Plugin Updates: Securing Download Links

March 19th, 2013

Ever since the release of the Plugin Update Checker library, one of the most common questions asked has been this: “How can I secure my download links so that only users who have purchased my plugin can download an update?” In this post I’ll try to answer that question in the context of using WP […]

Continue Reading...

WordPress Update Server

March 12th, 2013

It’s been a long time coming, but I’ve finally released an external update API server for WordPress plugins and themes. Check it out on GitHub. This is the server component to my plugin update checker and theme update checker client libraries. Features Provide updates for private or commercial plugins and themes. From the users’ perspective, the […]

Continue Reading...

How to Pre-Select a Category for a New Post

November 20th, 2012

Lets say you have a category called “X”, and you want to create a link which when clicked will take the user to the “Add New Post” screen with the “X” category already selected. This could be used to simplify posting for non-technical users, or even as a way to implement “poor-man’s custom post types” […]

Continue Reading...

Magic Quotes in WordPress, and How To Get Rid of Them

November 13th, 2012

One thing that many developers are not aware of is that WordPress automatically adds magic quotes to request variables. This means that all quotes, backslashes and null-byte characters will be escaped with a backslash. Even if you disable magic quotes in php.ini, WordPress will apply them to $_GET, $_POST, $_COOKIE and other superglobals anyway. If […]

Continue Reading...

8 Great Tools For Working With JSON

November 6th, 2012

JSONLint – Validate Your JSON JSONLint is an online JSON validator and formatter. It will check your JSON for syntax errors and format it with proper indentation and line breaks to make it more human-readable (this can be very handy when analysing complex JSON documents). You can either paste your JSON data in the form […]

Continue Reading...

Plugin Update Checker 1.2 Released

October 30th, 2012

After a long delay, a new version of my PluginUpdateChecker library is finally ready for release. Read on to find out what’s new, or go straight to the download page. For those of you not familiar with this library, here’s a short summary: You can use it to add automatic update support to any WordPress plugin. Especially […]

Continue Reading...

Tell Your Users Where Your Plugin Puts Its Menu Pages

October 23rd, 2012

There’s one thing that always annoys me when installing new plugins: No matter how popular or obscure the plugin, the first few seconds (or minutes) are usually wasted on trying to figure out where it put its settings page. We’ve all been there. Trawling the admin menu, looking for that elusive link that will actually […]

Continue Reading...

How To Add Separators To The Admin Menu

October 16th, 2012

As you may already know, WordPress stores top-level menus in a global $menu array. The array indexes correspond to menu positions, and each array item contains the properties of a single menu – the menu title, required capability, URL, and so on. Separator items are structured just like normal menus, except they also have a […]

Continue Reading...

How To Hide WordPress Plugins From Some Users

October 9th, 2012

You can use the undocumented all_plugins filter to control what plugins will show up on the “Plugins” page. WordPress applies this filter to the list of all installed plugins just before sorting it into “active”, “inactive”, “update available” and other categories and displaying it to the user. The list of plugins is an array indexed […]

Continue Reading...

10+ Great Plugins For Debugging And Development

October 2nd, 2012

WordPress Console Adds an interactive PHP console (REPL) to the WordPress admin. You can run arbitrary PHP code and access any function, class or variable defined by WordPress or active plugins. Amazing for debugging and exploration. Note: At the time of this writing, the plugin directory listing says this plugin is only “compatible up to […]

Continue Reading...

8 Useful Snippets For Working With WordPress Hooks

September 25th, 2012

Add your hook before or after another hook Sometimes you need to ensure your function will get executed before or after another function that’s attached to the same hook (e.g. to fix a plugin conflict). The most reliable way to do this is to use has_action() to get the priority of the other hook and […]

Continue Reading...

Top 100 WordPress Plugin Authors (Updated)

September 17th, 2012

I had some free time this weekend, so I built an automatically updated list of Top 100 WordPress plugin developers. The rankings are based on the number of times each developers’ plugins have been downloaded from the plugin directory. A short PHP script updates the list several times per day. Check it out. Bonus: Compare […]

Continue Reading...

How To Remove Anonymous Object And Anonymous Function Hooks

September 11th, 2012

If you’re at all familiar with WordPress development, you already know how to remove a normal hook: just call remove_action or remove_filter and pass it the hook name, the name of the hook callback you want to remove and the priority. But what if the callback has no fixed name because it’s an anonymous function […]

Continue Reading...

20+ Useful But Often Overlooked Utility Functions In WordPress

September 4th, 2012

Today I bring you 20+ handy built-in WordPress functions. Some of them you may already know and use every day, while others you’ve probably never heard of as they’re usually not mentioned in WP tutorials or even the WordPress Codex. Being aware of these functions and knowing how to use them will save you time […]

Continue Reading...

tldextract.php – Extract TLD, Domain And Subdomains From URLs

August 28th, 2012

tldextract.php is a PHP library that accurately extracts the effective top-level domain name, registered domain and subdomains from a URL. For example, you can use it to get the domain name “google” from “”, or the TLD “” from “”. Example: Introduction Most people try to do this by splitting the domain name on ‘.’ […]

Continue Reading...

Fixing “You do not have sufficient permissions to access this page” Errors

August 21st, 2012

Chances are, you’ve run into this WordPress error at one time or another: That’s a pretty unhelpful error message, isn’t it? Not only does it tell you nothing about what the exact problem is or how it occurred, but it’s also sometimes just plain wrong. Pretty often, it has nothing to do with insufficient permissions. […]

Continue Reading...

WordPress Sample Content For Testing

August 8th, 2012

For all your theme testing and plugin development needs, here’s a huge list of WordPress sample content collections and dummy content generators. Export Files See How to import WordPress export files for instructions on how to import the files listed in this section on your site. Theme Unit Test Data from 22 Posts Sticky post […]

Continue Reading...

Automatic Versioning Of JS And CSS Files In WordPress

July 30th, 2012

If you’re a WordPress developer, this will probably sound familiar: you make a change to  one of your scripts or style sheets, reload the page you’re working on to see the result, and… everything stays the same. Of course, after a moment of confusion, you realise that you didn’t update the $version argument in your […]

Continue Reading...

Formatting JSON With PHP

July 17th, 2012

The built-in json_encode() function in PHP puts everything on one line. For development and debugging, it can often be more useful to have properly indented, human-readable JSON that makes it easier to manually inspect the encoded data and check it for problems. Here’s a function that lets you format/pretty-print any JSON string to be more […]

Continue Reading...

How To Use The Default Admin Menu Icons In Your Plugin

July 10th, 2012

As you probably know, you can use the add_menu_page() function to create a top level admin menu for your WordPress plugin or theme. This function allows you to specify a menu icon by passing an image URL as the $icon_url argument. But what if you want to use one of the default admin icons – […]

Continue Reading...

List Of WordPress Plugin Frameworks

June 26th, 2012

For plugin developers desiring an easier way to perform common tasks, a little more structure in their code, or perhaps even a dash of MVC goodness, here is a list of WordPress plugin frameworks. This list is intended to be comprehensive. If you find an actively maintained plugin framework that’s not listed here, let me […]

Continue Reading...

How To Create A Table Of Contents Shortcode

June 19th, 2012

It’s time for another WordPress plugin development tutorial 🙂 In this post, I will provide a step-by-step explanation of how to create a WordPress plugin that lets the user add an automatically generated table of contents (TOC) to their posts by using a simple shortcode. The completed plugin will support the following syntax: For example, […]

Continue Reading...

How To Easily Stop Your Site From Being Loaded In A Frame

June 7th, 2012

As of WordPress 3.1.3, it’s really easy to prevent unscrupulous web developers from displaying your site in a frame. Just add this one-liner to your functions.php file: Now any other site that tries to load your WP blog in a frame will get this instead: (The actual error message will vary depending on the browser. […]

Continue Reading...

Celtic Knot Generator – A HTML5 Canvas Experiment

May 17th, 2012

I wanted to familiarize myself with the much-touted canvas element, so I used it to build an interactive celtic knot generator/editor. Give it a try. Launch the celtic knot generator. Note: Requires a fairly modern browser. Instructions When you first load up the knot generator, you will see a 10×10 grid filled with the default […]

Continue Reading...

Adding A Notification Bubble To An Admin Menu Item

May 3rd, 2012

You’ve probably seen the small notification bubble that shows up in the Dashboard menu when a new update is available. Here’s how you can add a menu bubble to your own custom menu: The resulting menu will look like this:

Continue Reading...

Security Tip: Block Direct Access To Plugin PHP Files

April 27th, 2012

Plugins are usually loaded and executed along with the rest of WordPress. However, since each plugin is physically just set of .php, .css and .js files, it is also possible for someone to bypass the normal load order and execute the plugin files directly.  They just need to type the right URL in the address […]

Continue Reading...

Cleaning Up Stale Transients

April 17th, 2012

WordPress transients are very similar to DB options but they also support expiration times. The Transients API documentation states: Our transient will die naturally of old age once $expiration seconds have passed since we last ran set_transient() What you might not know if you haven’t explored the source code of the transients API is that […]

Continue Reading...

How To Convert Your WordPress Blog To A Static Site

February 2nd, 2011

Recently, I found this old question on WordPress StackExchange: I am starting a new WordPress blog, and no longer updating an old one. […] How can I lock the installation of WordPress down so I don’t need to maintain it? I have seen someone suggest making a static version, which sounds like a lot of […]

Continue Reading...

Page Load Time vs SEO: My Experience

February 1st, 2011

It is hardly news that the average load time is one of the many factors that Google uses to determine how well your site will rank. But how much does it matter, really? If my recent experience is anything to go by, the answer is “very little”. Over the last two months, I optimized this […]

Continue Reading...

Lazy-Load Avatars

January 31st, 2011

In my previous post, The Quest For Speed, I mentioned that lazy-loading avatars is a good way to improve your site performance: The overwhelming majority of visitors never leave a comment. Chances are, most don’t even scroll down to the comments section. So why waste their time and bandwidth by loading avatars that they’ll never […]

Continue Reading...