Introducing WP-DraftsForFriends

I would like to introduce you to a new WordPress plugin that I wrote (or rewrote), it is called WP-DraftsForFriends. The last time I wrote a plugin was almost 3 years ago which was the WP-ShowHide!

The plugin is on GitHub as well,

This plugin will generate a unique link that you can send to your friends to allow them to preview your draft before they are published. You are able to set the expiry for the link as well. It is based off Drafts for Friends originally written by Neville Longbottom.

WP-DraftsForFriends Screenshot #1

WP-DraftsForFriends Screenshot #2

WP-DraftsForFriends Screenshot #3

Download: WP-DraftsForFriends

1 Star2 Stars3 Stars4 Stars5 Stars (81 votes, average: 4.02 out of 5)

Plugins Repo Moved To Github

I have moved the remaining WordPress plugins repository to Github and thanks to scribu’s script, I can deploy from Github back to WordPress Plugins SVN Repo.

Also thanks to scribu for taking the lead with WP-PageNavi and WP-UserOnline previously =)

Feel free to submit pull requests or fork the repo or follow me on GitHub.

Here are all the links.

1 Star2 Stars3 Stars4 Stars5 Stars (105 votes, average: 3.91 out of 5)

AJAX Not Working For WP-Email, WP-Polls, WP-PostRatings or WP-PostViews?

About 2 weeks ago, I release an update to r WP-Email, WP-Polls, WP-PostRatings and WP-PostViews which added some nonce check and moved the AJAX request to be handled by /wp-admin/admin-ajax.php.

3 common issues that users are facing.

“-1” or “Failed To Verify Referrer”
This means that most likely you are using a caching plugin like W3 Total Cache (W3TC) and the Javascript being minified/combined and cached is outdated. Just empty the JS/CSS cache under the “Minify” section of W3TC in WP-Admin and W3TC will regenerate it again. This will solve the problem.

Password Protected /wp-admin/ Will Not Work
If you are using .htpasswd to protect your /wp-admin/ folder, AJAX request to /wp-admin/admin-ajax.php will not work. This problem is not unique to my plugin. Any WordPress Plugins that uses the WordPress AJAX API will break. As mentioned in this Codex, Hardening WordPress:

Simply securing the wp-admin/ directory might also break some WordPress functionality, such as the AJAX handler at wp-admin/admin-ajax.php

To bypass this, check out this tutorial, Password protecting the wp-admin directory, this tutorial will teach you how to whitelist admin-ajax.php in your /wp-admin/ using .htaccess.

I still hope in the future version of WordPress, they will separate front facing AJAX requests vs backend AJAX requests.

Your WP-Admin Is HTTPS While Your Site Is Not
If your WP-Admin is behind SSL aka HTTPS and you have the following config in your wp-config.php define('FORCE_SSL_ADMIN', true);, the AJAX will fail because is different from and the browser treat it as different domain.

To solve this issue do the following:
'ajax_url' => admin_url('admin-ajax.php'),
'ajax_url' => admin_url('admin-ajax.php', (is_ssl() ? 'https' : 'http')),

What the code does is basically forcing http to be used when calling admin-ajax.php for AJAX request. Again this is a hack, I am trying to figure a way around it.

I have pushed the code to trunk of all the respective plugins.

1 Star2 Stars3 Stars4 Stars5 Stars (411 votes, average: 4.16 out of 5)

WP-Polls, WP-PostRatings, WP-PostViews, WP-Email Updated

I have updated the following plugins:

Now all AJAX requests are handled by /wp-admin/admin-ajax.php. Previously it is handled via the plugin PHP file itself by assuming that wp-load.php is always 2 levels down from the plugin file. But since you can have your WordPress in any folders, custom loading of wp-load.php is not possible as the path to wp-load.php varies from server to server.

While I am at it, I added nonce check for AJAX calls to WP-Polls, WP-PostRatings and WP-Email. Let me know if you run into problems via WordPress Support Forums, My Forums (if you are already registered) or via email (lesterchan AT gmail).

PS: Kindly refer to if you ran into problems.

1 Star2 Stars3 Stars4 Stars5 Stars (136 votes, average: 3.97 out of 5)

WP-DBManager 2.62

I have released WP-DBManager 2.62.

  • Added Auto Repair functionality via WP Cron, similar to the current implementation of Backing Up & Optimizing DB
  • Added nonce to all forms for added security
  • Replace get_bloginfo('name') with get_option('blogname') and make it goes through wp_specialchars_decode()
  • Ported the readme.html to readme.txt

Finally, Props to Joakim Jardenberg, Jonas Nordström and Andreas Viklund for finding and reporting the previous security vulnerability.

Download: WP-DBManager 2.62

1 Star2 Stars3 Stars4 Stars5 Stars (190 votes, average: 3.92 out of 5)