WordPress Blue Ball Wallpaper Collection: Ball and Notebook

Mike Challis, the long-standing original author of the “Fast Secure Contact Form” plug-in posted an article here about what suddenly happened to the plug-in he made available for WordPress users for so long.  Shame, because this was a great, stable plug-in and it always seemed to work no matter what kind of theme you used.  I just noticed it was removed so I will be taking the steps of removing it from any of my sites as well and I recommend to any web developers who have this on their site that they do the same IMMEDIATELY.

In the explanation linked above, Mr. Challis cites this report from Wordfence showing other plug-ins that have been compromised by nefarious spammers.  Now, Mr. Challis had sold his plug-in, so we know he’s not responsible for what someone who purchases software does to the code afterwards, but this incident does highlight a vulnerability inherent in a community-driven, open-source platform like WordPress and the vulnerability the 23% (and growing) of websites who use WordPress are exposed to.  Not to mention the fact that the millions of WordPress users and their organizations are exposed to real threats to their data and systems.  In addition to that, WordPress takes a hit to its reputation along with innovative software developers like Mr. Challis.

Plug-in Author Reputation

This incident highlights another risk we web developers are exposed to and that is the risk to our reputations.  I don’t blame Mr. Challis for wanting to “cash out” by selling his plug-in, that’s what many developers strive to do, it’s what motivates many to innovate, and that’s understandable.  This is another wake up call!  If you are a PHP developer and wish to sell a WordPress plug-in, it is highly advised to provide stipulations in the sale transfer that the purchasing party agrees to uphold the quality standards and a promise not to dilute the reputation of the plug-in by using any tactics that could inadvertently tarnish the reputation of the original author.

One of these easiest ways to know if a plug-in is reliable is by seeing who its author is.  Mr. Challis’s name was always synonymous with software stability and I will continue using any of his other plug-ins, but I do wonder what the best solution for these situations is.  In this situation, something so commonplace as contact forms on a website should be a core component of WordPress anyway.  I know installing JetPack, which is freely distributed (at this time) by WordPress provides a contact form out of the box, but this incident raises other concerns regarding security, safety, innovation and integrity.

We don’t want WordPress to clamp down too hard on plug-in authors because that will affect innovation, but at the same time, any plug-in updates that attempt spam tactics or security breaches should never make it to the repository and notices in the plug-in manager should be made very prominent so all users are aware of such incidents faster.  These should be the highest level of WordPress alerts that even warrant emailing the WordPress owners.  A more immediate response should help the community more actively police our themes and plug-ins and ensure swifter retribution towards those trying to compromise the integrity of the WordPress community, which hurts everyone including WordPress, web developers, and any organization who uses WordPress.

It was bound to happen, the very reliable Mesocolumn WordPress theme finally made an entry in a website’s fatal error logs.  I make a habit of examining website error logs, if you have a business with a web department, insist that they regularly scan and check your website error logs or subscribe to a service or has a script that can report 500 errors immediately.

Here was the error that cropped up:

[22-Apr-2016 09:27:05 UTC] PHP Fatal error: Call to undefined function get_theme_option() in /webroot/prolificfutility.com/public_html/wp-content/themes/mesocolumn-child/footer.php on line 119

500 server errors are never pleasant, it’s a fact of life if we don’t dedicate QA time to test, test and then test the sites again and again.  There is a point of diminishing returns of dedicating too much time to testing because that takes time away from web development, you know, actually creating coding solutions?!

Fixing WordPress 500 errors

This was an easy fix, because the error was easy to spot in the logs — get_theme_option function was undefined and there was a condition in the footer that called on it, so I simply wrapped the condition throwing the error first with this check:

if (function_exists('get_theme_options')) {
 // execute other code that was in the child theme here...

It’s not an ideal fix, but since I didn’t have time to investigate further, at least the page would continue loading if the get_theme_options() function was actually deprecated from the theme during a recent update.  It’s all about prioritizing your web development tasks to make sure you are optimizing your code production and in the context of other due dates, projects and considering the ROI of this task, it’s way down on the priority list.  So far down it will probably never be addressed since, truthfully, there are usually much more important and profitable web development tasks to perform.  Perhaps the next update it will fix itself, there’s no harm in doing an extra check to see if the function exists, even if they bring it back.

The more important benefit is that the page continues to load without throwing a fatal error, which is not only bad for SEO, it’s bad for the UX of every visitor and that’s always something that’s top on the priority list!

I added some new improvements to the “Insert Script” WordPress plug-in.  You can now declare a JSON string and it will parse it out as $json_vals_arr, an array that gets passed directly to your external PHP script.

You can also declare “strings” instead of “vals” as a GET URL string like:  “strings=’variable1=value1&variable2=value2&etc=andSoOn'”.

To download the most recent version, type in “Insert Script” and select the plug-in author “Aaron Belchamber”.  To learn more, visit the official Insert Script WordPress Plug-in Page.  This is a simple and clean way for WordPress PHP developers looking to integrate external scripts and content within a WordPress page, post, or widget.

Sometimes, I wonder if the WordPress community doesn’t create some over-complication of things just because it can.  I came across the term “texturizing” when I was developing another WordPress plug-in.  I ignored the warning before but figured it warranted a second look.  After all, it sounds like it could affect something on one of our WordPress sites, right?!  What on earth does “texture” refer to in the context of the web?!

I had 5 minutes and I do not like to leave things to chance — hardly a luxury when you’re in charge of a bunch of national websites.  Why haven’t I heard of “texturizing” before?!  I thought.  We technical “experts” have to know more than others, after all.  Our jobs and livelihood depend on it.  I had to find out, so I searched the web and found this link:


At this link, I learned what “texturizing” in WordPress means.  To save you the suffering of visiting its usually out-dated and anemic reference guide, it means replacing normal quotes with fancy quotes.

Really?  File this one away in the “I heard of that but don’t think it’s very important directory” in your mind.  In other words, forget it.  Sorry to even have wasted your time with this one, but in case someone stumbles on it through some miracle of web search sorcery, now you know, now only if we could sound smart saying “is that website texturized properly?!”  At least that could be “fun”.  Notice the quotes around “fun”?!   🙂

Looking for a PHP, Symfony, Magento, WordPress, MySQL expert?  We have you covered!

The “Insert Script” Simple WordPress Plug-in uses an “insert_script” shortcode to insert external scripts into WordPress content.

I developed a simple WordPress plug-in that allows WordPress owners to call and execute external scripts from within their web root folder. It can be HTML, Javascript, CSS, or even PHP that executes first. You can even pass different attributes to your scripts so when the script is inserted the properties and/or variables are defined beforehand, allowing the script, if it’s dynamic to process the data based on the attributes defined.

Creating a WordPress plug-in as a PHP class is always the best way to keep your code encapsulated while avoiding collisions with any other WordPress globals and other plug-ins. It’s a little more work than the old way of declaring a function, but it’s worth it. First of all, you aren’t joining the continuous accommodation of procedure monstrosities that the WordPress architecture seems to welcome despite the consequences that come with not using OOP encapsulation.  They should simply BAN procedural plug-ins and make all WordPress sites more stable overnight.

Insert Script WordPress Plugin Screenshot

To see a screenshot, view the help page and download the “Insert Script” WordPress plug-in, click here.

I found the need to bring in external content that could talk to legacy systems, pull information from another database, make API calls from another website, even pull in reports from a COBOL-based legacy monstrosity for a luxury jewelry retailer and show the results within a WordPress page as part of the dynamic content.  Need to show the price of gold at any given moment?  This plug-in bridges the gap between your WordPress, non-technical guru and your web developers.

Save a lot of time and trouble by separating concerns and allowing those laymen who are too lazy to learn real web programming to insert your heavy lifting with this simple but very powerful “Insert Script” WordPress plug-in.  If found this simple conduit between WordPress and other external scripts and code was efficient and safe for extending WordPress content to meet any organization’s or business’s needs.  I hope you do too!

– Aaron Belchamber