Securing Forms Without Captcha

Captchas are a terrible user experience.

I've seen more captchas like this than I can count.

I’ve seen more captchas like this than I can count.

They put the onus of spam protection on the visitor filling out the form and, personally, show me how lazy you are as a site administrator.  There are a hundred different ways you can protect your site from spam on the server side – why would you forego these options and force your visitors to jump through additional hoops?

Furthermore, captchas can negatively impact the overall user experience on your site for some. They can actually hurt your conversion rate for others.

Instead of using a captcha, let’s look at two passive things you can add to a form to reduce spam. [Read more…]

WordPress Plugin Structure

The power of WordPress lies in its pluggable infrastructure.  Unlike other content management applications which require you to edit the core code of the system to make changes, WordPress supports plugins.  These smaller applications tie in to a rich API provided by WordPress that allows you to change just about everything about the application and customize it as needed.

The official plugin repository on is currently home to over 20,000 distinct plugins.  Each one adds some new functionality to WordPress, giving you the ability to tweak content, change colors, adjust layouts, or integrate with external systems.  This doesn’t even begin to cover the hundreds of premium plugins you can find online that provide even richer functionality.

Most WordPress developers will, at some point, be asked to create some kind of plugin for a client site. These client plugins can range from a shortcode manager to some kind of advertisement rotation engine to an API integration with a third-party customer management system. Instead of focusing on the what for your plugins, this tutorial will focus on the how. Namely, the three different ways you can structure a WordPress Plugin. [Read more…]

Using XML-RPC in WordPress

It was brought to my attention last week that there aren’t very many good tutorials on the web regarding the use of XML-RPC in WordPress.  Sure, there are plenty that talk about how easy it is to use and how great of a tool it can be, but few examples explaining just how it can be used.

I use WordPress for just about everything.  For websites, for forums, for ebook sales, for presentations, and most recently for an SMS gateway to a travel blog.  The thing is, I can’t always post to WordPress the way I want to.  I will be in Haiti next week and won’t have access to a computer or a laptop, but I still want to update my blog so I can communicate with friends and family at home.  XML-RPC to the rescue! [Read more…]

Theme-ready Shortcodes in WordPress

A few months back, I taught you how to make your widgets theme-ready by extracting the actual markup into an overridable template.  Now, we’re going to do the same for shortcodes.

And for those of you wanting to see this in practice, stay tuned for the release of version 2.5 of WP Publication Archive in a few weeks.  I’m using this technique to make markup easy to change. [Read more…]

Doing it Wrong the Right Way

Telling someone there’s a right way to include a plugin in a theme is like telling someone there’s a right way to cheer for the Beavers during the Oregon Civil War.

There is no right way.

However, there are still ways to do it if you absolutely need to.

Let’s admit it. As developers, we’re lazy.  We don’t like installing multiple tools when they could be bundled into one package.  We don’t like teaching our clients the difference between functionality and presentation.  We don’t like documenting the multiple items we installed on a client site so the next guy can not break things when he works on it.

We’re lazy. As a result, we try to take shortcuts whenever possible – one of those shortcuts is bundling plugins with themes to extend WordPress’ functionality.  But if you must take such a shortcut, here are the “right” ways to invoke _doing_it_wrong(). [Read more…]

Merging WordPress Multisite

When I first set up my personal website network, I got a bit carried away.  Once I had the first two sites in a multisite network, I started splitting out every category of my blog into its own site – each with its own domain.

At the peak, I had:

  • One site for my personal profile – linking to all the other sites
  • One site for a professional portfolio
  • One site for my business blog
  • One site for my Christianity blog
  • One site for my creative writing portfolio
  • One site for political discussions
  • One site for a personal journal

Then I read a great article by Ipstenu about why you shouldn’t use WordPress Multisite and decided I should rein things in a bit.  Categories of content should be categories instead of full sites.

This started a huge migration of content.  I set up a clean WordPress installation and started moving all of my posts, pages, categories, tags, etc from the schismed sites into the new one.  Everything was clean and ready to go … except for one thing. External links. [Read more…]

How to Contribute to WordPress Core

My first ever contribution to WordPress was trimming whitespace from keys stored in the WordPress options table.

Basically, I removed a space.

But since then, I’ve contributed quite a few other patches to the project I love.  Eleven of them have actually made it in to the core codebase!

At the Portland WordPress User Group meetup a few weeks ago, I gave a 5-minute presentation explaining how everyone could get involved with WordPress; both developers and non-developers.  Still, people ask all the time how they can see their changes reflecting in WordPress core.

So here’s an example of how a recent contribution I wrote made its way into the yet-to-be-released WordPress 3.4. [Read more…]

Classy Plugins

I was asked a few weeks ago why I structured my WordPress plugins the way I do.

Anyone who has spent any time looking at my code knows that I like to keep my main functions in a class and wire up action hooks and filters in the root of the plugin.  But few people have asked me why I set things up this way.

My explanation is in two parts:

  1. Writing clean code
  2. Writing easy-to-maintain code

Though it should be noted now that, while this particular development style makes heavy use of classes within PHP, this is not object-oriented programming.

Let me say again – this is not object-oriented programming.  I use classes often to define custom objects, but in this situation I use them merely as convenient wrappers for code. [Read more…]

Theme-ready Widgets in WordPress

If you use WordPress, you’ve probably used a handful of widgets in your sidebar.

Some display statistics.  Others print out recent comments.  Others display posts related to the content in the main window.

But all of them do this in the exact same way.  They take some data, wrap it into a hard-coded HTML template, and dump the content of that template to the front page of your site.

For most sites, this is fine.  Each tag has enough information to be easily styled, moved, re-sized, or even re-positioned using CSS.  In some cases, it’s not enough.

I’m a bit of a control freak, and I like to know exactly what is being output on my site, why, and how to change it.  As a result, I build my custom widgets to use customizable templates.

I set the default look – you can change it to whatever you want. [Read more…]

Theme-ready Custom Post Types in WordPress

If you’ve ever built a large, custom site in WordPress, you’ve probably built a few custom post types.

They are fantastic ways to manage custom content in an application traditionally geared towards blog and news posts.  You can manage events, downloadable publications, music archives. CPTs are only limited by the bounds of your imagination.

Many developers are building themes that leverage this custom content.  Unfortunately, they’re bundling the CPT definitions directly in the theme.  Let me tell you something about that:


Site owners and users change their themes often to keep a fresh look on the site.  If a custom post type is defined by the theme, and the user changes the theme, the user effectively loses access to that content.

Instead, define your custom post types in a plugin and reference them in the theme.
[Read more…]