Category Archives: Hackery

Simple Twitter Connect

Since people have been emailing me and asking for it…

WordPress Plugin: Simple Twitter Connect

It’s similar in concept to the Simple Facebook Connect plugin. In fact, it rips off quite a lot of the same code. But instead of Facebook, this integrates your WordPress site better with Twitter.

Now, there’s a lot of Twitter plugins out there already. And this plugin by no means competes with them (yet). This plugin can’t, for example, send a post to Twitter (yet). Nor can it pull posts from Twitter to display on your own site (yet).

What it does is to provide the framework for a more complete Twitter integration. Right now it can do:

  • Login via Twitter
  • Comment via Twitter

Not much, really. But it has the backend code necessary to make it easier to connect your site to a Twitter Application, and to make plugins surrounding it that won’t interfere with each other. That’s the same basic reason for the Simple Facebook Connect plugin.

So yes, eventually this plugin will send and receive stuff from Twitter. But for now, it lets you allow users to Login and/or to have users Comment using their Twitter credentials.

Expect frequent updates.

Don't include wp-load, please.

Edit: This post has moved to here: http://ottopress.com/2010/dont-include-wp-load-please/. Take your comments there.

Time for Otto’s general griping: WordPress plugin programming edition.

Here’s a practice I see in plugins far too often:

  1. Plugin.php file adds something like this to the wp_head:
    <script src='http://example.com/wp-content/plugins/my-plugin/script.js.php'>
  2. Script.js.php has code like the following:
    <?php
    include "../../../wp-load.php";
    ?>
    ... javascript code ...
    

The reason for this sort of thing is that there’s some option or code or something that the javascript needs from the database or from WordPress or whatever. This PHP file is, basically, generating the javascript on the fly.

Usually, the case for this turns out to be something minor. The code needs the value from an option, or some flag to turn it on or off. Or whatever.

Problem is that finding wp-load.php can be a bit of a chore. I’ve seen extreme efforts to find and load that file in plugins before, including searching for it, examining the directory structure to make decent guesses, etc. This sort of thing has existed even before wp-load.php came around, with people trying to load wp-config.php themselves and such.

But the real problem is simpler: This is always the wrong way to do it.
Continue reading

How to Setup your Facebook Connect Application

Note: This post has been moved to here. Please leave comments there instead.

The majority of the email I get from users of the Simple Facebook Connect plugin is questions regarding how to setup their Facebook Application. It’s really not that hard to do, but the plethora of options can seem somewhat intimidating. So here’s the basics of what you need to do.

Continue reading

SFC Chicklet

I saw this morning that Jesse Stay had created a rather neat little chicklet for his FBFoundations plugin. I thought it was a clever idea, so naturally I stole it and added it to Simple Facebook Connect as well.

Of course, just copying an idea is no fun. So I had to improve upon it a bit for my version. :)

I ended up not using any of Jesse’s code, but I did (mostly) keep the format of his chicklet output the same, so as to try to be compatible with it for styling rules and such.

Continue reading

WordPress Settings API Tutorial

Edit: This post has moved to here: http://ottopress.com/2009/wordpress-settings-api-tutorial/. Take your comments there.

When writing the Simple Facebook Connect plugin, I investigated how the Settings API worked. It’s relatively new to WordPress (introduced in version 2.7), and many things I read said that it was much easier to use.

It is much easier to use in that it makes things nice and secure almost automatically for you. No confusion about nonces or anything along those lines. However, it’s slightly more difficult to use in that there’s very little good documentation for it. Especially for the most common case: Making your own settings page.

So, here is my little documentation attempt.

Continue reading

Simple Facebook Connect

Working on a new WordPress plugin lately. It’s basically a simple and easy way to make Facebook Connect work with your WordPress based website.

More info about it here: Simple Facebook Connect.

Short list of current features:

  • Simple 2 step setup for Facebook Connect. Just create the App via Facebook and paste in the API key.
  • Share button, with meta support.
  • User status widget
  • Comment using Facebook Identity (alpha, not operational, for testing only, will be working soon).

Like most things I announce early, it’s not fully featured yet. I’m modifying and adding onto it as I go along, so expect a lot of updates to show up in the plugin list if you use it.

And if you have ideas for how to improve it, please email them to me. :)

How to find a backdoor in a hacked WordPress

Edit: This post has moved to here: http://ottopress.com/2009/hacked-wordpress-backdoors/. Take your comments there.

Over here, Jorge Escobar is writing about how he got hacked with the latest version of WordPress. After some minor back and forth on FriendFeed, I got him to do a search which found a malicious backdoor he might not otherwise have found.

In so doing, it occurred to me that most people don’t keep up with the world of WordPress in the way I do, and so have not seen nearly as many hack attempts. So I figured I’d post my little contribution, and show people how to find hidden backdoors when cleaning up their hacked sites.

Non-technical users can safely ignore this post. :)
Continue reading