Be warned! It turns out that using Twig or any other depencies with composer in WordPress is in fact a bad idea! The problem is that other plugins or themes may also use the same components but in different version – and then this may end up in all kind of conflicts! For the time being I do NOT recommend to follow this article!
The basic structure of WordPress plugins is kept rather simple:
readme.txt file with a description in the header and a PHP file for the plugin initialization are required as a minimum requirement in the plugin directory. It is not absolutely necessary to implement your own classes, since the code is executed directly by WordPress – however, organizing it into classes makes readability and maintainability much easier.
From now on my website provides a search function with results in real time which are displayed as list below the search input. For this I developed a plugin for WordPress which uses the Ajax interface and runs the search while text is entered.
Yes, there are already plugins for this – but the implementation was not too difficult (about 190 lines of code) and I learned something about using Ajax with WordPress.
One thing missing is a good keyboard navigation, but this will propably be added as well. For now you can navigate using the [Tab] key.
Using the keyboard is also possible – with the tab key (or the key your browser uses for changing the focus) you can change from the search input to the result list and move between the entries in the list. The kursor keys up and down ([↓] / [↑]) can also be used for navigation. To open an entry, press return ([↵]) or [enter]. With [Esc] the result list will be closed without opening an entry.
If you deal with WordPress you soon notice that static resources like style sheets or scripts get included with the parameter “ver”, as for example in the “Hemingway” theme:
If you then validate the website, as for example with Pingdom, the “ver” parameter will be treated as a problem for efficient caching since content delivered by URLs with parameters may not be stored in a cache but fetched from the original server for every single request.
On the other hand the version information is important for the correct function of themes and plugins, especially when they get updated – if you are an author in this area you should definitely pay attention to the note at the end of this post.
The Multicolumn Category Widget for WordPress now shows a placeholder text for the title in the configuration so you can see which default title will be used if you don’t enter a custom title.
The DDoS attack which I recently experienced on my web site was obviously the exploit of an error of PHP in the context of XML processing. Also see the news at heise (German). WordPress has provided an update to mitigate this problem.
At the beginning of this week my server became a target for a DDoS attack which eventually caused a massive overload. Therefore all websites on the machine where temporary not avaible any longer. The goal of this attack was obviously an attempt to exploit the pingback vulnerabilty of WordPress which already had been reported in March.
Update 2014-08-07: In fact it’s more likely that a problem in PHP in the context of XML had been exploited, also see this post about the details.
The Multicolumn Category Widget had been extended by an additional option which allows to display the number of posts behind the category names.
On my website there is a simple “breadcrumb navigation”. This kind of navigation is particularly helpful for more complex page structures as for my projects. But this navigation bar also provides quick access to further content in blog posts.
See more on the project page →
The widget to display categories in WordPress lists categories only in one column (as of version 3.8.1). However in many cases there would be enough room to split the list into two or more columns.
For this purpose I’ve created my first plugin for WordPress – “Multicolumn Category Widget”, a widget to display the top level categories in multiple columns.
See more on the project page →
Although my website uses WordPress I have disabled pingback & trackback completely since the official startup.
One of the reasons see here: „Blogger unter Beschuss – Pingback missbraucht“ (heise, German) and here: Post on sucuri.net