WPSmith | Blogging about WordPress, the Genesis Framework and Various Plugins

Jun 20 2011

Best Plugins for Creating Custom Post Types

Do you hate coding and simply want a graphical user interface to create custom post types? Or would you rather use a plugin to save time to create custom post types? While I personally believe hand coding the custom post types and the metaboxes are easier, there are some really good plugins that will help you accomplish all that you want to accomplish with Custom Post Types.

So here are my Top Custom Post Type Creating Plugins.

Premium

Easy Content Types: Easy Content Types provides an extremely easy to use and intuitive interface for creating custom post types, taxonomies, and meta boxes. It allows for custom categories, custom tags, and custom input fields.
GD Custom Posts And Taxonomies Tools: Can be used to expand custom taxonomies and custom post types support. Plugin adds many tools including custom post types and taxonomies management and widget for taxonomies terms cloud.
Post Type Constructor Kit: PCK is a suite of plugins consisting of the post type constructor kit, meta boxes kit, role manager kit, and widget kit giving the possibility of 15 different types of metaboxes including text, WYSIWYG, radio, checkbox, select box, image, file, date and time, tab, gallery, panorama viewer, contact form, comments, youtube, and Google map. This plugin also has a forum support channel apart from WordPress.
WPMU Dev's CustomPress: The ultimate plugin for transforming WordPress from a blogging platform into a full blown CMS system using your own custom post, taxonomies and custom field creator. And combine this with the Recent Custom Post Type Widget for even further usability.

Free

Custom Post Type UI: Great interface, ability to create taxonomies, good support community. Lacks custom field creation functionality; however, only free plugin to export to proper universal PHP code. Plugin Site.
More Types: Integrates perfectly with More Taxonomies, to create additional taxonomies besides Categories and Tags, and More Fields, to create additional input fields easily. More Types has the ability to assign additional features beyond the typical WordPress supports to include theme based features like genesis-seo, etc. While More Types is a standalone plugin, combined with the suite of More Plugins, it is robust and powerful. More Plugins Site.
WP Easy Post Types: Can select columns to show. In-built custom field creation (albeit limited) that will be attached to your new custom post type, and each field will be saved in the WordPress database as a custom field to take advantage of the WordPress query rules. However, it has a somewhat "confusing" Admin menu and support is not free. This could be a premium plugin.
Ultimate Post Type Manager: This is an Easy to use Plugin to Create, Customize, Manage Custom Post Type. Do all you want to do with you Posts. It can also be used with Ultimate Taxonomy Manager.
Content Types: Content Types is a WordPress plugin that helps you create custom content types in WordPress. It allows for custom categories, custom tags, and custom input fields. From what I can tell, this is the only plugin that makes some metabox/custom fields required for posting.
WP Post Type UI: Inspired by "Custom Post Type UI" this plugin that gives you what have always wanted for creating dynamic post types and custom taxonomies in WordPress. The UI is made in true WP style, with a smooth integration to give nice and easy access to create and edit post types and taxonomies.
GD Custom Posts And Taxonomies Tools: Can be used to expand custom taxonomies and custom post types support. Plugin adds many tools including custom post types and taxonomies management and widget for taxonomies terms cloud. For a comparison with the pro version: see the comparison chart.
Simple Custom Post Types: Makes managing custom post types even simpler, removing the need for you to write any code. Excerpt update your theme. This plugin provides a nice interface and easy access. The plugin provides almost all the parameters of the WordPress CPT API. It is possible to manage the permissions of custom post types such as articles or pages. Or create a full set of custom permissions.
Custom Content Type Manager: Create custom content types (AKA post types), standardize custom fields for each type, including dropdowns and images. This gives WordPress CMS functionality making it easier to use WP for eCommerce or content-driven sites. Plugin Site.
Custom Press: Custom Press allows you to easily add your own custom post types and custom taxonomies into WordPress, which you can also toggle on and off more advanced options for creating custom post types and custom taxonomies. It also features an ‘Embed Code’ option is available if you would prefer to put your custom post types and custom taxonomies directly into a theme or plugin.
CMS Press: CMS Press opens up the ability to create and manage custom content types and taxonomies for your WordPress site. It adds the flexibility to have more than just posts and pages for content by allowing the user to register their own post_types that can use their separate theming from the post and page template along with its own permalink structure.

Jun 17 2011

Security for Your WordPress Site: Processes, Passwords, & Plugins

One of the most important things to consider when developing a site for a client is client education and training on site security. While it is true, that once we develop a site for someone, information security belongs to them. We could have implemented all the best WordPress security plugins and processes, but if the user has a poor password then it will only be a matter of time before they are exploited.

So, first and foremost information security, site security, belongs to both the developer and the client. As far as the client is concerned, if their site gets hack or there is a problem with the site due to security vulnerabilities, the first person they will blame is the developer. However, if we educate our clients on the importance of information security, while it may be their tendency to blame the developer, it may not be their first recourse. Simply speaking, information security is everyone's responsibility.

Most of this information was obtained from WordCamp Phoenix Security Presentation by WPVibe.com co-founder Dre Armeda along with CEO and founder of Webdev Studios, Brad Williams.

So what are some security tips around passwords, plugins, and processes?

Processes

Browser Processes
1. Use a secure connection whenever possible, e.g., https://.
2. Use NoScript FireFox extension if you use FireFox.
FTP Processes
1. Use sFTP or SSH instead of normal FTP. FTP passes passwords unencrypted.
2. Don't store creditials in FTP client. As tempting as it is to have browsers and FTP clients remember your credentials, avoid doing this.
Hosting
1. Use hosts that talk about security. Free hosting is nice, but the cost of recovering a site may not be worth it.
2. Purchase a SSL certificate from your hosting company.
WordPress
1. Update WordPress! Minor WordPress versions (3.0.x, 3.1.x, 3.2.x). WordPress is open source and once they find a vulnerability, it is known. And if your site has not been updated, then all the hackers in the world know how to hack your site. Minor versions don't necessarily need development testing. Major releases (3.0,3.1,3.2) should be tested in a development/staging environment before implementation.
2. Update Plugins! Read the changelog and details to determine if new features are introduced. This is where you can check those change details to determine whether the plugin is adding new features, patching issues or known problems, or is a security upgrade.
3. Change database table prefix. The default is wp_ and everyone knows this. However, if you change it to something unique. The famous five minute install has a place for you to do this upon installation. However, there are also plugins that will help you change this. And if you know phpmyadmin and mySQL, the prefixes can be changed rather easily. See also my pictorial guide: Pictorial Tutorial on WordPress Security: Change the WP_ Prefix
4. Use Secret Keys with your wp-config.php. To get your secret keys visit the WordPress Secret Keys API. It's a hashing salt for your cookies on your computer. Newer installations have this in them already; however, older installations may not have it. So if you started with an older WordPress installation and have upgraded, you may want to check to make sure these are in place. Changing these on a live site will only render current cookies invalid and will have no adverse affects on the site.
5. Lockdown WP Login and WP Admin. Add the following code in wp-config.php to force SSL on login and on all Admin pages. Using SSL (https) on all admin screens in WordPress will encrypt all data transmitted with the same encryption as online shopping.
  On login only
  [php]define( 'FORCE_SSL_LOGIN' , 'true' );[/php]
  On admin pages
  [php]define( 'FORCE_SSL_ADMIN' , 'true' );[/php]
6. Create .htaccess file in your wp-admin to lockdown IP addresses. Add the following lines of code to your .htaccess:
  [html]
  AuthUserFile /dev/null
  AuthGroupFile /dev/null
  AuthName "Access Control"
  AuthType Basic
  order deny,allow
  deny from all
  #IP address to Whitelist
  allow from 67.123.83.59
  allow from 123.123.123.123
  [/html]
  This example will only allow a user with the IP 67.123.83.59 or 123.123.123.123 to access wp-admin. However, also note that IP addresses do change, and if you are locked you can go into the file edit it to include your new IP address or you can simply delete the file. Also, this file will not be deleted on WordPress upgrades since it does not belong to WordPress core.
7. Move wp-config.php. WordPress features the ability to move the wp-config.php one directory above your WordPress root. So if your WordPress wp-config.php file is located public_html/wordpress/wp-config.php you can place it to public_html/wp-config.php.
8. Disable WordPress Generator Tag. Viewing the source on most WordPress sites will reveal the version they are running. This helps hackers find vulnerable installations or older versions. To remove the code, find the following code in your header.php and remove it.
  [html]<meta name="generator" content="WordPress <?php bloginfo['version'];?>" />[/html]
  The wp_head() function also includes the WP version in your header. To remove it, add the following to your functions.php file:
  [php]remove_action( 'wp_head' , 'wp_generator' );[/php]
  Themes and plugins may also output their versions, but some may have an option to remove it, such as the Genesis Framework.
9. Use Trusted Sources for Themes and Plugins. Use WordPress.org. Themes found elsewhere may have some base64() code that can break your site or just add some black hat SEO. Instead of solely relying on Google or your favorite search engine, use these trusted sources:
10. Don't use admin for your username. All WordPress installs before WordPress 3.0 had an admin install. Change the admin username in MySQL:UPDATE wp_users SET user_login='hulkster' WHERE user_login='admin';. Or:
  1. Create a new account with a unique username
  2. Assign account to Administrator role
  3. Log out and log back in with new account
  4. Delete admin account (WordPress will allow you to reassign all content written by admin to an account of your choice.)
11. File/Folder Permissions. Good rule of thumb:
  - files should be set to 644
  - folders to 755
  - If your host requires 777, switch hosts.

Passwords

Use different passwords for your different sites.
Use a password management tool
Change passwords often
Don't ever share your passwords with anyone

Plugins

Security Plugins:

WordPress Exploit Scanner
WordPress File Monitor
Login Lockdown
AskApache Password Protect
BulletProof Security
Secure WordPress
BackupBuddy: Contains a Malware scanner module
See also WP Smith: The Best Security Plugins for WordPress 3.0+

Backup Plugins:

Website Scanning Tools

Malware Removal

Security Related Codex Articles

Blog Security Articles **Beware of DATE published!

Info graphic by WPBeginner:

Jun 17 2011

Helpful Custom Post Type and Custom Taxonomy Functions

Here are two great posts regarding custom post types' functions: An Important Update: WordPress 3.0 Post Types And Taxonomies, from New2WP written by Jared (@Tweeaks), and Custom Post Types in WordPress from Justin Tadlock (@justintadlock). that I wanted to reproduce in part in this series.

The following are functions you can use for various things related to post types. The function name is linked to the line in /wp-includes/post.php where it is created for those that would like to check out the source code which makes them work. I've also added a short description for each that is used in the source to describe them [slightly modified by Travis Smith].

Post Type Functions:

post_type_exists() - Checks if a post type is registered.

is_post_type() - Checks to see if current post is of a specified post type.
[php]<?php
if ( is_post_type( 'zombie', $post_id ) )
echo 'This is a not a blog post. It is a zombie!';
else
echo 'This is not a zombie. [insert sad face]';[/php]

is_post_type_hierarchical( $post_type ) - Whether the post type is hierarchical. A false return value might also mean that the post type does not exist.

get_post_type( $post ) - Retrieve the post type of the current post or of a given post.

get_post_type_object( $post_type ) - Retrieve a post type object by name.

get_post_types( $post ) - Get a list of all registered post type objects.

$args - An array of key => value arguments to match against the post type objects.

$output - The type of output to return, either post type 'names' or 'objects'. 'names' is the default.

$operator - The logical operation to perform. 'or' means only one element from the array needs to match; 'and' means all elements must match. The default is 'and'.

Returns an array listing post type names or objects.

get_post_type_object() - Retrieves a post type object by name
[php]$post_type = get_post_type_object( 'zombie' );

if ( $post_type->show_ui )
custom_function_name();
[/php]

register_post_type() - Register a post type. Do not use before init.

A simple function for creating or modifying a post type based on the parameters given.

The function will accept an array (second optional parameter), along with a string for the post type name.

get_post_type_capabilities() - Builds an object with all post type capabilities out of a post type object.

Accepted keys of the capabilities array in the post type object:

edit_post - The meta capability that controls editing a particular object of this post type. Defaults to "edit_ . $capability_type" (edit_post).

edit_posts - The capability that controls editing objects of this post type as a class. Defaults to "edit_ . $capability_type . s" (edit_posts).

edit_others_posts - The capability that controls editing objects of this post type that are owned by other users. Defaults to "edit_others_ . $capability_type . s" (edit_others_posts).

publish_posts - The capability that controls publishing objects of this post type. Defaults to "publish_ . $capability_type . s" (publish_posts).

read_post - The meta capability that controls reading a particular object of this post type. Defaults to "read_ . $capability_type" (read_post).

read_private_posts - The capability that controls reading private posts.Defaults to "read_private . $capability_type . s" (read_private_posts).

delete_post - The meta capability that controls deleting a particular object of this post type. Defaults to "delete_ . $capability_type" (delete_post).

get_post_type_labels( $post_type_object ) - Builds an object with all post type labels out of a post type object.

Accepted keys of the label array in the post type object:

name - general name for the post type, usually plural. The same and overriden by $post_type_object->label. Default is Posts/Pages

singular_name - name for one object of this post type. Default is Post/Page

add_new - Default is Add New for both hierarchical and non-hierarchical types.

add_new_item - Default is Add New Post/Add New Page

edit_item - Default is Edit Post/Edit Page

new_item - Default is New Post/New Page

view_item - Default is View Post/View Page

search_items - Default is Search Posts/Search Pages

not_found - Default is No posts found/No pages found

not_found_in_trash - Default is No posts found in Trash/No pages found in Trash

parent_item_colon - This string isn't used on non-hierarchical types. (In hierarchical ones the default is Parent Page)

_get_custom_object_labels() - Builds an object with custom-something object (post type, taxonomy) labels out of a custom-something object

add_post_type_support( $post_type, $feature ) - Register support of certain features for a post type.

All features are directly associated with a functional area of the edit screen, such as the editor or a meta box:

'title',

'editor',

'comments',

'revisions',

'trackbacks'

'author',

'excerpt',

'page-attributes',

'thumbnail',

'custom-fields'

Additionally, the 'revisions' feature dictates whether the post type will store revisions, and the 'comments' feature dicates whether the comments count will show on the edit screen.

remove_post_type_support( $post_type ) - Remove support for a feature from a post type.

post_type_supports( $post_type, $feature ) - Checks a post type's support for a given feature.

set_post_type( $post_id = 0, $post_type = 'post' ) - Updates the post type for the post ID.

$post_id Post ID to change post type. Not actually optional.

$post_type Optional, default is post. Supported values are 'post' or 'page' to name a few.

Return int Amount of rows changed. Should be 1 for success and 0 for failure.

get_posts() - Retrieve list of latest posts or posts matching criteria.

The defaults are:

'numberposts' - Default is 5. Total number of posts to retrieve.

'offset' - Default is 0. See { WP_Query::query() } for more.

'category' - What category to pull the posts from.

'orderby' - Default is 'post_date'. How to order the posts.

'order' - Default is 'DESC'. The order to retrieve the posts.

'include' - See { WP_Query::query() } for more.

'exclude' - See { WP_Query::query() } for more.

'meta_key' - See { WP_Query::query() } for more.

'meta_value' - See { WP_Query::query() } for more.

'post_type' - Default is 'post'. Can be 'page', or 'attachment' to name a few.

'post_parent' - The parent of the post or post type.

'post_status' - Default is 'published'. Post status to retrieve.

Functions For Taxonomies You Should Know About

The following are functions which you can use when working with taxonomies. I'm not going to link to the line of each function or include descriptions of each since the file which contains them is way smaller than posts.php where the post type functions are, so if you're interested in viewing the source of these you should've have a hard time finding the line they are on.

The functions which make up taxonomies are located in /wp-includes/taxonomy.php of the WordPress source.

get_taxonomies() - Get a list of registered taxonomy objects.

get_object_taxonomies() - Return all of the taxonomy names that are of $object_type.

get_taxonomy() - Retrieves the taxonomy object of $taxonomy.

taxonomy_exists() - Checks that the taxonomy name exists.

is_taxonomy_hierarchical() - Whether the taxonomy object is hierarchical.

register_taxonomy() - Create or modify a taxonomy object. Do not use before init.

get_taxonomy_labels() - Builds an object with all taxonomy labels out of a taxonomy object

register_taxonomy_for_object_type() - Add an already registered taxonomy to an object type.

get_objects_in_term() - Retrieve object_ids of valid taxonomy and term.

get_term() - Get all Term data from database by Term ID.

get_term_by() - Get all Term data from database by Term field and data.

get_terms() - Retrieve the terms in a given taxonomy or list of taxonomies.

is_term() - Returns the index of a defined term, or 0 (false) if the term doesn't exist.

sanitize_term() - Sanitize Term all fields.

wp_count_terms() - Count how many terms are in Taxonomy.

Default $args is 'hide_empty' which can be 'hide_empty=true' or array( 'hide_empty' => true ).

wp_insert_term() - Adds a new term to the database. Optionally marks it as an alias of an existing term.

wp_set_object_terms() - Create Term and Taxonomy Relationships.

get_term_children() - Get the subset of $terms that are descendants of $term_id.

get_term_link() - Generates a permalink for a taxonomy term archive.

the_taxonomies() - Display the taxonomies of a post with available options.

get_the_taxonomies() - Retrieve all taxonomies associated with a post.

get_post_taxonomies() - Retrieve all taxonomies of a post with just the names.

Jun 16 2011

How to Change the Title Text for Your Custom Post Type

Have you ever wanted to use the Title section, but didn't want to call it Title? Surely, many of you have wanted to change the text in the title entry bar from the standard 'Enter title here' to something more specific for your custom post type. Well, WordPress has a filter for it.

[php]<?php
// Change 'Enter Title Here' text for a CPT
function wps_change_default_title( $title ){
$screen = get_current_screen();
$wps_cpt = 'wps_mycpt';

if ( $wps_cpt == $screen->post_type ) {
$title = 'Enter Staff Members Name Here'; //change this to whatever you'd like
}

return $title;
}

add_filter( 'enter_title_here', 'wps_change_default_title' );
[/php]

Jun 13 2011

How to Add a Log In/Log Out Link to a Specific Custom Menu

If you are like me, you may use a framework or theme that supports multiple menu locations. In a previous post, I discussed how to add a login or logout menu item based on menu location. However, if you use the custom menu widget, this tutorial won't help you.

Also, if you are like me, you may want to be able to customize the Log In or Log Out to Sign In or Sign Out. So to add a customized log in or log out menu item at the end of the menu, add this to your functions.php:

[php]
add_filter('wp_nav_menu_items', 'wps_add_login_logout_link', 10, 2);
function wps_add_login_logout_link($items, $args) {
$login = __('Sign in');
$logout = __('Sign out');

//use one of the following methods of identification
$menu_id = '34';
$menu_name = ''; //name you gave to the menu
$menu_slug = ''; //slug of the menu, generally menu_name reduced to lowercase

if ( ! is_user_logged_in() )
$link = '<a href="' . esc_url( wp_login_url($redirect) ) . '">' . $login . '</a>';
else
$link = '<a href="' . esc_url( wp_logout_url($redirect) ) . '">' . $logout . '</a>';

if ( ($menu_id) && ($args->menu->term_id == $menu_id) )
$items .= '<li>'. $link .'</li>';
elseif ( ($menu_name) && ($args->menu->name == $menu_name) )
$items .= '<li>'. $link .'</li>';
elseif ( ($menu_slug) && ($args->menu->slug == $menu_slug) )
$items .= '<li>'. $link .'</li>';

return $items;
}
[/php]