Note: This discussion pertains to V3.* of WP using an older TinyMCE implementation. Details might be different now. WordPress Multi-site configurations often present some unique challenges for WordPress plugin authors. One I just finished dealing with is how WordPress handles a WP plugin that is defining a TinyMCE editor plugin. What follows is going to […]
HowTo: WordPress Plugin Supplied Templates for Custom Post Types
While prototyping a WordPress plugin I’m writing, I experimented with supplying default templates to display pages related to a custom post type. This is accomplished using the template_redirect action API. If the following technique is not used, any special templates a plugin provides would need to be copied to the active theme, making plugin installation […]
HowTo: Securing WordPress wp-content and wp-includes Directories
After some banging around in mod_rewrite, I sorted out how to prevent prying fingers from directly executing PHP modules that are contained within the wp-content and wp-includes directories. With few exceptions, PHP modules in these directories should not be directly access by a browser client.
WordPress, mod_rewrite and mod_security
Being conscious of web security is sometimes a real pain in the you know what. I’m seeing some attempts to directly access some scripts on WordPress sites I maintain that should not be directly accessed. No harm is being done, but there are “500 Internal Server Error” results being generated that should instead be “403 […]