Recommended reading

• Gary Cao's tutorials
• Codex: AJAX in Plugins, wpdb Class

Priority Trac tickets

#16856 When registering custom post type, menu_position isn't honored if it's a number passed as a string

#16330 media_sideload_image() broken with URLs containing spaces

#17545 Pagination Broken on Network Admin > Edit Site > Themes

#16418 get_plugin_data() doesn't apply kses when $markup and $translate are false

#14148 wp_get_attachment_url() is not url encoding

Anatomy of $post

stdClass Object
(
    [ID] => 1
    [post_author] => 1
    [post_date] => 2010-06-25 11:48:52
    [post_date_gmt] => 2010-06-25 11:48:52
    [post_content] => Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!
    [post_title] => Hello world!
    [post_excerpt] => 
    [post_status] => publish
    [comment_status] => open
    [ping_status] => open
    [post_password] => 
    [post_name] => hello-world
    [to_ping] => 
    [pinged] => 
    [post_modified] => 2010-09-08 21:06:13
    [post_modified_gmt] => 2010-09-08 21:06:13
    [post_content_filtered] => 
    [post_parent] => 0
    [guid] => [install URL]/?p=1
    [menu_order] => 0
    [post_type] => post
    [post_mime_type] => 
    [comment_count] => 1
    [ancestors] => Array
        (
        )

    [filter] => raw
)

Hardening WordPress... for paranoid people

Plugins
Secure WordPress
Table prefix changer

wp-content/themes/<theme>/.htaccess && wp-includes/.htaccess <Files ~ "\.php$">
Order allow,deny
Deny from all
</Files>

wp-content/install.php <?php
if( basename($_SERVER['SCRIPT_NAME']) == 'install.php' ) {
    header($_SERVER['SERVER_PROTOCOL'].' 404 Not Found');
    die();
}
?> Strip NextGEN Gallery version meta tag <?php
function nextgen_remove_version() {
    global $wp_filter, $ngg;
    foreach( array_keys( $wp_filter['wp_head'][10] ) as $filter ) {
        if( ord( $filter[0] ) === 0 ) {
            ob_start();
            call_user_func( $filter );
            if( ob_get_clean() === "\n<meta name='NextGEN' content='$ngg->version' />\n" ) {
                unset( $wp_filter['wp_head'][10][ $filter ] );
                break;
            }
        }
    }
}

add_action( 'wp_head', 'nextgen_remove_version', 9 );
?>

Useful snippets

No capital_P_dangit() (#13971) <?php foreach ( array( 'the_content', 'the_title', 'comment_text' ) as $filter )
    remove_filter( $filter, 'capital_P_dangit', 11 ); ?>

Disable automatic embedded image links <?php add_filter( 'option_image_default_link_type', create_function( '<empty string>', 'return \'none\';' ) ); ?>

Force embedded image links to follow user settings <?php add_filter( 'option_image_default_link_type', create_function( '<empty string>', 'return;' ) ); ?>

Remove the default admin colour scheme picker <?php remove_action( 'admin_color_scheme_picker', 'admin_color_scheme_picker' ); ?>

Allow iframe tags in TinyMCE HTML <?php add_filter('tiny_mce_before_init', create_function( '$init_array',
     '$init_array["extended_valid_elements"] = "iframe[id|class|title|style|align|frameborder|height|longdesc|marginheight|marginwidth|name|scrolling|src|width]";
return $init_array;') ); ?>

Grab the page content of a page displaying posts <?php
$this_page = $wp_query->get_queried_object(); // Get the current page
$this_page_id = $wp_query->get_queried_object_id(); // Get the current page ID
$posts_page_id = get_option('page_for_posts'); // Get the posts page ID
 
if ( $this_page_id && $this_page_id == $posts_page_id ) { // If the current page has an ID and is the posts page
    $updated = 'Last updated: ' . get_the_time($this_page->post_modified); // $this_page is a standard post object
    $content = apply_filters('the_content', $this_page->post_content); // Apply 'the_content' filters
    $content = str_replace(']]>', ']]&gt;', $content);
 
    echo "Last updated: $updated</br>$content";
}
?>

Fix for password message for signups under Register Plus and Theme My Login <?php
function no_custom_pass_login_message($message) {
    $regplus = get_option( 'register_plus' );
    if ( !isset($_GET['action']) || 'register' != $_GET['action'] || empty($regplus['password']) )
        return $message;
}

add_filter( 'login_message', 'no_custom_pass_login_message' );
?>

WP-Table Reloaded CSS with wp_enqueue_script() sans filters <?php
function wp_table_reloaded_frontend_css() {
    global $WP_Table_Reloaded_Frontend;

    if( !isset($WP_Table_Reloaded_Frontend) )
        return;

    remove_action( 'wp_head', array( $WP_Table_Reloaded_Frontend, 'add_frontend_css' ) );

    if ( !$WP_Table_Reloaded_Frontend->options['use_default_css'] )
        return;

    $plugin_path = plugin_dir_url( WP_TABLE_RELOADED__FILE__ );

    wp_enqueue_style( 'wp-table-reloaded-plugin', $plugin_path . 'css/plugin.css', array(), $WP_Table_Reloaded_Frontend->options['installed_version'] );

    if ( $WP_Table_Reloaded_Frontend->options['enable_tablesorter'] ) {
        switch ( $WP_Table_Reloaded_Frontend->options['tablesorter_script'] ) {
            case 'datatables-tabletools':
                wp_enqueue_style( 'wp-table-reloaded-tabletools', $plugin_path . 'js/tabletools/tabletools.css', array('datatables'), $WP_Table_Reloaded_Frontend->options['installed_version'] );
            case 'datatables':
                wp_enqueue_style( 'wp-table-reloaded-datatables', $plugin_path . 'css/datatables.css', array(), $WP_Table_Reloaded_Frontend->options['installed_version'] );
                break;
            case 'tablesorter':
            case 'tablesorter_extended':
                wp_enqueue_style( 'wp-table-reloaded-tablesorter', $plugin_path . 'css/tablesorter.css', array(), $WP_Table_Reloaded_Frontend->options['installed_version'] );
        }
    }
}

add_action( 'template_redirect', 'wp_table_reloaded_frontend_css' );
?>