PhpStorm IDE gets official WordPress support in version 8

Via PostStatus:

PhpStorm is a full-featured IDE that has somewhat of a cult following among WordPress developers. Made by JetBrains, it’s notable for being more light-weight than most IDEs, web development specific (though not just PHP as the name implies), and very customizable.

Today, they’ve announced that PhpStorm will begin officially supporting WordPress project management. WordPress-specific features include:

  • WordPress integration in PhpStorm for new plugins (with plugin skeleton) and existing projects
  • Development environment configuration for WordPress
  • Hooks support (Completion for registration functions parameters; Navigation from hook registration functions to hook invocation; Callbacks from hook registration; and other hooks-related features)
  • Search right from the editor
  • WPCLI integration

They also link to a complete tutorial on using PhpStorm with WordPress. The tutorial includes screenshots as well as text. All of the above features are available to those in their Early Access program, and will be fully baked into version 8.

Those that are familiar with using a full IDE will probably get along just fine with PhpStorm. Those that primarily use text editors like Notepad++ or Sublime Text or Coda may be overwhelmed at first. There are many advantages of using an IDE, but they’ve historically been plagued for being slow and complicated. PhpStorm works hard to not be. Along with the above-linked tutorial, there is also a paid tutorial called Make PhpStorm Pretty by Jeffrey Way (formerly of Envato).

Beware Of Fake WordPress Plugins!

From the Sucuri blog:

In most cases when dealing with infected websites, we know where to look and what to remove, generally with a quick look we can determine what’s going on. Despite our experience and passion for cleaning up a hacked website, there are always surprises lurking and waiting for us, almost every day. Some of the most interesting routine cases we deal with are often websites with SPAM. SPAM is in the database, or the whole block of SPAM code is stored in some obscure file. We also deal with cases where the SPAM is loaded within the theme or template header, footer, index, etc. Sometimes these SPAM infections are conditional (e.g. They only appear once per IP), sometimes not. More often than not however, these infections are not too difficult to identify and remove. In the case we’re writing about in this post, we were able not only to remove malware, but also take a look at what’s going on behind the curtain.

In this case there’s an offending plugin that’s causing the problem, namely a fake one called Pingatorpin. This plugin is not in the official WordPress plugin repository, has fake plugin headers, and googling it comes up with a lot of websites with the thing installed. Finally, all of this plugin’s files are malware. Following is a list of the files and what they do:

  • config-generator.php – Creates the config file serializing the array.
  • executor.php – Responsible for injecting require_once() into the files and logging which file is infected into files.dat.
  • remover.php – Malware cleanup script which is pretty interesting. In other words, here’s a nice script that checks for malware removal plugins or scripts, and then removes them.
  • consumer.php – The payload which will get the content from the config.db file, process the content, and echo it into the pages it wants to infect.

Just a reminder: If you can afford it, subscribe to Sucuri’s malware cleanup and detection service. It’s about $90US per site. But if you can’t afford that, be doubly sure all your WordPress-related files are up-to-date, and you can also use Sucuri’s free site check service. Also, make sure that, unless there’s a really really good reason, you install plugins only from the WordPress plugin repository. As a related note, if you’re running any other content management systems on your server besides WordPress, make sure those are up-to-date as well. And if there are any subdomains you’re not using or taking care of, it’s probably a good idea to get rid of them if they’re running a CMS so you have less to worry about updating.

Domain News: Shorter .uk Plan Revived

Some interesting domain news from the BBC:

UK websites will soon be able to use shorter addresses despite concerns the move could cause confusion. The plan will allow owners to buy a “” web address to use instead of or in addition to “”, “” and other alternatives.

Nominet, the organisation responsible, had previously shelved the idea after acknowledging it would confuse people. But after making some changes and carrying out a second consultation it said it now planned to proceed. The decision will affect more than 10 million customers who currently use domains ending in .uk when it begins in the middle of next year.

Nominet’s French and German equivalents have already carried out a similar move. “We think internet users are pretty savvy and will take this in their stride,” Nominet’s chief executive, Lesley Cowley, told the BBC.
Read the full story here.</a>

How to bulk delete posts in WordPress with MySQL

Every once in a while, we need to spend time pruning our WordPress databases. But if part of your pruning task includes deleting a metric ton of posts, this can become time-consuming if you’re using the WordPress Dashboard to do it. Fortunately, there’s a quicker way to delete those hundreds, or even thousands, of posts without checking a bunch of boxes and clicking a button a couple of hundred times.


WP-Guru has a great tutorial, complete with screenshots and example code, that will walk you step-by-step through creating the queries you need to delete those posts. I’ve used this tutorial myself, and it has saved me loads of time. So head on over and take a look, and if you’re in need try it out.

How To Better Detect Your Mobile Visitors with WordPress’s WP_is_mobile Function

Although WordPress themes typically use Responsive Web Design to tailor websites for mobile devices, sometimes you may need to use PHP (the language WordPress is written in) to detect whether your visitor’s web browser is running on a mobile device. For example, you may want to output certain HTML markup (such as a mobile navigation menu) on mobile devices. Alternatively, you may only want to output a slider containing large images on desktop and not mobile devices. Doing this via PHP (instead of CSS) means that your visitor’s mobile browser won’t have to download all of the slider images even though the slider is never displayed, which also means that your site will load faster for your mobile visitors.

wp_is_mobile() is a function built into WordPress that detects whether the visitor is using a mobile device such as iPhone, iPad, Android, Silk, Kindle, BlackBerry, Opera Mini, and Opera Mobi. This is a conditional function, which means it returns one of two results: true or false. It’s located in wp-includes/vars.php.

The function was introduced in WordPress 3.4, and it can be used in a WordPress plugin or theme.

Here’s a simple example:

if ( wp_is_mobile() ) { // Visitor is on a mobile device} else { // Visitor is on a desktop (not mobile) device}

WordPress core currently uses this function in a few different places:

  • To completely disable the Visual Editor for Opera Mini.
  • To enable jQuery UI Touch Punch in the WordPress dashboard for mobile devices.
  • To detect whether the current device can upload files.
  • To disable the “shake” effect on the WordPress login page when an incorrect username or password is entered using a mobile device.

You can also use this function to hold mobile-specific content, such as the navigation menu mentioned above. <?php if ( wp_is_mobile() ) {
/* Display and echo mobile specific stuff here */
} ?>

How Tony Perez of Sucuri Sets Up His Own Security

there have been a lot of posts about various wordPress security issues over the last couple of weeks, some of them giving good security advice and a lot of others giving not so hot advice. Here’s a post by Tony Perez (who is probably the greatest master of WordPress security) where he talks about what he does when setting up his own wordPress sites. I’m not affiliated with Tony at all, but I’ve heard him talk a couple of times, and he’s extremely knowledgeable when it comes to security. Tony links to a lot of other good posts, so be sure to read those as well.

Wordsesh Starts Tomorrow: Will You Be there?

Tomorrow marks a first in the WordPress community. there are WordCamps and meetups for WordPress all over the world, and at various times of the year. But tomorrow, (or Saturday according to UTC), we’re going to see what I hope will become a continuing trend: A virtual WordCamp called wordSesh. It’s being sponsored by WooThemes, and will be twenty-four hours of completely awesome WordPress content. The schedule of speakers is at the official WordSesh site, and you’ll be able to stream the content from there as well. Recordings of all the sessions will be available as well after the conference is over. I’d like to see if I could attend for the whole twenty-four hours, but I doubt that will happen, no matter how cool it would be. But I’ll definitely be listening to everything and blogging on it as well.

So the only question left is will you be there? I know there are a lot of bloggers using WordPress, and there will be content for everyone from end users to developers. I highly recommend attending. Hope to see you this weekend.