Tom McFarlin

Software Engineering in WordPress, PHP, and Backend Development

Page 72 of 428

Secure WordPress Form Submission: An Object-Oriented Approach

September 18, 2018 /

Years ago, I wrote a post in which I shared a public function to determine if the user had permissions to save information to the WordPress database. You can see the original gist in all of its aged glory (along with the solid comments) here (it’s five years old, even – wow).

Secure WordPress Form Submission: The OG

As with anything programming related, time passes, things are refined, and things [hopefully] get better than they were before.

Though I still use and recommend a variant of the user_can_save (or userCanSave) function, I also think it’s important to go through the process of separating out the process of verifying the request.

So now it’s not just about determining if the user has permissions, but it’s about verifying the security information coming from the client – be it via a post back to the server or a request made via Ajax – and doing so using good programming techniques that align both with WordPress and with PHP.

To be clear, this is more about secure WordPress form submission from an options page or a settings page than it is, say, a form coming from a template. That’s another post for another time.

But still, there are plenty of us working on building applications on WordPress and that require the following.

Continue reading

Don’t Over-Engineer the Solution

September 13, 2018 /

If you come from an object-oriented background or try to build all of your solutions for WordPress using object-oriented techniques, then there are going to be times where it might feel like you’re hitting a nail with a sledgehammer.

For example, let’s say that someone comes to you and needs a custom plugin developed that works with a third-party plugin but it only needs to do one thing.

Is it worth taking the time to create an interface, implementing the said interface in a concrete class, set up subscribers, write unit tests, and so on?

I can see the appeal, but I generally say no. If the gist of what you need to do has to be including styles or JavaScript files or both, then why not rely on the native WordPress APIs and procedural programming?

Continue reading

Including Custom Fonts in WordPress Plugins

September 12, 2018 /

The more you work in web development, the more likely you’re going to see people asking you to incorporate custom fonts into their project.

Sometimes this is easy. For example, if you work with something like a Google Web Font, you can easily copy the code necessary to paste into your stylesheet.

Custom Fonts in WordPress Plugins: Google Fonts

Often, the code looks something like this:

And then you can use it in your stylesheet like this:

But what if someone provides you with a set of fonts that they want to use in their project that are in a file format and that are not hosted on some type of content-delivery network?

Continue reading

Adding Custom Information to a WordPress Category Edit Page

September 11, 2018 /

Adding additional meta boxes, fields, and other information to WordPress is easy if you know the right hooks and the proper APIs to follow. But what if you want to add information to a WordPress taxonomy page?

For example, say you want to create a custom WordPress category edit page or, at the very least, add some custom information to a taxonomy page?

It’s still possible to do that, and it’s still relatively easy but, again, you need to know the right hooks to use, and it also depends on if you’re working with the built-in taxonomies or a custom taxonomy.

For this post, I’ll show how to do this using a custom, hierarchical taxonomy (or, in simpler terms, a custom category).

Continue reading

The Why and How of Custom jQuery Events

September 6, 2018 /

As far back as 1.0, jQuery has provided a trigger function that allows us to:

Execute all handlers and behaviors attached to the matched elements for the given event type.

But it wasn’t until 1.3 that this particular function became significantly more useful, at least as far as I’m concerned. I say that because that’s when we gained the ability to define custom events and then set handlers for them.

Custom jQuery Events

What, though, is a likely use case in which custom jQuery events are useful in the context of WordPress? Off the top of your head, you may be able to come up with many. Or maybe not.

It hasn’t been until lately that I’ve been using them significantly more than usual. So I thought I’d share how I’m using them if for now other reason than showing you how to wire them up to your work.

Continue reading

« Older posts Newer posts »

© 2026 Tom McFarlin

Theme by Anders NorenUp ↑