WP Rest API V1 vs V2 – Disable WordPress default routes and endpoints

TL;DR: Scroll down to the bottom to see the snippet

I have been using the WordPress REST API on a personal project for a little while now. However I was still using v1 of the plugin. With WordPress 4.4 on its way, shipping with half of the API included in Core, it was time for the project to move to v2 to ensure long time compatibility, and be able with WordPress 4.5 or 4.6 to get rid of the plugin.

This was not nearly as easy as I was expected, most functions were renamed and a fair amount of the logic of how to extend the API has changed a lot. Most changes are very logic and clearly made to ensure a smooth conflict free experience for most users.  But for me it meant refactoring a fair amount of my plugin.

On this project I use WordPress as the back-office of a web app, that has not much in common with your classic blog/website. So I had no interest in the default WordPress endpoints and was only using my custom endpoints.

Therefor, I was looking on ways to remove the default WordPress Endpoints, and here is what I found by digging into the source code of the plugin.

The V1 way, which was a little hacky, remove everything except the / and then make sure you create your own routes with a lower priority:

The V2 version based on V1 was simply changing the filter name:

However, while looking for something else I found a much cleaner way to do that, at least in V2, I discovered that all the default endpoints were created by an action, and all you had to do was remove the action the remove the endpoints:

Now my API in clean and ready to be extended with my custom endpoints!

Boston WordCamp 2015 – Takeaways

The 2015 edition of Boston WordCamp was held on July 18th and 19th at Boston University. Like last year I attended the event and here is a little selection of my favorite talks :

WCB2015 XSS, CSRF, SQLI, WTH(?!?) – The Truth on Theme Security

By Michael Cain

Nothing that I didn’t knew but security is one of those topics where I feel like you should always welcome a reminder!

HTTP 2 and You

By Zack Tollman

Probably my favorite talk of this year’s edition. This talk made me realize how very little I knew about HTTP2 and how amazing it’s going to be.

Best Friend or Worst Enemy – Multisite Do’s and Don’ts

By Taylor McCaslin

I had very little experience with WordPress Multisites before working at Harvard. Taylor’s talk is definitely worth watching if you are considering using WordPress Networks.

Local and Staging for Multiperson Development

By William P. Davis

As a developer I always look for ways to improve my workflow and we’ve been discussing a lot with my colleagues how we could make our dev/test/deploy process easier and more efficient so I was very curious to listen to William’s presentation.

Boston Wordcamp 2014 – Takeaways

WordPress migrations? Challenge accepted!

By Daniel Kanchev

I finally understood why sometimes when I migrate websites using commercial themes some of the parameters do not migrate. The problems comes from PHP serializing. During migration what I usually do is open the SQL backup in my text editor and search/replace the old/new domaine. But for themes and plugins that use PHP Serialization to store data that’s not good enough because serialization also store strings length. So when you change the domaine name, the string length change and the way PHP Serialization works is that if the string length doesn’t match the string it simply ignores it.

The solution proposed by Daniel : Use WP-CLI that will perform search/replace while fixing Serialization issues.

TTL is not good enough because some providers may override the TTL so despite good planning/timing with the TTL some users may still be redirected to the old website. So on any website where users are generating content (post/orders/etc.) you should either use remote mysql so the old server use the new server’s DB or use IP tables on the old server to redirect to the new server’s IP address.

WordPress & APIs

By Sam Hotchkiss

Nothing really new especially since sam’s talk was an emergency talk as the original speaker was sick. However I really enjoyed on his slides that summarize pretty well where we are at with APIs : “The idea of controlling the presentation of your data is dying”.

Finding the speed bumps in your code

By Matthew Boynes

Transient cache & hot to use efficiently the debug bar.

And a lot more

Wordcamps are awesome…but you can’t assist to all the great presentations. So also watched a lot of other presentations during the following days.

The full playlist is here : https://www.youtube.com/playlist?list=PLhi9u-zgVSX5qEKrl8vqIcNxFYuF5LpfC

What I learned at yesterday’s Boston WordPress Meetup

Yesterday I attended to the monthly Boston WordPress Meetup. This month’s talk by Jesse Friedman (@professor) was dedicated to security.

I thought I would share here a few interesting things I learned.

You can use pass phrases as password in WordPress

What’s the easiest to remember? iuf8??Ui87ox# or in 2007 pigs were flying in Boston. And according to you which one is the most secure as a password? Well according to Jesse the latest is as good as the earliest if not better. Awesome right??

2 plugins you and I should try : BruteProtect and Clef

BruteProtect is developed by Jesse’s company Parka and offers :

a cloud-powered Brute Force attack prevention plugin. We leverage the millions of WordPress sites to identify and block malicious IPs.BruteProtect tracks failed login attempts across all installed users of the plugin. If any single IP has too many failed attempts in a short period of time, they are blocked from logging in to any site with this plugin installed.

Read more and install

Clef offers :

Secure, easy, passwordless 2-factor authentication in less than 10 minutes. Clef is a mobile app that replaces usernames and passwords with your smartphone.

Read more and install

And many other things

Jesse also shared a lot of other tricks and advices that I was already aware of but you might still want to learn so I encourage you to watch the full talk on BWPM website when it will be available.

My favorite WordPress plugins

While I was slowly getting back to WordPress and as soon as I wanted to do something new, people were answering me : “there is a plugin for this…and there is also a plugin for that!”.

While I have to admit that it’s cool that a lot of people can heavily customize their WordPress installation without writing a single line of code, for me being a developer, plugins are usually synonyms of bugs, frustration and dissatisfaction.

I also agree that code recycling is not a bad thing and that you can’t reinvent the wheel each time you develop a website therefore plugins are a necessity and can be useful. In the list that follows you’ll find all the plugins that I use in most of my projects, that I’ve deeply tested and that I love hoping that it will help a developer like me getting into WordPress’s awesomeness!

Feel free to bookmark and come back as I will update this list as I discover new useful plugins

Advanced Custom Fields

advancedcustomfields.com

What it is:
Fully customize WordPress edit screens with powerful fields. Boasting a professional interface and a powerful API, it’s a must have for any web developer working with WordPress. Field types include: Wysiwyg, text, textarea, image, file, select, checkbox, page link, post object, date picker, color picker and more!

Why I love it:
I use this plugin on nearly all my projects. It allows you to effortlessly leverage one of WordPress most useful features: Custom fields. Mix it with custom posts (another amazing WordPress feature) and you have a tailor made WordPress install for your project with incredibly User Friendly back-office.

WordPress Multilingual Plugin

wpml.org

What is it:
WPML makes it easy to build multilingual sites and run them.It’s powerful enough for corporate sites, yet simple for blogs.

Why I love it:
I haven’t tested all the multilingual plugins out there but WPML is certainly a great one. It includes most of what your can expect and is a very powerful and well maintained plugin. It certainly worth the investment if you are going to build several multilingual websites.

Yoast WordPress SEO

yoast.com

What is it:
The first true all-in-one SEO solution for WordPress, including on-page content analysis, XML sitemaps and much more.

Why I love it:
If you are not a SEO specialist but you still know what you’re doing, this is an amazing plugin! All the SEO basics are covered.

Regenerate Thumbnails

viper007bond.com

What is it:
Regenerate Thumbnails allows you to regenerate the thumbnails for all of your image attachments. This is very handy if you’ve changed any of your thumbnail dimensions (via Settings → Media) after previously uploading images.

Why I love it:
This plugin had a really missing WordPress feature. If you decide to change or add an image format/size won’t automatically regenerate the thumbnails. But the real problem is that there is no way to easily do it manually either! This is why is plugin exists and is incredibly useful!

How to clear/flush Google Chrome internal DNS cache

If you directly want to see how to clear/flush chrome’s DNS cache go the last part of the article.

Introduction

Recently I started using Safari as my “personal” browser. In recent versions Apple did a great job and corrected most of the frustrating UX problems and since Apple is still preventing anyone to correctly integrate another browser into iOS I was already using it a lot. Plus I like to know that they are not scanning and analyzing my any single move on the web.

I was originally using Firefox but it became so slow on the mac that I ended up using Chrome. This last one is an amazing browser and it’s not a surprise to me that it gained so much marketshare so fast. However as usual with Google, the privacy policy are a bit “awkward” and “suspicious” and since I’m already an heavy GSearch/Gmail/GMaps user I decided that Google already knew enough about myself.

However I still use  Chrome as my development and professional browser. I really prefer chrome’s development console and most the best development extensions are only available for Chrome and Firefox.

How to clear/flush Google Chrome internal DNS cache

As a developer I open new hosting  and domain names, and modify existing ones, hundred of times every year. A lot of times I have to do a little bit of DNS tweaking to make things works properly. And most of the time I loose some time because I did everything right but chrome still shows me the old web server or some other nonsense.  This is happening because Chrome uses it own DNS caching system to speed up page loading. And today i discovered how to easily flush this cache! This is very simple:

  1. Go to chrome://net-internals/#dns
  2. Press the “Clear host cache” button

And you’re done! Refresh your new url and you’ll get fresh DNS records resolving.

Read more about Chrome’s various network features in its documentation.

Going back to WordPress

At the beginning there was WordPress

A few years ago I used WordPress on a couple of projects. It was a great tool, with an easy and intuitive back office, lot’s of themes and plugins (mostly free and open source) available and a HUGE community. Its only drawback at the time: it was only a blog CMS that you could use mostly for…well…blogs. Of course you could use WordPress on small websites for local shops, etc but as soon as you wanted something out of the ordinary you were stuck and needed to modify core files, resulting sooner or later into a non functional website.

The Drupal era

After that I stopped using CMS and started working on bigger projects that were mostly developed over a PHP Frameworks or such technologies. But when I took my current job at B+G, I had to go back at using CMS for development. My predecessors were using Drupal on 95% of their projects (we also used Joomla on a few projects but I will  not mention it at the risk of becoming unpleasant). Drupal is a very good tool, big community, lots of modules,etc… What I mostly appreciated in Drupal was the ability to create “Custom content types” and “Views”.

Each Drupal install comes with 2 basic content type : pages (a title and a description) and articles (a title, a description, an author, a publishing date). But you had the possibility to create Custom Content Type with customs fields in it. For example an “Apartment” content type with “nbr of rooms” and “floor surface” fields.Views on their side were a neat and efficient way to create “lists of formated content” ,understand : a cool and fast way to do crazy MySQL requests and filter/organize/format the results without writing a single line of SQL all this without putting at risk your mental health. Combine all this with Drupal’s powerful templating system and you had a war machine to develop large and complex websites.

The two problems with Drupal were:

  1. that it was clearly a tool made by developers, for developers. The documentation was sometimes obscure, the back office was huge, full of options and not easily customizable and a lot of times the documentation lacked of human readable and concrete examples.
  2. Drupal 6 and 7 were cohabiting and a lot of resources were available for one or the other making it sometimes painful to find the right plugin or a good tutorial.

To be continued…