WordPress plugin – Custom Admin columns for sorting and filtering

This plugin adds the capability to add custom columns to any post type to provide sorting and filtering of posts using those columns.

Download the plugin

Download the plugin from the wordpress plugin repository

Installation

To install the plugin follow below steps

  1. Upload the plugin files in wp-content/plugins folder (same as any other wordpress plugin)
  2. Activate the plugin

Configuration

Open the settings page “Custom Admin Columns for Sorting and Filtering”

As shown in the below screenshot add the extra fields and labels in comma separated format to the required post type

Settings screen for Admin custom columns

Custom columns will then appear on the respective post listing

Custom Weight column
Custom Weight column
Custom weight filter
Custom weight filter

 

How to create wordpress options page

Creating WordPress options page in Dashboard for your own plugin is quite simple. Generally it is used to set global preferences for your plugin which you want to let the users customise as per their requirement.

We will create a settings screen by creating a class as that is the simplest way of creating your own options page for your custom plugin.

It can be done in 5 simple steps

  1. Declare Class for the settings Page
  2. Add the page in the settings menu
  3. Register your settings
  4. Create the backend options
  5. Finally generate the options page

Here is the entire code

Now we will discuss each function in detail

First of all we have named our class as someCustomPluginSettings

The constructor just calls the add_admin_menu function and initialises the settings registration

Below function creates the admin page.

Here we need to provide

  • Title of the settings page
  • Capability (this decides who will get access to this page). manage_options means editors and above can access this page.
  • Slug of the page

Below function registers the settings variables, description on the settings page, etc. The most important variable here is some_custom_plugin_settings. We will be using this variable to reference our stored data using the settings screen.

Below function creates the HTML objects to store our data. Please note that each field uses the same reference i.e.

some_custom_plugin_settings and stores the data in array i.e.

some_custom_plugin_settings[‘setting_1’], etc

Below function just renders the options page in a form

 

 

WordPress admin custom column sorting and filtering for custom post type

In WordPress Dashboard there are some default columns listed for any of your post types on the post listing page. We can sort our custom posts by Ascending or Descending order by just clicking these fields. However most of the times these fields are not enough.

E.g. if we create a custom post for books then we may need columns to sort or filter books by Year of publication, Author, Category, etc

So how do we create these extra columns for sorting and filtering

Assumptions

  1. Custom Post Type: book
  2. Year,  Author and Language information is stored in custom meta fields for each book

Se here are the steps

Step 1: Define the custom colums

Here we add two new columns to the admin panel of the custom post type book namely Publication Year and Author

Step 2: Fill Data to the columns

Here we are assigning data to the columns displayed in the custom post. Since the data is stored in the post meta we use get_post_meta function to get the data from the postmeta table.

Step 3: Define sortable colums

Here we are defining which columns are sortable. In our case we want all the columns to be sortable.

Step 4: Perform Sorting

Here we are using the request filterThis filter is applied to the query variables that are passed to the default main SQL query of the page. This filter adds additional parameters/filters to the query variable based on which the list of posts gets generated.

Until this step the additional columns are added to the custom post type listing page and they are sortable. They can be sorted by clicking the table heading as shown below

Additional columns

 

Step 5: Create Filters

This part of code can vary depending upon our configuration of custom fields and taxonomy. Main objective here is to create select boxes for the filters. Below approach shows how to create select boxes for data stored in custom meta fields. If the data is stored is categories then we may need to use wp_dropdown_categories function to list categories for the filter

Step 7: Perform Filtering

Here we are just altering the main query for the page by passing our own variables.

This will create filters as shown below

Custom Filter admin screen

How to correctly get visitor/client IP address

For security reasons and to prevent spam it is always recommended to log visitor/client IP address in your database atleast for important transactions like posting a comment, registration, etc. However it is important that we store the real IP of the visitor.

Visitor/Client is not using proxy

In almost all cases i.e. when the visitor/client is not behind the proxy we can get the real IP address of the visitor/client using

Visitor/Client is behind a proxy server

In some cases the visitor/client could be behind a proxy server. In that case we can get the real IP using

However using some tools one can easily pretend to be behind a proxy server. In that case we cannot get the real IP using above method

Also we cannot be sure if the visitor/client is using a proxy or not.

So it is best to store both the values in different fields in your database.

How to create custom post type template files in wordpress

Any wordpress theme comes with a single post, page and archive template. None of these templates may be suitable for you if are creating your own custom post for event, products, etc.

In such cases we need to create our own templates

There are 2 ways to create custom post type template files in wordpress

Method 1: Create custom post type template files within your Child Theme folder

Suppose your custom post type is event. You would create below files in your child theme directory.

  • single-event.php
  • archive-event.php

Once the above files are created they will be automatically picked for your events single post and archive posts. So whatever your custom post type is, the template file names should be as named as below

  • single-{post-type}.php
  • archive-{post-type}.php

Refer WordPress Theme Handbook

Advantages:

It is very easy to create and modify your custom post type template files

Disadvantages:

  1. The template files are not within your plugin. So if you want to install the plugin on some different website you need to remember to get the template files from the theme directory as well.
  2. If later you do not want this plugin anymore then disabling the plugin is not sufficient. You need to remove the above template files from the themes directory.
  3. This method can get messy as later it becomes difficult to remember why certain templates were created (unless you properly document them).

 

Method 2: Create custom post type template files in your plugin folder

This is assuming you have created your custom post by creating a plugin for it. (Note: Ideally a custom post should be created using a plugin anyway due to various advantages of plugins).

In this method copy the single.php and archive.php files from your themes directory and paste them in your plugin directory. If you wish you can create a subfolder named as templates inside your plugin and paste this files in the templates subfolder.

Now add below code in your plugin file

Advantages

  1. All your code related to the custom post remains in a single directory. So it is much easier to maintain.
  2. You can move the plugin folder anywhere along with the templates
  3. Becomes easier to activate or deactivate a plugin

 

Clickjacking – How to prevent on wordpress sites

Clickjacking
Photo credit 3294310361cherry scented

What is clickjacking

In simple words Clickjacking means users are tricked into clicking or keystroking on a different site/page making them think they are on their usual site.

How can that be a problem from security point of view. Here is an example

An example of Clickjacking

Lets assume you own a website my_domain.com and you login to it everyday. If this site is not protected from clickjacking a hacker may be able to call this site in an iframe on some page hosted on his domain some_domain_owned_by_hacker.com

Now the hacker also adds some javascript to this page which records users keystrokes.

Through some means the hacker may trick you in clicking and opening this page. If you do not notice the domain name in the URL then you may feel that it is your own website and may even log in.

Due to the keystroke recording script the hacker is then able to get your password.

However you may feel that you always check the domain name before performing any transaction on a website and more so if it is your own website. So would this still be a problem?

Remember that the hacker can even trick other administrators on your site and they may not be as careful as you are and it follows the same about your website users.

Further to this

Let’s assume you are already logged in to your website and the hacker tricks you in clicking some button on his page. Through the above mentioned iframe and button overlapping the hacker may perform a malicious administrative task on your website on your behalf by just tricking you to click on a link.

Solution to prevent clickjacking using X-Frame-Options

Solution to this is very simple. Simple add below code in your .htaccess file

The above code checks if the page called within iframe is from the same origin. If not it does not display the page

 

For more information read Clickjacking – OWASP

 

How to automatically alert your users about events happening in their area

This can be easily done if you are already geocoding users addresses (i.e. getting their latitude and longitude) while they register on your website.

If you are not doing so then you can go back and geocode all the previous addresses.

Now lets assume you have geocoded all the addresses and are storing them in a separate table as shown below

Table: user_lat_long

Now create a function to get users from the above table near a certain address (where the event is to be held).

Now just call the above function with 3 parameters as input

  1. Radius => Defines the area you want to set to alert your users e.g. 100 KM
  2. Latitude => Latitude of the place where the event is to be held
  3. Longitude => Longitude of the place where the event is to be held

 

Shell script to backup database and send it to remote server automatically

Database backup script
Photo credit – 132889348@N0722868800432

This article explains how to create a database backup script to send the backup to remote server  without any manual intervention. For security reasons or to enable disaster recovery it is important to keep database backup copies on some additional server outside your network.

The process to create a script for database backup and to autosend it to a remote server is not really so complicated as many would think.

To make it simpler let’s divide the whole task in 3 different sub tasks

  1. Create a backup file of your database.
  2. Authorize the origin server i.e. Your current server to send the files to the remote server (So that the remove server knows that it is receiving the files from a genuine source)
  3. Create a script to simply SCP the files from the origin server to the remove server

Above mentioned are mandatory steps. Additionally you may also want to create a log file to log the status of every step just in case if something goes wrong.

Now lets discuss each step in detail

Step 1: Create a backup file of your database

The backup file of your database can simply be a compressed sql file. There are lot of automated tools to achieve this. But to create a script is also quite simple.

For those who want to script everything here is a sample script (and assuming you have only one database)

Above command just creates a dump of the database. The dump is in sql format. Let’s say db.sql

The size of the file however would be too big (depending upon your database) as it is an uncompressed database file. So you may wish to change the above command to output a gzip or bzip2 file.

GZip

bzip2

Note: Although the compressing provided by bzip2 is better than Gzip it takes much longer (around 6-10 times) to compress a file in comparison to Gzip. However in our case the process will mostly run during the night and will be automated so you might wish to use bzip2. So in this case both the options are ok.

Step 2: Authorize the origin server to send the files to the remote server

As you would have guessed this steps is to avoid password prompts so that the process happens automatically without any manual intervene.

It involves only 2 steps

A. Create an SSH key on the origin server

Command: ssh-keygen

This will create a key in your USER/.ssh folder with the name of the key provided while running above command.

When asked to enter passphrase, leave it blank (unless you will be caching the passphrase on the remote server)

If you want to use your current SSH keys thats fine too however they may have a passphrase on it. You can remove the passphrase using below command

Command: ssh-keygen -p

This command will first ask the ID of the key for which you wish to change the passphrase. Then it will prompt you to add the new passphrase. You can leave it blank.

 

B. Add the private key to the authorized_keys file on the remote server

This step is very simple. Just copy the public key (e.g. id_rsa.pub) contents and paste them on a new line in the authorized_keys file on the remote server

Note: Do not delete any content in this file. Just append the file with the contents of the key starting on a new line.

Step 3: Create a script to simply SCP the files from the origin server to the remove server

Final step is very simple. Here we will just be copying the files from the origin server to the remote server using below command

 

Here the port number is of the remote server where you will be sending the files. If the scp port is non standard or non default only then -P PORT_NUMBER option is necessary

How to connect to a remote GIT from Windows PC

  1. Download and Install GIT Tool from below URL: https://msysgit.github.io/
  2. While installing the tool keep all the default settings
  3. Create a folder named as projects for your site/application (maybe in your Documents folder)
  4. Open GIT GUI tool and generate a key from the Help menu
  5. The keys get created in your Users/USERNAME/.ssh folder
  6. Import both (public and private) keys to your server using CPanel
  7. Open GIT command line tool and navigate to the Documents folder (i.e. one folder above projects)
  8. Run the command: git clone ssh://USERNAME@IP_ADDRESS/home/USER/repositories/REPO_NAME

 

Now just make some changes to your code and commit the change using

git commit

The changes can be pushed to the remote server using below command

git push origin master