Theming the Image Post Format


Working with post formats in WordPress can be challenging because of the lack of structured data. For instance, just because a user selects an “image” post format, there’s no guarantee that an image was actually attached to the post.

Alex King has created a plugin and submitted a couple patches, but until the WordPress UI catches up we as theme developers need to be a little creative.

In the most recent version of Portfolio Press, I ended up styling the image format to look like this:
Continue reading

Custom Design on


If you want a highly customized theme for your WordPress site the only option is to self-host, right? Not so fast…

I just finished a small project for Bluefin Software redeveloping their blog. They wanted to stay with hosting because of its ability to scale and low maintenance. And incredibly, by using just the custom design upgrade and widget areas in the Coraline Theme, it was possible to build exactly what their designer had envisioned.
Continue reading

Ajax Themes


Ajax is a great method for loading new content onto a web page without having to do an entire page refresh. It’s sometimes used in WordPress themes for paging, loading in full content after an excerpt, or dynamically displaying new comments as they are posted.

Ajax can also be used to load more significant amounts of content, but it gets more complicated. URLs don’t update by default, which is important if someone wants to bookmark that particular post or share it. Browser navigation buttons for “Back” and “Forward” can also be an issue.

Thankfully there are HTML5 methods for dealing with browser history and states, and an awesome jquery plugin that provides some fallback for older browsers. This tutorial will walk you through the code required for a theme that makes extensive use of ajax and also point you to some live demos.
Continue reading

Cleaning Up the TimThumb Hack

Tim Thumb Hacker
Tim Thumb Hacker

Several of my websites were hacked this week using the TimThumb exploit. The issue has been known for a couple weeks now.

Although I had updated the majority of sites and had notified former clients, I still hadn’t gotten to some of the smaller sites yet- like my girlfriend’s food blog.

And word to the wise, your girlfriend’s food blog should always be top priority.

Hackers are using a variety of techniques to hijack WordPress sites right now, but this is how I cleaned up the ones on my server.
Continue reading

Portfolio Post Type Plugin

Portfolio Dashboard

I recently released a plugin on that registers a portfolio post type, related taxonomies, and adds an image when you’re viewing the items in the dashboard. It clocks in at a neat 202 lines of code, most of that being labels.

I’ve held onto to the plugin for a while in GitHub since it’s an easy thing for any developer to build out- but I’ve recently been thinking that a standard plugin in the repository might be beneficial as it could make more themes more portable. (Especially for users of my Portfolio Press theme)

And since I expect people to modify this a bit as well, I wanted walk through of the code.
Continue reading

Options Framework: Sanitization Filters


I’ve been steadily improving the Options Framework plugin these last several weeks and there’s several nice changes in this 0.6 release. The biggest new feature is sanitization filters and better validation, but there’s also a slew of other less noticeable code improvements.

Unfortunately, a couple things that worked in previous versions will break with this release unless theme code is updated. I debated these changes quite a bit but decided it was best to do this while the plugin is still relatively young and would affect the least amount of people.
Continue reading

Checkboxes and Booleans


Checkboxes are one of the more difficult form elements to deal with. For one, checkboxes don’t get sent in $_POST request unless they are checked. Any other element, like a text input or a radio button, will get sent regardless of it’s state. But if someone were to uncheck an option form and send it there would be no indication in the $_POST request that its state had changed. Continue reading