Version control: It’s one of those handy tools developers use to keep track of changes to a project. It also makes it easier to “code in the kitchen”, as it were, by allowing for small changes we may have come up with while, say cooking dinner or cleaning the house to be made and noted, so that we can come back later and decide if we want to keep the little change, or roll it back without having to dig through lines and lines of code to find and delete it. But did you know that Git (or any other method of version control, for that matter), can also be used for design, and even content writing?
I first came across version control in the form of Murcurial while working on a project last year with Monica that involved adding content to a hand-coded site. To be honest, at first, I thought the owner of the site was crazy for insisting on version control for a hand-coded, relatively simple site, but after having switched my own processes over to version control from plain-old work-as-you-go text files, I’m thankful I was introduced.
So how do you, as a content writer or designer, implement version control? There’s an excellent post over at Flywheel that will get you started. It lays out some reasons why version control, (specifically, Git), is a good for designers, and provides some free resources for getting started. Admittedly, the concept took me a while to get used to, and I ran into some issues while getting everything initially set up, but once I got rolling, I’ve never looked back.
WPTouch is a plugin for WordPress that automatically enables a mobile theme for those who may be visiting your site on a smartphone or tablet. With five million downloads to date, it’s one of the most popular plugins in the WordPress plugin directory. Earlier today, Sucuri reported that WPTouch has a dangerous security vulnerability, and users are strongly advised to update immediately. The short version is, unless you’re running the latest update, WPTouch allows users who do not have administrative priveliges to upload php scripts directly to the server, meaning that someone with not-so-good intentions has the capability to take over any site running anything but the latest version of the WPTouch plugin.
The unpatched version of the plugin uses the “admin_init” hook as its authentication method. As was discussed previously, “admin_init” should not be used as an authentication method because it is invoked not only when an administrative user visits any page within wp-admin, but also when wp-admin/admin-post.php is visited, thus allowing anyone to upload potentially malicious code to an effected site.
If you’re using this plugin to create a mobile-friendly experience for your users, update it as soon as possible. Sucuri made the vulnerability known to the authors of the plugin, and they have uickly released a patch to the plugin directory. the only thing users of the pugin need do is update to the latest version.
Via PostStatus:
PhpStorm is a full-featured IDE that has somewhat of a cult following among WordPress developers. Made by JetBrains, it’s notable for being more light-weight than most IDEs, web development specific (though not just PHP as the name implies), and very customizable.
Today, they’ve announced that PhpStorm will begin officially supporting WordPress project management. WordPress-specific features include:
- WordPress integration in PhpStorm for new plugins (with plugin skeleton) and existing projects
- Development environment configuration for WordPress
- Hooks support (Completion for registration functions parameters; Navigation from hook registration functions to hook invocation; Callbacks from hook registration; and other hooks-related features)
- Search WordPress.org right from the editor
- WPCLI integration
They also link to a complete tutorial on using PhpStorm with WordPress. The tutorial includes screenshots as well as text. All of the above features are available to those in their Early Access program, and will be fully baked into version 8.
Those that are familiar with using a full IDE will probably get along just fine with PhpStorm. Those that primarily use text editors like Notepad++ or Sublime Text or Coda may be overwhelmed at first. There are many advantages of using an IDE, but they’ve historically been plagued for being slow and complicated. PhpStorm works hard to not be. Along with the above-linked tutorial, there is also a paid tutorial called Make PhpStorm Pretty by Jeffrey Way (formerly of Envato).
From the Sucuri blog:
In most cases when dealing with infected websites, we know where to look and what to remove, generally with a quick look we can determine what’s going on. Despite our experience and passion for cleaning up a hacked website, there are always surprises lurking and waiting for us, almost every day. Some of the most interesting routine cases we deal with are often websites with SPAM. SPAM is in the database, or the whole block of SPAM code is stored in some obscure file. We also deal with cases where the SPAM is loaded within the theme or template header, footer, index, etc. Sometimes these SPAM infections are conditional (e.g. They only appear once per IP), sometimes not. More often than not however, these infections are not too difficult to identify and remove. In the case we’re writing about in this post, we were able not only to remove malware, but also take a look at what’s going on behind the curtain.
In this case there’s an offending plugin that’s causing the problem, namely a fake one called Pingatorpin. This plugin is not in the official WordPress plugin repository, has fake plugin headers, and googling it comes up with a lot of websites with the thing installed. Finally, all of this plugin’s files are malware. Following is a list of the files and what they do:
- config-generator.php – Creates the config file serializing the array.
- executor.php – Responsible for injecting require_once() into the files and logging which file is infected into files.dat.
- remover.php – Malware cleanup script which is pretty interesting. In other words, here’s a nice script that checks for malware removal plugins or scripts, and then removes them.
- consumer.php – The payload which will get the content from the config.db file, process the content, and echo it into the pages it wants to infect.
Just a reminder: If you can afford it, subscribe to Sucuri’s malware cleanup and detection service. It’s about $90US per site. But if you can’t afford that, be doubly sure all your WordPress-related files are up-to-date, and you can also use Sucuri’s free site check service. Also, make sure that, unless there’s a really really good reason, you install plugins only from the WordPress plugin repository. As a related note, if you’re running any other content management systems on your server besides WordPress, make sure those are up-to-date as well. And if there are any subdomains you’re not using or taking care of, it’s probably a good idea to get rid of them if they’re running a CMS so you have less to worry about updating.
Every once in a while, we need to spend time pruning our WordPress databases. But if part of your pruning task includes deleting a metric ton of posts, this can become time-consuming if you’re using the WordPress Dashboard to do it. Fortunately, there’s a quicker way to delete those hundreds, or even thousands, of posts without checking a bunch of boxes and clicking a button a couple of hundred times.
Enter MYSQL
WP-Guru has a great tutorial, complete with screenshots and example code, that will walk you step-by-step through creating the queries you need to delete those posts. I’ve used this tutorial myself, and it has saved me loads of time. So head on over and take a look, and if you’re in need try it out.
