10 Things You Need to Know About WordPress 2.6

WordPress 2.6 is around the corner (sometime next week, it looks like), and as usual, there’s a bunch of changes, improvements, enhancements that have went into this version. In my opinion, this is an odd major release. While there are certainly major new changes that warrant a new major release, much of the release consists of various improvements generally saved for “dot releases”. Security and enhancement type stuff. The thinking is that WP 2.6 can be released so a WordPress 2.7 can come in the early fall timeframe and integrate new features developed in conjunction with the Google Summer of Code project.

Still though, there is a significant amount of new functionality that I find quite nice.

Google Gears Support

Gears is the Google technology that allows for Firefox (apparently IE 6 too, but I can’t confirm) to “pre-cache” pages and speed up access. Gears has been integrated with WordPress 2.6 on the admin side and speeds things up tremendously. This is particularly important where broadband access is limited or inaccessible (third world, for instance). To enable Gears in your new WordPress 2.6 installation, click on the Turbo link in the upper right corner of your WordPress admin.

XML-RPC Editor Functionality

Quietly, a new bit of functionality snuck into WordPress trunk that threw a number of developers and kicked off an interesting discussion. In the development cycle, XML-RPC and Atom Pub API for remote editing was turned off by default as a “security precaution” since many recent WordPress security issues seem to stem from the XML-RPC protocol.

Daniel took the issue up on his blog in a bit of a vicious manner because he has a vested interest in desktop client support for blogs. He is the developer behind the very nice MarsEdit client for Mac which, incidentally, I’m using to write this post. He took his battle up, a bit more congenially among WordPress developers, and the result was a compromise. New WordPress 2.6 installs would be given the option at install to enable XML-RPC editing and upgraded blogs (pre-existing) ware grandfathered in to an “enabled” paradigm.

Picture 9.png

This is an important shift in the way bloggers think about writing. Most of us simply want to write. We don’t want to worry about the technical aspects of maintaining a blog. This is the philosophy that drove the b5media team, whom I worked for from very early days, to develop a network of bloggers that were able to simply write without worrying about the logistics of maintenance, upgrades, monetization, etc. Unfortunately, while most bloggers are not technical, malicious parties ‘out there’ are technical and look for any opportunity to attack blogs and other websites. XML-RPC and APP provide a vector which, though pretty secure, has seen its share of exploits in the past. Disabling functionality that is not explicitly used by every user makes sense for security reasons.

Bloggers can enable or disable the functionality via the Settings > Writing page in WordPress admin and most desktop editors still only support the XML-RPC protocol so unless you’re explicitly using the Atom Publishing Protocol, you’re probably safe to leave only XML-RPC checked.

Post Versioning

Developers familiar with Subversion, or SVN, understand the concept of versioning and diffs. Compare one file, or revision, against another file, or revision, and see a breakdown of differences between the two. With the help of GUI tools, developers can see a color-coded red vs. green (removed vs. added) presentation.

This concept has now been applied to posts so you can view differences between posts as well as “revert” to an earlier version of a post. I absolutely love this feature and you can see an example of a “revision compare” built directly into WordPress.
postrevs.png

SQL Security – $wpdb->prepare()

Back in WordPress 2.3, the

1
prepare()

first emerged, initially unused… but there. The method was very experimental at the time and was not ready for prime-time so, though it was included, it was not yet used. We started to see its emergence in WordPress 2.5 and in WordPress 2.6 it is being used just about everywhere.

The idea behind

1
prepare()

, if you’ll allow me to get geeky for a minute, is to sanitize SQL in such a way that SQL injection is prevented. So, plugin developers, in particular, should be happy with this method (part of the

1
$wpdb

class). Not only should they be happy, but from a best practice standpoint, you should be using it.

In my opinion, this should be a part of a “dot release” and not as a major feature of a major release.

Shift-Click Selection of Multiple Checkboxes in WP-Admin

As the backend of WordPress continues to evolve after the release of the drastically redesigned admin in WP 2.5, usability enhancements are also making their way in.

One of the better usability enhancements added in WordPress 2.6 is the ability to “shift click” to select multiple checkboxes at once. Say, for instance, you want to clean up an unwieldy category system (as I need to), Simply navigate to your category management page, click on the first category you want to delete, for instance (posts will go into the default category), and “Shift-click” on a checkbox farther down the list. Magically, all checkboxes in between will also be selected.

This, of course, works anywhere where checkboxes are employed in the WordPress admin.

More Avatar Options

With the Automattic acquisition of Gravatar last year, in-built support for Gravatars was introduced in WordPress 2.5. WordPress 2.6 gives the blogger more options by allowing for selection of the “default” avatar. Out of the box, the default Gravatar can be “Mystery Man”, a generic grey avatar with a white silhouette of someone. Default avatars can also be “blank” (self-explanatory), the Gravatar logo, Identicons, Wavatars or MonsterIDs. These have all been a part of WordPress.com for some time and now come to the rest of us. For more information, Matt wrote a post for the WP.com community that you should probably check out. The difference here being, of course, that WordPress.com offers “dashboard avatars” and WPFROU (WordPress for the Rest of Us) does not include this functionality.

Page Templates over XML-RPC

In addition to the XML-RPC/APP security measures listed above, a new key bit of functionality has now been exposed for API editors (and also, if you think about it, demonstrates the power behind XML-RPC and why you might want to turn it off if you don’t use it). The XML-RPC interface now allows for managing page templates from an API editor. To the best of my knowledge, no editor supports this yet and may not. However, increasingly there is the ability to remotely post content from places like YouTube, Utterz and others. None of these services would have any real use for this functionality either, however I want to point out that because they can post remotely anything that is exposed to the remote world can also be managed.

It’s also conceivable that an offline WordPress client could be built that replicates WordPress admin in a desktop client, and this is one more step in that direction.

Press This

Press this! is a new enhancement of a long-existing concept. Bookmarklets. In fact, WordPress used to have a bookmarklet included that would allow a user to quickly start a new post from the browser toolbar, but the functionality was limited.

The Press This! functionality rocks, actually, because it allows the user to be on any website, click the bookmarklet and get a miniaturized version of WordPress admin with options to snip text, photos from the page, quotes or video embeds.

Picture 10.png

Obviously, we can lead you to water but we can’t make you drink. BE VERY CAREFUL OF COPYRIGHT VIOLATIONS! Oh, and the Associated Press sponsored this. (kidding!)

Integrated Theme Preview

Theme previewing has been a bugaboo for many a theme designer. How do we check and develop without affecting the rest of the site. Some folks resorted to using Ryan’s venerable Theme Preview plugin. Others setup a beta version of a site that was sandboxed off from the rest of the world. Lots of different approaches, all of which remain valid.

However, for theme developers and bloggers looking to see how a theme will look on their site, with their content, there is now theme preview bling. When you are on your Design page, click on one of the theme screenshots and your site will be loaded in a lightbox-like overlay to allow you a live preview. Heavily inspired, I’d imagine, by the Mac OS X Leopard Quick Look functionality.

Remember when Technosailor looked like this?

Picture 11.png

Plugin Management Overhaul

Finally, the plugin management interface has received a face-lift and some added functionality. Active plugins and inactive plugins are segregated and with that new fangled Shift-click functionality I talked about before, plugin management just got really freaking simple. Note that Active plugins can be deactivated in bulk and Deactivated plugins can be activated or even deleted in bulk. Clean up that stale plugin list in a snap. But… there’s always a but… make a backup before you go nuts.

WordPress Plugin: WP-Twitterpitch

Obviously, there’s been a lot of talk about PR pitches gone bad. Stowe Boyd coined the word Twit Pitches last month. The concept is to force PR firms to use the economy of words (characters?) to pitch bloggers. It’s a reality in life, and I fight with my wife on this regularly, that no one cares about your “thing” as much as you do and so are less likely to want to give you the time to “pitch” the story or idea. You need to be quick, succinct and use compelling hooks.

Thus, the Twitter Pitch was born.

I’m releasing a new plugin that I hacked together over the weekend called WP-Twitterpitch that I’m also running here at Technosailor. Check out the navigation for a demo.

WP-TwitterPitch is all about getting the pitch delivered to you in the form you want to get it delivered – in other words in Twitter format. If you’re like me, then your Twitter direct message box is a lot like your email inbox. Personally, I don’t want to get pitches from PR companies in certain email inboxes. For whatever reason, I may not check them or they are personal, etc.

Twitter, however, provides the ultimate quick-messaging system. This plugin provides a template tag that you can drop anywhere in your theme. Clicking the link provides lightbox-like functionality for a “pitch form”. Using the form does not require a Twitter account (but does require that you have a secondary Twitter account you can use for this purpose, since you can’t send Direct Messages to yourself via Twitter). Note: Your WP-TwitterPitch Twitter account must follow the account that is being pitched and vica versa. This is a one-off action (hopefully, depending on Twitter) and only needs to be done when setting up WP-TwitterPitch.

Messages sent from the form are DMmed to the account getting the pitch and the form is limited to 140 characters or less. The beauty of linguistic efficiency.

Installation

  1. Upload the
    1
    wp-twitterpitch

    folder to the

    1
    /wp-content/plugins/

    directory

  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Edit Admin options to include Twitter ID to pitch, Twitter ID and Password to send Twitter pitches
  4. as, as well as a message to “pitchers” that will be displayed in the form after the pitch has been sent.

    Place wherever you want the link to appear

Direct Download Link

WordPress 2.5 en Español

Al fin aparece WordPress 2.5 en su versión oficial. Si quieres tenerlo en español, aquí te lo explicamos. Vas a necesitar lo siguiente:

  1. Blog actualizado a la versión más reciente de WordPress
  2. El archivo de WordPress en español
  3. Acceso via FTP, Control Panel o Shell a tu servidor

En el servidor donde tienes alojado el WordPress 2.5, crea una carpeta de nombre “languages” dentro de la carpeta “wp-content“.

Descomprime el archivo de WordPress en español y sube el archivo “es_ES.mo” a la carpeta que acabas de crear en tu servidor: “wp-content/languages“.

Edita el archivo “wp-config.php” en tu servidor y busca la línea que dice:

define ('WPLANG', '');

y cámbiala a:

define ('WPLANG', 'es_ES');

¡Felicitaciones! Ya tienes tu administrador de WordPress en español.

Tablero:

Tablero en español

WordPress 2.5: Tablero en español

Escribir Artículo:

Escribir articulo en inglés

WordPress 2.5: Escribir artículo en inglés

Escribir articulo en español

WordPress 2.5: Escribir artículo en español

Perfiles de Usuarios:

Cada usuario puede elegir los colores del administrador.

Nuevas opciones en perfiles de usuarios

WordPress 2.5: Nuevas opciones en perfiles de usuarios

Administrar Artículos:

Todavía quedan algunos términos por traducir (published).

Administrar articulos

WordPress 2.5: Administrar artículos

Entrar al sistema:

Desde el primer momento, WordPress te recibe en tu idioma favorito.

Entrar al sistema en inglés

WordPress 2.5: Entrar al sistema en inglés

Entrar al sistema en español

WordPress 2.5: Entrar al sistema en español

Próximamente: cómo mantener tu copia de WordPress actualizada fácilmente con SVN.

Technorati Tags:
,

Funny WordPress Plugin Sneaks In

One of the annoyances we have at b5media is when people spell our company name wrong. We’ve even had our own people spell the name wrong. So annoying. :-)

Somewhere along the line last year, this universal plugin snuck into our build. I don’t know where it came from or who wrote it. (whistles) It solves the problem though. :)


1
 

Maintaining WordPress on SVN: Adding Plugins

Thank you for joining me again for this series on maintaing WordPress from subversion. We talked previously about creating an SVN repository and then about importing WordPress into the SVN repository.

Today, we get into customizations. It does us no good to have an SVN repository with WordPress if we don’t change it to be something other than what it is. In this episode I talk about adding plugins (and you can add any file, really) by adding it to the working copy folder and then checking it in.

I also touched quickly on svn:externals, although I note that I goofed in the screencast and typed

1
svn propedit svn:external .

instead of using the correct

1
svn propedit svn:externals .

(note the plural externals).

Maintaining WordPress on SVN: Create Your Repository

A lot of people know that I’ve done a bit with maintenance of WordPress using subversion. Alot of those same people have asked me to show how it’s done. It’s not very difficult, really, but I encourage you to work with a host like Dreamhost that provides one click installs of svn. It’s the easiest way to get web accessible repositories to use for maintenance of all your various WordPress blog.

Here’s video 1 in this series, which demonstrates the creation of an SVN repository and the basic file structure that is best practice for a repository.

WordPress Export Base Class

Real quick note to let you know that over the weekend, I released new code that is GPLv2, relating to WordPress export format (WXR). The code and details are here and I’d love to get some input and contributions of other export classes. I’ve included a (yet undocumented) Expression Engine exporter as well and will back port some of my previous exporters to use this class as well.

So, if you’re a WordPress hacker, or if you just want to help people move to WordPress and have some coding skills, half the battle is already fought. Check it out.

Expression Engine WXR Export Class

Earlier, I shared with you a new base class I’m releasing into the wild. While that was a conceptually nice piece of code, and potentially useful, it didn’t really translate in usefulness without some actual code.

As mentioned, I just moved Shai to WordPress from Expression Engine and it required writing a custom export routine. Instead, I wrote the base class in conjunction with this extension class.

This could very well be a very good example for someone wanting to write their own routine. While it is custom to Expression Engine and would look different for other platforms, the bottom line is that the methods in the base class have to be fed certain data.

As with the base class, this is meant for advanced WordPress hackery and is not a plugin nor for rookies. I don’t mean to sound condescending, but it took me years to wrap my head around object oriented PHP and so please don’t ask me. :-)

I can say that if you dive into this code, you will find the roadmap to your own importer. This is fully functional. It works. It’s for Expression Engine, but it works. Your methods should return similar data.

One day I’ll get around to documenting it, but my mind is mush after working on this all weekend. :-)

Update: Oops, forgot where you can download. Subversion it is again:

1
svn co http://svn.aaronbrazell.com/wpwxr/tags/expression-engine/ expression-engine