Posted on

Customising WordPress Using Templates

In order to customize a WordPress theme, you may need to decide which template file needs editing in order to provide a conditional display. Say you want to have a link to you favorite book retailers which only appears on your books page http://techcosupport.com/press/category/books/, then you may need to build a custom template for that page.

WordPress uses the Query String, the information contained within each link on your web site, to decide which template or set of templates will be used to display the page. If your visitor clicks on a link to a category page like http://techcosupport.com/press/category/books/, then WordPress looks for a template file that matches the category’s ID in the directory for the current theme. If it is missing, WordPress next looks for a generic category template file, category.php. Failing that archive.php and if that is missing the main theme template file, index.php.

In order to find out the category ID number go to Manage Categories and hover your mouse over your target category and the ID will show up in the link. Alternatively if you are editing a category, the ID will be displayed at the end of the url.

You then create your custom page with the name category-2.php in the case of http://techcosupport.com/press/category/books/. After that, when you display Books the custom page will display. Easy!

For more detail on the use of templates see Codex WordPress Template Hierarchy

Posted on

Customising WordPress Using Page Templates

If you are considering customising WordPress, you may be interested to know that it can be configured to use custom Page Templates for different Pages. This means that several or all pages could have their own unique Page Templates and so appear completely different.

If you want to create a custom page template called MyTemplate, create a file called mytemplate.php. At the top of the file, put the following:
<?php
/*
Template Name: MyTemplate
*/
?>

Copy the content of another template (perhaps page.php or index.php) after the above five lines of code then you will only have to alter the HTML and PHP code, instead of creating it all from scratch. MyTemplate will now be available as a choice when you create or edit a new page. You can go ahead and customise this new template further without if affecting your default pages.

To select a template, there must be at least one custom Page Template available in the active theme. Once there is, toward the bottom of the Write Page administration panel (or on the sidebar, depending on which version of WordPress you are using) you will see there is a drop-down labeled Page Template. From there you can select which Template will be used when displaying this particular Page, and MyTemplate should now appear.

See Codex WordPress Creating your own Page Templates to find out how to create a custom Page Template.

Posted on

WordPress Configuration Tips

When Setting up WordPress for the first time there are a few things you may need to do

Switch off WordPress comment
There is a simple way to shut down the comment system on a WordPress site. Turn off the comments on the Settings, Discussion page, Default article settings, which will disable comments on new posts. Then turn off the comments for all your existing posts.

Switch on Search Engine friendly URLs
The default WordPress uses web URLs which have question marks and lots of numbers in them. To improve this, click on Settings, Permalink Settings and change Custom Structure to read /%postname%/ and then Save Changes.

More Advanced Customisation

To exclude a cagegory or multiple categories from the front page
To block a category from the front page, in the sidebar find <?php wp_list_categories(); ?> and change it to <?php wp_list_categories('exclude=1'); ?> . Find which category number by looking at the category list. To block multiple categories use a comma seperated list like <?php wp_list_categories('exclude=1,4,5'); ?>

To sort categories alphabetically and include only the specified categories use <?php wp_list_categories('orderby=name&include=3,5,9,16'); ?>

For more category configuration possibilities see Codex WordPress Categories

To restrict pages to authenticated users
Check out WP-Sentry

Posted on

Increasing the File Upload Size on IIS

Last week a user reported a problem with a file upload on our Intranet which has otherwise performed flawlessly for years. They browsed to the file and selected it as normal, but when they clicked upload “nothing happened”. This is an in-house developed Content Management System, written in classic ASP, and the user is a competent content manager, so user issues did not seem likely. At first we suspected file permissions, as there had been some moving around of directories by system support, but this usually results in a 500 error to IE users with Friendly Errors turned on.

Eventually through perseverance by the user it was determined that files greater than 200 Kbytes would fail, but smaller files would upload OK. At last something to Google!

It turns out that by default Windows 2008 server limits file uploads to 200KB in size. To overcome this limit you must edit the ASP Setting as follows:

Increasing the File Upload Size on IIS

  1. Login to your server
  2. Open Up IIS Manager
  3. Click on ASP
  4. Expand the Limits properties
  5. Change the default 200KB for the helpfully named Maximum Requesting Entity Body Limit to the required value.

Once you have saved that change the upload limit will increase for all the websites on that server. Remember, if you are running clustered servers you need to increase this value on each server in the cluster.

This support tip first appeared on TechCo Training site under the title IIS File Upload Problems

Posted on

Downtime for phpBB.com and Server Compromise

Today we made a routine visit to visit the PHPBB site to check out for any new bulletin board styles to download, and were surprised to see a message reporting that they have been attacked and the site is down. This is attributed to a 0-day-exploit in their PHPList installation.

For those new to the term, a zero-day (or zero-hour) attack or threat is a computer threat that tries to exploit unknown, undisclosed or patch-free computer application vulnerabilities. The attacker gained entry through the PHPList application and was able to dump a complete backup of the emails on file. He then used the same exploit to access the phpBB.com database. Both the email list from PHPlist and a copy of the phpBB.com users table were then posted publicly. According to the information on the Area51 site this is down to vulnerability in phpBB2, which uses an md5 algorithm to store passwords. This is not considered to be a problem in phpBB3 which uses a more complex hashing algorithm.

Regretfully this attack means that phpBB.com will remain unavailable while they work to recover the situation. For more information about the vulnerability and exploitation visit Area51 @ phpBB.com

Posted on

Successful Development with Agile Methodologies

The term Agile is one of the buzz words in the Business Analysis press at the moment. Agile methodologies promote a project management process that encourages frequent inspection and adaptation. It uses a leadership philosophy that encourages teamwork, self-organization and accountability, and a set of engineering best practices that allow for rapid delivery of high-quality software. It encourages a business approach that aligns development with customer needs and company goals. One flavor of Agile is Extreme Programming which is sometimes affectionately known as XP.

The main aim of Extreme Programming is to reduce the cost of change by introducing basic values, principles and practices to a system development project. Proponents of Extreme Programming and Agile Methodologies in general, regard ongoing changes to requirements as a natural and desirable aspect of software development projects.

In Extreme Programming the level of customer satisfaction depends on the Extreme Programming cycle, which is sometimes known as “the circle of life”:

  • the customer decides which features have value,
  • programmers estimate the cost of providing the features,
  • the customer chooses the best combination of features based on value and cost,
  • programmers build the features, learning how to estimate costs in the process,
  • the customer learns how to define value and how to make effective choices.

This is highly effective, and when both parties are fully engaged, then both sides benefit. The trouble with this win-win virtuous cycle occurs if you have an intermediary between the business and the developers, or one party who has not fully engaged.

If you place an intermediary such as an analyst between the customer and the developers, then the third party gets all the benefit. The best results occur if the Business Analyst acts as a facilitator to enable the interaction. This lets the developers see and feel the urgency and need, and to understand what the users really want. The users understand the level of complexity of any underlying modeling and so are able to assess relative value of features. The Business Analyst learns from both parties and is able to translate terminology on the spot, or illuminate areas which lack clarity. One such meeting, lasting an hour or so can save weeks of Use Case building and requirements documentation in traditional system development methods.

In the situation where one party has not fully engaged, the problem is of a different caliber. Often the customer lacks engagement because they have seen Agile as a way to save themselves time and expense with documentation. This can occur if an evangelist for an Agile methodology gives high abstraction level feedback for a successful project, often in a throwaway comment, in a social situation. This is really a high risk situation, and one to be avoided at all costs. It is the Project Manager’s responsibility to ensure that business owners do not see use of an Agile methodology as a way to save costs by eliminating documentation. If she fails to ensure engagement, such project will inevitably suffer from cost overrun, mission creep and even failure when the deliverables do not meet the needs of the users.

The way to ensure a successful development project is to have sufficient capacity in the disciplines of Business Analysis and Project Management to ensure that the lessons are learned and both parties remain engaged. By applying Extreme Programming, a system development project will be more flexible with respect to changes, and will meet the needs of the users when it is live. By having close engagement between the business users and the developers, the customer learns how to define value and how to make effective choices, and the programmers learn how to estimate costs. If this is all kept in-house then the business keeps all the benefits.

Although Extreme Programming itself is relatively new, many of its practices have been around for some time. The methodology simply takes best practices to extreme levels. However it is not an excuse to avoid engagement in a project or omit documentation. Its strength lies in the rapid time to market, and the acceptance that change is inevitable. Its weakness lies in its attractiveness to budget slashers who do not understand or fully embrace the methodology, or misguided evangelists who believe that by putting the users in with the programmers you can cut out the Business Analysts and Project Manager.

The benefits of Extreme Programming and Agile Methodologies are self evident to their supporters, who can show you any number of successful projects, completed on time and within budget. The detractors can enumerate the risks and point to projects which have over-run or gone of the rails through lack of discipline. In reality, they are both right, because in life we get what we look for.

The responsibility of the Project Manager is to ensure that we focus is success, and use the right methodology for the situation. The Business Analyst is the facilitator to enable the interaction between the customer and the developers, and so deliver the successful product. Customers will see success by embracing change and allowing Agile development teams to work with users for rapid delivery of high-quality software, using a business approach that aligns development with customer needs and company goals.

Bruce Thompson

Webmaster of The Institution of Analysts and Programmers, Bruce Thompson is a PRINCE2 Practitioner and active Agile evangelist for more than 10 years. He has delivered a number of successful projects using DSDM and Extreme Programming.

For further information on Agile see the Wikipedia entry for Agile Software Development
For more information on analysts in the loop see Business Analysis in Extreme Programming by Ron Jeffries
If you are in Business Analysis, Project Management or Agile Software Development and are interested in joining like minded individuals, visit The Institution of Analysts and Programmers website

Posted on

A day in the life of a WordPress Blogger

Sometimes we work for customers who have high security environments, with restrictive settings that can cause problems for developers. An example recently occurred after a Microsoft security scare, and the security policy was tightened to exclude ActiveX controls and client side scripting. When I noticed the dreaded Information Bar drop down on IE7 helpfully warning me that my security settings do not allow websites to use ActiveX, I had that dread feeling you get when you realise you are not going to be able to do your planned jobs for today, without a lot of extra work.

Sure enough, all of our well crafted JavaScript based sites, clever dancing widgets and client side validation routines have ceased to work for my corporate customers. Even the years old multi-sites search on the TechCo Home Page has ceased to function. IE helpfully displays the search text in the URL querystring, but that is about it!

With a sinking heart I clicked on the log-in link of one of our WordPress blog sites, and attempted to log in. Well success, you can at least log in! Now for the acid test; can you post some information or edit a page? Sure enough, the wizzy icons above the edit window are no longer there. The Visual and HTML tabs do not allow you to flick between views because the other tab is not an active link. We are all Dooooomed!

But wait! The Save Draft facility on the right side appears to be a button. Click it and the reassuring message appears at the top of the screen that the Post has been saved. I can still work! How about the Publish Button? Yes, that works too! Praise be upon those wonderful developers at WordPress who had the foresight to consider the poor sap working a restricted environment with all the Ajax, ActiveX, and other JavaScript goodies turned off.

Think about that, you script kids who shout that a site without JavaScript and on hover events, is a legacy of the dark ages. Sometimes that old HTML Button has a place too!

Posted on

Installing Google XML Sitemaps on a WordPress Blog

Someone asked me the other day how to install Google XML Sitemaps on a WordPress Blog, and I must admit I had to go and check it out. Actually, it is really easy, so the instructions are listed below. Follow these steps if you use WordPress and are considering installing Google XML Sitemaps:

  1. First Download the Google XML Sitemaps plugin from wordpress.org
  2. Unzip the plugin, then upload the full directory into your wp-content/plugins directory
  3. Use your favorite FTP program to create two files in your WordPress directory (that’s where the wp-config.php is) named sitemap.xml and sitemap.xml.gz and make them writable via CHMOD 666.
  4. Activate the plugin on the plugin administration page
  5. Open the plugin configuration page, which is located under Options, XML-Sitemap and build the sitemap the first time. If you get a permission error, check the file permissions of the newly created files.

That’s it! The plugin will automatically update your sitemap each time you publish a post, so theres nothing more to do.

You should note that Google XML Sitemaps plugin requires WordPress Version: 2.1 or higher.

Making your whole blog directory writable is NOT recommended for security reasons, so make sure you just set the rights on the two files sitemap.xml and sitemap.xml.gz to CHMOD 666. You can find more information about CHMOD and how to make files writable at the WordPress Codex.

Happy Blogging!

Posted on

Widgetizing Themes

We came across this really helpful resource on codex.wordpress.org which tells you how to fix up your WordPress theme, and make it Widget ready. Widgets are now a standard part of the WordPress install so to reach the broadest audience all modern themes should support them, as well as supporting old style sidebars.

You need to know PHP, HTML mark-up and CSS to benefit from this resource, but if you are in to writing your own WordPress themes, then you probably are up to speed with these anyway. If not you will need to be, so why not get cracking now and learn?

Click here to learn how to Widgetize your WordPress theme

Posted on

Palo Alto Networks Discovers Critical Vulnerability in Microsoft Word

Palo Alto Networks of Sunnyvale, California, has announced that its Threat Research Team discovered one of the six critical vulnerabilities communicated in Microsoft’s Patch Tuesday security bulletin this week. The exploited vulnerability could allow a hacker full system access and control.

Prompting the highest vulnerability rating, Microsoft credited Palo Alto Networks exclusively with the discovery of Word Memory Corruption Vulnerability (CVE-2008-4026). The vulnerability exists in the way that Microsoft Word handles certain Word files.

An attacker could deliver a seemingly innocent document to a user via email, IM or as a download from a Website. If opened, the execution would enable an attacker to take complete control of an affected system, allowing them to then install programs; view, change, or delete data; or create new accounts with full user rights. The vulnerability exists in both the Microsoft Office 2003 and 2007 versions.

For full details of this press release click on Palo Alto Networks Discovers Critical Vulnerability in Microsoft Word
For more details from Microsoft click on MS08-072