Trey Connell

I had been rocking along with an older version of WordPress for about 2 months now – 2.7.1 to be exact. I was hesitant to upgrade to the latest release which as of this time is 2.8.3. I knew that several plugins would be broken if I attempted to upgrade so I had been busy contacting the plugin authors inquiring about new releases that were compatible. Boy, did I learn my lesson.

I came to my site last Thursday morning to find the URLs were completely screwed up. I went into the permalinks tool and noticed my configuration had been modified to include a bunch of javascript garbage in the URL. Some ass clown had undoubtedly changed this setting in order to gain further access to my site or the server it’s hosted on.

After investigating, I found no further damage, but I was left wondering how in the world someone could have gained access to that admin tool within WordPress. I soon found the answer here. The article by Core Security Technologies identifies and describes how someone can gain unfettered access to some core admin screens as well as configuration panels for plugins by simply modifying the URL.  Specifically – inserting an additional slash before the php file name causes WordPress to bypass the privilege system checks. Not good and so simple it’s really quite horrifying.

After fixing my site, I was still loathe to upgrade WordPress without testing everything first. The phrase “bull in a china shop” comes to mind. So instead, I put in a bit of Apache mod_rewrite magic:

# Remove double (or more) slashes from the URL.
RewriteCond %{REQUEST_URI} ^(.*)//(.*)$
RewriteRule . %1/%2 [R=301,L]

So I had Apache protect me while I went about the process of (sanely) upgrading and testing my WordPress installation and plugins. As of today, I’m all happy on version 2.8.3, but I definitely will be paying more attention to security notices from now on.

Why in the world WordPress doesn’t allow you to change the Reply-To address in the confirmation emails sent to new subscribers is BEYOND ME. But luckily Andrew Hamilton has created a plugin that gives you that power.  I installed it on a project this morning, and it works like a charm.

Go get it here.

Click to Enlarge

I’m working on a project in WordPress for a customer who wants to have 3 images associated with each post. One of the three images will display depending on the position of the post on the home page. The typical solution is to use custom fields but that is very awkward and not efficient at all. I came across a fantastic plugin called WP Post Thumbnail and so far it’s exactly what the developer ordered.

The WP Post Thumbnail plugin adds a new panel to your Post editor where you can upload and crop up to 3 images. The images are stored in the database just like any other custom field values so all the same retrieval methods apply.

If you think this plugin might work for your projects, go download it.

WP Post Thumbnail Plugin Panel

Sometimes you want to automatically insert copy into the body of your WordPress post without having to manually paste it in every time. I ran across this handy function from wprecipes.com that does just that:

Edit your theme and paste the following code into your functions.php file:

add_filter( 'default_content', 'my_editor_content' );

function my_editor_content( $content ) {
    $content = "I want this text to be automatically included.";
    return $content;
}
?>

If you use anything other than the default WordPress theme, you’ve probably noticed that image captions look different in TinyMCE than they do on your site. This is because many themes do not include the styles associated by WordPress with the images you insert into your posts.

In order to get the styles to show up, simply paste the CSS below into your theme’s css file (style.css).  That will get your default styles working, and you can customize from there.

/* Captions */
.aligncenter,
div.aligncenter {
	display: block;
	margin-left: auto;
	margin-right: auto;
}

.wp-caption {
	border: 1px solid #ddd;
	text-align: center;
	background-color: #f3f3f3;
	padding-top: 4px;
	margin: 10px;
	-moz-border-radius: 3px;
	-khtml-border-radius: 3px;
	-webkit-border-radius: 3px;
	border-radius: 3px;
}

.wp-caption img {
	margin: 0;
	padding: 0;
	border: 0 none;
}

.wp-caption p.wp-caption-text {
	font-size: 11px;
	line-height: 17px;
	padding: 0 4px 5px;
	margin: 0;
}
/* End captions */

If you scroll down and look at the comments area of my blog posts, you’ll see that you can now login using your profile on Facebook. This lets you automatically post any comments you make to your wall updates on your Facebook page. Pretty cool huh?? Also, be sure to check out the snazzy profile square that shows in the upper right of each page while you’re on my site. I mean – c’mon – that’s just candy.

Big thanks to Ruhani Rabin for putting together the instructions for integrating WordPress and Facebook. That really made it easy to get this up and going on my site.

I went through the pain of turning on table creation and editing abilities within TinyMCE that is included in the default installation of WordPress.  It was not fun, but hopefully someone benefited from my experience and research.

Now I’ve found that a new plugin is available for WordPress 2.7.  It’s called TinyMCE Advanced.  It promises:

1. Imports all CSS classes from the main theme stylesheet and add them to a drop-down list.
2. Support for making and editing tables.
3. In-line css styles.
4. Advanced link and image dialogs that offer a lot of options.
5. Search and Replace while editing.
6. Support for XHTML specific tags and for (div based) layers.

The importing of CSS classes from the theme stylesheet and table management alone makes this a great plugin.  The rest is just gravy.

I just installed this plugin and it is working great so far.  The settings panel in WordPress even gives you a drag and drop interface for adding and managing all the TinyMCE features across four toolbars. I REALLY wish I’d have known about this plugin before trying to add table management manually to my WordPress site.

Add tables to WordPress and TinyMCE

I recently implemented WordPress 2.6.5 and admin users needed the ability to insert and control tables in their posts.  WordPress uses TinyMCE for its WYSIWYG editor, but tables are not included by default.  In order to get table controls in the TinyMCE toolbar, I took the following steps:

Step 1

Download the latest version of TinyMCE.

Step 2

Unzip the file and find the tinymce/jscripts/tiny_mce/plugins/table directory.
Upload that entire table directory to your wordpress installation and place it in wp-includes/js/tinymce/plugins directory

Step 3

Edit tiny_mce_config.php found in wp-includes/js/tinymce.

Find the line that looks like:

$plugins = array( 'safari', 'inlinepopups', 'autosave', 'spellchecker', 'paste', 'wordpress', 'media', 'fullscreen', 'wpeditimage' );

We want to add ‘table’ to that array.  The resulting line looks like:

$plugins = array( 'safari', 'inlinepopups', 'autosave', 'spellchecker', 'paste', 'wordpress', 'media', 'fullscreen', 'table', 'wpeditimage' );

Find the line that looks like:

$mce_buttons_3 = apply_filters('mce_buttons_3', array());

We want to add ‘tablecontrols’ to that empty array.  The resulting line looks like:

$mce_buttons_3 = apply_filters('mce_buttons_3', array('tablecontrols'));

This adds the table options to TinyMCE’s configuration and makes them show up in the third row of buttons.

Save that file.

Step 4

Overwrite the wp-langs.php file found at wp-includes/js/tinymce/langs with the one located here.  Unzip it first…

Step 5

Now we need to clear WordPress’ javascript cache so our changes will show up.  Delete everything in the directory:  wp-content/uploads/js_cache

Step 6

Login to WordPress and write a new post or edit an existing one.  If you’ve done everything correctly, you’ll see your new shiny row of table control buttons.