export default "data:image/svg+xml;base64,PHN2ZyBhcmlhLWhpZGRlbj0idHJ1ZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB2aWV3Qm94PSIwIDAgNjAgNzUiPjxkZWZzPjxzdHlsZT4uYXtmaWxsOiNmZmY7fTwvc3R5bGU+PC9kZWZzPjx0aXRsZT5UUlEtTEdPLVEtUkdCPC90aXRsZT48cGF0aCBjbGFzcz0iYSIgZD0iTTkuNzEsOS41NGEyOC44LDI4LjgsMCwwLDAsMCw0MC42NGwuMTMuMTJoMEwzMy43NCw3My44NlY1OC4yNWExOS43LDE5LjcsMCwwLDAsMi4zOS0uMzUsMjguMjksMjguMjksMCwwLDAsMTQuMTYtNy43MkEyOC43MiwyOC43MiwwLDAsMCw5LjcxLDkuNTRaTTQyLjQ0LDQyLjMyYTE3LjQ2LDE3LjQ2LDAsMCwxLTguNzcsNC43NVY1OFMxOC4wNSw0Mi44LDE3LjU2LDQyLjMxYTE3LjYsMTcuNiwwLDEsMSwyNC44OCwwWiIvPjwvc3ZnPg=="
Torque
Since
October 24, 2013

Josh Pollock

Josh is a WordPress developer and educator. He is the founder of CalderaWP, makers of awesome WordPress tools including Caldera Forms — a drag and drop, responsive WordPress form builder.

Singletons In WordPress: Good Or Evil?

Filed Under

Community

Published

November 8, 2016

1 Comment

Whenever object-oriented PHP is discussed in terms of WordPress development the subject of singletons often comes up. In fact, I’ve covered them twice here on Torque. In my article on design patterns and then with Carl Alexander in my article on leveling up as a PHP developer. The singleton pattern is used in the design of a class to make it so only one single instance of that class will ever exist. Some people believe that singletons are bad or are an anti-pattern. I disagree. While I am suspicious of singletons and think they are way over-used in WordPress development […]

Storing Encrypted Data In The WordPress Database

Filed Under

Community

Published

October 31, 2016

3 Comments

Today security and privacy are becoming more and more important. We’re not only hearing about password leaks but leaks of sensitive information. Servers will always get hacked, this can’t be avoided. But encrypting the data stored on those servers can drastically reduce the damage. In this article, I will discuss how to store and retrieve encrypted data in the WordPress database. Before doing so, I will discuss the difference between hashing and encryption along with a few other considerations. Hashing vs Encryption In WordPress, we use hashing a lot as part of our security. Nonces, which I covered in a recent […]

When PHP String Comparisons And Nonce Validation Go Wrong

Filed Under

Community

Published

October 25, 2016

No Comments

In a recent article, I talked about nonces, what they are and their role in WordPress. This article stressed the importance of using nonces to help prevent XSS and CSRF attacks. Soon after that post was published I read about multiple security vulnerabilities in the extremely popular plugin W3 Total Cache. One of these vulnerabilities is the result of improper nonce validation. A nonce was not validated using the standard wp_verify_nonce() function. Instead, the nonce was validated using a == comparison. In this article, I’m going to cover string comparisons in PHP. Specifically some of the issues with string comparison, […]

Static Methods As A Solution For Cross-Cutting Concerns In WordPress

Filed Under

Beginners

Published

October 18, 2016

No Comments

I’ve written a lot recently on object-oriented programming (OOP) for PHP development. One of the things I’ve tried to stress is that using classes doesn’t make code OOP and it doesn’t always use it better. OOP involves using classes to create reusable objects. Too often we use classes as collections of namespaced functions, missing the point of OOP. But, that doesn’t mean all code has to be “true OOP.” No one goes to your website or loads your app and says “dang, that’s some true OOP.”  They care that it works and is performant. As a developer, these are your […]

Designing Better WordPress Database Abstractions Using Dependency Injection

Filed Under

Beginners

Published

October 13, 2016

No Comments

For the last couple weeks, I’ve talked about creating database abstractions. In the first article, I spoke about the need for creating a high-level API, on top of standard WordPress APIs to act as a CRUD interface for your projects. The second was about using classes with all static methods for validation and storage of options. In part three, I want to talk about dependency injection and illustrate the value of this concept by offering a different way to create a database abstraction than I did before. What I showed in the last article works for its purpose. But, that […]

Using Static Methods & Late Static Bindings In Your Database Abstractions

Filed Under

Beginners

Published

October 4, 2016

No Comments

In some cases, creating classes that produce objects for working with a specific item, like an order in an eCommerce store, are perfect. You create one class and instantiate a new object every time you need it. Conversely, some data, like a plugin’s options, really only need one “store.” This is a perfect use for a class with all of the static methods. In this article, I will show you how to build a database abstraction for options used in a plugin or theme and provide an example of when a class with all static methods is useful and explain late static […]

Why WordPress Projects Need A Proper Database Abstraction

Filed Under

Community

Published

September 27, 2016

No Comments

A golden rule of WordPress development is “always use a WordPress API when possible.” We want to use classes and functions provided by WordPress to communicate with the database to ensure the right hooks are fired, and our code is as protected against changes made in future versions of WordPress. This also means we need to create a database abstraction on top of WordPress APIs. Doing so early on in a WordPress plugin, theme, or site will lead to less copy pasting and make it easier to fix changes later on. In this article, I’m going to talk about why […]

What’s A WordPress Nonce And How to Use Them

Filed Under

Featured

Published

September 20, 2016

4 Comments

Nonces are an important part of WordPress security, but they are often misunderstood or misused. They are a key part of what authorizes an HTTP request to your site, which works to keep your code secure. In this article, you’ll learn what nonces are, what a WordPress nonce is, how they can protect against certain types of attacks, what they can’t protect against, and how to use them. What Is A WordPress Nonce Nonces are cryptographic hashes that are used to verify that a request was made by the right person or client. Since nonces are constructed using a cryptographic hashing […]

An Introduction To Return Type Declarations In PHP7

Filed Under

Featured

Published

September 14, 2016

1 Comment

Last week, I wrote about type hinting, in PHP. Type hinting makes the intent of a function clearer and forces the values to show a specific type of value. While having a function that only accepts a certain type of value removes the need to check a variable’s type from the function, it doesn’t mean you don’t have to check that type first before calling the function. Passing a variable of the wrong type creates a fatal error. For example, get_post_meta() can return pretty much any type of data. If you’re using it in a way that you expect it to […]

A WordPress Developers Guide To Type Hinting In PHP 5 And 7

Filed Under

Featured

Published

September 6, 2016

6 Comments

PHP started out as a simple language without a lot of the conventions of other C-like programming languages that make them challenging to learn and more difficult to write. Over time, as PHP matured, many of those features have been added as optional syntax. One example of this type of feature is type hinting. Type hinting gives you the ability to define the type of values that can be passed for each argument of a function or method. Type hinting is optional, but when used it forces parameters to be a certain type or an error is thrown. Doing so makes […]

How do you stay on top of your WordPress game?

A good way to start is to sign up for our weekly newsletter. We keep you up to date by bringing you the freshest WordPress content from the brightest minds in the industry.