Bulk WordPress Password Reset

Reset by Orse on flikr.com
Reset by Orse on flikr.com
Sometimes it is a good idea to reset all the passwords for your WordPress website and email the users to let them know their new password. Especially when you have been hacked – if you have been hacked, read about what to do

My emergency password reset plugin will regenerate every user’s password and email it to them. If you have been hacked, I advise you change all the SALTS in wp-config.php, which forces all users to log out too. WordPress.org provides a tool to generate new SALTS.

To us my bulk emergency password reset and email plugin…

1) Download the emergency-password-reset at wordpress.org plugin
2) Upload the zip file to your plugins directory and activate.
3) If you are and administrator you can click on “Reset all Passwords” – the plugin will generate new more secure passwords and let all the users know.

Hope you find it useful

Using Meta Boxes on Plugin Admin Pages

Meta Boxes are boxes that appear on the dashboard and for custom features on edit page/post pages. They can also be used in plugins too. Here’s how to create meta boxes on an admin page that will remember whether you have opened/closed them and the order you have dragged them into.


They are relatively easy to create!

1) Enqueue the scripts that will allow toggling open and closed and the order to be changed. They need to be hooked in at the ‘init’ stage

2) Create the page the boxes will appear on

Those classes and ids allow the meta box styling to happen

3) Create functions for each meta_box’s content

4) The meta boxes need nonce fields to allow any open/close toggling and order changes to be saved

5) The meta boxes are then “added” and “done”

add_meta_box prepares the meta box and can be placed in your content stream or as in an add_action hook
do_meta_boxes tells wordpress to render the meta box

6) Lastly we need some jquery to initialise previously saved open/close toggles and order

pluginname is your plugin name that you have used above. Other tutorials used pagenow but it didn’t work for me on custom admin pages in v3.5

Here’s the code bundled up…

So your WordPress site has been hacked


Last night we were hacked by Turkish Jihadi’s who replaced our index.php, disabled Akismet and one other plugin. What do you do when that happens?

Change your host password and FTP password immediately.

Let the host what has happened and ask them to investigate how it happened.

We have a plugin called Simple Login Log and from that I could see that I had apparently logged in from Turkey – but I live in the UK, so my password had been cracked.

Check the access log on your host’s Cpanel. On ours we could see that someone whose IP was Turkish had been using the plugin editor around that time – so that’s why Akismet was bust.

Urgent action is needed.

1) Change the SALT’s in wp-config.php – that will force all currently logged in users to be logged out!
The SALT section looks a bit like this with goobledegook instead of ###!:

The wordpress boys have provided a tool to generate a new one here. Don’t copy the one above! Update your wp-config.php and get it uploaded asap.

2) Next you need to force all passwords to be reset to new WordPress generated ones – so all users have a new password (of course they can change them quickly back though). I couldn’t find an emergency password reset plugin, so I wrote one called emergency-password-reset – just upload it, activate and if you are the administrator you can reset all the passwords in the Users section on the left hand menu. Do step 1 first though to force all users off!

3) You can block IPs in your hosts Cpanel – if you have analytics that shows ips of users when the hack happened (the exact time will be available in your FTP program), then you can block ’em! They will just try from another IP, but now you are more secure again.

4) I reinstalled all plugins as they had been fiddling. Some hackers try to add some code to insecure plugins (particularly ones using old versions of Timthumb for image management) – so the safest bet is to delete them and re-add them

5) If your username is “admin” change it – either in phpmyadmin or create another user and then delete it!

How to internationalise a wordpress plugin

If you want your plugin to have a greater reach why not internationalise it – hopefully people will soon start translating it for you!

Here’s what to do!

Step 1

set up the plugin to load the translation files with this code, changing “your-plugin-name” as needed.

That means that wordpress will load the right translation file from your plugins languages directory.


Change all the output text in your plugin to use the internationalised versions

so $foo= ‘Blah Blah’; becomes $foo=__(‘Blah Blah’,’your-plugin-name’);
echo ‘Blah Blah’; becomes _e(‘Blah Blah’,’your-plugin-name’);
Thoroughly test your plugin at this stage!

Step 3

Set up the initial default translation file defautlt.po in the languages folder.
Download and install poedit from http://www.poedit.net/download.php
The instructions are about as useful as a chocolate teapot, hence this blog post.

Once you have installed the Poedit program, open it.
Click on File then New catalog…
Fill out the Project Name at least and then click on the Sources Path tab.
This is where everyone goes wrong on Windows computers! The base path needs to be the full path to your plugin root directory not “.” e.g. C:\xampp\htdocs\wordpress\wp-content\plugins\church-admin
Then you can add the sub directories in the paths section by clickingthe second icon from the left (dotted box type icon).

Next click on the Sources Keywords tab and select each of the current ones and delete them.
Add __ and _e and then press ok

With any luck you will not get the annoying “Updating the catalog failed error” which happens when you don’t do the full windows path.

Now you can save the file as default.po in the languages folder of your plugin.

Click on Update at the top and it will search your php files finding words that will need to be translated


Click save to save it!
Then commit the default.po file and language directory using your SVN programme and let your user base now of the update, by announcing it readme.txt, your facebook plugin page, twitter account….

Hope that helps. A future post will be how to translate your favourite wordpress plugin!

Control how Facebook likes & Tweeted URLs look from WordPress

If you want to control what image and content Facebook uses when someone likes a post/page on your WordPress site, then add this snippet to your theme functions.php. Any Facebook likes will then use the featured image from that post or page.

A similar thing can be done with Twitter – called Twitter cards – a simple version is previewed below. It can add a neat little card under a tweeted url from your site if you use the code below and apply to the program! It takes 5-10 days to be improved, so do it now!


How to get it working
1) Use the code below in your theme and get it uploaded
2) Go to https://dev.twitter.com/docs/cards/preview to check it works with a url from your site with my code!
3) Go to https://dev.twitter.com/form/participate-twitter-cards to apply.

[code]add_action( ‘wp_head’, my_theme_facebook_meta_tags );
function my_theme_facebook_meta_tags()
global $post;
echo'<!–Facebook tags–>’;
if(function_exists( ‘has_post_thumbnail’ )&& has_post_thumbnail( $post->ID ))
$thumb = wp_get_attachment_image_src( get_post_thumbnail_id( $post->ID ), ‘thumbnail’ );
echo'<meta property=”og:image” content=”‘.$thumb[0].'”/>’;
if(!empty($thumb)) echo'<meta property=”og:image” content=”‘.$thumb.'”/>’;
echo'<meta property=”og:url” content=”‘.get_permalink($post->ID).'”/>’;
//post title
echo'<meta property=”og:title” content=”‘.get_the_title() .'”/>’;
//site name
echo'<meta property=”og:site_name” content=”‘.get_bloginfo(‘name’).'”/>’;
if ( !empty($post->post_excerpt) ) {
$description = strip_tags(strip_shortcodes($post->post_excerpt));
$description = my_theme_wordlimit(strip_tags(strip_shortcodes($post->post_content)));
echo ‘<meta property=”og:description” content=”‘.$description.'”/>’;
echo'<!–End Facebook tags–>’;
function my_theme_wordlimit($string, $length = 50, $ellipsis = “…”)

$words = explode(‘ ‘, $string);
if (count($words) > $length)
return implode(‘ ‘, array_slice($words, 0, $length)) . $ellipsis;
return $string;

*IMPORTANT Changes coming to Church_Admin Plugin *

The next update for the Church Admin plugin will make an important change to the way people are stored.
Up to now each database row has contained a family, which limits the usefulness of the plugin as churches get larger (Perhaps husband and wife are in different small groups, or a teenager is in a different small group…)

So the next update will split the storage of households up under the hood, so that future updates can add useful functionality to the plugin.

How can you prepare?

  1. Use & to split up adults in the address Name field – I have always used the Address Name field to be something like “Andy & Janet” or “Bob & Sue” – so if you do the same the update will be automatic (it will spot “& “!)
  2. Use comma and space to split children in the children field – The children field will split with a comma and a space – eg “Rebecca, David, Katie”

The update will assume the first name adult in a family is male and the second is female and all children wil be assumed to be male! (Too many names for intelligent guessing!)
You may need to edit some entries after the next update.

What will under the hood database look like?

For the techies – this is the new table structure…
CREATE TABLE IF NOT EXISTS wp_church_admin_household (
address text,
lat varchar(50) DEFAULT NULL,
lng varchar(50) DEFAULT NULL,
phone varchar(15) DEFAULT NULL,
household_id int(11) NOT NULL AUTO_INCREMENT,
PRIMARY KEY (household_id)

The address field will be a serialized array and the address table will also store geolocation of address for map plotting etc.

CREATE TABLE IF NOT EXISTS wp_church_admin_people (
first_name varchar(100) DEFAULT NULL,
last_name varchar(100) DEFAULT NULL,
date_of_birth date DEFAULT NULL,
member_type_id int(11) DEFAULT NULL,
roles text,
sex int(1) DEFAULT NULL,
mobile varchar(15) DEFAULT NULL,
email text,
people_type_id int(11) DEFAULT NULL,
smallgroup_id int(11) DEFAULT NULL,
household_id int(11) DEFAULT NULL,
user_id int(11) DEFAULT NULL,
people_id int(11) NOT NULL AUTO_INCREMENT,
PRIMARY KEY (people_id)

people_type_id will be 1 for adult 2 for child
sex 1 male,0 female
roles will be a new feature – a serialized array that in future updates will allow for teams etc.
household_id will connect the people row to a hosuehold.
smallgroup_id is which small group
member_type_id will allow for membership level -visitor,member and adjustable levels between!

Using wp_editor() in WordPress 3.3

If you want that lovely editor (like the one I am writing in right now for this post) to appear in a plugin, here’s how…

It really is that simple!

Speeding up WordPress

I recently rebuilt www.keepchickens.info on the WordPress platform with over 200 pages and it was slow to load. Very slow www.pingdom.com put it at between 9.4 secs and 15 secs – ouch. Consequently the hits went down 28.3% over the first month – even more ouch.

The site was built around pages with no blog posts. Having checked out Chris Coyiers recent Digging into WP post I discovered the problem was with my permalinks. I was using /%pagename%/ which sends the database queries through the roof and slowed the server side down of page delivery to a crawl. The permalink is now /%year%/pagename%/ – pages permalinks are unaffected and the speed is amazing! Hits have gone back up by 23.3% overnight.

Content is important, but so it is speed. If the page is taking to long to load, people move on.
While you are trying to speed things up – it is worth compressing the images with Yahoo’s Smush it and finding the delivery bottlenecks with http://tools.pingdom.com/

View Calendar by Categories

The calendar-list shortcode has two new features – limit to one category and number of weeks to show
To get the shortcode code simply go to the category page on the Calendar admin page…

Click on the “Category List” link on the calendar page and then simply select and copy the right shortcode for the category you want to use.

Shortcodes shown on the category list

That shortcode can then be pasted within any page or post – you can change the number of weeks to any integer.

Using Google Directions API

It took some boiling down, but here’s how to grab directions from Google and display them using PHP


function google_directions($start,$end,$mode=’driving’,$units=’imperial’,$region)
$start is the start address
$end is the end address
$mode can be ddriving,walking or bicycling
$units can be metric or imperial
$region biases the address geolocation to a region – use top level domain letters eg uk for GB!


$endpoint = ‘http://maps.googleapis.com/maps/api/directions/json?’;
$params = array(
‘origin’ => $start,
‘destination’ => $end,
‘mode’ => $mode,
‘sensor’ => ‘false’,
‘units’ =>$units,
‘region’ =>$region

// Fetch and decode JSON string into a PHP object
$json = file_get_contents($endpoint.http_build_query($params));
$data = json_decode($json);
// If we got directions, output all of the HTML instructions
if ($data->status === ‘OK’)
{//parse google data
$route = $data->routes[0];
echo ‘


echo ‘

From: ‘.$params[‘origin’].’ to: ‘.$params[‘destination’];
echo ‘ using Google Maps ©’.$copy[‘1′].’
echo ‘Journey Distance ‘.$route->legs[0]->distance->text.’
echo ‘Journey Time ‘.$route->legs[0]->duration->text.’

//output warnings
foreach($route->warnings AS $key=>$value)echo $value.’
//start to output directions
echo ‘

Route Summary ‘.$route->summary.’


foreach ($route->legs as $leg)
foreach ($leg->steps as $step)
$text=$step->html_instructions .’ (‘. $step->distance->text.’ and ‘.$step->duration->text.’)’;

$text=strip_tags($text);//get rid of formatting
$text=str_replace(‘Continue’, ‘ & continue ‘ ,$text);
$text=str_replace(‘Go’, ‘ & go ‘ ,$text);
echo $no.’) ‘.$text.’
‘;//o/p step

}//end of parse data

}//end of function

google_directions(‘PE35 6EN’,’PE30 4AW’,’driving’,’imperial’,’uk’);
My example gives the directions from the Sandringham Royal Estate to our church venue, just in case the Queen needs them next Christmas!


From: PE35 6EN to: PE30 4AW using Google Maps ©2011 Tele Atlas
Journey Distance 7.2 mi
Journey Time 16 mins

Route Summary Queen Elizabeth Way/A149

1) Head southwest (0.5 mi and 2 mins)
2) Turn right onto B1439 (1.6 mi and 3 mins)
3) Turn left onto Queen Elizabeth Way/A149 & go through 1 roundabout (4.1 mi and 7 mins)
4) At the roundabout, take the 3rd exit onto Gayton Rd/A1076 (0.8 mi and 2 mins)
5) Turn right onto Queensway
Destination will be on the right (0.2 mi and 2 mins)