Tom McFarlin
Tom is a self-employed developer who loves writing, building, and sharing WordPress-based projects. He runs Pressware where he provides WordPress goods and services. You can follow him on Twitter.
  • Code
    Cross-Site Scripting in WordPress: Practical Tips for Securing Your SiteCross site scripting in wordpress what is xss
    In this series, we're taking a look at how to secure our WordPress projects from XSS - or cross-site scripting. In the first article in the series, we defined what cross-site scripting actually is, understanding how it works, and why it's dangerous. We also spent some time discussing how this impacts our day-to-day WordPress development efforts and what we can do about it. Although there are some functions that WordPress has available to help validate and sanitize data, there is more work that we can do in order to secure our projects. In this final article, we're going to take a look at some practical tips that we can follow and some tests that we can administer to secure our work against XSS attacks.Read More…
  • Code
    Cross-Site Scripting in WordPress: What Is XSS?Cross site scripting in wordpress what is xss
    One of the most exciting aspects of modern web development is the potential that comes with building applications specifically for web browsers (or to run "in the cloud.") Originally, Java was meant to be the "write-once, run-anywhere" solution, but it appears that the web has become the perfect medium for that. Who would've thought, right? But along with the various browsers that we have available, the technologies that we can leverage, and, quite simply, the neat things we can do, there's still a dark underbelly to web application development - cross-site scripting. And considering that WordPress is a web application on which many of us build for fun, profit, or to make a living, it's a topic that we shouldn't avoid especially if we want to have the most robust products possible. In this two part series, we're going to take a look at what cross-site scripting really is, its dangers, how it impacts WordPress development, and then practical steps that we can take for testing our themes and plugins.Read More…
  • Code
    Incorporating the jQuery Date Picker Into the Post Editor: Save the DateDatepicker
    In this series, we are working on a plugin for the simple purpose of introducing a jQuery date picker into the post editor using a post meta box and then displaying it on the site front end. Rather than do an extensive, detailed series on a deep topic in WordPress - the purpose of this series is to focus on a very niche topic.Read More…
  • Code
    Incorporating the jQuery Date Picker Into the Post Editor: Preparing the PluginDatepicker
    We cover a lot of topics on this blog - anything ranging from something as simple as how to include and require template files in WordPress projects to something such as an entire series on the Settings API, but I think there's always room to cover a straightforward How-To that covers a single, specific task within the context of WordPress. So, in this two-part series, we're going to take a look at how to introduce a jQuery date picker into our post editor so that we can associate a date with a given post.Read More…
  • Code
    Strategies for Supporting WordPress PluginsWpplugins
    As a WordPress developer - specifically for plugins, in this case - determining the best way to provide support for your work can be a challenge. In fact, I'm currently in the process of evaluating what may be the best route for my current set of plugins, so this topic hits close to home. As such, I thought it would be a relevant topic to share and discuss with the Wptuts+ community. So in this article, I want to take a look at the problems that exist with supporting WordPress plugins, some of the current models for supporting WordPress plugins, and then initiate a discussion in the comments about the various options outlined here (as well as those that aren't covered).Read More…
  • Code
    Developing Plugins With WordPress Boilerplates: Building a PluginDeveloping plugins with wordpress boilerplates building a plugin
    In the first article of this series, we looked at how a boilerplate can improve your development efforts by providing a foundation off of which your project can be built. Ideally, boilerplates should provide just enough of a framework to get started while letting you focus on the specific business logic, core need, or domain-specific code that you need to write. Specifically, we took a look at the WordPress Widget Boilerplates and the WordPress Plugin Boilerplate. In this post, we're going to take advantage of the Plugin Boilerplate to write our own plugin in order to see how Boilerplates both lay the foundation for writing good code, and how we can use it as a starting place for our future work.Read More…
  • Code
    Developing Plugins With WordPress Boilerplates: Why Boilerplates MatterDeveloping plugins with wordpress boilerplates why boilerplates matter
    Over the past five to ten years, building sites and applications for the web has become much more complex than much of the stuff that people were building in the 90's. Long gone are manually creating sites using uppercase HTML, table-based layouts, and ugly JavaScript to make some type of cute animation happen on a page. Now we've got a variety of technologies, frameworks, and languages all of which work together to help us build full on software applications that run within a browser.Read More…
  • Code
    Practical Tips for Aspiring WordPress DevelopersPractical tips for aspiring wordpress developers
    On Wptuts+, we talk a lot about how to achieve certain things using WordPress, how to apply practical tips within WordPress projects themselves, but one overlooked area of working with WordPress is bringing aspiring developers up-to-speed on how to quickly get started with building WordPress-based products. Sure, there are a lot of guides for beginners that are out there, but what about experienced developers who've yet to really hop over into WordPress, or who have worked in environments like .NET or Rails before but are now faced with the task of building something for WordPress? In this post, we're going to look at some general, educational, and development related tips that are geared towards the experienced developer in order to bring them up to speed in WordPress development.Read More…
  • Code
    Advanced WordPress Plugin DevelopmentCode
    Hi, my name is Tom McFarlin, and, in this four-part mini-series, we'll be discussing advanced WordPress plugin development. Specifically, we'll be building a plugin that allows us to pull in tweets for individual posts. Let's get started!Read More…
  • Code
    Creating Customized Comment Emails: Building a PluginCreating customized comment emails building a plugin
    In the first post in this series, we took a look at the variety of emails that WordPress sends depending on how it's used. We also discussed how it's possible to customize emails that WordPress sends without actually having to outsource the functionality to third party services. We also reviewed the various filters that WordPress provides for hooking into the system in order to customize our emails; however, because the number of emails that WordPress sends is so large, we've opted to take a focused look at comment moderation and comment notification emails. So in this article, we're going to be building a plugin that will allow us to completely customize the look and feel of comment-specific emails. Ultimately, this should give you some insight as to how the available hooks work, what's required to customize the emails, and how you can take advantage of the WordPress API to customize the content of your emails.Read More…
  • Code
    Creating Customized Comment Emails: Understanding the APICreating customized comment emails understanding the api
    When it comes to working with emails in WordPress, most users are familiar with the basic features and/or notifications. Specifically, we're used to seeing emails for: User registrations Password reminders Comment notifications ...and so on. When it comes to building more advanced themes - or even applications - it's not uncommon to outsource email functionality in order to provide a better experience for our users. That is to say that if we're going to be emailing them, then we'd like to make the email as good looking as possible. This usually requires that we include consistent branding, a more flexible layout, and a greater number of styled elements.Read More…
  • Code
    Practical Tips for Improving Your CodePractical tips for improving your code
    On this site, we spend a lot of time sharing information and discussing how to accomplish certain things with WordPress. After all, the purpose of the site is to provide tutorials - that is, we attempt to give practical advice on how to build certain things using the platform. But development isn't strictly about writing code and building things. It's also about writing quality, maintainable code, refactoring and improving the state of our projects, and generally trying to leave a codebase in a better state than it was when we found it (or when we began creating it). So rather than focus on how to build something or review any particular code, let's review a few practical tips for writing quality WordPress code.Read More…