Category: Wordpress

CMS dangers: Plugins. This episode – Sweet Captcha

First, an apology for anyone who recently visited this site and found themselves bombarded with pop up ads or alarmist claims that they’d contracted viruses.  I’m incredibly sorry.  A plugin that I use(d), SweetCAPTCHA, is now injecting pop ups in what appears to be an attempt to monetize their plugin.

Now, whether SweetCAPTCHA’s been compromised (I don’t think so) or has turned to nefarious means to try to fill their coffers (ding ding!), the ease at which this happened should set off alarm bells for CMS users everywhere (after all, SweetCAPTCHA’s not WordPress specific).  I’ve been absolutely guilty of thoughtlessly hitting the “upgrade” link on plugins, especially on sites of my own.  I’m a bit more cautious with client sites after having been bit more than once by an upgrade that rendered inoperable an important plugin, but I’d be lying if I didn’t admit that sometimes I don’t do sufficient research before and adequate QA after some upgrades.   And that leads to a night like tonight, logging into all my personal and client sites in a panic to see who had SweetCAPTCHA installed and activated (thankfully no clients – only this site and one other personal site).

Plugins are third party.  They’re dangerous.  We’re trusting them to do what they say they do and nothing more.  And we placing that trust in them again and again each time we agree to an upgrade.  We need to be careful.

So again, I sincerely apologize.  This site doesn’t get a whole lot of traffic, but the traffic it does get are mostly people looking for help.  Every time I receive an email or comment from someone telling me this little site of mine has helped them it makes me a bit warm inside.  That SweetCAPTCHA hijacked my little warmth generating site to take advantage of its visitors pisses me right the fuck off.

Read more about SweetCAPTCHA’s shitty new business model here and here.

WordPress and updating PHP beyond 5.3

My host finally set up the ability to upgrade PHP.  I’ve been running on 5.2 for roughly forever.  I host for clients, and most upgrades went without a hitch.  A couple, however, barfed a bit thanks to undeclared variables, generated errors the likes of:

Warning: Creating default object from empty value in \wp-content\themes\hybrid\library\functions\core.php on line 27

Thankfully, it’s a pretty easy fix: just declare the variable! for example,

if ( post_type_supports( $post->post_type, 'entry-views' ) ) {
$entry_views->post_id = get_queried_object_id();

In a library/extensions file generated a warning. To fix, I simply declared the variable $entry_views:

if ( post_type_supports( $post->post_type, 'entry-views' ) ) {
if (!is_object($entry_views)) {$entry_views = new stdClass; }
$entry_views->post_id = get_queried_object_id();

I had to do the same in a few other files as well.

Modified page of categories in WordPress using “Page of Posts”

I hate it when I fail to document.  About a year ago I solved a problem I was having on a client site involving customized pages of categories.  I didn’t document my solution, and not unexpectedly as the months ticked by it slipped out of my brain.  Fast forward to now and I need the solution again.  After too much time spent poking at my own mess, I have the solution again.

My problem was this: I want a page that shows all posts of a particular category, and I want the ability to format those posts into a custom view.  No links in titles, no thumbnails, etc.

Find the Slug of the particular category you want to display.  This is in the Category edit page.  Then create a .PHP file named SLUG_page_template.php.  Populate the file thusly:

{code type=php}
<?php
/*
Template Name: PageOfPosts
*/
get_header(); ?>
<div id=”content” class=”narrowcolumn”>
<?php
if (is_page() ) {
$category = get_post_meta($posts[0]->ID, ‘SLUG’, true);
}
if ($category) {
$cat = get_cat_ID($category);
$paged = (get_query_var(‘paged’)) ? get_query_var(‘paged’) : 1;
$post_per_page = 4; // -1 shows all posts
$do_not_show_stickies = 1; // 0 to show stickies
$args=array(
‘category__in’ => array($cat),
‘orderby’ => ‘date’,
‘order’ => ‘DESC’,
‘paged’ => $paged,
‘posts_per_page’ => $post_per_page,
‘caller_get_posts’ => $do_not_show_stickies
);
$temp = $wp_query; // assign orginal query to temp variable for later use
$wp_query = null;
$wp_query = new WP_Query($args);
if( have_posts() ) :
while ($wp_query->have_posts()) : $wp_query->the_post(); ?>
<div <?php post_class() ?> id=”post-<?php the_ID(); ?>”>
<h2><a href=”<?php the_permalink() ?>” rel=”bookmark” title=”Permanent Link to <?php the_title_attribute(); ?>”><?php the_title(); ?></a></h2>
<small><?php the_time(‘F jS, Y’) ?> <!– by <?php the_author() ?> –></small>
<div class=”entry”>
<?php the_content(‘Read the rest of this entry »’); ?>
</div>
<p class=”postmetadata”><?php the_tags(‘Tags: ‘, ‘, ‘, ‘<br />’); ?> Posted in <?php the_category(‘, ‘) ?> | <?php edit_post_link(‘Edit’, ”, ‘ | ‘); ?> <?php comments_popup_link(‘No Comments »’, ‘1 Comment »’, ‘% Comments »’); ?></p>
</div>
<?php endwhile; ?>
<div class=”navigation”>
<div class=”alignleft”><?php next_posts_link(‘« Older Entries’) ?></div>
<div class=”alignright”><?php previous_posts_link(‘Newer Entries »’) ?></div>
</div>
<?php else : ?>
<h2 class=”center”>Not Found</h2>
<p class=”center”>Sorry, but you are looking for something that isn’t here.</p>
<?php get_search_form(); ?>
<?php endif;
$wp_query = $temp; //reset back to original query
} // if ($category)
?>
</div>
<?php get_sidebar(); ?>
<?php get_footer(); ?>
{/code}

On line 9 change SLUG to the appropriate slug of your category.  Update this file to represent the changes you want reflected on the category page.

Determine the cat number of your category.  This is easily done by going into Categories and hovering over View.  Then you can test by going to http://www.yoursite.com/?cat=#  where # represents the category.  Category pages can also be added to menus easily.

Disabling comments on WordPress posts

Done to this site because of the amount of absolute garbage coming in.

To kill the ability to comment on all existing posts, hit your database and zap it thusly:

UPDATE wp_posts p SET comment_status = ‘closed’, ping_status = ‘closed’ WHERE comment_status = ‘open’;

To turn off future, log into WP and head to Settings > Discussion and uncheck Allow people to post comments on new articles.

CMS MySQL Password Woes?

Forget a MODx/MySql database pass for a client?  Me too.  Thankfully, it’s easily located at

/manager/includes/config.inc.php

How about WordPress?  Me too again.  It’s the wp-config.php file in the root.

Speaking of these files, make sure to CHMOD them to 600 for protection.

WordPress – Intro Page

I had a client that, despite my protestations, wanted a “Intro” page for his website – a landing page with a large clickable image and (gulp) embedded autoplay sound. His site was already set up and live in WordPress, and it already had a static homepage… and it was installed at the root of his site.

Aside: We’re using WordPress as a content management system rather than a blogger. I’ve discovered that, for the average small business/site, full blown CMS solutions such as Joomla, Drupal and MODx (the last being my preferred choice) tend to be overkill. The bells and whistles that these packages contain may get developers excited, but in my experience they simply overwhelm the average client. It’s akin to giving someone Photoshop because they need to re-size some images. WP is stable, mature, relatively slick, and probably the easiest to use. I wish I had the time to redo all of my CMS clients sites in WP.

So what I needed was an opening page that didn’t utilize the site theme.  That last bit’s the kicker.  You can’t just change the index page, or set up .htaccess to re-prioritize the directory index (if you were thinking you’d drop a static index.html page in there and leave WP’s index.php) – both actions turn WP’s navigation kludgy.   An option would be to export the theme and database, reinstall WP somewhere other than the root, put your index page in the root,  modify your theme and DB data to correct pointers  and URLs, and import it into your new install… but that sure sounds like a lot of work, doesn’t it?

Here’s what I did instead:

  1. Created a php page in the root of the activated theme (wp-content/themes/THEMENAME/).  Doesn’t matter what the name of this page is.  I named mine front.php because I’m not very creative.
  2. The first line of this page is this: <?php /* Template Name: New Template Name */ ?>. (Change New Template Name to whatever you like)
  3. Beneath that line is the code that comprises the landing page.
  4. Within WordPress, I created a static page named Landing.  Doesn’t matter what you put in this page – it isn’t going to show on the site.  I put a note to my client, explaining that he would have to contact me for changes to the landing page.  Set the Template for this page to New Template Name (meaning whatever you changed the template name to in step 2).
  5. I then changed the Front page by heading to Settings, Reading and changing Front page displays to Static, Front page=Landing.

That’s it.  Obviously, make sure to put a link from the landing page to whatever your WP homepage is (in this case ?page_id=6).

There – that beats the alternatives, no?