Steve Grunwell

Open-source contributor, speaker, and electronics tinkerer

Tag: WordPress

A pile of LEGO bricks, ready to be constructed into something great (and blue).

Two new micro-libraries for WordPress

Last week, I found myself with two consecutive nights where my wife was busy with client work, so I found myself with some time after we put the toddler to bed. I had also had a stressful few weeks at work, where the things I was supposed to be working on kept getting de-prioritized so I could jump in and help other members of my team. Of course, ever-shifting priorities is nothing new for me (considering all but the last year and a half of my career has been in professional services), but it can still get frustrating when you just want to ship something.

A big part of what I do on a day-to-day basis is centered around WordPress. I work on the product team behind Liquid Web’s Managed WordPress and WooCommerce hosting platforms, and even when I’m writing Laravel applications they’re ultimately designed to support WordPress.

The more you work with WordPress, the more you see the same patterns repeating themselves. Registering scripts and styles, nonce verification, and custom meta boxes are things I can do in my sleep. Dig into third-party code and see yet another written using a Singleton pattern. Maybe the plugin author would appreciate if you refactored it to use namespaces, but of course there are no tests.

Sometimes you need a break, to just dig into something small enough that you can knock it out in a night or two but useful enough that you’re not coding for the sake of coding. That’s what I’ve done with two new micro-libraries: WP Cache Remember and One-Time Callbacks.

Continue reading→

WordTech! 2018

Update March 27, 2018: Speakers just received word that due to low ticket sales and sponsorship, WordTech! won’t be happening this year.

I’m proud to announce that I’ll be giving my Writing WP-CLI Commands That Work! talk at the inaugural WordTech! conference this Star Wars Day (May 4, 2018) in Toronto.

While this is a brand-new conference, I have a special attachment to it: Lead Organizer Peter MacIntyre (one of the organizers of Northeast PHP) reached out to Eric Mann and I all the way back in January of 2017 about organizing a new, development-focused WordPress conference; he noted that WordCamps often cater to the broadest range of developers, meaning it’s rare for a camp to have more than a few “advanced” development talks. While I’m a fan of development-oriented WordPress conferences (such as LoopConf), I don’t have the bandwidth to help organize a conference. I told Peter that I’d still be happy to submit when the CFP is open. Fast forward a year or so, and I’m excited to be among the inaugural batch of speakers!

Continue reading→

Egyptian pyramids

Deeper Testing with PHPUnit Markup Assertions

In a perfect world, every piece of software would have automated tests. As soon as we change a line, we as developers would know what, if anything, broke in our application and where we need to look to fix it. Unfortunately, we don’t live in a perfect world, so we get by doing what we can.

Still, we can look to our image of the perfect world and draw from it, molding and shaping what we do have to closer resemble what we’ve been longing for.

Continue reading→

Screenshot from ExploitBox's CVE-2016-10033 video

Keeping WordPress Secure

A few days ago, a YouTube video was passed around a few Slack teams I’m a member of showing a proof of concept of an unauthenticated remote code execution vulnerability in WordPress core (in other words, a way for people to execute arbitrary code on your server, which is obviously bad). The video, posted by Dawid Golunski of Legal Hackers, purported that the vulnerability was exploited against a clean installation of WordPress with no plugins and only the default configuration.

This morning, Dawid’s new site, ExploitBox, posted details about the vulnerability. In short, by spoofing a request’s “Host” header, it’s possible to trick WordPress into sending a password reset email with a return path pointing to a domain you control.

The author goes on to hypothesize that if an attacker were to first overload the target’s inbox with large messages (effectively filling it to the point that it couldn’t hold more messages), this would cause the mail host to “bounce” (reject) the message, returning it to the sender (the attacker). Assuming the returned email contained the body of the original message, the attacker now has the link that will allow them to change the user’s password.

Continue reading→

The Tuletornen residential project in Sundbyberg, Sweden

Schemify: Automatic structured data for WordPress

It’s been several months in the works, but I’m thrilled to announce that my latest WordPress plugin, Schemify, is now available on WordPress.org!

Schemify is designed to automatically generate Schema.org-compliant structured data for WordPress, with full customization capabilities through actions and filters. With Schemify, you can rest assured that Google, Bing, and other search engines see your posts as articles, pages as webpages, and ensure that your authors get the credit they deserve.

Best of all? Schemify is able to inject structured data into your site without you having to change your markup!

Continue reading→

Writing WP-CLI Commands That Work! at LoopConf 2.1

After LoopConf was delayed due to Hurricane Matthew in October, the organizers invited me to speak at the conference in its new venue, the Sugar House in Salt Lake City, Utah.

I’ll be giving the same talk that was scheduled for Ft. Lauderdale: Writing WP-CLI Commands That Work!

Continue reading→

A series of links in several chains

Using symlinks for WordPress MU plugins

If you haven’t run into them before, WordPress Must-Use (MU) plugins can be a great way to say “no, seriously, my WordPress site needs this plugin in order to function”. Other times, MU plugins may be used to activate required functionality that site maintainers don’t want the site editorial team to have to worry about (for example, caching plugins like Batcache).

There are a lot of things that can be done with MU plugins, but there’s one major limitation right out of the gate: WordPress MU plugins cannot run in sub-directories.

Continue reading→

Custom field IDs for Gravity Forms

If you haven’t had the chance to work with it before, Gravity Forms is pretty fantastic. I was first turned onto it a few years ago while I was at Buckeye Interactive, where it was a mainstay across most of our client sites. Besides presenting an easy-to-manage interface for building forms, the plugin also makes good use of the WordPress Plugin API (thus making my life way easier) and has a vibrant ecosystem of official and unofficial add-ons.

One area where Gravity Forms could stand to improve, however, is making it easier to identify fields. Let’s say, for example, we have a form where we’re collecting a name and an email address; outside of assuming that the regular text field is the name and the input[type="email"] is the email address, Gravity Forms doesn’t really have a straight-forward way to identify fields when you’re doing extra work with submissions (like sending them to a newsletter or a CRM system).

In my new role as Director of Technology at Growella, one of the first things I needed to figure out was how we could reliably map Gravity Forms submissions into third-party tools.

Continue reading→

A rainbow made of different file folders

Working with profiles for new sites in WordPress Multisite

I wanted to take a quick moment to share a pattern I stumbled upon last week while building something for a client: this particular client runs a large, multisite WordPress network and often needs to be able to provision new sites quickly. In this case, we recently built an new theme designed to handle press sites for live events (photos, transcripts, live streams, etc.), and while I could automate a lot of the setup process (there’s literally a one-click “set all of the defaults for me” button on the dashboard), provisioning the new site still means creating the site as a Network Admin, assigning the theme, and clicking that button.

It’s good, but we can do better.

Continue reading→

Up to my Eyeballs in Technical Debt! @ WordPress DC

A few weeks ago, one of the organizers of the Washington D.C. WordPress meetup group reached out and asked if I’d be willing to speak while I’m in town for php[world]. Never one to pass up and opportunity to speak to new groups (to be fair, there was also mention of free pizza and beer), I happily accepted.

I’ll be giving my new Up to my Eyeballs in Technical Debt! talk, just days before it officially premieres at php[world].

Continue reading→

Page 2 of 7

Be excellent to each other.