page or post content which invokes a specific function  which inserts content at the position of where you inserted the shortcode. Uses for shortcodes are endless, from inserting media content and galleries, to social media like and share buttons, showing lists of recent or related posts, and so on.

Many WordPress themes and plugins will add new shortcodes for you to use, but at times you may wish to add your own custom shortcodes which aren’t already available. Fortunately, WordPress makes developing your own an easy task for anyone who is familiar with WordPress and has basic PHP skills.

Here I’ll show you the basics of how to develop your own custom WordPress shortcode. We might as well make it do something practical, so we will create a shortcode that inserts a Google+ +1 button. These neat little +1 buttons allow your site’s visitors recommend your site in Google search, and share via the Google+ social media platform.
Read article

Related Posts

05 Jul

WordPress Security Tips

By: Yuri Samoilov

WordPress is currently the most used Content Management System (CMS) in the world, driving over 22% of all websites, and claiming 60% of all CMS driven websites. With this in mind, hackers will target WP as a single weakness or vulnerability found in one of it’s many plugins, themes or even the WP core itself, will make many websites out there exploitable.

Here we will go through a number of ways to help make your WordPress website more secure.

Wordpress Security is not something any WP site owner should overlook.
Read article

Related Posts