FullThrottle is announcing our crazy referrals limited time offer. We are looking for 5 high quality referrals and we’re dishing out some serious rewards to you and your referral if you deliver quickly.

Rules are simple:

• Referrals are not officially recognized until the client has signed a contract and delivered their down payment to FullThrottle via PayPal or check
• Client and Referrer must inform FullThrottle of referral prior to contract and down payment being received by FullThrottle.
• Referrals will be for one of the following areas of work:
  • Web Design
  • WordPress Plugin Development
  • WordPress Theme Development
• Winners will be determined as followed:
  • The first officially recognized referral wins 1st place
  • The second officially recognized referral wins 2nd place
  • The third officially recognized referral wins 3rd place
  • The fourth officially recognized referral wins 4th place
  • The fifth officially recognized referral wins 5th place

Prizes are Crazy

• First place
  • Referred client receives 50% off of their final quote
  • Referrer receives 100% of the client’s down payment*

• Second place
  • Referred client receives 40% off of their final quote
  • Referrer receives 50% of the client’s down payment*

• Third place
  • Referred client receives 30% off of their final quote
  • Referrer receives 25% of the client’s down payment*

• Fourth place
  • Referred client receives 20% off of their final quote
  • Referrer receives 13% of the client’s down payment*

• Fifth place
  • Referred client receives 10% off of their final quote
  • Referrer receives 7% of the client’s down payment*

Note: FullThrottle’s down payments usually fall between 30% and 50% of the project’s quote.

It has recently been reported that WordPress blogs are being attacked by a Brute-Force campaign.

A Brute-Force attack happens when a malicious individual creates an automated script with the sole purpose of guessing your administrative password. It does this by pointing the script at your blog’s login URL: http://yourblogsdomain.com/wp-login.php. The script repeatedly guesses at your login name and password from a dictionary of commonly used usernames and passwords.

Here is an explanation from the post linked above:

The wp_brute_attempt() function takes 3 parameters, $ch which is cURL’s structure (cURL is a command line tools that can be used to perform HTTP requests). The other two parameters define the site and the password that will be tried. If the script logged in successfully, the page that gets returned by the server will contain the phrase “Log Out”, and the function will return a true value.

If you are currently running a WordPress blog and would like to secure your site against these attacks, the easiest thing to do is to simply change your admin username and to make sure you have a strong password in place.

If you would like assistance securing your site against this attack, FullThrottle is available to help. Simply contact us for more details.

Requiring a fairly specialized plugin interface between a local Filemaker database and our WordPress installation, we much appreciated FullThrottle’s response which satisfied our initial request. They paid great attention to detail, fully implicating themselves into a job which proved more complicated than envisioned. At a distance, we enjoyed a close working relationship. We recommend his services – indeed we ourselves probably will call on them again!

FullThrottle Development has exceeded expectations in delivering quality plugins in a timely fashion. They focus on correcting issues and rolling out updates on a regular basis and are responsive to requests on projects. I would definitely recommend FullThrottle to other developers who are looking for a quality company to partner with on WP Plugin development.

[update: you can now download this as a plugin. file at bottom of post]

WordPress has a great admin interface for managing just about every aspect of the software. One integral part of this interface is the “Authors & Users” screen:

This is a great utility and it gives us,  as the developers, the freedom to let our clients have control over their own authors and users.

If you develop like we do though, you’ve probably learned that its better for everyone when we limit the clients ability to have access to areas of the site that they don’t need on a day to day basis. The Plugins and Appearance utilities are a great example.

This usually isn’t a problem because WordPress integrated role management into their software. A common solution – and one that we use at FullThrottle – is to simply retain the “Admintrator” role for yourself and split up the remaining roles for your client as needed. No problem!

What if we don’t want our clients to be distracted by the default “Administrator” account that we leave in tact though? Is there a simple way to remove this from the client’s screen? Well… if simple means fool proof and strictly using PHP and WordPress hook, then no (though we may submit some patches to make this possible). Regardless, what you can’t do with PHP, you can always do with jQuery. Below is our ‘smoke and mirrors’ way to remove all administrator level roles from the User’s screen if being viewed by anyone not in that role.

Removing Administrators from WordPress Users & Authors

All of the code below will be placed in your theme’s functions.php folder:

Step one: Queue the jQuery. Technically, jQuery should already be enqueued, but better safe than sorry:

// Enqueue jQuery
add_action('admin_enqueue_scripts' , 'ft_hide_administrator_jquery' );
function ft_hide_administrator_jquery(){
	global $pagenow;
	if ( 'users.php' == $pagenow ){
		wp_enqueue_script('jquery');
	}
}

Step Two: Remove ‘Administrator from the dropdown boxes

// Remove Administrator from "Editable Roles"
add_action( 'editable_roles' , 'ft_hide_adminstrator_editable_roles' );
function ft_hide_adminstrator_editable_roles( $roles ){
	if ( isset( $roles['administrator'] ) && !current_user_can('level_10') ){
		unset( $roles['administrator'] );
	}
	return $roles;
}

Step Three: Use some jQuery magic to remove the administrator

// Hide Administrator from list of users
add_action('admin_head' , 'ft_hide_administrator_user');
function ft_hide_administrator_user(){
	if ( !current_user_can('level_10') ){
		?>
		<script type='text/javascript' >
			jQuery(document).ready(function(){
                          var admin_count;
                          var total_count;

			  jQuery("#list-filter > .subsubsub > li > a:contains(Administrator)").each(function(){
			  	admin_count = jQuery(this).children('.count').text();
				admin_count = admin_count.substring(1, admin_count.length - 1);
			  });
                          jQuery("#list-filter > .subsubsub > li > a:contains(Administrator)").parent().remove();
			  jQuery("#list-filter > .subsubsub > li > a:contains(All)").each(function(){
			  	total_count = jQuery(this).children('.count').text();
				total_count = total_count.substring(1, total_count.length - 1) - admin_count;
				jQuery(this).children('.count').text('('+total_count+')');
			  });
			  jQuery("#users > tr .administrator").parent().parent().remove();
			});
		</script>
		<?php
	}
}

That’s it! As always, if you find any bugs or have any suggestions, just leave a comment. Below is a link to download the whole chunk of code. Just paste the contents into functions.php and you should be good to go!

Download Code:

• Zipped PHP file
• Text File
• Plugin zip

Final Result:

In WordPress MU there are two levels of users. There are users who have a blog and users who do not have a blog. This option is usually chosen when the user creates their account. If they choose to have just a username only (no blog), then the user is added as a subscriber to the main site (default setting). If they chose to have a blog, WPMU adds a subsite for them with an administrator user for that subsite. However, it does not give them subscriber permissions to the main site.

This became an issue with a site I was working on recently. The main site had a calendar that any logged in user needed to be able to add an event to. To do this I had to create a custom group that allowed users to post in a specific category only, which worked great, except for blog users. Since blog users are not given any rights on the main blog, I needed to find a way to automatically create the same functionality that normal users have on the main site.

This is what I came up with:

function ft_new_user_meta($blog_id, $user_id) {
add_user_to_blog('1', $user_id, 'calendar' );
}
add_action( 'wpmu_new_blog', 'ft_new_user_meta', 10, 2 );

Basically, I hook onto the wpmu_new_blog function, so whenever it is called, it calls my ft_new_user_meta function. Which passes in the two variables $blog_id and $user_id. Then I run the function, add_user_to_blog with 1 as the blog_id for the main site, the $user_id that I’m adding, and the role that I want to give. In this case it is my custom “calendar” role.

I added that into a file named new_user.php which I placed in the mu-plugins directory. Now, whenever a user goes to the site and creates their own blog, it gives them access to the main site with rights to add events to the calendar.

If you have any WordPress blogs on 1and1 then you’ve probably ran into some problems with updating certain plugins, updating the blog, or even importing to your blog. The reason is because 1and1 has some issue with PHP4 but there is an easy fix.  You need to hand edit your .htaccess file (located in the root of your WordPress directory). Here you will add the line, AddType x-mapp-php5 .php to the end of the file. It doesn’t matter too much where you put it, so it’s best just to put it at the end.

Let us know if this helps you out or not.

Sebastian Bergmann has put together a slideshow highlighting several tips for good PHP coding techniques. Th e slideshow is called “Quality Assurance in PHP Projects“.

The slideshow includes several examples of coding and testing techniques.

Often, web pages will include links at the top of the page which reference paragraphs or sections lower on the page. A recent client’s web page had a list of links at the top of the page. Each link would cause the page to scroll down to that particular section of the web page. The client wanted the user to be able to quickly return to the top of the page, but he did not want “Back to Top” links at the end of each section.

Usually, this type of web page does have “Back to Top” links at the end of each section. For example, click here to jump to the next section of this post.

Next Section
This is the next section. If you clicked on the link above, then you scrolled to this section. This section could have been anywhere on this page.

This is the HTML code used to create the link “click here to jump to the next section of this post”:

<a href="#nextsection">click here to jump to the next section of this post</a>

This code creates a link to a named section called “nextsection”.

The code to create the named section for “Next Section” would look like this:

<a name="nextsection"></a>

Typically, you would create a link at the end of “Next Section” to allow the user to jump back to the top of the web page, like this: Back to Top.

This is the code for creating the “Back to Top” link:

<a href="#">Back to Top</a>

Hiding “Back to Top” Links
However, it is not always aesthetically pleasing to have “Back to Top” links appear throughout your web page at the end of each paragraph or setting. This is especially true if your users want to print your web page. The process below “hides” the “Back to Top” links until a user clicks a link to that section.

For example, this link will take you to a section called “New Section“. However, before you click that link, scroll down to “New Section”, and you will see that there is no “Back to Top” link.

New Section
This is the new section. If you clicked on the link to “New Section” above, you should have jumped to this section. You will also see a “Back to Top” link here: Back to Top

However, if you scrolled down the page without clicking the “New Section” link above, then you should not see a link for “Back to Top”.

This is the new HTML code used for the “New Section” link:

<a onclick="document.getElementById('newsection_back2top').style.visibility = 'visible';return true"
href="#newsection">New Section</a>

This code sets element “newsection_back2top” (defined below) to be visible when the link “New Section” is clicked.

This is the new HTML code for the “Back to Top” link:

<span id="newsection_back2top" style="visibility: hidden;">
<a onclick="document.getElementById('newsection_back2top').style.visibility = 'hidden';
return true" href="#">Back to Top</a></span>

Floating “Back to Top” Links
There is another option that works well for a web page that has several section with multiple “Back to Top” links. Instead of coding a “Back to Top” link after each section, or even coding a hiding “Back to Top” link after each section, you can create a “Back to Top” link that floats at a particular place on the web page.

For example, click this link for the “Final Section“. This link will cause the page to scroll down to the section labeled “Final Section”, and it will also make a new “Back to Top” element visible.

Final Section
If you clicked the “Final Section” link above, you should now see a floating “Back to Top” link on the left side of the page. Even if you scroll up or down on the web page, the “Back to Top” link will remain in the same position. Click the “Back to Top” link to scroll to the top of the page and to remove that floating “Back to Top” link.

The code for the “Final Section” does not change. However, this is the new code for the “Back to Top” link:

<div id="finalsection_back2top" style="position: fixed; left: 5px; top: 40px; background: #EEE;
visibility: hidden;"><a onclick="document.getElementById('finalsection_back2top').style.visibility = 'hidden';
return true" href="#">Back to Top</a></div>

The addition of fixed positioning along with a location (left, top), causes the “Back to Top” link to “float” in the specified position on the web page.

Adding a blog to your business web site is a great way to attract customers and clients to your business. Even in this age of Web 2.0, most web content remains static, meaning the message delivered to search engines like Google does not change. However, by adding a blog to their website, businesses can create dynamic content which will be indexed by search engines.

The Complete Website has published a short (1 minute) video that demonstrates the effectiveness of adding a blog (and blog content) to your business website. Watch their video here: “Business blog = Google magnet [video].”