Securing Forms Without Captcha

I've seen more captchas like this than I can count.

Captchas are a terrible user experience.

I've seen more captchas like this than I can count.

I’ve seen more captchas like this than I can count.

They put the onus of spam protection on the visitor filling out the form and, personally, show me how lazy you are as a site administrator.  There are a hundred different ways you can protect your site from spam on the server side – why would you forego these options and force your visitors to jump through additional hoops?

Furthermore, captchas can negatively impact the overall user experience on your site for some. They can actually hurt your conversion rate for others.

Instead of using a captcha, let’s look at two passive things you can add to a form to reduce spam. Continue reading…

WordPress Plugin Structure

The power of WordPress lies in its pluggable infrastructure.  Unlike other content management applications which require you to edit the core code of the system to make changes, WordPress supports plugins.  These smaller applications tie in to a rich API provided by WordPress that allows you to change just about everything about the application and customize it as needed.

The official plugin repository on is currently home to over 20,000 distinct plugins.  Each one adds some new functionality to WordPress, giving you the ability to tweak content, change colors, adjust layouts, or integrate with external systems.  This doesn’t even begin to cover the hundreds of premium plugins you can find online that provide even richer functionality.

Most WordPress developers will, at some point, be asked to create some kind of plugin for a client site. These client plugins can range from a shortcode manager to some kind of advertisement rotation engine to an API integration with a third-party customer management system. Instead of focusing on the what for your plugins, this tutorial will focus on the how. Namely, the three different ways you can structure a WordPress Plugin. Continue reading…

jQuery as a Global Event Bus

Some time ago, I made a mistake.  Rather than taking the time to truly understand how events worked in jQuery, I built my own JavaScript library to handle event delegation. It worked, but why reinvent the wheel? It turns out jQuery is perfectly capable of serving as a global event bus for all of your […]

Continue reading...

Using XML-RPC in WordPress

It was brought to my attention last week that there aren’t very many good tutorials on the web regarding the use of XML-RPC in WordPress.  Sure, there are plenty that talk about how easy it is to use and how great of a tool it can be, but few examples explaining just how it can be […]

Continue reading...

Theme-ready Shortcodes in WordPress

A few months back, I taught you how to make your widgets theme-ready by extracting the actual markup into an overridable template.  Now, we’re going to do the same for shortcodes. And for those of you wanting to see this in practice, stay tuned for the release of version 2.5 of WP Publication Archive in […]

Continue reading...

The Anatomy of an Exploit

Fiddler Malware Scan

I’m a huge fan of security. I spend many a weekend experimenting with new encryption techniques, hash algorithms, and security protocols. As a result, I also come across several different server exploits in the wild. PHP hacks, .htaccess hacks, JavaScript injection, etc. I once even saw a server hacked through a corrupt PNG image that […]

Continue reading...

Doing it Wrong the Right Way

Telling someone there’s a right way to include a plugin in a theme is like telling someone there’s a right way to cheer for the Beavers during the Oregon Civil War. There is no right way. However, there are still ways to do it if you absolutely need to. Let’s admit it. As developers, we’re lazy. […]

Continue reading...

Why Sponsor WordCamp Portland

WordCamp Portland

This August, I’ll be attending WordCamp Portland. I’ll also be speaking at WordCamp Portland. Last week, I also decided to sponsor WordCamp Portland. Why all the investment?  It’s simple.  I love Portland.  I love WordPress.  And I have a blast spending money on the things that I love.

Continue reading...

Merging WordPress Multisite

When I first set up my personal website network, I got a bit carried away.  Once I had the first two sites in a multisite network, I started splitting out every category of my blog into its own site – each with its own domain. At the peak, I had: One site for my personal […]

Continue reading...

How to Contribute to WordPress Core

My first ever contribution to WordPress was trimming whitespace from keys stored in the WordPress options table. Basically, I removed a space. But since then, I’ve contributed quite a few other patches to the project I love.  Eleven of them have actually made it in to the core codebase! At the Portland WordPress User Group […]

Continue reading...