WP-Mix

A fresh mix of code snippets and tutorials

Escape input with WordPress

WordPress makes it easy to escape untrusted input to prevent SQL-injection, XSS (cross-site scripting), and other nefarious bits of text. Here is a quick rundown of WordPress’ built-in escape functions.

Disable external URL requests

During development there may be situations where you want to prevent WordPress from making URL requests to external websites. Here is a simple way to disable external URL requests during development.

Use WP functions outside of WordPress

Here’s how easy it use to use any of WordPress default functionality from any PHP file outside of the WordPress installation directory.

Static home page with separate posts page

In WordPress, static home page is possible via the General Settings. Or you can choose to display your blog posts. But how do have both?

Disable Dashboard Widgets

By default WordPress displays a bunch of useless widgets in the Dashboard. Here is how to disable them.

kses tricks

In WordPress, “kses strips evil scripts”. Here is a list of kses tricks for ninjas only.

Disable PHP version info & error messages

Whenever possible, prevent access to sensitive information about your server. Here is how to prevent PHP from displaying errors and their sensitive infos.

Protect the WordPress Admin

A secure way to protect your site’s admin area is to lock it down with .htaccess.

772×250 vs 772×250

Just a heads up for Photoshop users exporting graphics for their WordPress plugin in the WP Plugin Directory.

Obscure template tags that rock

Here are my favorite “lesser-known” and perhaps even obscure template tags for WordPress:

Image Gallery

Check out a live demo of a responsive, grid-based image gallery.

Hello world!

Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!