Category: Plugins

Visualize your disk usage with Disk Usage Sunburst

If you have ever wondered, which of your plugins is eating all your web space, you should check it out. Disk Usage Sunburst by the German Premium WordPress Hoster Raidboxes delivers a beautiful solution to this question.
Once you have installed the plugin, you can go to Tools > Disk Usage and you will find an SVG graph, showing you, which directories and files need how much disk space. The size of the arcs display the size on the disk. The bigger an arc appears, the more disk space is used by this file or directory.

Disk Usage SVG
Disk Usage Sunburst displays how much disk space your installation needs

If you hover over the single arcs, you will be informed, which directory or file you are looking at. If you are on a directory you can click on it and the graph will be rendered only for this directory.

The plugin is displaying these information as a sunburst chart. Sunburst charts are used to display hierarchical data, depicted by concentric circles. The circle in the centre represents the root node, with the hierarchy moving outward from the center. So if you click for example on a directory, this directory will be in the center of the chart. all directories and files in this directory will be displayed on the next level. files of a subdirectory on the next level and so on.

With “Disk Usage Sunburst” gives you a quick and very nice insight in the disc usage of your WordPress installation. You can download it for free in the WordPress Repository.

WP Slimstat security fix

On February the 24th the security blog Sucuri published a possible way for an SQL-injection using the WordPress Plugin WP Slimstat. This problem was found up to the version 3.5 of the plugin, which has over 100.000 active installations according to the WordPress repository statistics.

WP Slimstat is a famous web analytics plugin for WordPress:

Slimstat gives you meaningful insights into your website’s visitors. Track returning customers and registered users, monitor Javascript events, detect intrusions, analyze email campaigns


“camu”, author of the plugin reacted immediately to the possible thread and delivered an updated version 3.9.6 and 3.9.7, which fixed the vulnerability. In a reaction, the author said:

As soon as we received Marc’s [the author of the Sucuri blog post] email, we got to work to patch the vulnerability. We apologize for any inconvenience this may have caused, and we thank Sucuri for the thorough analysis they performed on our code.

So, how was it possible, to use WP Slimstat for an SQL injection? WP Slimstat ist using a secret key to sign data, which was sent between server and client. For this, it was using the timestamp, when the plugin was activated. Although this timestamp was hashed with md5, it was not to hard to guess. To find out the secret key, one just needs to generate thousands and thousands of hashed timestamps and check, whether this is the real secret key.

Once an attacker found out the real secret key, it was not to hard to start an SQL injection according the blog post written by Marc-Alexandre Montpas.

For everyone, who is running WP Slimstat 3.9.5 or lower: It is strongly recommended, to update this plugin immediately.

Profisearchform 1.74 will come soon!

The next version of my plugin will be out soon. It will contain some bug fixes in the order-by-field but the most interesting changes will be for plugin developers, who want to extend the functionality of Profisearchform and deliver additional plugins:

Server side

As you already know, the plugin always delivers some filter hooks for you, where you can hook in with your own plugin. There will be some additional filter, to enable you to hook even better into the plugin. One of this hooks is for example sf-all-data. This filter is executed after a search is finished and just the moment before it will be delivered. This filter passes all data, which is usually send via JSON. So, you can alter this data using the sf-all-data filter. You will receive an array like this:

	"post" 		=> array(),
	"result" 	=> array(),
	"head"		=> "",
	"nav"		=> array()

The post array contains the information of the search filter. The result array contains the single list elements, with the results. The head string contains the string “XX posts out of YY posts were found” and the nav array will contain the navigation list elements.

Furthermore, the single result list element will contain an additional attribute data-postID, which contains the ID of the post.

Client Side

But action hooks are always on the server-side. To give you even more abilities to write more complex plugins, which work together with Profisearchform, we have now defined Javascript Events which will enable you to hook into our plugin on the server-side.

One example: The “sfLoadEvent”

If a search is executed and the results are displayed, this event will be triggered in Javascript. You will be able to add an event listener, which will enable you to act every time, the results are displayed. So, for example, lets say, you want to display Profisearchform in masonry style and you are using a Javascript framework in order to do so. With this event, you will be able to apply the masonry framework every time the new results are loaded.

A basic script using this event:

var element = document.getElementsByClassName( 'sf-wrapper' );
element = element[0];
	element.addEventListener('sfLoadEvent', function( event ){
		alert( 'Results loaded.' );
		console.log( );
	}, false); 
} else if (element.attachEvent){
	element.attachEvent('sfLoadEvent', function( event ){
		alert( Results loaded.' );
		console.log( );

As you can see, this event is attached to div.sf-wrapper. So to listen to this event, you have to add the EventListener to this element. the event itself will deliver you a data object, which contains the array, which is delivered by the plugin via Ajax as well as the field values, which are used.

console.log( ); will result in

		"fields": 	{
		"data":		{
					//The array mentioned above

With these changes in 1.74 the plugin will enable you to fully customize and extend the plugins functionality to your needs. I hope, you like it.

WordPress beautiful: Get a Cleaner Plugin Installer

Some days ago I found in my Twitter timeline a small tweet by David Decker, promoting his latest plugin: the Cleaner Plugin Installer. The idea grew in my mind to write a review about this plugin, because I found this idea most exceptional. I don’t like the plugin page in WordPress very much, but I would have never thought about a plugin to confront this – lets call it a “problem”. David did:

As of WordPress 4.0+, going to “Add Plugins” page and being welcomed by always the same old 6 featured plugin cards annoyed me big time! So I thought on how to change this default behavior. Due to WordPress’ genius Hooks & Filter functionality I could easily tweak this via my plugin.
David Decker

So today I scratch some time together to have a look into what the “Cleaner Plugin Installer” is all about. First I was a bit disappointed to be honest. I didn’t read too much about the plugin but just installed it and: Nothing happened – well, on my “Installed Plugins”-page (which is the page, I am a bit annoyed with). But Davids plugin is not about this page, it’s about the “Installer”-page itself, so, once you click “Add New” the magic starts to work.

Lets have a quick before/after screenshot, before we discuss the single features:
Plugin Installer Before and After

Instead of the six most popular plugins of WordPress or whatsoever, you get a huge search bar in order to search for your plugins. You can search by keyword, tag or author name. Above this search bar, you will find a tab navigation with the following possibilities:

  1. Search
  2. Topics
  3. Collections
  4. Newest
  5. Popular
  6. Favorites
  7. Search Results

Once, you hit the search button on the start page, you will be redirected to the “Search Results” page, where the found items are displayed. Via “Screen options”, like you now it them from your post editor, you can define, how many results will be shown per page.

Okay, I have to admit, the start page looks more beautiful. But what’s really compelling is behind the other tabs. If you go to “Topics”, you will find a list of tags, maintained by the plugin author himself. This is really nicely done. Ordered by “Topics” like “Content/Editor”, “Post Types/ Custom Taxonomies/ Custom Fields”, “Social/ Sharing”, “Developer” and others, you will find the tags, which fit to this topic. A very nice overview! And a click will redirect you to the search results again. For sure, this is one of the nicest ways to browse the WordPress repository so far!

The next tab “Collections” is totally awesome. Most of us are running again and again the same plugin installations for our clients. WordPress SEO by Yoast, ACF and so on… Cleaner Plugin Installer “cooperates” here with WPCore. After you’ve registered at WPCore, you can create your own collections. If you now install the WPCore Plugin, you can just “bulk”-install these collections. Unfortunately, right now, I can’t use this feature, since WPCore and my Theme Gubmo are using the same PHP Class “tgmpa_load_bulk_installer” and none of them is checking WPCore is not checking, whether this function might already exist:( Too bad, because this is a nice feature.

Anyway, lets proceed with the possibilities Cleaner Plugin Installer gives us. We can also have a look into the “Newest” and the “Most popular” plugins and we can check out our Favorite plugins (or the favorites of any other registered WordPress user) on WordPress. Deckerweb likes – well, if you know his blog, you don’t wonder – the “Genesis Toolbar Extras”-plugin, and of course websupporter likes his own WordPress Search Filter plugin. It would be interesting though to create a bulk installer for the favorites too, but this might just be a bit too much and roots in my disappointment about the WP Core plugin.

So, what to do now. Ah right, lets upload a plugin. Do you like the Media Uploader of WordPress. And you haven’t asked yourself yet, why you can’t drag and drop your plugins into your WordPress dashboard. Well – I did and the plugin author obviously also, because this is exactly what you can do now!

Upload a plugin

Is this nice or what? It is, and I just have one remark (this bulk uploader topic remains in my head): Unfortunately it doesn’t look like its possible to upload more than one plugin at a time. This would be a nice feature. I just create my “Standard plugins”-folder with all the Yoast, ACF and whatsoever plugins open it and drop all at once. But to drag and drop is already a very nice feature itself.

To sum it up: Although I don’t like the plugins page either, I would have never thought about writing a plugin to “Scratching My Own Itch”. Thanks to David Decker, I can now do so easily with a very nice small plugin, which you should try NOW. Changing the installer interface is changing the way you see plugins. They are even more beautiful now.

Thanks to the academy: My plugin got an award!

WP-Super plugins, a WordPress plugin review site, has just reviewed my Search Filter Plugin. For everyone, who doesn’t know this site: WP superplugins is dedicated to WordPress plugins. They review free and premium plugins. By now, I know a lot of plugin reviews and pages, which are doing reviews. Superplugins is quite outstanding, since they are really into reviews and you can tell this from the quality of their reviews. So I’ve contacted them some weeks ago, to ask, whether they want to review my plugin. Carl, the author of the review agreed, although, as he wrote

I’ll be honest and say […] we thought “Not another search filter plugin”, most of them don’t work, require NASA experience to use and look just plain ugly.
Carl, WP Super Plugins

Not the best thoughts for a plugin review from my perspective and so I was more than happy, when I read the actual review today.

When I first installed the plugin I had my NASA research book at the ready and my geek cap on preparing myself for a couple of hours of research and testing. Honestly, five minutes later I was integrating search functions that I wasn’t really able to achieve on any other site. It was easy, simple and actually quite a bit of fun to set-up.
Carl, WP Super Plugins

WP Superplugins awarded my plugin with the Gold Standard Award.
WP Superplugins awarded my plugin with the Gold Standard Award.

But not only Carl wrote a very nice review about my plugin, the guys over at WP Super Plugins decided to award my plugin with their “Gold standard award” for “outstanding capabilities, development and support”! Well, what else can I see except for thanks to the academy.

So, for everyone, who wants to have a look, please read the WordPress custom search plugin review over at WP Super Plugins. Thanks again!