Displaying an RSS Feed In WordPress: Going Beyond The Codex

I gave a short 10 minute presentation at WordCamp Vancouver today on a wonderful RSS library called SimplePie that’s bundled in with WordPress.

A PDF of my slide deck is here: Displaying an RSS Feed In WordPress.

In the presentation I discussed how we were ‘breaking’ WordPress – technically we’re accessing it in a way that’s outside the definition in the Codex. So conceivably a future version of WordPress could check what parameters fetch_feed() is being passed and return an error if we talk to it the way I’m proposing. I suggested that maybe the Codex could be updated to reflect what you can actually do with this function. This plan seemed a little flawed to me as the Codex is a wiki… just because someone makes a change there doesn’t make it fact.

Talking to Mike Schroder after the presentation, he said the correct plan of action for something like this would be to submit a Trac ticket requesting that the PHPDoc inside the WordPress core code should be updated to reflect what you can do with fetch_feed() – that then formalizes the functionality and then the Codex can happily be amended to reflect the newly official situation. This made a lot more sense than the approach I’d suggested in the presentation.

But guess what? I checked the existing PHPDoc for fetch_feed today – it already covers the ability to pass an aray of URLs and have SimplePie merge the feeds… so that stage is already done. Guess it’s down to me to modify the Codex after all :-)

 

Remember the Konami Code?

If you cut your gaming teeth in the 80s then you probably do.

The Konami Code originated in the NES port of an arcade game in the mid 80s. The developers needed to test through their code, but the game was too hard to play all the way through every time you changed something near the end. So they added a cheat code. Pressing the correct sequence of buttons gave the player the full set of power-ups and made play-testing much easier.

Whether the intention was to take the code out before they shipped the game, or to leave it in, I’m not sure. As a professional software developer I know you really should test the absolute final build of your software… the actual build that you intend to ship. If you modify it  at all, even if just to remove a development shortcut, then you’ve changed the code – and you should test that build thoroughly again. So I lean towards the opinion that the code might have been left in deliberately. Either way, the cheat was discovered by players in the outside world and quickly became famous… Continue reading Remember the Konami Code?

Ubuntu 13.04 Upgrade

So, remember how I said I either upgrade my Linux installations as soon as they come out or I wait months? Well, this time around I’ve found a third path… I’ve just upgraded my laptop to 13.04 (Raring Ringtail) four days BEFORE it’s released.

Continue reading Ubuntu 13.04 Upgrade

Admin users, WordPress hacking, botnets and brute-force attacks

Here we go again… seems the pace of brute-force attacks on WordPress blogs world-wide has really stepped up in the last 48 hours.

As I considered doing recently, I modified the WordPress core files on a couple of my test sites a couple of days ago to log the hacking attempts that I was receiving. These are quiet sites that receive no legitimate traffic and yet are currently receiving several hundred attempted administrative logins per day.

Continue reading Admin users, WordPress hacking, botnets and brute-force attacks

I don’t have an admin user – update

A couple of weeks back, I commented on the thousands of login attempts I see from drive-by hackers on my WordPress sites every week. I mentioned that every single one of them has been against the admin username – and hence it’s a VERY good idea to not have an admin user.

I feel duty-bound to report that that’s no longer true. This morning, one site received a couple of non-admin login attempts. Predictably, they were against fairly generic usernames. You should probably also make sure that you’re not using names like these:

Continue reading I don’t have an admin user – update

Ubuntu Upgrade 12.10 – Broken… And Fixed Again

I’m one of those people who either upgrades their machine the day a new distribution comes out or who waits 3-4 months until I’m fairly certain any rough edges have been smoothed off. My laptop got its 12.10 upgrade the week that 12.10 was released. My desktop machine however didn’t even get 12.04 until after 12.10 was released. It’s been sitting here very happily and patiently waiting for 12.10 and yesterday, for no reason at all, I decided it was time.

Continue reading Ubuntu Upgrade 12.10 – Broken… And Fixed Again

I’m telling you now: I don’t have an admin user

One of the additions I made to all my WordPress sites recently was the installation of a login security plugin. There’s several out there – I used a couple and found their basic functionality to be broadly similar: if a user tries to login to your WordPress using an incorrect username/password multiple times within a short period of time then their IP address is locked out of your login page for a while. The prevents (or rather, slows down) any hacker trying to access your system. Different plugins add different bells & whistles. Some such as Limit Login Attempts allow you to specify a harsher lockout period if the hacker comes back again. Others like Wordfence Security allow you to manually convert that temporary lockout into a permanent ban.

I’ve learnt several things from reading the reports these plugins have produced.
Continue reading I’m telling you now: I don’t have an admin user

Adding AJAX to your WordPress Plugins – Part 2

I promised I’d talk in more detail about the code I demonstrated at WordCamp Victoria last month, so let’s see what’s what with AJAX and WordPress.

Firstly here’s a copy of my presentation (modified slightly to remove the 9MB video of Google Maps!). It’s a .ODP file so you’ll need a copy of Libre Office, or equivalent, to read it. There are also some further slide-specific notes in the presentation.

What’s AJAX?

Continue reading Adding AJAX to your WordPress Plugins – Part 2

Adding AJAX to your WordPress Plugins

This weekend I’m giving a talk at WordCamp Victoria about using AJAX in WordPress. The talk uses a couple of code snippets to demonstrate creating a simple plugin that passes some data from the client to the server and then updates the web page using data sent back from the server. Here’s the code for the final, most functional, plugin:

 

Continue reading Adding AJAX to your WordPress Plugins

Ubuntu 12.10 Upgrade… OK Something Did Break

A week after I upgraded my laptop to Ubuntu 12.10 and I’ve found something that’s actually broken.

In 12.10, the node.js package has been moved from /usr/bin/node to /usr/bin/nodejs as it clashed with another package name (called, unsurprisingly, node).

This is actually documented in the release notes (but only for Ubuntu Server… not for Ubuntu Desktop): https://wiki.ubuntu.com/QuantalQuetzal/ReleaseNotes/UbuntuServer#Other

I had node.js installed in order to run lessc, the LESS compiler. And, because of various complications due to my installation, 12.10 broke this.

Continue reading Ubuntu 12.10 Upgrade… OK Something Did Break