Using TextMate for WordPress Code Cleanup

I spend a lot of time cleaning up WordPress themes. During the code cleanup I often perform certain cleanup tasks over and over, which makes them perfect for TextMate commands.

In this post I’ll show you how to add two useful commands to TextMate, then move through the steps I take for theme code cleanup and put the commands into practice.

First, let’s add the commands to a TextMate bundle. If you don’t know how to add commands to a TextMate bundle, or don’t have your own bundle set up yet, start here and add a new bundle. I usually add my own commands to a bundle called @lance so it sticks to the top of my bundle list.

Continue reading “Using TextMate for WordPress Code Cleanup”

Quick and Dirty Widget Testing

Testing widgets with your WordPress theme would be so much faster if you could enable all widgets at once, instead of dragging them one by one.

Here are two small functions to help with widget testing. The first takes all “Inactive Widgets” and adds them to the first registered sidebar in the theme. The second removes all widgets, leaving the widget area empty.

To use, add the code into your theme’s functions.php and uncomment the add_action() calls to trigger the functions. Happy testing!


 * Quick and dirty inactive widget loading
 * Loads all inactive widgets into first registered sidebar
 * @global array $wp_registered_sidebars

// To use: uncomment the add_filter call below, then refresh your admin Widgets page
// add_action( 'in_widget_form', 'enable_inactive_widgets' );

function enable_inactive_widgets() {

	// get first registered sidebar
	global $wp_registered_sidebars;
	$first_sidebar_id = array_shift( array_keys( $wp_registered_sidebars ) );

	// get widgets
	$widgets = get_option( 'sidebars_widgets' );

	// if inactive widgets exist, add them to the first sidebar
	if ( isset( $widgets['wp_inactive_widgets'] ) && '' != $widgets['wp_inactive_widgets'] ) {
		$inactive_widgets = array(
			$first_sidebar_id => $widgets['wp_inactive_widgets']
		update_option( 'sidebars_widgets', $inactive_widgets );

 * Quick and dirty widget removal
 * This will remove both active and inactive widgets

// To use: uncomment the add_action call below, then refresh your admin Widgets page
// add_action( 'in_widget_form', 'remove_all_widgets' );

function remove_all_widgets() {
	update_option( 'sidebars_widgets', null );


What Is The Automattic Theme Team?

So, just what is this Automattic Theme Team anyway? In a nutshell, we’re a bunch of people who really care about WordPress Themes and want to see them get better and better on and for every user. And this is our blog.

You’ll be hearing more from us individually in the coming weeks but I thought, to get started, it’d be a good idea to share a few of the team goals we’ve been discussing. Just some rough thoughts really. But I’m hoping that by sharing them here you can get a better idea of what we’re up to—and get as excited as I am about it all.

  1. Every user should feel like there’s a theme that fits them perfectly, that is exactly how they want to present themselves to the world, that they’re excited to show to their friends.
  2. We want everyone to feel a sense of momentum and ever-increasing possibilities, and to do so we will present as many perfect-fit WordPress themes to as many users as we can.
  3. We will ensure all of our public work represents the best in coding practices, web standards, and technical excellence.
  4. We will craft all of our themes to have consistent user experience and meet our users expectations and hopes.
  5. We will teach WordPress developers to become the best theme developers in the world. If you’re a WordPress theme developer—commercial or 100% free—we want to help you be the best.
  6. We will ensure all our improvements make it back to the open source community.

I love the idea of meeting the “expectations and hopes” of WordPress users by delivering to them the best in WordPress themes. Pretty, painless, perfect-fit ones that just plain work.

So, the Automattic Theme Team. We’re WordPress themers developing for the millions of users on who want to give back as much as possible to the WordPress theme community at large.

Let’s be awesome together.

I’ve Joined Automattic

Today marks the first day of my employment as a Theme Wrangler with Automattic and it feels great. I’m more than excited to finally let you know what I’ve been up to for the last little bit.

What can I say besides awesome, awesome, awesome? The enormous opportunity for learning and improvement; all the super-talented, friendly people; the chance to work on so many really, really cool projects—it’s almost unbelievable. This is a dream job for me.

So, yes, really excited. To say the least. And I don’t want to say too much right now so I’m going to keep this short. Though I imagine you have one very big question you’d like me to get to.

Continue reading “I’ve Joined Automattic”

Thematic Is Live

Thanks to the always impressive Chris Gossmann we inch ever closer to Thematic version 1. Put your upgrade hats on and check out Thematic 0.9.6. As always you can download the latest version of Thematic from

Thanks to the always impressive Chris Gossmann we inch ever closer to Thematic version 1. Put your upgrade hats on and check out Thematic As always you can download the latest version of Thematic from

Continue reading “Thematic Is Live”

The Perfect Blog Theme

What is the perfect blog theme? I’ve been thinking about it and I think I have the answer.

For the blogger: The perfect blog theme disappears into the background and doesn’t hinder their writing in any way—in fact, it encourages it.

For the reader: The perfect blog theme disappears into the background and doesn’t hinder their reading in any way—in fact, it encourages it.

Please note what I haven’t included in my answer. It’s important.

Know of any publicly released themes that fit my criteria? I’d really like to know about them. Let me know if you’ve found them, or just let me know your thoughts on the perfect blog theme by leaving a comment.

And don’t be afraid to argue! I’ve been known to be wrong!

An Idea for a New Default Theme for WordPress—Introducing Kirby

In 2010 WordPress will get a new Default Theme, replacing the beloved/hated Kubrick Theme with a new Theme called 2010. I’ve got opinions on the matter. Oh, do I have opinions. I’ve even gone so far as to create a working idea for a new Default WordPress Theme. Read on to find out more.

Principles for a WordPress Default Theme

I’ve set myself some principles for designing a Default Theme.

  1. It should look like a really nice blog theme with a “WordPress” feel
  2. It should be easy to modify and tweak by directly editing template files
  3. It should be easy to Child Theme without directly editing template files

These 3 principles sound pretty simple, right? Well, not really. If you’re just talking about them, yeah maybe. But talking about a WordPress Theme doesn’t make one. Are they so simple when you actually try and make a WordPress Theme that follows these principles?

No. Not really.

First of all, it’s relatively easy to design a WordPress Theme knowing it will only be used by people who have a specific purpose for it. You only download a WordPress Theme if you want to use it, right? Well, how do you design a WordPress Theme that will be forced on people? Most especially, forced on people who are new to WordPress? People who may take one look at the Default Theme and slap their monitors in horror lest they look on something so hideous, so, so limiting ever again?

Plus, who says a Default Theme should look like a “blog” Theme?

And, while knowing that most people start their WordPress-theming with the Default Theme and, increasingly, their web designing with the Default Theme—knowing and suffering under that awful pressure and responsibility—how do you make it easy to tweak simply and make it easy to Child Theme—without turning it into a Framework Theme.

Trust me here. While people may be asking for a Framework as the Default Theme they’re not all asking for the same thing. Something as robust as Thematic will have people running screaming away from it. People that want Framework Themes can download Framework Themes. I’m not so sure every new user should have one forced on them.

Continue reading “An Idea for a New Default Theme for WordPress—Introducing Kirby”

Registering New Sidebars for Custom Page Templates The Smart Way

One of the cooler ideas for a new WordPress default Theme that’s come up has been the idea of including a not-so-blog-ish custom home page template with the Theme. Something optional that you could use if wanted your home page to look a little different. Maybe more of a traditional web site look (whatever that is) or a magazine look. Simply create a new page, assign this custom template to it, set it as your home page, and boom! New look.

I thought this was a great idea too. Especially if that custom page template was totally widgetized. Load up whatever dynamic content you want there with the Query Posts Widget or just use Text Widgets. The default styles of the new 2010 Theme can decide which of several widget areas is the ‘featured’ area and if you want something different—without wanting to change the markup—you can move things around with a Child Theme.

Great, right? Wrong.

You’d have to register new widget areas. Widget areas that would be confusingly unavailable if you weren’t using the custom home page template. Unless …

Here’s a really nifty function written up by Chris Gossmann that’ll check to see if a particular custom page template is active. Chris had to write a SQL query to get this to work so be thankful that he survived to tell us about it.

function is_pagetemplate_active($pagetemplate = '') {
	global $wpdb;
	$sql = "select meta_key from $wpdb->postmeta where meta_key like '_wp_page_template' and meta_value like '" . $pagetemplate . "'";
	$result = $wpdb->query($sql);
	if ($result) {
		return TRUE;
	} else {
		return FALSE;
} // is_pagetemplate_active()

OK. Even by itself that function is kinda cool. There’s a few neat things you can do with it. Here’s one. Combine it with the following code for registering a new sidebar in the functions.php file of your WordPress Theme:

function test_template_widgets_init() {     
	if(is_pagetemplate_active('template-active.php')) {
		register_sidebar( array (
			'name' => 'Test Widget Area',
			'id' => 'test-widget-area',
			'before_widget' => '<li id="%1$s" class="widget-container %2$s">',
			'after_widget' => "</li>",
			'before_title' => '<h3 class="widget-title">',
			'after_title' => '</h3>',
		) );
	} // end test for active template
} // test_template_widgets_init()
add_action ( 'init' , 'test_template_widgets_init' );

Can you guess what that does? Using our new conditional function, is_pagetemplate_active(), we’re registering a new widget area only if, in this case, template-active.php is being used by one of our pages. Completely bypassing our earlier problem of widget areas potentially hanging around without a page for them to be displayed on.

What do you think? Pretty cool, huh? I see lots of really neat possibilities here for custom page templates in WordPress Themes and in Child Themes.

Don’t Get Hacked: WordPress Security Tips

In case you didn’t hear ThemeShaper was hacked. You know what? It really sucks. I’ve got two tips and a plugin recommendation that I want to pass on to you so the same stupid thing doesn’t happen to your WordPress install. And these aren’t even my ideas! These are time tested and tried things that just plain work.

After that comes a list of some further plugins and resources that’ll help harden up your WordPress install and keep hackers at bay. So read on.

Do a Fresh Install of WordPress, Plugins, & Themes

Do a fresh install of all WordPress, your plugins, and themes. That means deleting a whole whack of WordPress files just like you were doing an upgrade. And deleting and re-installing ALL your themes and plugins. If you’ve done ANY customization to any one of these files go through them line by line or re-store a local version that never made it to your web server. And while you’re at it start keeping local copies of your edited themes and plugins that have never made it to your web server.

You’re doing this to help make sure your current setup isn’t already compromised.

Hardening WordPress with htaccess

The Blog Security blog has a great article on how to lock out anyone trying to mess with your WordPress files using htaccess. It’s dead simple to do and requires only cut-paste skills and FTP access to your server, and a quick trip to What’s My IP. Anyone can do it. Check it out now and harden your blog.

The Update Notifier Plugin

The single biggest exploitable entry point on any WordPress install is going to be outdated versions of WordPress, themes and plugins. If you don’t know how extreme this can get check out this comment from one of my readers.

I remember when something similar happened to me. Fortunately I managed to find someone willing to help who knew quite a bit more about WordPress than me. The breach was traced to a caching plugin that was out of date by about a week.

The Update Notifier Plugin helps solve this problem by checking the official repository on a regular schedule and sending you an email when it’s time to upgrade.

Further Security Resources and Plugins Probably Unhacked

Update: I’ve done a mass hardening (that sounds gross) on everything here at the ThemeShaper ranch and—and it looks like we’re cool now. Let’s hope things stay that way. Hey!—at least I learned something about WordPress security, right?

I’m not sure when but some time ago was hacked. I’m fairly sure it wasn’t a random sort of script-based bot attack but targeted directly at this site. I know this because the idiot that did this uploaded a hacked version of Thematic to a downloads folder on my site and altered the links on the Thematic landing page to point to it. Crap.

You’ll know you have a hacked version if you’ve got an sv_ss.php file in thematic/library/languages/.

If you’ve recently downloaded Thematic or are worried at all there’s a simple fix. Download Thematic again from the Themes directory and thank God there’s a free central repository for these sort of things.

Again, crap. And my apologies. I like making ‘the WordPress news’ but not for something like this. But I would like to assure you this is not a hack resulting from anything wrong with Thematic. Just one of those things that tends to happen to popular WordPress-based sites. It could happen to anyone.

I just wish it didn’t happen to me. Or you guys.

Now, as for the hack. I don’t know how it happened. It’s been suggested to me that it came through a weak plugin. I usually keep everything up to date here on ThemeShaper so, well, I don’t know. We’ll see, I guess. I do know that last night I discovered my wp-admin and wp-includes directories were 2 megabytes larger than they should be. I deleted them and replaced them. Here’s hoping that put an end to this.

If it doesn’t, and my site disappears suddenly, well, crap, it didn’t work.

Hey, at least the front page isn’t ThemeShaper recommended hosting right? Right?

Sigh. And it’s my birthday today too. What a day.