This week a few people in the office got really excited about the Signals app from HubSpot, which lets you see when your emails have been opened and whether or not links have been clicked in your emails. While it’s extremely useful for marketers, project managers, and others who have a vested interest in knowing you’ve read their emails, I’d prefer to be able to read the email at my leisure without having the sender essentially standing over my shoulder to see if I’ve read it. For most people it’s not a big concern, but it is incredibly simple to thwart if you’d like a little more privacy in your inbox.
Latest blog posts
I’m working on a site right now that uses the Social Login plugin by OneAll, which is the first time I’ve dealt with users logging into a WordPress account via social networks. The plugin works really well, but I ran into one major issue: new user accounts were being created when matches weren’t found.
This particular project is a BuddyPress site for a fraternity; brothers can log in to see private events, content, and the full roster but the general public can only see the public pages. There’s also a public roster page with basic information about each member (name, graduation year, major, etc.), but those are dynamically generated by listing all BuddyPress members (excluding my team’s accounts, of course). Out of the box, OneAll would create a new user account for anyone who tried to log in, resulting in my mug appearing in the roster right along all the registered fraternity members…yikes!
At work we’ve been rolling out PHP-FPM to more and more of our clients’ servers, which has been great for performance and keeping server loads down. The only issue we’ve had (beyond some initial configuration) was related to our deployments: many of our projects, especially our web applications, are deployed through Capistrano, a Ruby-based task runner that’s extremely popular among the Ruby on Rails crowd. While Capistrano let’s us reduce deployments to running
cap production deploy, PHP-FPM typically needs to be restarted before it will start using the new code.
Having to manually SSH into a server to restart PHP-FPM after a deployment takes some of the sexy out of one-line deployments, so we sought to find a better way. The goal: be able to restart PHP-FPM (
sudo service php5-fpm restart) from within a Capistrano task without being prompted for passwords (we use Public-Key authentication) or having to manually SSH in to restart the server.
Forgive me if this is old news, but hostname-based environment switching isn’t as nice as it could be; I like using *.dev for my development environments, but other people I know like *.development, *.local, etc. The truth of it is the more developers you have working on a project the higher chance you run of the application being run at a variety of hostnames, mucking up your bootstrap/start.php file.
Fortunately, Laravel doesn’t force us into using hostname-based environment switching. At work we’ve developed this little workflow, and it seems to be working really well.
I’m working on a client project right now that makes heavy use of embedded videos. It’s exciting because as someone who primarily develops themes and plugins for marketing sites (and whose personal blog is almost exclusively text and code) it’s rare that I really spend much time with the rich-media embeds that have been getting so much attention from the core team over the last few releases.
As I started playing with the video embeds I immediately noticed an issue – there was nothing in the media widget that allowed authors to set a poster frame (the static image that appears in the video player before the user clicks the play button). I checked the documentation for the
[video] shortcode and found that the shortcode does accept an optional
poster attribute, which allows authors to specify a poster image.
This November I’ll be participating in Movember with my co-workers at Buckeye Interactive. Movember is a 30-day event where men grow mustaches in order to raise awareness of and money for men’s health issues, namely prostate and testicular cancers – you can think of it kind of like a 5k cancer run but on men’s upper-lips.
Right now at work I’m working on moving a site from WP eCommerce to WooCommerce and encountered an interesting request: the site offers free shipping but only to the lower 48 United States. That means no free shipping for Alaska, Hawaii, Puerto Rico, etc.
Out of the box WooCommerce supports country-based filtering (e.g. allow free shipping to the United States but not Canada) but to get into more specific restrictions you’d have to start messing with shipping tables or buying the Advanced Shipping Rates plugin which, although I’ve heard good things, will set you back $200.
Fortunately I was able to put together a code snippet that will remove a shipping method (in this case, free shipping) for restricted states. It consists of two parts: a class that extends the WooCommerce core shipping class (
WC_Shipping_Free_Shipping for this example) and a filter that tells WooCommerce to use our class rather than the core shipping class it extend Post has been updated to work with newer versions of WooCommerce.
A bit late considering I gave two talks in the last week but I’ve added a “Speaking Engagements” section to the site. I’m relatively new to professional speaking but am looking for more opportunities to share what I’ve learned. If you’re interested in having me speak at your event, please get in touch!
For those of you in the Columbus, OH area I’ll be presenting at this month’s Columbus WordPress Meetup on June 18, 2013 (a.k.a. tomorrow). The presentation is based on my latest blog post, WordPress Security Basics, and should be a good high-level introduction to WordPress security.
Each year thousands of websites are hacked. Sometimes it’s by way of a crafty social engineer (someone who tricks someone into giving up information without realizing it) conning some unsuspecting user out of his/her login. Other times it’s a backdoor in some code that grants a malcontent access to a site.
If your site is running on WordPress you can rest easy – WordPress core is considered to be a very secure application. The downside to WordPress core being secure is that if someone breaks into your site you likely have nobody but yourself to blame. Never fear: these tips will help keep your site safe and sound.
Latest Blog Posts
- HubSpot Signals and Your Privacy
- Quick Tip: Prevent OneAll from Creating New Users
- Automatically Restart PHP-FPM During Deployments
Follow me: @stevegrunwell
- (For the record, it worked)
- My friend apparently gets notifications when I tweet (or re-tweet) anything. Let's test this...
- RT @FontsInUse: I’d bet much of this particular monotony is the product of design contest / $5 logo sites. http://t.co/ETqDdmY1jU —SC http:…