WordCamp Seattle

I’m here at WordCamp Seattle, and wanted to post my slides and a few other notes. I’m giving two talks today, one in the development track on best practices for plugin development (“Y U NO CODE WELL”), and an Ignite talk on contributing to the WordPress community.

First, during my development talk, I was asked for five tips on writing secure code. In return, I pulled up a recent email I wrote where I provided 10 tips:

Never trust the user. You need to assume that all user input is insecure, and that all output is unescaped. The primary points are:

  1. Always escape attributes, URLs, and text on output.
  2. Always sanitize, scrub and validate input.
  3. Always prepare database queries.
  4. Never trust the user.
  5. Never output anything that is unsanitized or unescaped.
  6. Never store anything that is unsanitized.
  7. Know the difference between authority and intention.
  8. Never trust the user.
  9. Always use the many helper functions — we make it easy to write secure code.
  10. Never trust the user.

Best Practices for Plugin Development


Ignite Talk: Ask Not What WordPress Can Do For You


WordCamp Netherlands

Last month I traveled to Europe to speak at WordCamp Netherlands in Utrecht. It was a great experience and I had the chance to meet a number of awesome WordPress developers and users.

I’ve forgotten to post my presentation until now, so here it is. The video of the talk should be online soon enough. I’m excited about that, because despite giving somewhere around two-dozen presentations since August, none of them have been successfully recorded yet. I’d really like to watch it and study how I can improve.

My favorite talk at NL was one on designing for WordPress (and how decisions are made) by my friend John O’Nolan. I’m really excited to see his posted as well.

My main presentation was on what’s next for WordPress. (I gave the same talk in WordCamp Philadelphia the week before.) For my developer talk on APIs, see my post from WordCamp Mid-Atlantic.


There’s also some great photos of the event on Flickr. The pool has more than 900 photos, and I’m also in a fair number of them.

WordCamp Savannah

I ventured to WordCamp Savannah this weekend. It was an awesome group of people, and even with my WordCamp schedule (see the sidebar) growing, it’s going to be a really tough event to top.

I spoke three times at Savannah: two presentations (both posted below), and I sat (stood?) on a core team Q&A panel with Matt Mullenweg, Jane Wells, and Mark Jaquith.

The first presentation was Contributing to WordPress. With a few core contributors and a solid group of developers in the audience, I had to kick it up a few notches once I got going, but I think I adjusted that well.

In the second presentation, I presented the goals of my Google Summer of Code project, theme revisions. I received some great feedback from Mark (on FTP integration), Matt (on SVN integration), and many others. I also confessed that my first experience three years ago was with the file editor, in version 2.3.2. It hasn’t changed much, but I tried my best to convince the crowd that a lot more could be done.

Daryl Koopersmith also showed off his visual theme editor, and John James Jacoby demonstrated EventPress. We also discussed scribu‘s project that is now soaking in WordPress 3.1-alpha, and Justin Shreve‘s project on the ideas/suggestions theme.



My DC PHP presentation


Last night I spoke at the DC PHP August meetup, hosted by Fathom Creative near Logan Circle.

The topic was WordPress 3.0, covering custom post types and taxonomies, multisite and the MU merge, and advancements in theme development. I also spilled the beans that we’re moving to PHP 5.2 with WordPress 3.2 (gasp!). I shared our development and release philosophies, and also had an engaging talk about security, BlindElephant, and shared hosting, which is always fun.

It was a great group (about 30 people) and a good warm-up for my WordCamp presentations this weekend at Savannah.

The presentation was 68 slides in all and lasted about 75 minutes. Without hearing the talk though, you wouldn’t know that the second slide was my first patch ever, but there you go. (I’ll be talking much more about that this weekend at Savannah.) You also wouldn’t know that I actually go into a spirited defense of shared hosts after boldly declaring they suck, so don’t read into the slides too much: