What’s new in WordPress 4.7?

As we know WordPress 4.7 was released at 6th December, 2016.
In official website they listed all news and changes in the new version.

I would like to list the most important ones for developer side:

WordPress 4.7 release

  • New TwentySeventeen theme:  It is really really great theme for bloggers. As you see, i have already switched to this theme in my blog. It is clean, really mobile friendly, fast. And it has very beautiful fonts included. It also has custom CSS field which is very important for customizing. It is the first WordPress theme which i liked since TwentyTen.
  • Yet another global variable death – now we can use get_bloginfo( ‘version’ ) instead of global $wp_version variable.
  • REST API Content Endpoints – From version to version WordPress becomes more suitable for 3rd party app development.  In latest version WordPress comes with REST API endpoints for posts, comments, terms, users, meta, and settings.
  • New theme API function:  get_theme_file_uri().  Now we can use get_theme_file_uri (‘js/file.js’) instead of get_template_directory_uri().’js/file.js’
  • Page Templates for Post Types – now you can create default templates for custom post types just with adding Template Post Type: custom_post_type to the file head commented area.
  • Custom Bulk Action – It is also really useful feature. Before to add custom bulk action option we had to use own non-standard ways. Now it has native support.

That’s all new important  changes for me.

Create temporary WordPress nonce

May be the title sounds a little contradictious, as WordPress nonces are not storable data, so they don’t need to be expired. They are just hashed functions which are used for anti-CSRF purposes.
But for some special cases we may need to make nonce “to be expired”.

I mean, at first request it should work, after second request it should return false. Or it should work this day, since tomorrow it should return invalid.

This operation smells anti-bruteforce attempt, rather than anti-CSRF. Because anti-CSRF technology doesn’t have any relation with time and expiration.

So, our aim is to create a form which works only one time or temporary. This solution may be useful when we do ajax requests which should run only at once via setTimeout. So after
Let’s do that. (i write sample for ajax nonces. But same method can be used with input, url nonces too.)
 

Make any search form to take a visitor to WooCommerce Search Results page instead of default WP Search Results page

Usually WooCommerce themes have their own search forms, from simple “input-submit” to advanced “input-filter1-filter2-…-checkbox1-submit” ones.

But sometimes shop owners meet a such problem: Their search form takes the visitor to WP search results page instead of WooCommerce rich search result one.

What is the difference between these two results page?

WP Search results page is simple – it shows all results (in most cases its UI has simple bloggy style, and yeah, bloggy view in WooCommerce search is not suitable UI)

WooCommerce Search Results page is more complitated – Usually it has a product category, parameter filter at sidebar, and its UI is not bloggy, it has normal grid which is important for product view.

woocommerce search results bloggy view

Why does it happen? It happens only when there is missing post_type parameter in url.

When search form submit takes you to shopsite.com/?s=productname  it will show you default WP search view. When search form submit takes you to shopsite.com/?s=productname&post_type=product it will show you correct UI. Normal shop search results page.

So we just need to add missing parameter to search forms, and everything will be ok.

To add this we need very simple script at the footer.

P.S. You may also want to have smart search suggestion box to the WooCommerce with this plugin.

Integrate Cloudflare SSL and WordPress Website

As we know Cloudflare is a very popular CDN and web security service with millions users. It has both free and paid features. But free features of Cloudflare are just great, not just for trial purpose. Its free features are really great and useful.

Some of free features are DNS, Firewall, Caching, Network Control, Analytics, Crypto(SSL).

In this blog post i will write about Crypto-SSL option.
To install SSL(https) certificate in our website we need to buy SSL certificate first then install/configure the needed files in our Apache server.

But when we connect our website to Cloudflare DNS (it is so simple, just change domain’s nameservers to Cloudflare’s ones) it automatically gives our website SSL tunnel. Yes, without certificate installation, with just single toggle.

free wordpress ssl certificate with cloudflare

So, after changing nameservers to Cloudflare DNS-es and toggling Crypto->SSL feature to FLEXIBLE it is done, SSL for our website now works.

Now the only thing we should do is to prepare WordPress for HTTPS. Without this it just can’t work. Because it is configured to work with HTTP requests and its webserver Apache doesn’t have any configuration for 443 port, doesn’t have any certificate file in server filesystem. So there is no any information about SSL in serverside. Everything has been done in CloudFlare side.

Let’s simply solve it. After DNS changes are active (it usually takes up to 1 day) do these steps:

1. Go to wp-config.php, add these lines there before define(‘wp-debug’,’false’); line:

define('FORCE_SSL_ADMIN', true);
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) $_SERVER['HTTPS']='on';

This is for redirecting wp-admin requests to https and telling webserver to consider that the website works with https, not with http.

2. Go to wp-admin->settings and edit website addresses (change http:// to https:// ) You will be asked to login again.

3. Open .htaccess file and add this simple code there:

RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This is for redirecting all http requests to https.

That’s all. Now your WordPress website will work only with HTTPS prefix (and it will show green bar in browsers’ address bars). And this has been done without installing SSL certificates at server side.

Scheduled Banners and Template Parts in WordPress

It is normal when we meet requirement to show/hide any section by time change. I mean when we meet a plugin or theme, it is possible to create a section which displays Content A for T1 time interval, and which diplays Content B for T2 time interval.

I give 3 common examples for such cases.

1. To switch banner image when day ends and night begins and vice-versa.
2. Weekend section – to show weekend special section. It appear when Saturday arrives, and disappears when Monday arrives.
3. Time interval specific section or Campaign section – It appears when the given campaign is active. (for example between 28-31th days of the month)

scheduled banner for wordpress

And all of these should be automatized. I mean, we should not to edit any code by arriving/ending of the given dates. All of these can be scheduled and automatized.

So let’s write sample codes for these 3 cases: (This codes don’t contain any part about managing datetime parameters via administrative interface. The codes are simple and do exactly the needed things)

1. Day-Night Banner Switching:

Weekend Banner Section:

Campaign Section for the given datetimes:

Of course, when we have global targeted project, these codes may not be enough, we may need additional Client-Time zone argument to set. To get it is not problem, we can get it through AJAX. We have related article about this topic, passing cookie via AJAX.