Our new tool finds “hidden” WordPress pages exposed by just released WP REST API

In December WordPress 4.7 was released. The most cool part of this release was the inclusion of the WordPress REST API. In development for quite some time it was finally included in core.

The WordPress REST API is great for developers because it makes it very easy to get all pages, posts and users from a WordPress site and use them in any way they want, using JavaScript or PHP or basically any programming language.

Did we say all pages? Yup, that’s right. All Most of your posts, pages and users are exposed to the public with this API. That includes pages that have no public links to them and pages that are not available in any menus on your website.

So some of the WP devs here at Earth People got curious about the API and what exposed stuff we could find on those websites on the internet that had updated to 4.7. We figured that an easy way to test this was to create a Google Chrome extension.

Hello there WP Content Discovery Chrome Extension

So we made the the extension and we called it WP Content Discovery.

Here’s how it works:
It adds an icon to your chrome toolbar. By default it only displays the letter “w” as in WordPress. When you visit a WordPress powered website and it detects the API is lightens up and displays “API” in blue.

The extension icon in action. On the first site no API is detected. On the second site the API is detected and the icon shows a blue API text.

Now the fun starts: click the icon to get get a list of pages, posts and users on that website!

Here is an example from the website of admin activity logger Simple History:

Here we can see that the extension indeed did find some pages on the website we tried it on…

Please try the extension. And please let us know what you think here in the comments!

One last thing… the API may freak some people out…

Even if all the data that you can get publicly from the REST API is already available somewhere in WordPress, it does freak some people out that it actually is possible to get the content so easily.

It is however pretty easy to disable the API if you find it to scary.

 

Here is a list of WordPress plugins that Sweden’s largest political parties use

TL;DR: We made a website: partiwebbsidor.se.

WordPress is pretty big here in Sweden. Recently we found out that six of the largest political parties use WordPress on their main sites.

Here at Earth People we also use WordPress to build sites, so we thought that this it was a pretty cool and interesting fact that all these parties used WordPress too.

But wouldn’t it be interesting to know what plugins they use on their websites? Yeah, we thought so, so we built a website with this information: partiwebbsidor.se (only in Swedish for now, sorry!).

Just for the fun of it we also checked what CMS the sites who did not use WordPress used, and what web server software they were using. And we did a check of their PageSpeed score. AND we put all the code on GitHub, so people could contribute to the website.

What WP plugins does a site use? Our tool have the answer!

We at Earth People have a bunch of WordPress plugins that we have developed over the years. Some of them are even pretty usable! That’s why whenever we hear about a new WordPress site being released here in Sweden, we eagerly try to find out if any of our plugins are being used.

wordpress-plugin-checker

Previously that meant that we manually checked the site for our plugins. Yes. Manually. One after another we checked the site to find traces of our plugins (CSS files or readme files and so on).

It was boring. It was time consuming. And finally we gave up and decided to do something about it.

So we built the WordPress plugin checker. A simple automatic tool where we – and now also you! – can check any WordPress site for plugins. We have been using the tool internally for a while and it’s been working pretty good.

It’s kinda fun and exiting to see what plugins a site is using. What don’t you go and try it to see for yourself?

Let us now what you think in the comments for this post or at @earthpeople. Oh! And if you find any of our plugins on a site please let us know. It makes us so happy and proud.

/The lab rats

WordPress loops: with_posts() is my way of dealing with them

One of the most boring, cumbersome and dangerous things with WordPress is getting and working with posts in custom loops.

A common situation is like this:

That’s a bit cumbersome I think. Do I really need to do that while-thingie, that the_post()-method-thingie and that wp_reset_postdata()-thingie each time? It feels a bit… repetitive. And dangerous, since if I forget to reset the postdata I can screw up other loops and functions and plugins and my site (that often is a client site..) is starting to fall apart, loop by loop.

with_posts(): a fancy solution with a callback

So, I give you my solution to this problem: the with_posts()-function. Let’s do the same thing again, using my approach:

Using with_posts() I went from 6 lines to 3 lines.

Maybe it’s just 3 lines less you think, but hey it’s 3 lines less every time you want to loop something! That, plus you won’t forget that reset_postdata or setup_postdata thing again.

The magic is in the callback function: inside it you will automagically get the current post as the current post and it’s called once for each post in the matching query. You can use all the common stuff like the_title, the_permalink, edit_post_link, the_content, and so on.

Oh! And you can pass other stuff into the with_post-function too (ids, slugs, query strings…), to get any mix of posts. This example uses a regular wp_query as the base, to get some posts from a custom post type:

The function is posted in a Gist on Github for your viewing and forking pleasure, and I’ve also created a Gist with all kinds of  examples, so check it out and you’ll probably hopefully get the hang of it.

What can i say – I love this little function, and I hope you do.

Now, feedback me!

The very first field extension for Simple Fields comes from Earth People

The recently released version 1 of Simple Fields added a nice feature called “field extensions“: using a simple API, developers can add their own custom field types to the plugin. Nice indeed.

For one of our WordPress projects we needed to be able to attach a location to each post, so we though that “hey, let’s make that a field in simple fields!”. Said and done, the plugin is here and it’s called “Simple Fields Map extension” and so far it’s been a joy to use.

If you need to add one or several locations to a post in WordPress then give this plugin a try. It’s really really nice and useful.

WordPress Plugin Simple Fields now maintained by Earth People

Yes, the great – prepare for SEO Keyword madness! – WordPress custom fields plugin Simple Fields is now actively developed by us here at EarthPeople.

This is thanks to the fact that the plugin creator Pär since a while back spends his days at our office, typing away on his Macbook Air or browsing the WordPress Codex trying to remember if the function was called “get_title()” or “get_the_title()”. And … yes, sometimes he also updates the plugin from here.

So, be happy, do cool WordPress stuff, and read more about Simple Fields on it’s own domain simple-fields.com.

EP Hashimage gets a speedboost

The last few days we have been working on improving the speed if our EP Hashimage plugin. Today, we have released the result, a plugin that loads 70-80% faster when loading from the cache.

This is achieved after a complete rewrite of the caching function. It now used the WordPress Transients API. As usual, you find the latest version over at WordPress.org plugin directory.

Add your own networks

Today, our very populare social wordpress plugin EP Social Widget got even better. We have after requests from our users, we added an option page wich give you the ability to add any network you want to the plugin and your site.

You will find the new option page in the settings menu in WordPress admin under the name of “EP Social Widget”. To add a network, just type your network name and choose and icon to upload. When added you will see it in the list and you can delete it at any time by clicking the delete button far to the right. (It displays when you hower the table row)

Download the latest version (1.0.0) from the WordPress Plugin directory.

Select networks in EP Hashimage


Today we’ve added a new feature to our EP Hashimage WordPress plugin.
You can now (from version 3) choose which networks you want to include in your search for images with a specific hashtag.
For example –  if you want to print images tagged with #cat but only from the instagram network. That is now possible.

This has been on our todo list for a while, but since we only develop and maintain our plugins between projects it sometimes take a while before new features are added.

We hope you’ll find our plugin even more useful with this new feature.

As usual, download the plugin from the WordPress plugin directory, or update it via your plugin manager on your WordPress site.