If you use my SyntaxHighlighter Evolved WordPress plugin, please update ASAP. There’s a security issue with the Flash file that is used by version 2 of the highlighting library. This file is meant to be used for allowing one-click copying of the code to your clipboard (since normal copy/paste doesn’t work with it) but the file reportedly suffers from a cross-site scripting security issue.
Even if you use the better version 3 of the library (the default for my plugin), the file from version 2 of the library will still be included in the plugin’s files.
As a temporary fix, I have emptied out the file. This unfortunately means your visitors will not easily be able to copy any code you paste. I recommend switching to the superior version 3 via my plugin’s settings page. Code highlighted using the newer version can be selected and copied normally.
Feel free to leave any questions you have about this security issue on this post but please leave other general SyntaxHighlighter comments on the plugin’s homepage. Thanks.
Pippin Williamson has written a good explanation of which to use over on Wptuts+.
TL;DR: If the functionality is something that should continue to work after you switch themes, then it belongs in a plugin.
My most popular WordPress plugin, Viper’s Video Quicktags, has passed the 1 million download mark!
I really should give it more love and attention…
With the release of Jetpack 1.5, Jetpack now supports the awesome carousel feature that you may have seen running on WordPress.com. It’s superior to my jQuery Lightbox For Native Galleries plugin in my opinion so I am opting to discontinue development on my plugin.
My plugin should continue to work for the indefinite future but I will no longer be maintaining it.
JW FLV Player has been removed from the latest version of my Viper’s Video Quicktags plugin. The player is not compatible with the GPL license and as a result cannot be included in plugins that are hosted in the WordPress.org plugin repository. I shouldn’t have added the player to my plugin in the first place but it was the only decent player at the time oh so many years ago. Today I have rectified that mistake by removing it from my plugin’s download.
However do not fear — I have not actually removed the functionality, I just no longer bundle it with my plugin. If you wish to continue to use the player to embed
.mp4 files after upgrading to version 6.4.0 of my plugin, you will need to download this ZIP file and extract it to your
wp-content folder, resulting in
/wp-content/jw-flv-player/player.swf. I’m hosting the ZIP file since my plugin uses an old version of the player that is no longer available for download from the official site.
This is a temporary band-aid fix. The eventual plan is to switch to the GPL-licensed Flowplayer but that won’t happen until I complete the latest recode of my plugin which introduces many much-needed features. Whether I’ll actually ever finish version 7.0 of my plugin is another matter though.
If you have any questions or need any help, please post over on the Viper’s Video Quicktags page.
Someone has been trying to brute-force attack my site lately (guessing my username and password) and so I thought I’d share the plugin that is blocking them and also letting me know that it’s happening: Limit Login Attempts. After a configurable number of log in failures, the plugin blocks the IP from attempting to log in for a configurable amount of time. Super handy.
I’m having trouble coming up with a good name for my latest WordPress plugin so I thought I’d crowd source it.
My other WordPress-powered site, FinalGear.com, receives very large traffic spikes. I used to just run WP Super Cache to prevent the site from going down but Apache would still actually die under the load even though it was just serving static content. Since the site has no comments or other often changing content, the easiest solution at the time was just to throw a reverse proxy called Varnish in front it with a decent cache time (5-10 minutes per page). I’ve since switched from Apache to nginx which solves that issue but it’s still easiest to just leave Varnish there.
Varnish is set up to ignore cookies on the front end of the site. That means I get served the exact same version of the site that you (a guest) sees — no admin bar, no post edit links, and so forth. Getting to the admin area is easy thanks to an absolutely positioned hidden link in the bottom left of the site (hover over it, you’ll find it) so lack of an admin bar is no problem for me.
Plugin authors: did you know that you can allow translators to localize the plugin details that show up in the plugins list in the WordPress administration area? Your plugin’s name, description, and so forth? Well you can! It’s actually really simple to do and all you need to do is add one or two additional plugin headers to your file.
The first is
Text Domain and this is the text domain for your plugin, i.e. the first argument that you are passing to
The second one is
Domain Path and is optional. It’s only needed if you store your translation files in a subfolder inside of your plugin’s folder.
Here’s an example
load_plugin_textdomain() call from one of my newest plugins:
dirname( plugin_basename( __FILE__ ) ) . '/localization/'
That loads translation files from a subfolder called “localization” inside of my plugin’s folder. This turns into the following plugin header:
Plugin Name: Add Descendants As Submenu Items
Plugin URI: http://www.viper007bond.com/wordpress-plugins/add-descendants-as-submenu-items/
Description: Automatically all of a nav menu item's descendants as submenu items. Designed for pages but will work with any hierarchical post type or taxonomy.
Author: Alex Mills (Viper007Bond)
Author URI: http://www.viper007bond.com/
Text Domain: add-descendants-as-submenu-items
Domain Path: /localization/
An extra line break isn’t needed nor is the extra spacing but I added both just for aesthetic reasons.
And that’s it! WordPress will then attempt to translate the plugin’s name, URI, description, author, author URI, and version fields. I personally only include the plugin’s name and description in my translation template files though as I don’t feel translators need to localize the other fields.
If you need help generating a translation template file for your plugin, log into WordPress.org and then visit the “Admin” tab on your plugin’s page on WordPress.org. You can generate a POT file for your plugin there.
When I created the navigation menu at the top of my site using the menu feature in WordPress (Appearance → Menus), I didn’t want to have to maintain anything but the top-level menu items. When I released a new plugin and created a page for it, I didn’t want to have to go into my menu UI and add it there too. So instead I wrote this plugin.
Add Descendants As Submenu Items adds a checkbox to each menu item that is of a hierarchical post type (i.e. pages). Checking this box will automatically display all descendants as submenu items on the front end of your site. You can see it in action at the top of my site — I only configured the top level menu items and everything that shows up when you hover over them has been added by my plugin rather than manually by me.
An example menu and the checkbox this plugin adds
These submenu items have been added by the plugin
For more details and to download the plugin, check out the plugin’s homepage.
Just a little something I’ve been working on.
(The checkbox and the text next to it is what my plugin is adding.)