Registering New Sidebars for Custom Page Templates The Smart Way

One of the cooler ideas for a new WordPress default Theme that’s come up has been the idea of including a not-so-blog-ish custom home page template with the Theme. Something optional that you could use if wanted your home page to look a little different. Maybe more of a traditional web site look (whatever that is) or a magazine look. Simply create a new page, assign this custom template to it, set it as your home page, and boom! New look.

I thought this was a great idea too. Especially if that custom page template was totally widgetized. Load up whatever dynamic content you want there with the Query Posts Widget or just use Text Widgets. The default styles of the new 2010 Theme can decide which of several widget areas is the ‘featured’ area and if you want something different—without wanting to change the markup—you can move things around with a Child Theme.

Great, right? Wrong.

You’d have to register new widget areas. Widget areas that would be confusingly unavailable if you weren’t using the custom home page template. Unless …

Here’s a really nifty function written up by Chris Gossmann that’ll check to see if a particular custom page template is active. Chris had to write a SQL query to get this to work so be thankful that he survived to tell us about it.

function is_pagetemplate_active($pagetemplate = '') {
	global $wpdb;
	$sql = "select meta_key from $wpdb->postmeta where meta_key like '_wp_page_template' and meta_value like '" . $pagetemplate . "'";
	$result = $wpdb->query($sql);
	if ($result) {
		return TRUE;
	} else {
		return FALSE;
	}
} // is_pagetemplate_active()

OK. Even by itself that function is kinda cool. There’s a few neat things you can do with it. Here’s one. Combine it with the following code for registering a new sidebar in the functions.php file of your WordPress Theme:

function test_template_widgets_init() {     
	if(is_pagetemplate_active('template-active.php')) {
               
		register_sidebar( array (
			'name' => 'Test Widget Area',
			'id' => 'test-widget-area',
			'before_widget' => '<li id="%1$s" class="widget-container %2$s">',
			'after_widget' => "</li>",
			'before_title' => '<h3 class="widget-title">',
			'after_title' => '</h3>',
		) );
	
	} // end test for active template
} // test_template_widgets_init()
add_action ( 'init' , 'test_template_widgets_init' );

Can you guess what that does? Using our new conditional function, is_pagetemplate_active(), we’re registering a new widget area only if, in this case, template-active.php is being used by one of our pages. Completely bypassing our earlier problem of widget areas potentially hanging around without a page for them to be displayed on.

What do you think? Pretty cool, huh? I see lots of really neat possibilities here for custom page templates in WordPress Themes and in Child Themes.

Don’t Get Hacked: WordPress Security Tips

In case you didn’t hear ThemeShaper was hacked. You know what? It really sucks. I’ve got two tips and a plugin recommendation that I want to pass on to you so the same stupid thing doesn’t happen to your WordPress install. And these aren’t even my ideas! These are time tested and tried things that just plain work.

After that comes a list of some further plugins and resources that’ll help harden up your WordPress install and keep hackers at bay. So read on.

Do a Fresh Install of WordPress, Plugins, & Themes

Do a fresh install of all WordPress, your plugins, and themes. That means deleting a whole whack of WordPress files just like you were doing an upgrade. And deleting and re-installing ALL your themes and plugins. If you’ve done ANY customization to any one of these files go through them line by line or re-store a local version that never made it to your web server. And while you’re at it start keeping local copies of your edited themes and plugins that have never made it to your web server.

You’re doing this to help make sure your current setup isn’t already compromised.

Hardening WordPress with htaccess

The Blog Security blog has a great article on how to lock out anyone trying to mess with your WordPress files using htaccess. It’s dead simple to do and requires only cut-paste skills and FTP access to your server, and a quick trip to What’s My IP. Anyone can do it. Check it out now and harden your blog.

The Update Notifier Plugin

The single biggest exploitable entry point on any WordPress install is going to be outdated versions of WordPress, themes and plugins. If you don’t know how extreme this can get check out this comment from one of my readers.

I remember when something similar happened to me. Fortunately I managed to find someone willing to help who knew quite a bit more about WordPress than me. The breach was traced to a caching plugin that was out of date by about a week.

The Update Notifier Plugin helps solve this problem by checking the official repository on a regular schedule and sending you an email when it’s time to upgrade.

Further Security Resources and Plugins

ThemeShaper.com Probably Unhacked

Update: I’ve done a mass hardening (that sounds gross) on everything here at the ThemeShaper ranch and—and it looks like we’re cool now. Let’s hope things stay that way. Hey!—at least I learned something about WordPress security, right?

I’m not sure when but some time ago ThemeShaper.com was hacked. I’m fairly sure it wasn’t a random sort of script-based bot attack but targeted directly at this site. I know this because the idiot that did this uploaded a hacked version of Thematic to a downloads folder on my site and altered the links on the Thematic landing page to point to it. Crap.

You’ll know you have a hacked version if you’ve got an sv_ss.php file in thematic/library/languages/.

If you’ve recently downloaded Thematic or are worried at all there’s a simple fix. Download Thematic again from the WordPress.org Themes directory and thank God there’s a free central repository for these sort of things.

Again, crap. And my apologies. I like making ‘the WordPress news’ but not for something like this. But I would like to assure you this is not a hack resulting from anything wrong with Thematic. Just one of those things that tends to happen to popular WordPress-based sites. It could happen to anyone.

I just wish it didn’t happen to me. Or you guys.

Now, as for the hack. I don’t know how it happened. It’s been suggested to me that it came through a weak plugin. I usually keep everything up to date here on ThemeShaper so, well, I don’t know. We’ll see, I guess. I do know that last night I discovered my wp-admin and wp-includes directories were 2 megabytes larger than they should be. I deleted them and replaced them. Here’s hoping that put an end to this.

If it doesn’t, and my site disappears suddenly, well, crap, it didn’t work.

Hey, at least the front page isn’t ThemeShaper recommended hosting right? Right?

Sigh. And it’s my birthday today too. What a day.

Neutica+: An Advanced Child Theme for the Thematic Theme Framework

Thematic expert, Allan Cole, has released another beautiful Thematic Child Theme. This time it’s an advanced Child Theme called, Neutica+.

Thematic expert, Allan Cole, has released another beautiful Thematic Child Theme. This time it’s an advanced Child Theme called, Neutica+. Behold the enormous screenshot.

neutica-screenshot

Neutica+ Features:

  • A strict grid based design mixed with clean typography heavily influenced by the work of Josef Müller-Brockmann
  • A theme options page for easy customization of colors, layout, post formating, etc
  • Optional Featured posts section which pulls random ‚Äústicky‚Äù posts
  • 3 widgetized sidebar areas
  • 5 additional & optional, in-post, ad-spaces for banners & widgets
  • Crispy clean and valid XHTML Markup with Microformats courtesy the of Thematic theme framework
  • Valid CSS that has been browser proofed for Firefox, Safari, & most Internet Explorer browsers (including the dreaded IE6!)

You absolutely have to check this one out. It just plain deserves to be seen. Go take a look at the Neutica+ Child Theme for Thematic.

The Photo Lover Thematic Child Theme

Dave Smith of Gite Guru has launched a new Thematic Child Theme called Photo Lover specifically targeting those with a love of photography and imagery.

Dave Smith of Gite Guru has launched a new Thematic Child Theme called Photo Lover specifically targeting those with a love of photography and imagery.

screenshot_580wide

Photo Lover features:

  • Random background image pulled from a ‘backgrounds’ folder within the theme folder
  • Content showing on semi transparency over the background image
  • A show / hide image function to remove the content layer so that the background image can be seen in all it’s glory

Make sure you check out the Photo Lover Theme for Thematic.

Can I Make a ‘Premium’ Theme My Own? And Then Release It?

Can you make a ‘Premium’ Theme your own? And then release it? For free? Or for a fee? The answer is simple. Yes.

That is, if the ‘Premium’ WordPress Theme in question—premium meaning you have to pay for it—is licensed under the GPL. The GPL is the GNU General Public License; a document included with a bunch of different open source projects, like WordPress, that covers the terms of the release and makes sure that it always remains open source. Anyway, what does this mean for ‘Premium’ Themes, you ask.

It means you can take a ‘Premium’ WordPress Theme you bought and do whatever you want with it—except release it again as a ‘closed source’ project. The really cool thing? This gives you the freedom to take that project and improve on it.

Here’s an example. You’re a designer and you love working with Photoshop. But it doesn’t have an instant rainbows-and-unicorns button. Adobe won’t put it in. If Photoshop were an open source project you could take the code and add in the technology to instantly add rainbows and unicorns to every one of your photos—and then give your customized Photoshop [RaU Edition] to anyone who wanted it. Presumably, anyone who loved rainbows and unicorns as much as you.

Same thing with GPL WordPress Themes.

But is it right? Not everyone thinks so. Some people have suggested it’s sleazy (mostly in response to people buying a Theme and immediately turning around to release it for free). What follows is my answer to the question. It’s something I posted earlier on the WordPress Tavern forums and here now where everyone reading ThemeShaper can easily find it.

Ian Stewart’s 4 Ideas About Modifying Premium Themes and Releasing Them

  1. Redistributing unmodified GPL code over the internet is not sleazy. Redistributing unmodified GPL code is what the GPL is all about—even if the author of that code is charging for it and depending on that income.

  2. Redistributing unmodified GPL code over the internet is pointless and stupid. If you’re doing it as a matter of free open source principles, sure, I could see that—but you’re muddying up the web. It doesn’t add any value to the code and unless you plan on keeping up with updates to that code you’re actually doing everyone who sees that redistributed code a huge disservice. Way to go.

  3. I say “everyone who sees that redistributed code” because that will be a small amount of people. A small amount of people who will be rightfully wary of downloading that code. The vast majority of people will choose to download that code from the original author. Anyone want to start downloading WordPress from “www.crazywpdownloadsite.com”? I thought so. Remember that “trust” and “authority” are huge things on the web. People selling GPL WordPress Themes: stop worrying about this.

  4. Now that we know that people redistributing unmodified GPL WordPress Themes over the internet are stupid we need to recognize how awesome it is that people can modify GPL WordPress Themes and redistribute them online. Theme-sellers: this is how you got started selling themes. Every single one of you. Remember when you were nervously trying to lock up the code for your first theme options pages behind a restrictive license? The code that you essentially copy-pasted from the same 2 online tutorials I and countless others did? I’m looking at all of you. Anyway, where would you be if that code wasn’t given to you in the first place? Where would you be if you didn’t fork the Default Theme? Or Sandbox? Or Classic Theme? Where would you be if Matt didn’t fork b2? Don’t worry about people forking your code. The freedom to redistribute modified code is incredibly awesome and, no exaggeration, is quite literally making the world a better place.

What Now?

You can find a whole whack of people releasing their Premium Themes under the GPL License on the official WordPress Commercial Themes Directory. You can find all my commercial Child Themes for Thematic in the ThemeShaper Thematic Theme Store.

Anyone ready to start making WordPress Themes awesome-er?

40+ Thematic Resources, Tutorials and Links

The post Build WordPress Sites Fast With the Thematic Theme Framework by Es Developed is a great resource for anyone wanting to get started with the Thematic Theme. It lists over 40 resources and tutorials that’ll get you where you want to be with rapid WordPress Theme development.

And there’s some great explanation behind why you’d want to use the Thematic Theme. Under the heading Don’t Touch That Theme:

To create your theme, you don’t actually edit any of Thematic’s theme files. Instead, you make changes using a separate child theme.

It’s really powerful since you’re not actually touching any part of Thematic. You just get a nice starting place, without worries about future Thematic updates overwriting your code edits.

You don’t have to rewrite a bunch of code all over again–you’re just adding the bits that you want to be different. This works very much like the custom styles on WordPress.com hosted blogs.

Make sure you check out Build WordPress Sites Fast With the Thematic Theme Framework.

Get The Thematic Feature Site Theme

Want to get the Thematic Child Theme I used to build the last 2 versions of ThemeShaper? Well now you can! I call it the Thematic Feature Site Theme and—just like the Power Blog Theme—it’s another entry in the Thematic Development Series.

feature-site

Just like Power Blog it requires a little bit of code-editing but it’s an awesome starting point. I know because I use it myself. I think you’re going to want to use it too.

Read the big write-up, check out the demo and go get the Thematic Feature Site Theme.

Early Morning Thematic Child Theme

Cristi Antohe has—yet again—released a beautiful and incredibly usable Thematic Child Theme, Early Morning.

thumb_580

It’s light, elegant and pleasantly surprising. This theme is all about blogging. It doesn’t scream at you, instead it takes a step back and lets readers read.

It also has some nice features out of the box:

  • You can upload your own logo
  • It comes with it’s own custom designed Twitter widget, so your visitors can see what you’re doing from your blog
  • It comes with 5 background options that you can select from the Early Morning Theme Options (Green, Turquoise, Brick Red, Gray and Black)