The Life and Times of Michael Shadle

I've had the opportunity to work with WP plugin creation quite a bit at work. We've been able to enforce a strict policy on our WP blog of not allowing *any* core WP code to be modified. The main reason for this is that it will make it much easier to upgrade and not break functionality later on.

Due to that, I've wound up creating or hacking up a bunch of custom plugins for work. One includes a complete authentication system override. Basically it traps all login, logout and registration requests and pushes them to custom URLs, and I trap all requests and process user information from cookies our external authentication system has defined. Then I take that information and force-feed it into the WP system, essentually telling it to emulate who I want it to.

That's not a very general-purpose one for any WP installations outside of my company though. However, I have created one that so far seems to be quite useful, and depending on responses, I may package/fix up more.

As of right now, I wind up customizing almost every plugin I use. Currently, all but the Akismet one is either completely written by me, or was taken from another one and hacked up with extra features.

My current plugin list includes:

• Akismet - because spam sucks.
• Comment Cleaner - based off "Chunk Urls" I've combined the URL chunking with word wrapping that behaves properly.
• "Misc Fixes" - a dummy plugin where I dump some personal tweaks like removing all the wptexturize() calls. Possibly some other good stuff, and maybe a testing ground before pulling code into a seperate official plugin.
• Remove Dashboard Feeds - my first official "public" plugin, a simple and effective way to disable the feeds from loading in the WP admin dashboard. Especially useful for when your server is behind firewalls, but also great if you don't really care about that information
• WP Mail Replacement - PHP's mail() function doesn't work as good as I'd like. I created one that uses popen() directly to the sendmail binary, and allows me to do anything I want - custom headers, attachments, etc. However, now that WP 2.2 is bundling phpMailer, this might not be an issue.

It seems like I use a lot more. I guess I felt cool having a handful of custom plugins, but I really only run a couple on my personal site for now. As I mess around with more, I'll be sure to post.

One thing I would like to see is the database functions put into the pluggable functions. Then I could create a MySQLi plugin that could override the core MySQL calls. That'd be a pretty easy way to allow for custom backends; in the meantime, it looks like I am stuck putting in a wp-content/db.php file (I believe that is the way to do it.)

While we're on the subject of plugins, I think I should be clear here. A "plugin" should not require the stock WP code to be altered. That is a patch or a hack. A plugin is something that can be plugged in without any modification of the core code.

I don't know why this wasn't discovered (or a better action put in by the WP folks to begin with that could be disabled) but I was able to find a way to disable the feeds from loading on the WordPress admin dashboard without any need for customized index.php files (which would need to be updated/re-uploaded every time WP is updated.)

I'm not sure why this isn't just a stock WP configuration option. It seems enough people have looked for ways around it. My biggest issue was that it requires connectivity directly with each RSS feed, which does not work very well behind our firewall at work. I'll be damned if I hack up some proxy-capable solution too for the feeds that we don't really even look at.

I knew that there had to be a way to mess with the actions being called to disable them from loading the Javascript, or make the fetch_rss() calls return nothing, or make the index-extras.php script return nothing... the easiest and apparently effective way was making a simple action trigger and finding the right order in which it was effective.

In the end, this is all the code that was required:

function remove_dashboard_feeds() {
   remove_action('admin_head', 'index_js');
}

add_action('admin_head', 'remove_dashboard_feeds', 1);

To make a long story short, I give you the "Remove Dashboard Feeds" plugin, located here. Just download, remove the .txt extension, throw it in the plugin directory and activate it. Simple enough. Works on WP 2.2, and probably 2.1. Not sure about earlier versions, but nobody should be running those anyway (keep up with the times as much as you can! Stay secure and optimized!)

Mozy's got what seems to be a nicely integrated Windows client (not sure how good their Mac client is) - their service seems simple enough, and you can't go wrong with two gigs free or unlimited (I've been questioning how much it takes before it becomes "abuse") for an extremely low $4.95/month.

However, this going back to my blog post a while ago about the end all backup solution, it still is missing one key thing. While the transfer is encrypted and the file contents are encrypted (optionally), the file and directory names are not. When I asked support, the response back was "how would you know what the file is then?" - to me, it's simple. You have an encryption key, why can't the filenames be encrypted as well using the same key, and decrypted on demand? I understand this complicates things then (how do you store junky filenames/etc...) - you'd most likely need a customized filesystem or some virtual layer between the two to do the translation. However, that would basically make Mozy the king in my book for Windows and I assume Macs (read: any level of savvy end-user who wants their data backed up.)

I would still be shopping though for one to use to backup my servers. Duplicity still seems like the best, as it will compress, encrypt, and do differential/incremental backups and due to the nature of how it works, will also mask the file contents so only the user can see them. Rsync.net has recently announced funding and support to help pump some life back into the project, which is promising. It needs native Windows support (which may be tricky... it needs a POSIX compliant backend) and proper S3 integration without patches or external libraries and hacks.

Of course, I was having fun developing my own little PHP interface to S3, which if possible I could then wind up creating my own tools; however, do I really trust my own coding for my critical data and extremely large filesizes? Because it's over HTTP, it's tricky (or maybe impossible) to byte-serve the data in PHP without precaching it into memory first... ah well.

Someone needs to create an efficient C-based one that can be compiled in Windows, OS X, and Linux. Any takers? I'll pay...