Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Delicious Brains Blog:
Craft CMS | Self-Hosted WordPress Alternatives Part 1
Jul 11, 2017 @ 10:52:03

The Delicious Brains site has kicked off a new series of posts looking at other options besides WordPress for self-hosted content management systems. In this initial article they cover the Craft CMS that's built on top of the Yii framework.

To kick this off, I’ll be taking a look at Craft CMS by Pixel & Tonic, a software development team that was behind some of the best add-ons for ExpressionEngine. They have since moved on from ExpressionEngine to create their own CMS that is built on the popular Yii framework.

Craft bills itself as “a content-first CMS that aims to make life enjoyable for developers and content managers alike”. This is a change in stride from WordPress which appeals to a much wider variety of people, so it should be interesting to see how that change affects Craft CMS as a whole.

The tutorial then walks you through the installation process for Craft and what the interface will look like when everything is set up correctly. He talks about the functionality that's immediately available and some places where he feels Craft "shines" in its features. He then goes through some of the core architecture of the tool, templating, plugins, custom fields, SEO, eCommerce support and the documentation/pricing the project offers.

tagged: wordpress alternative series part1 craftcms introduction installation

Link: https://deliciousbrains.com/craft-cms-self-hosted-wordpress-alternatives/

TutsPlus.com:
Dynamic Page Templates in WordPress, Part 3
Jun 19, 2017 @ 10:45:04

The TutsPlus.com site has posted the third part of their "Dynamic Page Templates in WordPress" tutorial series today. In this latest article author David Gwyer finishes off the series using all that they've shared from part one and part two to create two examples.

In the first two parts of this tutorial series, we covered what dynamic page templates were and why they were needed. We also looked at the code required to implement them.

In this third and final tutorial in the series, I'll be creating two examples of fully working dynamic page templates you can use in your own projects. These were specifically chosen to be easily extendable to suit your own needs, and are intended as inspiration for any other type of dynamic page templates you can think of.

He then walks you through the creation of the two page templates: a Simple Contact Form and a Blog Post Archive. The first allows you to dynamically control the form elements for a UI interface (rather than code) and the second uses dynamic data to display the list of previous blog posts. The tutorial then finishes with a look at how, since WordPress 4.7, you can use dynamic page templates with any kind of post, not just pages.

tagged: wordpress series part3 dynamic page template blog archive simple form tutorial

Link: https://code.tutsplus.com/tutorials/dynamic-page-templates-in-wordpress-part-3--cms-28514

TutsPlus.com:
What Is WP-CLI? A Beginner’s Guide
May 18, 2017 @ 10:35:31

The TutsPlus.com site has posted a new tutorial introducing you to the WordPress command line tool, the WP-CLI.

WP-CLI has been around for quite some time now (circa 2011) and has steadily gained momentum in the WordPress developer community. But what is it exactly, and how can you use it in your WordPress workflow?

The idea behind WP-CLI is that it allows you to interact with, and manage, WordPress sites via a command line interface. According to the official documentation, it's a command line alternative to using the traditional WordPress admin user interface.

They starts by explaining some of what the tool can do and help you get it installed either manually (on Mac or Windows) or more automatically for the DesktopServer users out there. The tutorial then goes through the basics of using the wp command line tool including getting a listing of current settings, showing the version installed and getting a list of currently installed plugins and themes. It also shows how to install new plugins, list posts, pages and comments currently in the system. The post ends with some additional resources where you can get more information about the WP-CLI tool and its features.

tagged: wordpress wpcli tool commandline introduction tutorial

Link: https://code.tutsplus.com/tutorials/what-is-wp-cli-a-beginners-guide--cms-28649

DotDev.co:
Using Laravel Mix for Your WordPress Theme
May 12, 2017 @ 10:16:05

On the DotDev.co blog there's a recent tutorial posted from Eric Barnes showing you how to combine Laravel Mix and WordPress to make it easier to manage webpack dependencies.

Laravel Mix is a fluent wrapper around the webpack module bundler, and it provides common tools that help you compile CSS and JavaScript. It’s easy to work with, and although it comes baked into the Laravel framework, you can use it anywhere.

This site is using WordPress, and when I created the theme I used Mix to handle the asset compiling; it was simple to setup. Here is a quick overview of how I did it in four steps. Please note, you will need to have a recent version of Node and npm installed on your machine before continuing.

He then walks you through a four step process to set up the integration between the two:

  • Step 1. Create the package.json File
  • Step 2. Webpack Mix
  • Step 3. Create Your style.scss File
  • Step 4. Create an app.js

He ends the post with some helpful commands you can use while you're in the development process including compiling for both dev and production environments. More information about Mix can be found in the Laravel documentation.

tagged: laravel mix wordpress tutorial npm node css javascript install build

Link: https://dotdev.co/laravel-mix-wordpress/

DotDev.co:
Exploitbox: WordPress Unauthorized Password Reset Vulnerability
May 05, 2017 @ 11:14:48

On the DotDev.co site Eric Barnes has written up a post talking about a recently announced vulnerability (and 0-day exploit) for WordPress allowing for password reset emails to be delivered to a user-specified address instead of the correct one on the account:

On the Exploitbox site Dawid Golunski shares a 0 day vulnerability in the WordPress core affecting all versions:

The vulnerability stems from WordPress using untrusted data by default when creating a password reset e-mail that is supposed to be delivered only to the e-mail associated with the owner’s account.

The post includes a snippet of code from the WordPress core where the issue lies, relying on the value from PHP's $_SERVER['SERVER_NAME'] variable for the domain in the address the reset email is sent to. Unfortunately this value is pulled from the Host header in the request and is user-controllable. There's a solution offered using an Apache setting and it's noted that this exploit only seems to work against the default VirtualHost as it will act as a fallback if the Host does not reference a configured domain.

tagged: exploit wordpress password reset vulnerability zeroday security

Link: https://dotdev.co/exploitbox-wordpress-unauthorized-password-reset-vulnerability/

Delicious Brains Blog:
Microcaching WordPress in Nginx to Improve Server Requests by 2,400%
Apr 26, 2017 @ 10:18:40

The Delicious Brains has a new tutorial posted sharing a method you can use to setup microcaching in Nginx for your WordPress installation and improve the performance of server requests by a large margin.

We’ve talked a lot about WordPress performance and hosting WordPress here at Delicious Brains. A common theme amongst those articles is the importance of page caching and how it’s arguably the best way to improve the performance of your WordPress site. [...] However, we’ve also alluded to the fact that page caching is difficult to implement on highly dynamic sites.

[...] In these circumstances page caching still has its place but the duration of the cache has to be significantly reduced. This is known as microcaching. Microcaching is a technique where content is cached for a very short period of time, usually in the range of 1-10 seconds. In this article, I’m going to demonstrate how to configure WordPress and bbPress with Nginx FastCGI caching.

They start off with some initial benchmarks performed using the Blitz.io service against a clean WordPress install on a Digital Ocean droplet. The first results are of a test with 100 concurrent users over 60 seconds (with not so great results). Then, using this method in the Nginx configuration, the site is retested resulting in much better performance but with one downfall - the pages are cached and no longer dynamic.

To resolve this they move to the "microcaching" solution, adding the caching to parts of the application that aren't the forum using the "X-Accel-Expires" header sent from WordPress. The post ends with a bit more tweaking to the configuration and some caveats to its use.

tagged: wordpress caching microcaching nginx tutorial dyanmic benchmark

Link: https://deliciousbrains.com/microcaching-wordpress-nginx-improve-server-requests-2400/

North Meets South Podcast:
WordPress, UUIDs, and testing revelations
Apr 11, 2017 @ 13:47:15

The North Meet South podcast, with hosts Jacob Bennett and Michael Dyrynda, has posted their latest episode - Episode #25: WordPress, UUIDs, and testing revelations.

This episode, Jake and Michael speak about working with UUIDs in Laravel, Wordpress, and testing mindsets.

Other topics mentioned in this episode include the book "Building APIs You Won't Hate" (by Phil Sturgeon), and article about Advanced Custom Fields and Australia's Science Channel. You can listen to this latest episode either using the in-page audio player or by downloading the mp3 directly. If you enjoy the show, be sure to subscribe to their feed and follow them on Twitter for updates when new shows are released.

tagged: northmeetssouth podcast ep25 wordpress uuid testing jacobbennett michaeldyrynda

Link: http://www.northmeetssouth.audio/25

Delicious Brains Blog:
PHP and cURL: How WordPress makes HTTP requests
Mar 30, 2017 @ 10:49:35

In a new post from the Delicious Brains site Peter Tasker looks at how WordPress makes HTTP requests with the help of the cURL functionality in PHP.

cURL is the workhorse of the modern internet. As its tagline says, cURL is a utility piece of software used to ‘transfer data with urls‘. According to the cURL website, the library is used by billions of people daily in everything from cars and television sets, to mobile phones. It’s the networking backbone of thousands of applications and services. Unsurprisingly, it’s also a core utility used by WordPress’ own Requests API as well as our own WP Migrate DB Pro.

If you’re curious about the power of the cURL library, how it works with WordPress and what to watch out for (especially on macOS), then you’re in the right place.

He starts by giving a bit of background on what cURL is and some examples of how its used to make requests. He then talks about the cURL integration with PHP via an extension and provides a simple code example fetching an endpoint from the httpbin.org site. With that background defined he moves into the main focus of the article - how cURL and PHP combine in the WordPress WP_Http class and Requests handling to make HTTP requests to remote (or local) resources. Code examples are included showing how to put these pieces to work in a custom script and includes some common issues you might see during your HTTP request development.

tagged: wordpress http request curl tutorial wphttp internal example

Link: https://deliciousbrains.com/php-curl-how-wordpress-makes-http-requests/

Delicious Brains Blog:
Dependency Management and WordPress: A Proposal
Mar 23, 2017 @ 09:11:47

On the Delicious Blog Ian has written up a post with a proposal for WordPress suggesting that it introduce some functionality to help with dependency management and possible conflicts between the needs of plugins.

Dependency hell’ is a problem faced by all software, and it has been rearing its ugly head in the WordPress space over the last few years with more and more plugins using third-party libraries of code. [...] The most frustrating thing about this issue is that it’s caused by having the best of intentions! Developers use third-party code to be efficient and avoid reinventing the wheel. The code has been written by others and used and battled tested by many.

The WordPress community has a hard enough time already trying to get onboard with Composer (unlike the rest of the PHP world), without it getting tarred with the wrong brush!

He points out that, while this does have to do with packages installed through it, Composer itself isn't the issue. He offers a few suggestions and what he sees as an "ideal approach" to the problem based on some of the ideas presented here. He breaks it down into four types of code: third-party installed via Composer, Composer packages in core, custom Composer behavior and the idea of "package sandboxing". He includes some of the considerations to make this happen and plans on how the idea can move forward.

tagged: wordpress package dependency conflict proposal solution

Link: https://deliciousbrains.com/dependency-management-wordpress-proposal/

Delicious Brains:
Introducing WP Image Processing Queue - On-the-Fly Image Processing Done Right
Mar 09, 2017 @ 09:28:59

The Delicious Brains site has a new tutorial posted introducing WP Image Processing Queue, a tool that allows for on-the-fly image processing in your WordPress application via background processing.

I think the best solution is to get background processing into WordPress core so that all themes/plugins can share a single queue and ensure we don’t impact server performance. And so started my crusade.

At PressNomics, I had a great chat with Mike Schroder. He presented a very good path to core: find a feature that WordPress core needs and that needs background processing. In other words, piggyback! This is exactly how the image optimization stuff made it into core last year: by piggybacking off of responsive images. For background processing, he proposed coming up with an alternative to on-the-fly image processing (OTFIP). Whoa, turns out OTFIP is a problem we regularly deal with for WP Offload S3 as well. This could be a “two birds – one stone” kind of thing. Stars were aligning.

He talks more about some of the current discussions and efforts around processing the images like this (with OTFIP, On The Fly Image Processing). He covers some of the libraries that are currently out there for this processing and how, ultimately, the image processing queue came out to replace them as a result of some work at WordCamp US Contributor Day. He gives an example of the code needed to resize the images and the resulting markup. The post ends with the work he's planning on getting this queuing into the WordPress core and encourages plugin authors to use the OTFIP functionality rather than an external library.

tagged: wordpress image processing queue introduction onthefly

Link: https://deliciousbrains.com/introducing-wp-image-processing-queue/