Now go ahead and use $_SESSION freely in your plugin. Here a nice additional class to encrypt session data.
HyperDB is a plugin for spreading your websites load across several servers and databases. Its currently used in production on WordPress.com.
Just started experimenting with it :)
Simple SSL certificates are easily obtained and installed these days. Here some simple first steps to get a Comodo SSL certificate installed.
Some options to check your SSL setup:
This can be done manually, as shown above or you can use a shell script, which downloads the certificates for you and combines them. SSL certificate chain resolver – This shell script downloads all intermediate CA certificates for a given SSL server certificate. There is even an online version, but I rather do that on my own machine :) … certificatechain.io
Since version 5.6+ PHP is verifying peer certificates and host names by default when using SSL/TLS. This is causing problems on some servers / websites, where the config has not been setup correctly. If you can not fix the setup yourself, make sure to talk to your server host to fix that issue.
For PHPMailer (Github) there is a workaround:
This should only be a workaround until your configuration has been fixed. You are suppressing certificate verification and compromising your security!
As WordPress is using PHPMailer as its main email library, this can be tweaked by using the phpmailer_init hook:
Add this to your themes functions.php.
And here is how phpmailer->smtpOptions should be used, on a properly configured server:
SSL changes in PHP 5.6: http://php.net/manual/en/migration56.openssl.php SSL context options in PHP: http://php.net/manual/en/context.ssl.php
When building plugins or addons, sometimes we need to save custom files within WordPress.
In most cases inline styles and scripts are an option, but not always the most elegant way. Everyone has to decide that for themselves. (wp_add_inline_style) Not talking about performance between inline and external files here :)
Another option is the wp_head action:
Many ask where can or should I save files created within a plugin.
When dealing with file creation and uploads, security is always important. That relates to any other platform doing similar operations. A folder created within a plugin directory is not less or more secure than a folder created in the upload directory.
Its important to have the correct file and folder permissions set:
There is a detailed article about permissions over at WordPress as well.
When it comes to creating files in PHP the term cross-site-scripting often comes up. When the system creates a file it is owned by the webserver and on a shared hosting account those files could be altered by another user on the same webserver. This could allow them to inject malicious code and compromise your sever.
That is why the WP_Filesystem was created, to make things more secure and make sure that the owner of files is correct.
WordPress provides a nice clean interface to create folders and save files to the upload folder. Here a simple example from one of my current projects.
Prepare the filesystem
Get upload dir information and prepare directory to save to
Check if file exists, create folder, delete similar and save. In my case I am adding a custom key and the page id to the file.
If the direct way is not possible, you can also use or force the FTP approach (request_filesystem_credentials).
This will check for the ftp credentials and request them with a form if needed.
This is just a very rough outline of how to do it, but should get you started.
Multiple connections, happening roughly within a 500 milliseconds timespan, can be called a concurrent connection.
So when looking at new server hardware, you have to think hard, if you will actually hit a certain concurrent connection limit at some point.
So lets say, you publish a campaign in a magazine, promoting a special offer through a single page website.
To calculate the possible concurrent connections, you would need to know roughly how many readers the magazine has.
The chance that all of them reading and visiting at the same time is almost impossible.
So lets say the magazine has 50.000 readers and roughly 1% hit your website at the same time.
In that case you would need a server setup that can handle 500 concurrent users.
These things are more important, when building Mobile Apps. With a popular App you can easily hit those concurrent user limits. This is where cloud solutions become really handy and help to level the traffic requirements. A good example is Parse.
The chance of your server hitting a concurrent connection limit is often not as critical as hitting a RAM limit :)
When loading web-fonts, we often see a brief un-styled moment before the browser applies the actual font. Gladly Typekit and also Google Web Fonts provide an option around that.
Both are using WebFont Loaders to help handle those brief moments.
TypeKit Webfont Loader Example
This adds a class name to the <html> element during loading
This is removed when loading is done. This allows us to hide content until all fonts are loaded.
This also adds classes once the webfonts have been loaded, which allows us to add some transitions to reveal the content again.
One last thing. You should add the webfont loader early in your content, so that it can do its magic before anything else is being loaded.
Compressing your content saves bandwidth and improves render time, particular on devices with slow internet connections. Compression allows your web server to provide smaller file sizes that load faster for your visitors. Compression of your HTML and CSS files with gzip typically saves around 50 to 70 % of the file size.
A good candidate is the WP Far Future Expiration Plugin ,which not only activates GZIP compression but adds file expiration for various static file types. Link
Check speed improvement before and after