HowTo: WordPress Plugin Supplied Templates for Custom Post Types

While prototyping a WordPress plugin I’m writing, I experimented with supplying default templates to display pages related to a custom post type. This is accomplished using the template_redirect action API.  If the following technique is not used, any special templates a plugin provides would need to be copied to the active theme, making plugin installation more complex than necessary.

Continue reading

WordPress, mod_rewrite and mod_security

Being conscious of web security is sometimes a real pain in the you know what.  I’m seeing some attempts to directly access some scripts on WordPress sites I maintain that should not be directly accessed.  No harm is being done, but there are “500 Internal Server Error” results being generated that should instead be “403 Forbidden” or “404 Not Found”.

I’ve made a few stabs at changing the re-write rules and am now looking the mod_security rules as perhaps a better method to trap the errors.  In both cases, there appears to a lack of good tools to use for testing the rules without making them active on a website somewhere.  And this is making it more complicated of course to get the rules right!

Stay tuned…  I’ve got a few more ideas and if I get this sorted out to my satisfaction, I’ll be posting an update on some good ways to protect areas of WordPress that should not be directly accessed via browser requests.  I haven’t found much on this topic in my searches on the web.  In fact, many places I find recommend turning off mod_security for WordPress.  I had a site hacked once with a SQL Injection attack because I had followed that advice.  I’m doing what I can to prevent that in the future!

Inspiration: The Art of Non-Conformity

I follow a number of bloggers and one that I want to acknowledge today is Chris Guillebeau who writes the blog The Art of Non-Conformity.  I finished reading his article on 279 Days to Overnight Success this morning and found it jammed full of little pearls of wisdom and useful resources.

One I plan to embrace is to avoid Adsense and related technologies.  I may point out products I’ve found useful and may even establish affiliate accounts with the provider in event a reader does follow a link to purchase.  I will not however be creating space on the page specifically targeted for advertising products that are not my own, should I eventually have any.  Another way of stating my intent is that the Firefox plugin AdBlock Plus should not block any content on this site.

I also plan to take things slow.  Chris recommends building a store of content, about 3 months worth, before really launching a site.  I like this idea, even though it means a fair amount of work with little external validation on the effort.  I already have about 10 draft articles started, some are just concepts, others a bit more roughed out and still needing some polish before they are ready.  In the early stages, the published articles will be focused on setting up the web site and track the evolution of my thoughts on what this site will become.

If you are thinking of starting a blog, or even want to re-imagine one you already have, I strongly recommend checking out Chris’s site.

Setting things up: Twitter done

I setup a twitter account @AnActionADay and was getting ready to put a page up on Facebook and had second thoughts.  Do I want to get a page going for it yet?  Maybe it would be better to start out feeding these updates into my personal facebook page and as this grows, open a facebook page.  I need 25 followers on facebook before I can reserve a name anyway so I’ll need a bit of a following to get it going.

Facebook can wait.  Enough to focus on getting an identity for the blog and twitter account.  I was surprised to actually get a relevant follower on twitter (or at least what looks like one) shortly after setting the account up, and before sending my first tweet!

css.php