Category Archives: WordPress

WordPress: Paying for Themes and Plugins?

3 Replies

A new friend of mine, Jamie Oaster, has brought up the issue of premium plugins and the potential business models surrounding them. WordPress is GPL software, and that means that plugins by proxy are supposed to all be released under GPL, as are all themes. This has severely limited the creation of a sustainable business model for themes and plugins that might have taken, days, weeks or even months to develop.

The basic premise of GPL is that everything created to use the GPL licensed code must also be released under GPL, which allows anyone to take the product you have created and re-distribute it. So if you charge $5 for a plugin, and someone buys it, they can then re-distribute it for free.

Jamie has a great article on Oaster.ca which covers all of these details and more and he is looking for some feedback on the whole thing. I have always been of the mind that plugins and themes should be excluded from the GPL since they are using hooks and template tags, rather than core WordPress PHP code, but unfortunately, this doesn’t seem to be the case.

I also believe that WordPress has matured to the point where it could do well with some developers accountable for their work through being properly compensated for their time.

Head on over to Jamie’s post and leave your opinion.

Originally posted on January 16, 2008 @ 6:40 pm

The Basics of WordPress: Permalinks

3 Replies

What are they?

Permalinks are used as the permanent link to your post or page, most WordPress users like what are considered “clean” or “pretty” permalinks, where information is put in the link, such as the title of the post, or even the date. The default by WordPress is to use post numbers, but that doesn’t look very professional, nor does it help to easily identify a post or page.

By default you’ll see something like:
www.domainname.com/index.php?p=25

But this section will help you change that to:
www.domainname.com/2007/a-little-about-me/

WordPress uses the ?p=postnumber links because they work across all servers that meet WordPress’ requirements.

How to change them?

Log into your WordPress administration area, and go to Options, and then Permalinks. You will see some text, as well as a few options.

WordPress Permalinks

Included WordPress Options

WordPress makes changing permalinks very easy. By default, the default option, with the question mark and post number should be selected. Again, this isn’t a very good selection, as it doesn’t give any information about the post or page that the reader will be going to.

Next there is date and name based. This is one that I have used for a long time, though search engine experts sometimes say that the articles look like they are too deep within a directory structure to the search engines, but it is still one of my favorite options.

Thirdly, there is numeric. Much like the default option, having numeric post URLs doesn’t lend much information about the article.

Lastly, there is an option to set a custom structure. This is the option most used, at least in my recent experience. It allows you to create your own structure for your blog, using the built-in structure tags from WordPress.

One of the most common custom structure I see is /%postname%/ which will make it so that all your posts are www.domain.com/postname/. This makes it very easy to recognize articles, as well as share links to your blog posts, and it is said to have the most search engine benefit.

I am still a fan of at least having the year before my post name, so that people can instantly tell how old an article is, but others tell me that great articles are timeless. If you want the year before your post name, the custom structure that you would use is /%year%/%postname%/.

For more information on Permalink options, check out the WordPress Codex.

Originally posted on January 10, 2008 @ 9:30 pm

WordPress Plugin Security Issues

3 Replies

Over on Weblog Tools Collection, Jeffro recently posted about Dean’s Permalink Migration Plugin which has a bug that can allow an attacker to force a user to perform an unsolicited action to allow the attacker to gain valid credentials, or basically, have access to your blog.

While someone stepped up to the plate and released a new, fixed version after the original author couldn’t be contacted, it still brings up the issue of continued WordPress plugin security.

As WordPress moves closer to the new 2.5 release, due out this spring, will plugin authors that develop the plugins we have come to depend on continue to support and develop their work s that the community can continue to benefit, or will new plugin authors have to step in to fill that role?

Who is responsible for the security of the plugins created? When will the WordPress community demand a group of standards to help improve the security of both WordPress plugins and themes?

I hope this issue is dealt with long before the next major version of WordPress. And while I hate to give Automattic more power and control over the WordPress open source project, I do think that they are the best suited to step up and hire someone to organize and check over WordPress plugins submitted to the plugin directory on WordPress.org.

I want to make this clear though, I don’t think the person from Automattic should become responsible for security issues related to plugins, but another set of eyes, focused on finding security issues, could help save many blogs from issues down the road.

Originally posted on January 28, 2008 @ 3:50 pm

WordPress 2.4 Administration Panel Preview

2 Replies

When WordPress 2.4 comes out on January 24th, the first thing pretty much everyone will notice is a brand new WordPress Admin panel design. The user interface side of things doesn’t appear to have changed much, but there is a huge graphical change, and some minor new features. For taking a small moves approach to developing WordPress, this one is sure to create all kinds of buzz in the coming weeks.

I took it upon myself to download the latest WordPress nightly and install it to see how the new design was coming along, and after getting it set up, I went and recorded a quick screencast for Tubetorial.

Hope you all enjoy it, and let me know what you think. So far, the response to the video has been positive, but the response to the new administration panel design has been mixed. It should be interesting to see what everyone thinks on the 24th when it’s finally released.

Note: The design has NOT yet been fully implemented in the nightlies, and is only 10-20% complete. I want to make this clear, as it seems many haven’t realized this and have begun criticizing it.

Originally posted on January 2, 2008 @ 11:15 pm

WordPress Blog Backup Reminder

2 Replies

We are quickly coming up to the end of 2007, and if you want to make sure your blog is safe from anything that could possibly happen, from hackers tampering with your site, to data loss with you host you will want to back up your WordPress site, and doing so has never been easier.

The most basic way I would recommend would be using the built-in Export tool that WordPress now ships with, and export your blog in the WordPress eXtended RSS or WXR file type. You then only need to back up your wp-content folder, and your wp-config.php file. This should contain nearly everything you need to restore your blog if anything happens.

There are great WordPress plugins for backing up your blog, as well as online services that attempt to help you out as well. You can also back up your files and databases through cPanel. I highly recommend using multiple methods and keeping backups in multiple places. Sometimes even just having a cheap hosting account with another company that uses a different data center is a great place to keep your offsite backups.

There is no excuse to not back up your WordPress blog if you are serious about blogging!

Originally posted on December 9, 2007 @ 7:02 am