Plugin installer tool

Remember when you had to install WordPress plugins by uploading them manually via FTP? I do. Heck, I remember when there weren’t plugins, and you had to copy and paste PHP code! We’ve come a long way, but I realized the other day that there is one more way that we could improve ease of installation.

Say you’re a plugin author, and you have this great plugin. How do you get people to install it? Well, you could link to its page in the plugin directory, where they’d be prompted to download a zip file. Or you could offer the zip file yourself. But why are we offering plugins the same way we were in 2004? We have a built-in plugin installer. Let’s use that! So how would you do that? I guess you’d just tell people “Hey, go to your wp-admin and search for ‘My Awesome Plugin.'” That introduces a lot of chances for failure. They might even end up with the wrong plugin!

I made a better way, and will be working on integrating this into this summer.

To see it in action, click here. All you have to do is type in the URL of your WordPress blog.

The tool auto-detects the WordPress installation by looking at the X-Pingback header. You’ll be presented with the plugin installation form for your blog. Click “Install Now” and the plugin will be installed. Much easier, and you know they’re getting the correct plugin.

Plugin authors can go here for more info. I’ll make sure these URLs forward to once we get it set up there, so you can start using this now.

Update: It has a bookmarklet now. If you click that bookmarklet from a WordPress Plugin Directory page, it’ll prompt you to install the plugin you were viewing.

Here’s a screencast showing it in action!

New Plugin – “I Make Plugins”

I have several WordPress plugins. They’re hosted on the plugin repository, but I also have a page for each plugin on my own site. I’ve found it tedious to have to update both places separately. Things get out of sync, or worse, I put off plugin updates because I loathe updating two places (with two different formats) with the same information.

The WordPress plugin repository has an API. Let’s use it! I Make Plugins is a plugin for WordPress plugin authors to let them easily showcase their plugins on their own site, solely by updating the plugin’s readme.txt file.

Adding a plugin is as simple as creating a new subpage of your plugin listing page, and giving it the name of your plugin in the repository. All the information comes from the API and is kept up to date.

Here is a nine and a half minute. boring-as-hell screencast with a full tour of the plugin.

I realize that writing a plugin for plugin developers is probably a futile gesture. Plugin developers are choosy people, and many may already have their own setup for managing their stable of plugins. I wrote this for myself — but let me know if you find it useful!

Beta testers needed for Subscribe to Comments

I have a new version of Subscribe to Comments that will be coming out soon. The storage system for the subscriptions is changing (or rather, being consolidated into one method, instead of being spread into two). The good news is that this new version has zero database schema changes from WordPress core. It also adds support for double opt-in subscriptions for compatibility with German law (and possibly others). Before I release this version, I’d like some other people to test it, especially to make sure that the transition of subscription storage method works smoothly.

What I need are two or three people who meet the following criteria:

  1. Current running WordPress 2.7 or 2.7.1
  2. Currently running Subscribe to Comments 2.1.2
  3. Have a large number of comment subscriptions (at least 500)
  4. Are able to make a SQL backup of their comments table prior to testing, and restore it in the event that something goes wrong

If you meet those criteria, send an e-mail to and I’ll get you hooked up.

Show all categories on the post editing screen

Isn’t it annoying when you have a site with a reasonable number of categories, say 15, and WordPress only shows you the first 8 in the category checkbox widget? Ugh, scrolling is annoying.

Try this super-simple plugin. It’s so simple that the plugin’s content is embedded into that link (seriously). There, now you’ll never see a scrollbar in the category widget. You’re welcome!

(Requires WordPress 2.7… upgrade already!)

Updated to work with WordPress 2.8.

Update: put it in the plugin repository. Download here.

How to write a solid and stable WordPress plugin

The b5media tech team was having a discussion today about what criteria we use when reviewing a WordPress plugin for possible inclusion on one of our sites or across our network. It makes for a good list of what to do (or not do) when writing a WordPress plugin, something that might be generally useful to plugin authors. These things won’t make your plugin good — they’ll just help make it secure and stable.

Don’t ignore security

WordPress plugins have unlimited power, which is a blessing (it makes WordPress very flexible), but it can be a curse if your plugin is not code with security in mind. If things like CSRF, the prepare() method (SQL injection protection), XSS are not intimately known to you, it’s time for you to do some research. When someone installs their plugin, they are potentially putting their site’s security in your hands. Rise to the occasion.

Make proper use of the role/capability system

WordPress controls admin access using a roles/capabilities system. Make sure your plugin is checking against an appropriate capability. If it is the sort of thing that only “admins” should use, you should be checking against the manage_options capability. If this is something that an author should be able to do, you might use the publish_post capability. Do not check against roles. Roles are only containers for capabilities, and you can’t assume that an “author” on one blog means the same thing on all of them.

Use current API functions

WordPress has a lot of legacy code and deprecated functions. We try not to break stuff without good reason, so often times we’ll leave in compatibility for old API functions. If your plugin is using these functions, it tells me that you’re not up on current WordPress development. This means that your plugin might be more likely to break with a WordPress upgrade, and it suggests sloppiness that can lead to security issues.

Mind your performance

The number of queries that your plugin makes can affect its performance. We don’t care how cool your plugin is — if it uses 10 MySQL queries on every page, it’s not going in. You should work to minimize these queries as much as possible. Other performance issues like the efficiency of your PHP code should be taken into consideration as well.

Use existing WordPress data structures whenever possible

Don’t create your own tables unless you’re absolutely certain there is no way to accomplish your functionality within the WordPress data system.

I’m going to go into more detail on these topics at a later date. Maybe even with screencasts, which seem to be a great way of demonstrating these sorts of things.