Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Developer Drive:
Looming PHP 7 and its effect on WordPress
Nov 26, 2015 @ 11:54:15

On the Developer Drive site they've posted an article for all of the WordPress users (and other curious folks) about the impact PHP 7 will have on the current WordPress system.

It’s no big secret now that PHP 7 is just on the horizon, and with that development comes questions on how it affects sites that run on WordPress. PHP 7 is a massive update to the server-side web development language called PHP, yet it’s also going to have an impact on any PHP-powered CMS like Drupal, Joomla and Magento.

They go through some of the major changes in PHP 7 and talk briefly about what kind of effects they'll have on those running this popular CMS including:

  • Performance upgrades
  • New and improved operators
  • Continuous 64-bit support
  • Anonymous class support

They recommend that you keep an eye out for messages from your host that they might be upgrading, backing up your site to prevent loss and update your plugins/themes prior to any PHP 7 switch over.

tagged: php7 wordpress features update recommendation hosting

Link: http://www.developerdrive.com/2015/11/looming-php-7-and-its-effect-on-wordpress/

Tyler Longren:
Use Composer in Your WordPress Plugin or Theme
Nov 16, 2015 @ 10:22:47

In this post to his site Tyler Longren shows how to use Composer to install WordPress plugins as well as the usual libraries.

I love Composer. It just makes including libraries or scripts in your app incredibly easy. So easy that it’s stupid not to use it (in many, if not most cases).

[...] I'd never used Composer with a proprietary WordPress plugin before. The plugin is for a client so it’ll never be available to the public. Here’s the steps I took to make this WordPress plugin compatible with Composer so that I can easily bring in third-party libraries.

He breaks it down into a five step process, showing the installation of the Mailgun PHP client:

  • Install composer on your server
  • Add Mailgun as a dependency
  • Check your composer.json file
  • Tell composer to install Mailgun
  • Autoload Our Mailgun Classes in Our Plugin

With the help of Composer, the Mailgun client is ready to go and accessible in his WordPress instance, quickly and easily.

tagged: composer wordpress plugin mailgun client install autoload

Link: https://longren.io/use-composer-in-your-wordpress-plugin-or-theme/

SitePoint WordPress Blog:
How to Install and Use WP-CLI to Manage WordPress Websites
Nov 04, 2015 @ 09:19:13

On the SitePoint WordPress blog they've posted a tutorial showing you how to install and use the WP-CLI tool to manage your WordPress-powered websites.

Speeding up your work process should be one of your top priorities. Simply put, if you do more work in less time, then you will have more time to work on more projects, study and rest. WP-CLI is one of the command line tools specifically made to manage your WordPress websites through the command line. With a few simple commands, you can manage WordPress without even needing to login to your WordPress admin and navigate through the pages.

They start with some of the requirements to use the WP-CLI tool and follow it with the steps to get it installed and moved to the right place on your system. They then show off some of the functionality the command-line tool has to offer including:

  • working with the WP cache
  • installing WordPress core
  • installing themes and plugins

The WP-CLI tool also helps you keep your WordPress installation up to date, including core and themes/plugins too.

tagged: wordpress tutorial wpcli commandline tool install

Link: http://www.sitepoint.com/wp-cli/

Developer Drive:
How to build an auto-ranking Twitter list with WordPress
Oct 23, 2015 @ 13:55:36

On the Developer Drive site there's a tutorial posted showing how to create a dynamic auto-ranking Twitter list in a WordPress-based application.

My team and I recently built an awesome list template on WordPress that ranks a set of Twitter users based on follower count. It allows a content writer to easily add a list of Twitter handles, and generate a well designed post.

They start with a list of requirements the end result needs to meet including the Twitter information, features it should offer and the resulting output. The rest of the post walks you through every step of the process to get the system set up including:

  • installing the Advanced Custom Fields Pro WordPress plugin
  • Showing an "infinite list" in WordPress
  • Code to loop through the Twitter data
  • using the TwitterAPIExchange PHP library to get Twitter data

All code and steps you'll need to make the system work are included and they've posted a demo so you can see the result first hand.

tagged: autorank wordpress list twitter follower count api interface tutorial

Link: http://www.developerdrive.com/2015/10/how-to-build-an-auto-ranking-twitter-list-with-wordpress/

SitePoint PHP Blog:
Debugging WordPress on Azure with Z-Ray
Oct 13, 2015 @ 11:23:55

On the SitePoint PHP blog there's a tutorial showing you how to integrate the Z-Ray tool into WordPress to make debugging it on an Azure instance simpler. The steps make major use of the Azure control panel handling, so it's not quite as useful as a cross-platform guide but at least it gives you an idea of what you could expect from the Z-Ray+WordPress integration.

We all know that WordPress is an amazingly rich, extendable and simple platform. That’s probably one of the reasons it powers so much of the web today. But in some cases this richness can be the downfall of your site. [...] This means you need an easy, safe and reliable way to profile your WordPress app that will help you identify the bottlenecks slowing it down.

This article demonstrates a simple way to do just this. It describes how to debug a WordPress application deployed on Microsoft Azure’s web app service, using Z-Ray for Azure – a new technology that was announced a few months ago and is now in preview mode.

He walks you through the entire process (assuming you already have an account on Azure:

  • Creating the sample WordPress application on Azure
  • Enabling Z-Ray
  • Developing WordPress with Z-Ray

In that last step he includes some screenshots of the kinds of results you can expect from the plugin including details about cache objects, plugin statistics, hooks being executed and WP Query use. He ends the post looking at using Z-Ray for mobile debugging and how to use it in "secured mode" in a production environment.

tagged: tutorial wordpress azure microsoft zray debugging installation configuration

Link: http://www.sitepoint.com/debugging-wordpress-on-azure-with-z-ray/

Paragon Initiative:
Coming to WordPress 4.4: CSPRNG
Oct 12, 2015 @ 12:52:42

The Paragon Initiative blog has a post from Scott Arciszewski about a new feature coming to upcoming WordPress versions - the use of a cryptographically security random number generator starting in version 4.4.0.

At Paragon Initiative Enterprises, we believe that security should be the default state of affairs, not something only in the reach of security experts. That is why [...] our team spends a great deal of time working to improve the security of popular free and open source software.

Today, we're pleased to announce an exciting security enhancement coming to WordPress in the next major version. Starting in 4.4.0, wp_rand() is cryptographically secure on all platforms.

He walks the reader through the "road" that's lead to the introduction of this support and the work he did in the past to help push the project (and others) towards it. Given that the WordPress project has a lot of emphasis on backwards compatibility, effort need to be put into a method that would work across new and old PHP versions. The random_compat library was created and was adopted not only by WordPress but also by several other major PHP projects.

Our part in this long and crazy journey has reached its end. In the course of fixing the same flaw in two distinct projects, the PHP community banded together to identify and expunge a bug in the PHP core, create a new feature in PHP 7, and in some small way helped to secure the CMS that powers more than 20% of websites on the Internet.
tagged: wordpress csprng random number generator cryptography security

Link: https://paragonie.com/blog/2015/10/coming-wordpress-4-4-csprng

Check Point Blog:
Finding Vulnerabilities in Core WordPress: A Bug Hunter’s Trilogy, Part I
Aug 06, 2015 @ 11:44:14

The Check Point blog has posted the first part of a series from one of their vulnerability researchers about finding security vulnerabilities in the core WordPress code (and some of the results along with CVE numbers).

In this series of blog posts, Check Point vulnerability researcher Netanel Rubin tells a story in three acts – describing his long path of discovered flaws and vulnerabilities in core WordPress, leading him from a read-only ‘Subscriber’ user, through creating, editing and deleting posts, and all the way to performing SQL injection and persistent XSS attacks on 20% of the popular web.

In this first part he focuses on the concept of "identity" in a WordPress application. He focused on the "roles and capabilities" functionality to find bypass methods in operations like editing and adding new posts. As he works through his process, code is included from the WordPress core showing where the issue(s) lie and what would be needed to exploit the issue.

tagged: bug hunt wordpress vulnerability core code part1 series checkpoint

Link: http://blog.checkpoint.com/2015/08/04/wordpress-vulnerabilities-1/

Debugging WordPress with Zend Server and Z-Ray on AWS
Aug 05, 2015 @ 11:57:02

The Zend.com blog has a post showing you how to debug WordPress running on Zend Server with the help of the Z-Ray plugin. In their example they're hosting it on an AWS instance, but the same technique can apply on any other hosted version as well.

More and more PHP development is being done in the cloud and on virtual platforms nowadays. The workflow detailed in this brief tutorial is just one way to develop PHP in these environments, but it illustrates just how easy and productive this type of development can be. More specifically, it demonstrates how to launch the newly available Zend Server 8.5 instance on AWS with a WordPress application already deployed, and then use Z-Ray to introspect and debug the code.

The tutorial walks you through the setup and configuration of a new AWS instance with Zend Server and WordPress installed (you can skip to the end if you already have this). They show you how to:

  • Launch the Zend Server AWS instance
  • Configure the instance to install WordPress as a part of the setup process
  • Access the Zend Server control panel
  • Accessing the WordPress application deployed on the instance

Once the WordPress application is accessed, the Z-Ray inspection bar will appear at the bottom giving you insight into various configuration options, performance metrics and server information. They also link to a video with more information about the WordPress plugin.

tagged: zendserver wordpress aws amazon instance zray debug tutorial install configure

Link: http://blog.zend.com/2015/08/04/debugging-wordpress-with-zend-server-and-z-ray-on-aws

SitePoint PHP Blog:
WP API and OAuth – Using WordPress without WordPress
Jul 16, 2015 @ 13:08:54

The SitePoint PHP blog has posted a tutorial showing you how to "use WordPress without WordPress" via a basic RESTish API installed via plugin. The article focuses on using the OAuth authentication method to connect a client to the WP instance, linked to a system user via generated tokens.

In this tutorial, we’ll learn how to install and use WP-API with OAuth – a WordPress plugin which uses REST-like API endpoints to allow reading of WP content to unauthenticated users, and writing of WP content to users who authenticate via OAuth (or via Cookies for themes and plugins). Using the plugin isn’t very straightforward, and the prerequisite list is quite long, so this post was written to make it simple and relatively approachable (as long as you’re in control of your own server).

The tutorial walks you through the steps to get a WordPress instance installed (via a git clone) and setting it up to work with Homestead Improved. He then installs the "wp-cli" tool to get the OAuth1 plugin needed to make things work correctly and how to use it to generate the needed key and secret for the OAuth connection. He then makes a simple script that uses the Guzzle HTTP client and it's OAuth handling to make the OAuth request for a token, call the callback page and return the bearer token for the remainder of the requests. Finally he creates a simple page that uses this token to submit a new article via the API and views it in the WordPress interface.

tagged: wordpress api tutorial oauth guzzle oauth1 wpcli rest

Link: http://www.sitepoint.com/wp-api-and-oauth-using-wordpress-without-wordpress/

Sameer Borate:
Accessing WordPress data using the new REST api
Jul 16, 2015 @ 09:53:57

Sameer Borate has posted an article showing you how to use the WordPress REST API (set up by this plugin) to access the data housed inside your WP installation.

WordPress is without doubt the most used CMS system around. Various sources peg the usage around 20-30% of all web sites. Whatever the correct figure, there is no doubt that the collective content of WordPress sites is enormously large. However almost all content is virtually held in independent WordPress sites with no way to easily access a sites content programmatically. [...] As WordPress is moving towards becoming a fully-fledged application framework, we need new APIs. At present a REST api plugin is available to access your site’s data in simple JSON format, including users, posts, taxonomies and more.

He walks you through the installation of the plugin and how to make a request to the REST API's test endpoint to ensure everything's functioning correctly. He also includes an example request that fetches the contents of a post by it's ID. The tutorial wraps up with a look at authentication and how the plugin provides two kinds of handling: basic authentication (HTTP Auth) and OAuth. You can find out more about the structure and functionality of the API on the project's website.

tagged: wordpress rest api tutorial installation setup plugin

Link: http://www.codediesel.com/wordpress/accessing-wordpress-data-using-the-new-rest-api/