Category Archives: WordPress

WordPress Dashboard Autobookmarks

Here’s something I put together as a conceptual idea. WordPress Dashboard Autobookmarks keeps track of how popular a dashboard page is by counting how many times it’s been visited by an administrator and provides an Admin Bar menu with the most often used dashboard screens. This allows administrators to keep returning to their most-used dashboard screens at click of a button.

WordPress Dashboard Autobookmarks

The plugin can be found on GitHub and is at a highly experimental stage for now.

The FancyBox for WordPress Vulnerability

…and how the exploit really worked

Last week a very popular plugin called FancyBox for WordPress was hit with a zero-day vulnerability which I happened to experience first-hand and dig into. If you’ve not heard about this here are a couple of links to get you up to speed:

The plugin was force-updated (where possible) on WordPress sites out there. This is the full disclosure of how the exploit worked.

Continue reading

rwasa + HHVM + WordPress

Yes, as exotic as it ever gets.

Continue reading

Profiling PHP Code in WordPress

I was honored to give a talk at the second WordCamp Russia event. Like last year, I decided to speak about a general development topic and how it can be applied to WordPress. This time my talk was on profiling.

Here’s a video. English subtitles are available by selecting “Subtitles” in the player.

And here’s wptop on GitHub, an XHProf-based WordPress plugin that gives you an overview of your WordPress website performance. Feel free to give it a spin and let me know what you think.

Building WordPress for Android

WordPress clients are available for many devices, but since I’m an Android fan I get to use WordPress for Android.
Yesterday, I came across a bug report outside of the developer ecosystem, managed to reproduce the bug using the release version, and, decided to write and submit a patch to fix the bug.

The main WordPress for Android repository is over at GitHub. But as it turns out…

Building WordPress for Android

…one does not simply build WordPress for Android.

Continue reading

WordPress Mail Routed via Postfix SMTP Relays

By default, the WordPress wp_mail function will not set the actual sender for sendmail and mail backends. This means that the Postfix relay will set the sender to the default $domain instead of the actual sender. Which, in turn, means that when using relay maps (sender_dependent_relayhost_maps) to map senders to correct SMTP relays none of them is matched because of the sender is not set correctly…


Fortunately, the mailer class used by WordPress, PHPMailer knows how to correctly specify the sender via the chosen backend (which in WordPress is the mail backend). By setting the Sender property of the mailer we’re able to have Postfix identify the sender correctly.

Continue reading

WordCamp Russia 2013

I took part in WordCamp Russia 2013 this year, which was organized by my brother (with huge help from a handful of volunteers and the WordPress Foundation). This was the first ever WordCamp in Russia.

My talk was on testing automation in custom WordPress code, which covered some basics of unit tests using PHPUnit, system tests using CasperJS.

The talk is in Russian, but English subtitiles are available. Also slides and code. To view all other talks visit

Konstantin wrote about the event in much detail.

Bulk Reports and Digests for Gravity Forms

Bulk Reports and Digests for Gravity Forms

I have written yet another Gravity Forms plugin/addon. This time the plugin was to generate bulk reports for form entries, digests of sorts. Based on a set schedule (which can be altered using the cron_schedules filter), this addon will aggregate all new form entries it hasn’t seen yet (including very old ones) and send them out to predefined e-mail addresses.

The whole thing works best with regular single-shot notifications turned off, probably.

Download it from github now.

Functions Deprecated in WordPress 3.4

Here’s a list of functions that are now deprecated in WordPress 3.4:

That’s it for deprecated functions. Check out a comprehensive list of changes here. Although WordPress is known to be highly back-compatible and the deprecated functions will be available for a long long time, developers are highly discouraged from using these in the future.

WordPress 3.4

Codename “Green”, WordPress 3.4 was announced yesterday, boasting flashy features and upgraded functionality.

WordPress 3.4

Lots of hard work involved, lots of excitement and most can’t wait to upgrade, including me. However, as much as I want to update to WordPress 3.4 and enjoy the new stuff, I find it difficult to do so in production right now. I’m sure WordPress 3.4 is fantastic, but it’s too early, there’s bound to be a WordPress 3.4.1 with security fixes (or at least hot fixes) sometime this year.

My suggestion is that unless you have a huge need for one of the new features just wait a bit, see how it behaves out in the wild, how it is targeted. At a little over 200,000 downloads and less than 24 hours out in the wild it’s too early to tell. I’ll personally wait a couple of months before upgrading in production.

Other than that, hurray! Off to play with the new XML-RPC methods.