WordPress translations are compiled from human-readable PO-files into machine optimized MO-files, but still takes a lot of overhead to load. If you only could cache the translation load time, you would save a lot of page load time. We can easily cut 90% of our WordPress translations loading time.Read More Cut 90% of your WordPress translations loading time
Wouldn’t it be cool if you, in your PHP project could define a package that makes sure that everybody who even tries to commit code is forced to follow the project’s defined coding standards? Yeah, me too. So I created this Composer plugin you can use in your projects.Read More Git Pre-commit Hook for WordPress projects
Generating the menus in WordPress is quite resource intensive. Sites with few visitors and few menu items might not notice this much. But if you have a large amount of menu items, like in a mega menu, in combination with a lot of visitors the menu generation can be a real hog on your server’s […]Read More Speed up the output by 1000x with a WordPress menu cache
Recently DigitalOcean released new pricing plans where they basically doubled the RAM for the same price of the old plans. But to get the benefits for your existing droplets, you have to upgrade all of your existing droplets in a process that involves shutting them down, selecting the new plan, waiting for the upgrade to […]Read More Automate the upgrade of your DigitalOcean droplets
Whenever you upgrade a plugin, theme or WordPress itself through the WordPress dashboard, WordPress will put itself in maintenance mode and all your visitors will see the maintenance mode notice “Briefly unavailable for scheduled maintenance. Check back in a minute.”Read More Customize the WordPress maintenance mode page
The resources you have available to spend on WordPress security for your website usually vary vastly whether you’re an international corporation or just a hobbyist blogger. But since most attacks are automated by bots looking for vulnerabilities, a lot of the threats are the same. Here are some WordPress security measures that bloggers and small […]Read More WordPress security for the casual blogger or small business with limited resources
If you google “functions.php” you get about 7 million results. I bet most of them contain bad advice: “How to add functionality to your WordPress site”. Some of them continue even worse: “[…] without using a plugin”. For your own good, don’t edit functions.php to add custom functionality to your WordPress site. You can use […]Read More Use mu-plugins for adding custom functionality to your WordPress site
Since I translate a lot of WordPress themes and plugins, I sometimes come across plugins who try to be clever with their translations. This tends to not work so well in reality.Read More Don’t be “clever” with the translatable strings in your WordPress plugin or theme
I’ve been using, and advocating for others to use, Yoda conditions for a long time. Sometimes, I read or hear about someone who doesn’t like them, without actually describing why. From time to time I read a blog post that advocates against it: And it’s always the same reason.Read More Do people struggle with Yoda conditions for real?
As you may know, WordPress sends out email notifications from time to time. Actually, as of WordPress 4.8.1, there are 24 different occasions when WordPress will send an email message. Don’t you think it would be useful to have a reference of all outgoing WordPress emails?Read More A reference of all outgoing WordPress emails
During WordCamp Europe 2017 in Paris, there was a Q&A session with Matt Mullenweg. I wanted to ask him a question, but due to high demand and restricted time, I never got to ask him. I guess Matt is a busy person, so I don’t expect him to actually answer this question himself. But maybe […]Read More The bus factor in the WordPress project
UUIDs (Universally Unique IDentifier), also known as GUIDs (Globally Unique IDentifier), is a string that identifies a piece of information in computer systems. WordPress use GUIDs to identify each individual post, but use URLs (kind of) for GUIDs, and thus does not follow the standard definition (RFC 4122) of a UUID (or GUID).Read More Proper RFC 4122 UUIDs as GUIDs in WordPress
Email is fundamentally insecure. There are such a plethora of issues with it, it is crazy to think about the kind of information sent with it. It is probably even crazier when you realize we’ve had a solution for sending secure email since 1991.Read More Secure email: Encrypt and sign your emails with PGP/GnuPG
This weekend I was at WordCamp Berlin, met a lot of great people, and watched a lot of interesting presentations. WordCamps are actually quite informal by themselves, but at the afterparties, people are really letting their shoulders down and it often seems like people are long-time personal friends. If you open up to it, it […]Read More Six reasons why I love WordCamps
Many ISPs and other DNS providers are slow or inject ads, track you, hijack DNS queries or do other nasty stuff. To mitigate this, you should use a fast, reliable and free service that respects your DNS privacy.Read More DNS privacy: Use a DNS provider that doesn’t track you
This is the second post in my series of posts on some of the tools I use to stay a little safer and protect my privacy online. With self-destructing cookies, you get a clean sheet even with those who don’t respect the Do-Not-Track header.Read More Self-destructing cookies: Real, forced Do-Not-Track for your privacy
WordPress doesn’t use a nonce for the login form, which opens up for you to perform a WordPress session donation attack.Read More How to perform and mitigate a WordPress session donation attack
If you’re utilizing the browser cache correctly, you’ll gain huge performance benefits for your users, as well as save bandwidth and server capacity which equals to saving money. To do this right, you must create unique URLs for all versions of your resources, and tell them to never ask for the content again by telling […]Read More Immutable assets with unique URLs in WordPress for enqueued JS and CSS files
I’m running a series of posts on some of the tools I use to stay a little safer and protect my privacy online. Here’s how you can get much better secure messaging on your phone using the Signal app.Read More Secure messaging on your phone with the Signal app
Tavis Ormandy from Google’s Project Zero contacted Cloudflare to report a security problem with their service. It turned out that in some unusual circumstances, they would bleed memory that contained private information.Read More How CloudFlare handled CloudBleed
Inspired by how Facebook assists their users when they log in, I decided to implement something like the same for WordPress.Read More Giving users a helping hand when authorizing them in WordPress
More and more users are using adblockers or surfing the web via private browsing with tracking protection. But this also affects your web analytics, as the blockers also will block analytics tracking – not only third party services like Google Analytics, but also self-hosted solutions like Piwik.Read More Tracking visitors with adblockers
So, you’ve launched your WordPress site on a non-www domain, like example.com, but since then found out that running it on on www, like www.example.com, is better and want to move? You’re in luck, because it is really easy.Read More Move your WordPress site from non-www to www domain
For 20 years or so, there has been the debate over whether you should use www or not in your web site’s canonical hostname. So should you use www or not?Read More To www or not to www – Should you use www or not in your domain?
“A healthy Internet needs all of us”, Mozilla states. And they’re right.Read More Keep the internet healthy – Internet for people, not profit.
If you have someone’s public SSH key, you can use OpenSSL to safely encrypt a file and send it to them over an insecure connection (i.e. the internet). They can then use their private key to decrypt the file you sent.Read More Encrypt and decrypt a file using SSH keys
Field Manager doesn’t have a flexible content field type as Advanced Custom Fields Pro does, but it is possible to mimic the functionality by using a little logic.Read More Flexible Content Fields in Field Manager
Publishing open source software or articles for free is very giving. Not only does it give you a warm fuzzy feeling inside when someone appreciates what you release, but it can also have other indirect consequences that give you a happier life. But when something is free – as in no cost – people will […]Read More Do you want my time for free?
I very much appreciate comments that bring new insights, corrects my errors, or leaves a thank you note. But even so, it is a bit tedious to moderate comments. Though logging into WordPress – even with two-factor authentication enabled – isn’t much of a hassle, it is still a nuisance when you just want to […]Read More Moderate WordPress comments with WP-CLI
Nginx is an extremely efficient and quite flexible web server. When you want to do a redirect in Nginx, you have a few options to select from, so you can choose the one that suits you best to do an Nginx redirect.Read More How to do an Nginx redirect