Speaking at WordCamp San Francisco

WordCamp San Francisco has announced their final round of speakers, and that includes me. I’m giving an advanced development talk on Saturday called Current User Can Watch This Talk. Props to fellow lead developer Mark Jaquith (who is also speaking) for coming up with that clever talk title. Here’s the description:

At first glance, the WordPress roles and capabilities system is simple. Users have roles, roles have capabilities, and plugins can make simple changes to them. Done, right? Not quite: You’ve been doing it the hard way. A deeper look inside the API reveals a surprising amount of flexibility, including the single most powerful (and dangerous) filter in WordPress. In this talk, you’ll learn how capabilities are “mapped” to other capabilities, and what the difference between primitive and meta capabilities means for your plugins and custom post types. We’ll explore the true hidden powers of the API, like using capability mapping to selectively grant and revoke privileges on the fly, making complex user management more maintainable.

The single most powerful and dangerous filter in WordPress? That sounds both ominous and awesome if you ask me.

If you’re interested in presentations aimed at advanced developers at WordCamp San Francisco this year, make sure to also catch the illustrious Mike Adams and Andy Skelton. Mike is talking about security in “Three Security Issues You Thought You’d Fixed.” Andy will be presenting a new approach to performance in “How pcntl_fork() Can Save Us.” I’m really looking forward to what they have to say and you should do.

I’m also looking forward to talks by Will Norris, Nikolay Bachiyski, and Helen Hou-Sandi. Together, those are six names who have greatly influenced not just WordPress development, but my own work and the contributions of many others. Check out the full line-up here and here. A few tickets are still available for the July 26–27 conference.

I also hope to see a lot of people at the Contribute Day on Sunday. I’m helping organize that, and WordPress 3.7 will be underway by then — more to come on both soon.

WordCamp Seattle

I’m here at WordCamp Seattle, and wanted to post my slides and a few other notes. I’m giving two talks today, one in the development track on best practices for plugin development (“Y U NO CODE WELL”), and an Ignite talk on contributing to the WordPress community.

First, during my development talk, I was asked for five tips on writing secure code. In return, I pulled up a recent email I wrote where I provided 10 tips:

Never trust the user. You need to assume that all user input is insecure, and that all output is unescaped. The primary points are:

  1. Always escape attributes, URLs, and text on output.
  2. Always sanitize, scrub and validate input.
  3. Always prepare database queries.
  4. Never trust the user.
  5. Never output anything that is unsanitized or unescaped.
  6. Never store anything that is unsanitized.
  7. Know the difference between authority and intention.
  8. Never trust the user.
  9. Always use the many helper functions — we make it easy to write secure code.
  10. Never trust the user.

Best Practices for Plugin Development


Ignite Talk: Ask Not What WordPress Can Do For You


WordCamp Netherlands

Last month I traveled to Europe to speak at WordCamp Netherlands in Utrecht. It was a great experience and I had the chance to meet a number of awesome WordPress developers and users.

I’ve forgotten to post my presentation until now, so here it is. The video of the talk should be online soon enough. I’m excited about that, because despite giving somewhere around two-dozen presentations since August, none of them have been successfully recorded yet. I’d really like to watch it and study how I can improve.

My favorite talk at NL was one on designing for WordPress (and how decisions are made) by my friend John O’Nolan. I’m really excited to see his posted as well.

My main presentation was on what’s next for WordPress. (I gave the same talk in WordCamp Philadelphia the week before.) For my developer talk on APIs, see my post from WordCamp Mid-Atlantic.


There’s also some great photos of the event on Flickr. The pool has more than 900 photos, and I’m also in a fair number of them.

New York and Philly, here I come

I’m attending WordCamp NYC at Baruch College this weekend, where I’ll be presenting advanced WordPress APIs. I gave this talk at WordCamp Mid-Atlantic (check out the slides) but I’ve promised to mix it up quite a bit for the New York crowd. That means new functions, new use cases, new plugins. From my speaker proposal: “This talk will be high tempo, engaging, challenging, and fun. The goal is to expose the potential of WordPress to new, skeptical, or even advanced developers. While a high-level talk, beginning developers are sure to find inspiration. Advanced individuals new to WordPress development, or considering WP for their next project, will ideally be convinced it is a worthy development tool.” Woo.

I also plan to hold an unconference session on contributing to WordPress. I have it on good authority that I may also be confined to a room at one point to work on WordPress 3.1 feature development with Aaron Jorbin, Daryl Koopersmith, Matt Martz, and others. Which sounds awesome. You know what else is awesome? The lineup of speakers, a bunch of whom I’ll be meeting for the first time.

On Saturday, October 30, I was asked to present what’s next for WordPress at WordCamp Philly. In this shared session, I’ll be able to talk about WordPress 3.1 with a lot more substance than I had at WordCamp Birmingham last month, as we expect to freeze feature development next week. Check out the program and speakers.

After Philly(’s after-party), I’ll be taking a redeye train or bus back to D.C. to participate in Hacks/Hackers/Hacking. This hackathon is hosted by Hacks/Hackers — journalists and developers — and timed for the annual Online News Association conference taking place in D.C. that weekend. I won’t be at ONA10, but there’s no way I would miss out on a journalism-themed hackathon in my backyard. I’ll be attending as the resident WordPress plugin developer, of course. 🙂

A few more meetups this month — I was at WordCamp Raleigh last weekDC PHP last night, and I’ll be at the joint WordPress DC — Hacks/Hackers meetup next week at NPR. (We’ll be hearing about the Argo Network, which I’m really excited about.) I also attended Accessibility Camp DC over the weekend, which was quite an experience, and I’ll be writing more about that in the future.

Advanced API resources (WordCamp Mid-Atlantic)

As part of my WordCamp Mid-Atlantic presentation on advanced WordPress APIs, here’s a list of resources for each API I’ve discussed.

Nothing is better than browsing the source. You may also want to try phpxref, which is truly an amazing resource for tracking down how things get executed and called. (This one, based on trunk, is hosted by one of the lead developers, and is updated each night.)

Slides and descriptions of each API are after the jump.

Continue reading Advanced API resources (WordCamp Mid-Atlantic)