Software – General Chicken

A valid use case for confirmation emails

There is a business value to the use case pattern on many internet platforms where a confirmation email is sent, and then an encrypted or nonced link must be clicked to perform the confirmation action. The value of the features is:

The pattern confirms the user receiving the email has credential access to the receiving email account, reducing SPAM, and increasing security.

When you signup for Facebook, they send you an email with a link to confirm your account before it become active. This proves to Facebook that the recipient email is alive, and the http user requesting the account has recipient credentials for the email account.

This seams to be the intended purpose behind the admin email confirmation feature as of 4.9, as well as providing additional security to the system. My contention is that this is a confused purpose, and in fact renders WordPress LESS secure for several reasons.

Similiarity to the add user feature
When a user registers for a WordPress site, a confirmation email is sent to him from the site, to confirm the user has access to the email. This valid use case, is identical to the one used by facebook.com, described above. It is the confirmation of some information between two human groups / persons [the stakeholders of the site, and the user who is trying to register].

It is important to understand: THIS IS NOT A SECURITY FEATURE! An administrator can run arbitrary code. There is a check box available for administrators to override the outbound email:

Why can’t this emial be a true security feature?
In computer science, there is a concept called “arbitrary code”. A user who can run arbitrary code can literally do anything on the system, and can’t be restricted.

Hiring low cost, off-shore WordPress / PHP outsourcers

How to get cheap software for WordPress using Test Driven Development.

Post an ad on a site like Upwork.com or Freelancer.com for a low cost PHP programmer, and you’ll experience something unlike anything else in business. You’ll receive applications faster than you can possibly read them. A vertitable gusher of low grade computer programmers. Give me your tired, your poor, your huddled masses.

$5/hr software developers, what could go wrong?
Obviously a lot. However, these programmers represent a massive untapped talent pool, and Test Driven Development is the technique you can use to leverage this talent. Using TDD, you can safely, effectively, and efficiently use low cost human talent on your projects.

Issue #1: Quality of work
Issue #2: Onboarding and retention
Issue #3: Security

Concept Massive talent pool
Concept Cost comparisons
Concept No employees
Concept 24 hours a day

WordPress Plugin: FastRegister

This plugin allows you to enter an email in a form, and automatically register and signon the user.

Source: github.com

What 100% free WordPress theme, is specifically designed for posting code? [i.e. code highlighting, HTML char escaping etc.]?

General Chicken answers a question from Quora.

Read John Dee's answer to What 100% free WordPress theme, is specifically designed for posting code? [i.e. code highlighting, HTML char escaping etc.]? on Quora

WordPress plugin: Randomize Main Loop Order

This is a plugin I made in response to a Quora post.

I made a plugin for this, in response to this Quora question.

Randomize Main Loop Order

Plugin on Github: JohnDeeBDD/WP-Random-Order-Main-Loop

Just download the .zip from github, then upload it to your site. Let me know if there are any issues.

Read John Dee's answer to Is there a WordPress plugin that will re-arrange my website posts constantly? on Quora

Code on github.com

Better Error Messages

This plugin adds WordPress CSS to PHP errors.

Code on github.com

Business Stakeholders: How to Describe a Software FEATURE

A feature from the biz perspective

What is a feature?
A feature is an aspect of software that is useful. Anything you can express, that is possible, and that you can afford, can be a feature. A bug is an aspect of software that isn’t useful.

Since we’re talking about development, we’re discussing software features that don’t exist yet. These are features that we would like to build, or existing features that we would like to make better. Describe a feature with should statements:

It should email all the clients once a month.
The client should have a setting page in the admin area.
The plugin should have a custom post type called GPS coordinates for each subscriber.
The div should show a timeline of Civil War battles in the footer area.

The next statement you should create is the reason for the feature you are requesting. What is the business value of this feature? Describe the reason by using a “Because”, or “So that” .

So that the clients are routinely updated.
So that the user can change the settings.
Because we need to store the GPS data.

Alternatively, you can use Gherkin syntax for feature development.

Vanishing Checkbox in WordPress Comment Form

This is the tale of the incredible vanishing checkbox, on WordPress versions 4.9.6 and 4.9.8.

WordPress uses cookies by default to log in users and track who is making a comment. Cookies are small snippets of data kept on a user’s browser. WordPress is trying to deal with the new GDPR regulations. It seems from following Trac, that it’s a giant cluster fuck.

This annoying checkbox was forced onto every WordPress site in the world as of 4.9.6:

As soon as I saw this monster I started making a plugin to roll it back. It was obvious to me that most sites wouldn’t want this, and that it served absolutely no purpose. It comes from a misunderstanding of the law, and a desire to be clever.

There is no requirement in GDPR for websites to display a check box for cookie use. None, totally false.

Then comes out 4.9.8 which removed the check-box that was just installed!

However! This revert also breaks functionality. Users who aren’t logged in have no way now of knowing that their comment was submitted.

So the situation as of 4.9.8 is that the comment cookie check box came and went, and now everybody’s site is broken.

You can solve the problem by re-activating the comment check box in the admin SETTINGS >> DISCUSSION, but then you’ll still have the checkbox. Or use this plugin to restore functionality to the way it was.

Remove GDPR

WordPress Plugin: Change Admin Email – running on over 40k servers!

General Chicken publishes a plugin in the wordpress.org repo: Change Admin Email Setting Without Outbound Email

As of WordPress 4.9, the administrator cannot change the site admin email without outgoing email setup on the server, and recipient email credentials. This plugin restores the admin’s ability to change this setting without sending a confirmation email.

Plugin in the wordpress.org repo:

Change Admin Email

Plugin on Github