Our new tool finds “hidden” WordPress pages exposed by just released WP REST API

In December WordPress 4.7 was released. The most cool part of this release was the inclusion of the WordPress REST API. In development for quite some time it was finally included in core.

The WordPress REST API is great for developers because it makes it very easy to get all pages, posts and users from a WordPress site and use them in any way they want, using JavaScript or PHP or basically any programming language.

Did we say all pages? Yup, that’s right. All Most of your posts, pages and users are exposed to the public with this API. That includes pages that have no public links to them and pages that are not available in any menus on your website.

So some of the WP devs here at Earth People got curious about the API and what exposed stuff we could find on those websites on the internet that had updated to 4.7. We figured that an easy way to test this was to create a Google Chrome extension.

Hello there WP Content Discovery Chrome Extension

So we made the the extension and we called it WP Content Discovery.

Here’s how it works:
It adds an icon to your chrome toolbar. By default it only displays the letter “w” as in WordPress. When you visit a WordPress powered website and it detects the API is lightens up and displays “API” in blue.

The extension icon in action. On the first site no API is detected. On the second site the API is detected and the icon shows a blue API text.

Now the fun starts: click the icon to get get a list of pages, posts and users on that website!

Here is an example from the website of admin activity logger Simple History:

Here we can see that the extension indeed did find some pages on the website we tried it on…

Please try the extension. And please let us know what you think here in the comments!

One last thing… the API may freak some people out…

Even if all the data that you can get publicly from the REST API is already available somewhere in WordPress, it does freak some people out that it actually is possible to get the content so easily.

It is however pretty easy to disable the API if you find it to scary.

 

Here is a list of WordPress plugins that Sweden’s largest political parties use

TL;DR: We made a website: partiwebbsidor.se.

WordPress is pretty big here in Sweden. Recently we found out that six of the largest political parties use WordPress on their main sites.

Here at Earth People we also use WordPress to build sites, so we thought that this it was a pretty cool and interesting fact that all these parties used WordPress too.

But wouldn’t it be interesting to know what plugins they use on their websites? Yeah, we thought so, so we built a website with this information: partiwebbsidor.se (only in Swedish for now, sorry!).

Just for the fun of it we also checked what CMS the sites who did not use WordPress used, and what web server software they were using. And we did a check of their PageSpeed score. AND we put all the code on GitHub, so people could contribute to the website.

WordPress loops: with_posts() is my way of dealing with them

One of the most boring, cumbersome and dangerous things with WordPress is getting and working with posts in custom loops.

A common situation is like this:

That’s a bit cumbersome I think. Do I really need to do that while-thingie, that the_post()-method-thingie and that wp_reset_postdata()-thingie each time? It feels a bit… repetitive. And dangerous, since if I forget to reset the postdata I can screw up other loops and functions and plugins and my site (that often is a client site..) is starting to fall apart, loop by loop.

with_posts(): a fancy solution with a callback

So, I give you my solution to this problem: the with_posts()-function. Let’s do the same thing again, using my approach:

Using with_posts() I went from 6 lines to 3 lines.

Maybe it’s just 3 lines less you think, but hey it’s 3 lines less every time you want to loop something! That, plus you won’t forget that reset_postdata or setup_postdata thing again.

The magic is in the callback function: inside it you will automagically get the current post as the current post and it’s called once for each post in the matching query. You can use all the common stuff like the_title, the_permalink, edit_post_link, the_content, and so on.

Oh! And you can pass other stuff into the with_post-function too (ids, slugs, query strings…), to get any mix of posts. This example uses a regular wp_query as the base, to get some posts from a custom post type:

The function is posted in a Gist on Github for your viewing and forking pleasure, and I’ve also created a Gist with all kinds of  examples, so check it out and you’ll probably hopefully get the hang of it.

What can i say – I love this little function, and I hope you do.

Now, feedback me!

EP Hashimage gets a speedboost

The last few days we have been working on improving the speed if our EP Hashimage plugin. Today, we have released the result, a plugin that loads 70-80% faster when loading from the cache.

This is achieved after a complete rewrite of the caching function. It now used the WordPress Transients API. As usual, you find the latest version over at WordPress.org plugin directory.

Add your own networks

Today, our very populare social wordpress plugin EP Social Widget got even better. We have after requests from our users, we added an option page wich give you the ability to add any network you want to the plugin and your site.

You will find the new option page in the settings menu in WordPress admin under the name of “EP Social Widget”. To add a network, just type your network name and choose and icon to upload. When added you will see it in the list and you can delete it at any time by clicking the delete button far to the right. (It displays when you hower the table row)

Download the latest version (1.0.0) from the WordPress Plugin directory.

Select networks in EP Hashimage


Today we’ve added a new feature to our EP Hashimage WordPress plugin.
You can now (from version 3) choose which networks you want to include in your search for images with a specific hashtag.
For example –  if you want to print images tagged with #cat but only from the instagram network. That is now possible.

This has been on our todo list for a while, but since we only develop and maintain our plugins between projects it sometimes take a while before new features are added.

We hope you’ll find our plugin even more useful with this new feature.

As usual, download the plugin from the WordPress plugin directory, or update it via your plugin manager on your WordPress site.

WordPress plugins updated

This week two of our most popular WordPress plugins has been updated with new features.

EP Social Widget have been updated with more social networks to use, some after requests from our users. Check out the plugin here.

EP Hashimage have been updated with a new option to select how you open an image when clicking on the thumbnail. You can now choose between lightbox or open the original source. Check out the plugin here.

EP Social Widget now with shortcode

Our very popular social widget plugin has been updated with shortcode support so that you with ease can display your social links in posts and pages. Here is a short how to.

[ep-social-widget facebook="https://facebook.com" gplus="https://plus.google.com" rss="1"]

Available networks are

  • facebook
  • gplus
  • twitter
  • flickr
  • youtube
  • rss

Just use the one you want to display in your post/page and give it a link. The RSS option only need a 1 as value if you want that displayed. Remove any network completely to remove it from the post/page.

Download it from the WordPress Plugin Directory.

Base64-encoding media assets in WordPress

I needed to serve some WordPress posts as web views to some mobile apps. But the app guys wanted the all the images inside the_content to be encoded into base64-strings, for offline caching. This was made into a tiny little plugin which you can download and use as you see fit.

When enabled, this plugin will encode all images sitewide on your website. This is generally a bad idea. Should you need help tweaking the plugin further, just drop me an email. Download the plugin here.

UPDATE: This plugin is now released at the WordPress Plugin Directory. Download the plugin here.

Hashimage updated with async loading

From the start we always felt that we needed to do something about the slow loading of the hashimage plugin. Today we have updated it with the option to use async loading, letting all the heavy work to be done after initial page load. See the settings page for this new option.

In this update we have also integrated support for pic.twitter.com and images in the lightbox are no longer cropper and cut, say hallo to the whole image scaled down.

As usual, you find this amazing plugin in the WordPress Plugin Directory and please leave a comment if you have any suggestions or just like the plugin.

The new latest version is 2.3.0.