There are several WordPress plugins that allow users to publish their post information to a Facebook status or to a Facebook page. However, these plugins either require the user to log in to Facebook after publishing each post, or all WordPress authors post to the same Facebook profile or page.

However, many WordPress sites have multiple authors, and each author has their own Facebook profile.

The improved FT FacePress II plugin allows each WordPress author to update their own Facebook profile and/or a Facebook page. Furthermore, WordPress admins can setup FT FacePress II to publish post information from all WordPress authors to another Facebook profile and/or page. When the author publishes a post (or when a scheduled post is published), the plugin publishes the post information (title, url, and/or excerpt) to the author’s Facebook profile status. Also, each author can direct the plugin to publish the post information to a Facebook page. These settings are updated in the FacePress II User Options.

Admins can use the FacePress II Admin Options to direct the plugin to publish post information for all WordPress to the Facebook page and/or profile designated in the FacePress II Admin Options screen.

Furthermore, if the admin checks the “Update All Facebook Profiles” checkbox (only in the FacePress II Admin Options screen), then when any author publishes a post, the information goes to all author’s profiles and/or pages as well as the admin profile/page.

Finally, FacePress allows each author and the admin user to set the format of the post information published to Facebook, and to set the categories to include/exclude from publishing.

Screen Shots and Option Settings

FacePress II Admin Options Submenu

The FacePress II plugin adds a submenu to the Settings menu (”FacePress II Admin Options”). Admins can use this submenu to set FacePress to publish their posts, and to direct FacePress to publish their post information to the profile/pages of all authors.

Admins should fill in the “Profile” and/or “Page” unique email fields. NOTE: Do not fill in these fields with the email address that  you use to log in to Facebook. Instead, fill in these fields with the unique email address that Facebook creates for each profile and page. Follow the directions on the options page to find the Facebook created unique email addresses.

When any user publishes a post, the post information will be published to the Facebook profile and/or page that is entered in the FacePress II Admin Options page (if either the Facebook profile or the Facebook page unique email address is entered).

If the “Update All Facebook Profiles” option is checked, then when any user publishes a WordPress post, then the post information will be published to all user and admin Facebook profiles and pages.

FacePress II User Options

The plugin also adds a submenu to the User Profile menu (”FacePress II User Options”). This menu allows each author to set FacePress to publish their own posts.

Each user should fill in their own “Profile” and/or “Page” unique email fields. NOTE: Do not fill in these fields with the email address that  you use to log in to Facebook. Instead, fill in these fields with the unique email address that Facebook creates for each profile and page. Follow the directions on the options page to find the Facebook created unique email addresses.

When any user publishes a post, the post information will be published to the Facebook profile and/or page that is entered in the FacePress II Users Options page for that user (if either the Facebook profile or the Facebook page unique email address is entered), as well as to the Admin’s Facebook profile and/or page as indicated above.

FacePress II Post Options

Finally, the plugin also adds a section to the edit post window. These options may be used to override the general settings on a per post basis. If “Exclude this Post” is checked, then this post information will not be published to Facebook. Similarly, if the “Format” field is entered, this post format will override the Format fields on either the Admin or User Options pages.

Download the latest version.

WordPress is a great piece of software driving billions of sites across the internet. One of the main reason WordPress does so well is because the community gives back freely and often. While these community contributions to the project mean that WordPress is continually enhancing its feature set, it also means that a web site powered by WordPress is continually in need of upgrades.

Being the excellent software that it is, WordPress gives you the ability to ‘Auto Upgrade’ to the latest version. If you’re running an unmodified installation and you don’t have too many plugins, this is an excellent option and I would highly suggest you give it a try.

If you’re going to upgrade WordPress to 2.9 on your own, we want to provide you with the following suggestions and resources.

1. Always backup your database and your file structure (especially the wp-content folder) before upgrading. You can never be too safe. This goes for manual upgrades as well as auto upgrades!
2. Always deactivate plugins prior to upgrading. If you have a lot of plugins and your site gets a lot of traffic, this may be tricky. It’s not ‘necessary’ but its safe practice because if one of your plugins doesn’t mesh with the new version of WordPress it may render your site inaccessible.
3. We would suggest checking with all your plugins’ authors to see if their plugin is compatible with the latest release of WordPress prior to upgrading.
4. Most hosts give priority to index.html over index.php. We often use this tactic to put up a nice “Site down for scheduled maintenance” message during the upgrade. This is obviously optional.
5. You can find a detailed step-by-step instructions for manually upgrading WordPress on their website: http://codex.wordpress.org/Upgrading_WordPress_Extended

Finally – and lets be honest, the real reason we wrote this post – if you have had trouble with WordPress upgrades in the past or are a little bit hesitant to do it yourself, check out http://wpupgrade.com. It’s a site that FullThrottle just launched with the sole purpose of helping others upgrade their WordPress installations.

One of my first experiences with the social web was Del.icio.us. I stopped using it shortly after Yahoo! aquired it, but that’s a different story. The reason I bring it up is because I loved the way that you could search for multiple tags by including a + sign in between each tag in the URL. Can you even do that anymore?

So, I’ve been wanting to do this with WordPress categories for a while now and recently had the motivation to make it happen (aka: a client needed it).
Below is my first draft. It only works with permalink structures for now. I’m looking for some feedback and ‘beta testing’ before I put it into the WordPress plugin repository. Would anyone like to help?

How it currently works:

1. Download, unzip, FTP to your site’s plugins folder.
2. Activate the plugin.
3. Visit http://yourdomain.com/categories/cat1-slug+cat2-slug+cat-3slug+etc/
4. You should get a listing of all your current posts that are in all of the above categories.

Templates, Titles, etc

I am currently using the following logic for determining what theme file is used to display your posts:

1. If there is a file called categories.php, use that.
2. If there is a file called archive.php, use that.
3. If there is a file called index.php, use that.
4. If there is a file called 404.php, use that.

I currently have the following functions available to help you build a title for your archive page

1. is_categories() returns true if you are on a categories page ie: /categories/ is in the URL
2. ft_mca_titles() returns an array of titles for each of the categories in your URL

Download the zip file here: ft-multiple-category-archives.php.

Leave comments below. Thanks!

[Update] WordPress 2.8.5 just dropped. It addresses the DoS attack among other issues. Get it here.

There have been several reports this morning of a DOS attack affecting the WordPress wp-trackback.php file.

• [original post] http://www.stevefortuna.com/new-0-day-wordpress-exploit/
• http://jarraltech.com/2009/10/new-0-day-wordpress-exploit/
• http://www.hashbangcode.com/blog/wordpress-dos-attack-script-solution-2135.html

All the the solutions have been the same thus far and require editing your .htaccess file or the wp-trackback.php file.

FullThrottle has composed this quick plugin that accomplishes the same thing as the edit to the wp-trackback.php file. You may download the plugin below or paste the following code into your theme’s functions.php file.

We will update this post and our code if further insight into the attack deems it necessary.

function ft_stop_trackback_dos_attacks(){
	global $pagenow;
	if ( 'wp-trackback.php' == $pagenow ){
		// DoS attack fix.
		if ( isset($_POST['charset']) ){
			$charset = $_POST['charset'];
			if ( strlen($charset) > 50 ) {  die; }
		}
	}
}
add_action('init','ft_stop_trackback_dos_attacks');

Download the plugin here: ft-stop-trackback-dos-attacks.php

One reason that WordPress is such a great tool for blogging is due to its excellent commenting features. As a blog owner, you can choose whether you want to allow comments on your posts, whether you want to moderate the comments, or whether you want to let each of those comments automatically post without moderation.

WordPress allows you to specify a couple options for comment moderation out of the box:

• An administrator must always approve the comment
• Comment author must have a previously approved comment
• Hold comments for moderation if more that ## links appear in the comment
• A black list of terms that always send a comment to moderation

This plugin provides you with one more option: Always moderate comments for the following categories.

So, if you have a blog where you allow people to comment freely, but you always want to moderate comments for one specific category, follow the directions below to implement our solution:

1. Download the plugin here until its listed in the WP repository
2. Unzip the file
3. Place the ‘ft-auto-moderate-comments-by-category.php’ file in plugins folder
4. Activate FT Auto Moderate Comments By Category in the WordPress plugin admin page
5. Go to Settings -> Discussion and look for the ‘Auto Unapprove Comments by Category’ setting.
6. Place a comment separated list of categories you want always moderated as false in this field. ie: 1,3,4,6
7. Save and test.

Please let us know if you have any questions or comments

[Download our nonce library]

We’ve recently developed our own PHP NONCE library for use with custom programming. Our version is loosely based on the implementation found inside the core WordPress software.

What is an NONCE?

Literally, the term refers to a number used once. In software development, it is often used as a security measure to ensure that certain links or forms are only available once, thereby preventing malicious attacks against the system. Read More

Where would I use an NONCE

An NONCE offers an additional level of security where sensitive actions may take place within your application. Take the following line of code as an example:

<a href="delete_post.php?post=003">Delete Post</a>

This link was poorly thought out if the application has no other security measures in place. Anyone could begin deleting posts by simply pointing their browser at the above link and changing the post number.

Well designed applications would only make that link available if the user was logged into the system with appropriate permissions. Furthermore, the delete_post.php script would ideally check to see if the user was logged into the system and if the user had appropriate permissions to delete that post. Is this enough security though?

Here are just two scenarios that could circumvent the above security measures:

1. Depending on how the application’s user authentication works, it is certainly possible for a malicious user to spoof an authenticated user or to otherwise crack the authentication.
2. Additionally, if you are a legitimate admin of the above mentioned application it would be possible for me to trick you by sending you a link or to this script. Once you clicked it, the post would be deleted.

How an NONCE prevents the above attacks

An NONCE is successful as an additional layer of security because it prevents actions initiated by links or REQUESTS from being used more than once. Every time a link or a form is printed on the screen, your NONCE functionality embeds a key / value pair to be sent to the receiving script. Every time that script is called, it checks for the key / value pair and then authenticates it on a pass / fail basis. If it passes, the action is performed, if it fails, the action is not performed.

The above link with an NONCE applied to it would resemble something like the following:

<a href="delete_post.php?post=003&_nonce=9c5fbfabb1">Delete Post</a>

The receiving script would then do the following:

1. Check to see if the user is logged in with appropriate permissions (standard security)
2. Check to make sure the NONCE key / value is set
3. Authenticate the received NONCE using a library of functions.

How does an NONCE create and authenticate its key / value pairs?

While there are no hard and fast rules for creating an NONCE, most libraries will include the following components when generating an NONCE:

• A secret key or ’salt’ stored only on the server
• A user ID (optional – makes the NONCE only work with a specific user)
• An action name: ie: ‘delete-post’
• A timestamp (allowing the NONCE to expire if never used)
• A database of used NONCEs (optional and not used in our library)

Using all of the above components, an NONCE may be generated like this: secret-salt + user ID + action-name + timestamp. All of this is thrown into a hash that the receiving script can unpack and authenticate (Most of the time, the timestamp will be modified before being included and hashed).

The receiving script doesn’t actually ‘unpack’ the received key, rather it recreates it and compares. For instance, the delete_post script would combine the secret salt (which it knows) , the current users’s ID , use the delete-post action name, and a timestamp (modified appropriately). If any one of those components are off, the NONCE value generated by the receiving script will not match the one sent by the initial script and the NONCE will fail to authenticate.

How to use our NONCE library

1. Download the zip file and unpack
2. Include ft-nonce.php inside all your applications pages
3. Embed one of our two generating functions in your links or forms
4. Call the validating function at the top of your receiving scripts and do as you wish based on the validity of the NONCE.

If you need further example, you can check out the example here. The PHP file source file is included in the zip .

Feedback

We’ve only deployed this once and value your feedback. We will be more than happy to modify, enhance, and correct bugs as reported.

(NOTE: This plugin has been replaced with a new plugin: FT FacePress II.)

There are several WordPress plugins that allow users to publish their post information to a Facebook status or to a Facebook page. However, these plugins either require the user to log in to Facebook after publishing each post, or they only allow one Facebook login and password per WordPress site.

However, many WordPress sites have multiple authors, and each author has their own Facebook profile.

The FT FacePress plugin allows each WordPress author to set up their own Facebook login email and password. When the author publishes a post (or when a scheduled post is published), the plugin publishes the post information (title and permalink) to the author’s Facebook status. Also, each author can direct the plugin to publish the post information to a Facebook page. (Note: the author must be an administrator for that particular Facebook page.)

The plugin adds a submenu to the User Profile menu. This menu allows each author to update their Facebook login email and Facebook password. Also, the author can choose (via a checkbox) whether or not to publish their post information to their Facebook status. Finally, the author can enter a Facebook page ID to publish the post information to that page.

The plugin also adds a submenu to the Systems menu. Admins can use this FT FacePress submenu to update FT FacePress information for all users.

Download the latest version.

I’ve noticed a number of people promoting their blogs and blogposts on Twitter and I thought to myself, “It would be great if there was a plugin in Wordpress that automatically tweeted a new blog post.” I did a quick search and the only solution I found was called TwitterPoster and apparently a lot of people had been frustrated with the developers attempt to add spam into their tweets/posts. So I wrote this one (spam free!).

Since originally writing this plugin, a number of similar plugins have been released. Hopefully the new features I added will make this version stand out.

Download

Latest Version (Tested on Wordpress 2.9.1 but should work on 2.6 and up)

What I Changed

v1.4.1

• Fixed issue with not stripping slashes properly from default tweet format option
• Removed unneeded option code for efficiency
• Updated str_ireplace function for better PHP4 compatibility

v1.4.0

• Discovered WP_Http class (since WP2.7) which makes life much easier for everyone, but this bumps the support up to start at WP2.7)
• Removed cURL requirement, switched to WP_Http API
• Removed Twitter API Classes, switched to WP_Http API
• Changes in cURL requirement required modification of init() function

v1.3.5

• Moved URL shortening functionality for improved efficiency

v1.3.4

• Moved exclusion check for efficiency
• Fixed bug in scheduled posts, if a secondary account schedules a post and logs out, it would not have tweeted the message

v1.3.3

• Had a typo when checking the PHP Version for PHP5 functionality

v1.3.2

• Fixed bug that prevented TwitterPost from tweeting when setting a custom tweet on a Post page

v1.3.1

• Fixed bug with category exclusion logic… accidentally brought it back in with version 1.3.0

v1.3.0

• Cleaned up and remove 139 lines of code
• Fixed second bug with category exclusion logic

v1.2.2

• Fixed bug with category exlusion logic
• Added fullthrottledevelopment profile as contributor

v1.2.1

• Fixed PHP cURL Requirement Error Message
• Added PHP cURL Requirement skip if Twitter Friendly Links is already installed.
• Added ability for WP Admin to set Twitter Post to tweet from all Author accounts whenever a post is published.

v1.2.0

• Changed default tweet from “Blogged %TITLE%: – %URL%” to “Blogged %TITLE%: %URL%”.
• Added check to make sure PHP Curl is installed.
• Fixed bug that caused Twitter Post to tweet when adding new page.
• Added ability to specify which categories to include/exclude in tweet.
• Added ability to exclude a post before publishing it.
• Added support for using Twitter Friendly Links instead of TinyURL links when TFL plugin is activated.
• Added support for multiple author twitter accounts and default twitter account.

v1.1.1

• Fixed support URLs

v1.1.0

• Fixed Default Tweet typo (”blogged” instead of “bloggged”).
• No longer publishes to twitter when you update/edit an old post.
• Added feature to customize tweet per post using Custom Fields.
• Changed project URL to http://fullthrottledevelopment.com/ – my new business venture.

v1.0.0 – Initial release

• Allows custom tweet formatting with %TITLE% and %URL% tags.

Installation

1. Download and uncompress rf-twitterpost.zip
2. Upload the entire rf-twitterpost directory to your WordPress plugins directory
3. Activate the plugin
4. Configure your options

Possible Future Features

• Username/Password verification before save.
• Ability to add post excerpt to tweet.
• Possibly switch to Twitter’s OAuth API.
• And as always, we listen to your requests…

This WordPress plugin adds a list of posts to the bottom of static pages based on the name of the page and the category of the post. The plugin examines the name of the page, then it finds the most recent posts in a category with the same name as the page.

For example, if the site includes a page called “Services” and a post category called “Services”, then a list of the most recent posts in the “Services” category will be included at the bottom of the “Services” page.

This plugin allows immediate cross-referencing between static pages and posts with similar content.

There are a few options associated with this plugin. The user can set the number of related posts to display and can format the related post title and list.

To use this plugin, unzip and upload to your plugins folder, then activate.

Download here until it gets approved by wordpress.org

This script was generated in response to a thread on the wp-hackers mailing list.

The question at hand is how to make one plugin dependant on another plugin’s installation and activation while maintaining the use of the register_activation_hook() function.

The following code is a proof of concept. It can be improved and will be improved after I get through with WordCampRDU this weekend. I slapped it out while on a 2 1/2 hour phone call with a client and only had time to confirm it works and post it here.

How to use this proof of concept:

1. Copy the code below and paste it into the top of “Hello Dolly”
2. Try to activate “Hello Dolly” without “Akismet” activated.
3. Activate “Akismet” and try to activate “Hello Dolly”
4. Deactivate “Akismet” and confirm that “Hello Dolly” has been deactivated

Still To Do:

1. Investigate the active plugins option to see if I can prevent hardcoding the plugin’s file location
2. Enable a way to notify the admin that a dependent plugin has been deactivated at the same time the required plugin was deactivated.
3. Copy the WordPress Core’s implementation of deactivating a plugin to allow for multiple dependencies and to take advantage of existing action hooks.

The Code: ( a modified hello.php )

• hello-dependent.txt