Tag: WordPress

Topics: Web

Using Twig in WordPress plugins

Update 2022-06-13:

Be warned! It turns out that using Twig or any other depencies with composer in WordPress is in fact a bad idea! The problem is that other plugins or themes may also use the same components but in different version – and then this may end up in all kind of conflicts! For the time being I do NOT recommend to follow this article!


The basic structure of WordPress plugins is kept rather simple:

The file readme.txt file with a description in the header and a PHP file for the plugin initialization are required as a minimum requirement in the plugin directory. It is not absolutely necessary to implement your own classes, since the code is executed directly by WordPress – however, organizing it into classes makes readability and maintainability much easier.

Continue reading

Search with results in real time

From now on my website provides a search function with results in real time which are displayed as list below the search input. For this I developed a plugin for WordPress which uses the Ajax interface and runs the search while text is entered.

Yes, there are already plugins for this – but the implementation was not too difficult (about 190 lines of code) and I learned something about using Ajax with WordPress.

One thing missing is a good keyboard navigation, but this will propably be added as well. For now you can navigate using the [Tab] key.

Using the keyboard is also possible – with the tab key (or the key your browser uses for changing the focus) you can change from the search input to the result list and move between the entries in the list. The kursor keys  up and down ([↓] / [↑]) can also be used for navigation. To open an entry, press return ([↵]) or [enter]. With [Esc] the result list will be closed without opening an entry.

Versioning of static resources in WordPress

If you deal with WordPress you soon notice that static resources like style sheets or scripts get included with the parameter “ver”, as for example in the “Hemingway” theme:

href='http://server.example/wp-content/themes/hemingway/style.css?ver=4.1'

If you then validate the website, as for example with Pingdom, the “ver” parameter will be treated as a problem for efficient caching since content delivered by URLs with parameters may not be stored in a cache but fetched from the original server for every single request.

On the other hand the version information is important for the correct function of themes and plugins, especially when they get updated – if you are an author in this area you should definitely pay attention to the note at the end of this post.

Continue reading

Anatomy of an attack

At the beginning of this week my server became a target for a DDoS attack which eventually caused a massive overload. Therefore all websites on the machine where temporary not avaible any longer. The goal of this attack was obviously an attempt to exploit the pingback vulnerabilty of WordPress which already had been reported in March.

Update 2014-08-07: In fact it’s more likely that a problem in PHP in the context of XML had been exploited, also see this post about the details.

Continue reading

Multicolumn category list in WordPress

The widget to display categories in WordPress lists categories only in one column (as of version 3.8.1). However in many cases there would be enough room to split the list into two or more columns.

For this purpose I’ve created my first plugin for WordPress – “Multicolumn Category Widget”, a widget to display the top level categories in multiple columns.

See more on the project page →