Bulk WordPress Password Reset

Reset by Orse on flikr.com
Reset by Orse on flikr.com
Sometimes it is a good idea to reset all the passwords for your WordPress website and email the users to let them know their new password. Especially when you have been hacked – if you have been hacked, read about what to do

My emergency password reset plugin will regenerate every user’s password and email it to them. If you have been hacked, I advise you change all the SALTS in wp-config.php, which forces all users to log out too. WordPress.org provides a tool to generate new SALTS.

To us my bulk emergency password reset and email plugin…

1) Download the emergency-password-reset at wordpress.org plugin
2) Upload the zip file to your plugins directory and activate.
3) If you are and administrator you can click on “Reset all Passwords” – the plugin will generate new more secure passwords and let all the users know.

Hope you find it useful

Using Meta Boxes on Plugin Admin Pages

Meta Boxes are boxes that appear on the dashboard and for custom features on edit page/post pages. They can also be used in plugins too. Here’s how to create meta boxes on an admin page that will remember whether you have opened/closed them and the order you have dragged them into.


They are relatively easy to create!

1) Enqueue the scripts that will allow toggling open and closed and the order to be changed. They need to be hooked in at the ‘init’ stage

2) Create the page the boxes will appear on

Those classes and ids allow the meta box styling to happen

3) Create functions for each meta_box’s content

4) The meta boxes need nonce fields to allow any open/close toggling and order changes to be saved

5) The meta boxes are then “added” and “done”

add_meta_box prepares the meta box and can be placed in your content stream or as in an add_action hook
do_meta_boxes tells wordpress to render the meta box

6) Lastly we need some jquery to initialise previously saved open/close toggles and order

pluginname is your plugin name that you have used above. Other tutorials used pagenow but it didn’t work for me on custom admin pages in v3.5

Here’s the code bundled up…

So your WordPress site has been hacked


Last night we were hacked by Turkish Jihadi’s who replaced our index.php, disabled Akismet and one other plugin. What do you do when that happens?

Change your host password and FTP password immediately.

Let the host what has happened and ask them to investigate how it happened.

We have a plugin called Simple Login Log and from that I could see that I had apparently logged in from Turkey – but I live in the UK, so my password had been cracked.

Check the access log on your host’s Cpanel. On ours we could see that someone whose IP was Turkish had been using the plugin editor around that time – so that’s why Akismet was bust.

Urgent action is needed.

1) Change the SALT’s in wp-config.php – that will force all currently logged in users to be logged out!
The SALT section looks a bit like this with goobledegook instead of ###!:

The wordpress boys have provided a tool to generate a new one here. Don’t copy the one above! Update your wp-config.php and get it uploaded asap.

2) Next you need to force all passwords to be reset to new WordPress generated ones – so all users have a new password (of course they can change them quickly back though). I couldn’t find an emergency password reset plugin, so I wrote one called emergency-password-reset – just upload it, activate and if you are the administrator you can reset all the passwords in the Users section on the left hand menu. Do step 1 first though to force all users off!

3) You can block IPs in your hosts Cpanel – if you have analytics that shows ips of users when the hack happened (the exact time will be available in your FTP program), then you can block ’em! They will just try from another IP, but now you are more secure again.

4) I reinstalled all plugins as they had been fiddling. Some hackers try to add some code to insecure plugins (particularly ones using old versions of Timthumb for image management) – so the safest bet is to delete them and re-add them

5) If your username is “admin” change it – either in phpmyadmin or create another user and then delete it!

How welcoming is your church?

Being the most welcoming church in your area is not rocket science and pretty easy to achieve.

I’ve had some awful experiences visiting other churches over the years, from the large church with multiple services to the small baptist church that just haven’t taken the time to make sure they are welcoming new visitors.

Think about it – if you have a congregation of 100 currently and get 5% visitors but manage to get only 5% of those to stick – your church will grow by at least 10% a year and double in 7years!

So how welcoming are you? Why not use this welcome audit tool next Sunday? Get a few people to fill it out with the eyes of a visitor. Better still get a non Christian friend to come and do it!

Your church at a distance- website

Your website is the primary shop window for first time visitors, who haven’t been invited by someone.
How clear is it for the first time visitor? – the who, the what, the where, and then when – should be right on the front page!
Does it communicate who you are? Or is it a bit corporate, or a building?
Have you signed up for google places, so your venue appears on the map and a google search for “church your town” gets you above the fold by the map?
Does it work in all browsers and on mobile devices?

Your meeting place

Can people find it easily? Is there good signage, both outside and inside the building you use.
Are the toilets clean and nice enough? One hired venue we use for a very short time, we took a bottle of bleach with us! (we moved to a better venue pretty sharpish)

Your people

Do you have a good welcome team who know they are there more to welcome people than give out a notice sheet?!
Do the regulars turn up early enough to talk to visitors. A first time visitor at The Gateway last week, emailed to ask if they should get ther 15mins early – that’s what visitors do, because they are nervous about finding it, parking and getting a seat.
Do you have a welcoming culture – or are the people cliquey and ignoring of visitors.

Your systems

Do you have a welcome pack – please don’t embarass visitors in the way you give it to them, by making them stand up! I don’t want to be applauded, that is embarassing not welcoming!
What’s your follow up process? We track visitor follow up with our church admin plugin (for WordPress sites) – we used to use this visitors spreadsheet to track our welcoming process.
How do you get address details? We currently use a guest book – nice old ladies are great at getting people to sign it with an address!
Are visitors getting chatted to by lost of people and invited out for coffee, back for lunch, to multiple small groups?
Visit your visitors quickly – Herb Miller’s “Magnetic church” gives some stats on how many return if visited quicly. More on that here.

What others ways do you make visitors welcome?

How to internationalise a wordpress plugin

If you want your plugin to have a greater reach why not internationalise it – hopefully people will soon start translating it for you!

Here’s what to do!

Step 1

set up the plugin to load the translation files with this code, changing “your-plugin-name” as needed.

That means that wordpress will load the right translation file from your plugins languages directory.


Change all the output text in your plugin to use the internationalised versions

so $foo= ‘Blah Blah’; becomes $foo=__(‘Blah Blah’,’your-plugin-name’);
echo ‘Blah Blah’; becomes _e(‘Blah Blah’,’your-plugin-name’);
Thoroughly test your plugin at this stage!

Step 3

Set up the initial default translation file defautlt.po in the languages folder.
Download and install poedit from http://www.poedit.net/download.php
The instructions are about as useful as a chocolate teapot, hence this blog post.

Once you have installed the Poedit program, open it.
Click on File then New catalog…
Fill out the Project Name at least and then click on the Sources Path tab.
This is where everyone goes wrong on Windows computers! The base path needs to be the full path to your plugin root directory not “.” e.g. C:\xampp\htdocs\wordpress\wp-content\plugins\church-admin
Then you can add the sub directories in the paths section by clickingthe second icon from the left (dotted box type icon).

Next click on the Sources Keywords tab and select each of the current ones and delete them.
Add __ and _e and then press ok

With any luck you will not get the annoying “Updating the catalog failed error” which happens when you don’t do the full windows path.

Now you can save the file as default.po in the languages folder of your plugin.

Click on Update at the top and it will search your php files finding words that will need to be translated


Click save to save it!
Then commit the default.po file and language directory using your SVN programme and let your user base now of the update, by announcing it readme.txt, your facebook plugin page, twitter account….

Hope that helps. A future post will be how to translate your favourite wordpress plugin!

Using the ministry section to target email


We recently invited all our twenties to lunch one Sunday after church and they were surprised how many there were. They are all in different small groups, so how can we use the WordPress Church Admin plugin to communicate with them all as one group?

Use the Ministry Section! I’d used it for leaders of ministries upto know (like youth leaders, worship band), but why not use it to organise comms with other groups in your Church like the youth themselves, the twenties, singles…

A new update this afternoon will fix a few bugs and add language support. So if you want to translate the plugin, go for it!

Do you have any other tips on using the Church Admin plugin?

Books read in 2012

Here are the books I read in 2012 – not including fiction 😉

  1. NIV Bible
  2. Art of Neighbouring (by Jay Pathak)
  3. Handle with prayer (by Charles Stanley)
  4. Surprised by the Voice of God (Jack Deere)
  5. The Silent Listener Falklands 1982 (Major DJ Thorpe)
  6. Straight to the Heart of 1 & 2 Samuel
  7. Thinking for a Change (by John Maxwell)
  8. Mud, Sweat and Tears (by Bear Grylls)
  9. The Message of Judges
  10. The Message of Exodus
  11. How to build a magnetic Church (Herb Miller)
  12. The returning King (Vern Poythress)
  13. Romans. An Exposition of Chapter 8. 17-39 The Final Perseverance of the Saints
  14. Epistle to the Romans (NICNT)
  15. The Glory of Christ (John Owen)
  16. Eternal Security (Charles Stanley)
  17. Chicken Manual
  18. Chicken Coops for the Soul: A henkeeper’s story
  19. The Geek Atlas: 128 Places Where Science and Technology Come Alive

The Real St Nic

483418_139354672880950_1699270790_nIn the UK – kids believe that Santa Claus or Father Christmas comes with presents to children that have been good. Imagination and make believe are fun elements of any child’s growing up, but it has made Christmas all about spending too much and receiving lots of things. It’s a shame because “Santa Claus” comes from “Saint Nicholas” who was a real guy – not a fat guy with a white beard and red suit remodelled by Coca Cola!

Saint Nicholas was born into a rich family in Patara (part of modern day Turkey) – his parents died young, although they had led him to Christ. He spent his inheritance on the poor and gave gifts to poor children. He also saved 3 young poor women being sold into sexual slavery.

ho-ho-homousiosThe most famous story about him is being part of the Council of Nicaea in 325. That was when church leaders came together to discuss what Arius was teaching. Arius (and his followers the Arians) didn’t believe that Jesus was equal to the Father, that he was God. So when the council came to nailing the truth it came down to two Greek words Homoiousios and Homoousios. The one with the extra i (or iota from where the expression I don’t give an iota) was the heretical one where Jesus is of a similar substance to the Father. Homoousios means of the same substance – i.e. Jesus is God. The discussion over the one iota is important – it’s about where Jesus is God or not – the J.W.s today are basically an Arian heresy.

Legend has it that Nicholas got so fed up with his heretical nonsense that he punched him. Afterwards he was remorseful as punching heretics is not a great response for a Christ follower!

Thankfully Arius got voted as a heretic and the truth was preserved an the iota wasn’t given.

Saint Nicholas – loved Jesus, was passionate for the truth and was extremely generous to the poor and those who didn’t deserve it.
Santa Claus is an imaginary fat bearded guy in a red suit who comes down kid’s chimneys to give gifts to children that have been good and deserve it.

The difference between Saint Nic and Santa is like the difference between religion and Christianity
Religion says that God will be pleased with us and give us eternal life if we are good and deserving of it. Trouble is we aren’t good enough and we aren’t deserving of it – we have all done things wrong, said things that are wrong.
Christianity gives us the gift of eternal life, even though we don’t deserve it. God knows we have no hope of being good enough to not spoil heaven, so he deals with sin in our life by sending Jesus to be born as God-Man, living the perfect life we can’t and then dying on our behalf, instead of us.
This Christmas God wants to give you the gift of eternal life – and friendship with God through Jesus Christ.
Receiving that gift is as easy as A.B.C.
Admit that you aren’t good enough to earn God’s favour
Believe that Jesus came to die on your behalf for your sin
Confess that you believe and that Jesus is now your Lord or boss and you are following him

Control how Facebook likes & Tweeted URLs look from WordPress

If you want to control what image and content Facebook uses when someone likes a post/page on your WordPress site, then add this snippet to your theme functions.php. Any Facebook likes will then use the featured image from that post or page.

A similar thing can be done with Twitter – called Twitter cards – a simple version is previewed below. It can add a neat little card under a tweeted url from your site if you use the code below and apply to the program! It takes 5-10 days to be improved, so do it now!


How to get it working
1) Use the code below in your theme and get it uploaded
2) Go to https://dev.twitter.com/docs/cards/preview to check it works with a url from your site with my code!
3) Go to https://dev.twitter.com/form/participate-twitter-cards to apply.

[code]add_action( ‘wp_head’, my_theme_facebook_meta_tags );
function my_theme_facebook_meta_tags()
global $post;
echo'<!–Facebook tags–>’;
if(function_exists( ‘has_post_thumbnail’ )&& has_post_thumbnail( $post->ID ))
$thumb = wp_get_attachment_image_src( get_post_thumbnail_id( $post->ID ), ‘thumbnail’ );
echo'<meta property=”og:image” content=”‘.$thumb[0].'”/>’;
if(!empty($thumb)) echo'<meta property=”og:image” content=”‘.$thumb.'”/>’;
echo'<meta property=”og:url” content=”‘.get_permalink($post->ID).'”/>’;
//post title
echo'<meta property=”og:title” content=”‘.get_the_title() .'”/>’;
//site name
echo'<meta property=”og:site_name” content=”‘.get_bloginfo(‘name’).'”/>’;
if ( !empty($post->post_excerpt) ) {
$description = strip_tags(strip_shortcodes($post->post_excerpt));
$description = my_theme_wordlimit(strip_tags(strip_shortcodes($post->post_content)));
echo ‘<meta property=”og:description” content=”‘.$description.'”/>’;
echo'<!–End Facebook tags–>’;
function my_theme_wordlimit($string, $length = 50, $ellipsis = “…”)

$words = explode(‘ ‘, $string);
if (count($words) > $length)
return implode(‘ ‘, array_slice($words, 0, $length)) . $ellipsis;
return $string;