Phil Wylie

WordPress developer, Code Club volunteer & Staffs Web Meetup organiser

WordPress Bulk Post Creation with WP-CLI: A Handy Command Generator

Occasionally I find myself needing to quickly create a series of posts or pages—for building out a basic skeleton of a site, or for quickly populating content. Manually doing this within the WordPress dashboard can be tedious. This is where WP-CLI can save the day. In this post, I’ll look at how to use WP-CLI to quickly generate a series of posts within WordPress.

WP-CLI is a powerful tool that can be used to perform various tasks related to your website. For example, you can create new posts using the wp post create command:

The command is limited to creating a single post at a time. However, we can run multiple commands at once by separating them with a semicolon. So if we wanted to create two blog posts about one of the best Thai restaurants in London, we could run this command:

In order to make the above command even easier, I wrote a handy tool that generates it for you.

This tool is simple, but useful for quickly generating a small number of posts. With more time, a short bash script could loop through an array and perhaps support hierarchical post structures. For my purposes, this was sufficient and I wanted to share it in the hope that other people find it useful.

The Hype Around AI: A WordPress Developer’s Perspective

Everything you’re about to read has been entirely generated by ChatGPT, based on my thoughts shared in a recent email exchange.

Hi there,

I hope you’re well. Today, I want to dive into a topic that’s been on my mind lately—the hype surrounding AI. It seems like AI is the next big thing, much like the previous waves of excitement around cryptocurrencies and NFTs. But as a WordPress developer who has dabbled in AI tools, I’ve got some thoughts to share.

Remember those social media videos featuring entrepreneurial influencers hunting for discounted products in Walmart to resell on Amazon for a hefty profit? It’s an enticing idea—buy low, sell high, and rake in the cash. Similarly, AI is often portrayed as a game-changer, promising to revolutionize content creation and other tasks. However, I believe there’s more to it than meets the eye.

AI, particularly generative text AI like ChatGPT, can indeed help streamline certain aspects of content creation. It’s like having a tool that generates outlines, rewords sentences, and offers snippets to enhance your writing. But does it make you faster at writing a complete blog post? In my experience, not necessarily. It’s more of a companion than a silver bullet.

When it comes to writing code, AI can be a helpful assistant, but it’s not a replacement for human expertise. You still need to understand the problem and solution to determine if the code it generates is valid. Googling a coding problem and copying and pasting from Stack Overflow might remain a quicker solution for many developers.

In essence, AI is just a tool—a powerful one, but a tool nonetheless. It’s like a double-edged sword. On one hand, it can save time and improve efficiency in certain tasks. On the other hand, it can produce content that lacks authenticity and a human touch. Content generated by AI often has a distinct style that stands out to those who are familiar with it.

Looking ahead, AI is likely to become increasingly integrated into everyday software, creating a dependency on these technologies. However, this convenience may come at a cost. Providers like OpenAI may eventually start charging more for their services, passing the expenses on to users who rely on AI.

In conclusion, AI is not the magic solution to all our problems. It’s a valuable tool that can enhance our work, but it’s not a substitute for human creativity and expertise. As WordPress developers, we should use AI wisely, recognizing its strengths and limitations. While it might not make us overnight millionaires, it can certainly be a helpful companion in our digital journey.

Cheers,

Phil Wylie

WordPress 2FA using the Two-Factor plugin

Over the years, the need for increased security has become more apparent. The internet has become a place where personal information is shared and stored. This makes it vulnerable to hackers and other malicious users who want to gain access to your data.

We’ll look at what 2FA is, how it can be implemented in WordPress and make the onboarding process for your users as seamless as possible.

What is two-factor authentication (2FA)?

Two-factor authentication (2FA) adds an extra security layer to online accounts. Without this extra layer of protection, your account is vulnerable even if you use a strong password.

2FA is a method of confirming your identity by requiring a second form of identification after entering your username and password. This means even if someone gets your password, they still need more information before being able to successfully log in.

It should not be considered a substitute for strong passwords. Rather, it’s an additional layer of security by requiring something you have in addition to your username and password.

The downside is that it adds an extra step to the login process. It may be confusing if you’re not used to it and it can be frustrating for many people, who see this additional step as inconvenient or an unnecessary addition.

Many online services offer 2FA as an opt-in feature, which means that many users do not activate it. Knowing the benefits it can provide, what steps can we take to make 2FA more accessible and easier to use?

Methods for generating one-time passwords

Time-based one-time passwords (TOTP)

2FA is often associated with TOTP, the short-lived numeric codes that change every 30 seconds, and must be reentered when expired.

When you enable TOTP on an account, a secret key is created which is used to generate the one-time passwords. You can use an authenticator app or a physical token. The onboarding process usually involves scanning a QR code—saving you from having to type out your secret key. Popular authenticator apps include Google Authenticator and Authy. Password managers like 1Password can also store your secret key and generate one-time passwords for you when needed.

To prevent locking yourself out, a series of backup codes are usually issued. The backup codes can be used in case you lose access to your authenticator app or physical token.

If you’re starting to switch off—I don’t blame you! It’s too much for some professionals to handle, let alone the average person. For the technically inclined, this all becomes second nature. You get used to logging in by entering a username and password, followed by a one-time password.

Implementing 2FA across an organisation can be a challenging and time-consuming process. Documentation, training and even handholding for people who need it. Some may be uncomfortable using their personal smartphones for work purposes. Which authenticator app is best? What happens if you loose access to the phone? How do you transfer the secret keys to a new device? Where should the backup codes be stored?

Email/SMS codes

Another way to set up 2FA is by using email or SMS text message codes. They are easy to understand, implement and use.

After you enter your username and password, a code is sent to your email or mobile phone. You then enter this code, which is valid for a short period of time.

If your email account or phone number is compromised, an attacker might be able to get hold of your 2FA codes. But while the codes are not foolproof, they are still more secure than passwords alone.

Two-Factor WordPress plugin

The Two-Factor WordPress plugin adds 2FA to WordPress. It is built as a standalone feature plugin which may be merged into WordPress core in the future, but for now lives as its own plugin.

The plugin is open source, built and maintained by a team of volunteers including core contributors and members of the WordPress Security Team.

The plugin is available from the WordPress.org plugin repository. It supports several types of 2FA including TOTP and email codes.

Handy code snippet which enables email-based 2FA for all administrator users

With Two-Factor, 2FA is not enabled by default; it relies on users going through the initial setup process and the assumption that they will choose to keep 2FA enabled. When new users are created, 2FA must be made part of the onboarding process or the benefit of 2FA will be lost.

This snippet checks whether any methods have been enabled by the user, and—if not—enables email-based 2FA. This provides a good level of protection without requiring any action on the part of the user.

The code currently runs for administrators and editors, roles that have elevated permissions. However, it can be adjusted to include other user roles as well.

We’ve developed this further at Kanuka Digital. We rolled out the snippet to our clients’ sites via an mu-plugin. With a few modifications for our workflow across environments—local, staging and production.

We run MailHog on our local and staging environments—a tool that stops us from sending outbound emails by mistake. We’ve disabled email-based 2FA on our local and staging environments to make the lives of our developers easier. It saves time by eliminating the need to check MailHog for 2FA tokens.

Conclusion

Whether you’re a small business owner, large corporation, or simply someone concerned about online security, protecting your data has become increasingly important.

2FA is an important step in securing your online accounts, and it’s one that you should be taking if you haven’t already. Adding 2FA to all of your online accounts is a good way to stay safe online and keep hackers out.

As a WordPress developer, the Two-Factor plugin is an excellent way to add 2FA security to your WordPress site and make it more secure. Enabling email-based 2FA by default for users with elevated permissions is relatively simple, without introducing the complexity of TOTP management to your end-users.

I hope this article has given you a better idea of how to set up 2FA for your WordPress site. If you have any questions, feel free to get in touch.

Looking back at the Silk icon set

An iconic style instantly familiar to web designers and developers around since the days of dial-up. The famfamfam Silk icon set was a staple of web design back in the mid 2000s. I can’t help but look back at them with fond memories (and maybe a little bit of nostalgia).

They were a familiar sight on websites and web applications across the web. Alongside other trends at the time, rounded corners, gradients, and drop shadows. Sprinkle in a few Silk icons and you were on to a winner.

The Silk icon set was created by Mark James, a web developer based in Birmingham, UK. The icon set was updated numerous times, growing to a collection of 1000 icons.

At just 16-by-16 pixels, these icons were created with as few pixels as possible to conserve space and bandwidth. At the time, screens were smaller and had lower resolutions, many people still connected via dial-up, so file sizes needed to be kept small in order for sites to load quickly.

Distributed under a permissive Creative Commons license, they became a go-to resource for many designers and developers looking for icons that were simple, memorable and attractive.

Today, we’re more accustomed to seeing flat, smooth vector lines. While Silk icons are no longer as ubiquitous as they once were—iconography remains a powerful tool for designers: a visual language able to tell stories and convey complex ideas.

Older Posts