Here is a small enumeration of the ways that I’ve improved security at bradkovach.com
- Full-time HTTPS is available for all bradkovach.com domains. My certificates are signed by DigiCert.
- HTTP Strict Transport Security is enabled. For compatible browsers (Firefox, Chrome), they should flatly refuse to communicate with bradkovach.com unless HTTPS is available. This affects all subdomains.
projects.bradkovach.com will return 406 Not Acceptable for any clients that do not attempt to communicate over HTTPS.
bradkovach.com will redirect traffic to HTTPS if any requests are made over HTTP. This is a potential security risk as the request path and query string will be exposed prior to the redirect. Since the contents of bradkovach.com are public, the trade-off was made in the interest of convenience.
- I have taken down my public email address and now request that you use my Secure Message form. I will receive your message via email and use PGP to decrypt it. Optionally, you can use this facility to securely send me your public key so that we may begin secure correspondence. By design, no sensitive information is exposed in email headers.
- My Secure Message form is available as a free plugin so that you can also accept encrypted email from your visitors.
- I recommend that your site use HTTPS full-time with this plugin.
- There is no client-side encryption at the moment, which might compromise the security of the message when HTTPS isn’t used.
- It is licensed GPLv2.0 in accordance with its relation to the GPG project as well as WordPress.
- Download and Installation details can be found at the GitHub repository.
- Please feel free to send a pull request if you would like to improve the plugin.
- I will package the plugin for the WordPress Plugin Repository soon.
I’ve been working on a WordPress theme lately. It’s a theme designed for non-profit organizations, but it could work well for almost any organization.
It is MIT Licensed (compliant with GPLv2).
It has full support for…
- Theme Customization
- Header color
- Logo (keep it under 75 px tall)
- Header Images
- Post Thumbnails
- Attachment alignment
It includes other goodies, too…
- Non-profit Summary Shortcode
A shortcode that uses the ProPublica Nonprofit API to generate a page of information about your 501(c)(3) organization, including summaries of non-profit financial activity. Insert the shortcode
[civique_summary] to display the non-profit rundown.
- Fundraiser Progress Widget
Add the Civique Fundraiser Widget to your sidebar to easily show progress on one or many fundraisers. Add as many fundraisers as you need. They will show a progress bar, and a link to an online donation page, if you include it.
It is an open-source project hosted by the United Way of Albany County.
This isn’t quite as robust as what I usually find over at GenerateWP, but it’s certainly handy, and it makes it easy to correctly link your settings to groups to controls.
There are some limitations
- No support for non-
text WP_Customize_Control elements. This is an easy fix, and you should reference the official WordPress API Documentation for more help.
- It is an Excel spreadsheet. It SHOULD open in OpenOffice/LibreOffice/Google Spreadsheets, but I make no guarantees, nor have I attempted to test these claims.
Download WordPress Theme Customization API Generator (Excel Spreadsheet)
Copyright (c) 2014 Brad Kovach
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the “Software”), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
I have been working on some exciting new WordPress things that I plan on releasing in compliance with the GPL.
First, since there wasn’t a decently simple (free) front-end profile management system, I decided to write one if my own. It is completely customizable with short codes and allows you to validate input with regular expressions before you save the data. All of this is controlled in the post editor. It is nonced using WordPress’ nonce API. It’s pretty elegant in its implementation.
Next, I plan to release some sort of iteration of my SCSS/CSS and WordPress template framework tools. I have tons of code generation spreadsheets that make grid design and implementation a piece of cake. Provide a couple parameters and the spreadsheet will calculate responsive grids. The grid is based on 6 columns and intelligently resizes all the way down to small screens. I have spreadsheets to make a lot of development work easier. It would be a shame if I didn’t share.
Twitter Tools is defacto Twitter-WordPress integration software, but it has one glitch that is easy to fix: tweet posts are formatted so horribly, it’s criminal.
By default Twitter Tools places the full text of a Tweet in post_content, and an abbreviated, ugly version of the tweet in post_title. This is fine, because there are (usually, depending on your theme) formats for the proper display of a status.
Open twitter-tools.php. After line 515, which reads
add_post_meta($post_id, 'aktt_twitter_id', $tweet->tw_id, true);
type a new line that reads
Next time Twitter Tools fetches tweets, it will format them as statuses.