Tag: WordPress plugins

I published an accessibility plugin called Open Accessibility!

Within the last couple of months, I was updating plugins for one of my employer’s WordPress sites. The accessibility plugin that I had been using and that had been an incredibly popular plugin had been called One Click Accessibility. There was a major version update from 2.x to 3 and when I installed it, I was met with a wildly different plugin. Long story short, the plugin was sold to Elementor and then went commercial.

This really, really pissed me off. I could have just stayed on version 2 of the plugin perpetually but so many other people got screwed as well. There are many other accessibility plugins available in the WordPress plugin repository but I decided to make my own out of spite.

Accessibility platforms like UserWay and Accessibe are prevalent and big business but while they will give you a widget or something to add to your site to assist those who need with things like text size, color contrast and the like, what they are selling is a “cover your ass” service in the even that you get sued. They aren’t marketing a product to help people, they are selling fear and then a handy peace of mind solution to those who think they need it.

I don’t know, I have a fundamental problem with making money directly or indirectly from people who have a disability or who are differently-abled. The argument can be made that commercial accessibility offerings aren’t protecting site owners from people with disabilities but rather the trolls that will sue anyone for anything and then offer a settlement to make a quick, shitty buck. Those people exist and they suck but site owners that genuinely give a shit about their users should have options a-plenty.

The project was always intended to be open source and while it can’t provide any type of legal services, it can at least help make the best effort possible to accommodate all type of different use cases for people with different needs.

You can find my official plugin here. This project is (and will always be) open source and my GitHub repo can be forked if you want to make it your own. I plan to actively work on this and incorporate feedback as well as new features so please let me know what you think and what you might want to see!

By the way, I am using the plugin on this site so you can take it for a test drive and see if you think it could work for you and your sites.

April 23, 2025
Set Tag Order WordPress Plugin

A few months ago, I was asked to solve what I thought was a simple problem. The question was, “Can we set the display order of tags?” It seemed like a very benign question until I started to dig into it and discovered that it’s, in fact, not a simple question at all. WordPress, by default, sorts tags alphabetically when you use the get_tags() function.

The problem I was asked to create a solution for was to allow the editor to specify the order that tags are rendered on the corresponding post page. It was way more involed thatn I had anticipated but ultimately, I created a plugin that works with both the block editor and classic editor and should also work with any theme that displays tags using the get_tags() function.

I’ve attached some screenshots to help illustrate but the plugin can be downloaded directly from my GitHub. I have made this public and welcome any and all feedback or feature requests!

February 18, 2025
Fix Password-Protected Post Access When Using AIO Login Plugin
Background: My company uses AIO Login (formerly Change WP Admin Login) to change the login URL of our WordPress sites to add a little extra security.

Problem: Accessing password protected pages does not work when using the AIO Login plugin.

Solution: Add a couple of custom functions to your theme’s functions.php file.

Details: This solution was tested with WordPress version 6.6, 6.6.1 and 6.6.2 (most current as of this writing) and AIO Login version 2.0.1 (most current as of this writing).

What I noticed is that when the AIO Login plugin is active, the URL for the post password form didn’t change from “/wp-login.php?action=postpass“. For whatever reason, the plugin itself doesn’t have functionality built in to update the post password form and has never had it as far as I can tell by looking at previous versions of the plugin.

What I needed to do is change the form action URL to what my custom login URL is but also intercept the request when the post password is submitted and route it properly.
```
function custom_password_form() {
    if (class_exists('AIO_Login\AIO_Login')) {
	    $slug = get_option('rwl_page');
	    global $post;

	    $label = 'pwbox-' . (empty($post->ID) ? rand() : $post->ID);
	    $output = '<form action="' . esc_url(site_url( $slug . '?action=postpass', 'login_post')) . '" class="post-password-form" method="post">
            <p>' . __('This content is password protected. To view it please enter your password below:') . '</p>
            <p><label for="' . $label . '">' . __('Password:') . ' <input name="post_password" id="' . $label . '" type="password" size="20" /></label> <input type="submit" name="Submit" value="' . esc_attr__('Enter') . '" /></p></form>
        ';
    }
	
    return $output;
}

add_filter( 'the_password_form', 'custom_password_form' );
```
This function checks to see if you have the AIO_Login class available which is essentially checking to see if the plugin is active. You can also achieve this with the built-in WordPress is_plugin_active() function. If we then get the admin login URL that is set from within the AIO Login plugin by pulling the rwl_option field, we can keep our function working even if we change the login URL. Next, using the_password_form hook, we can apply our custom function that will update the form on the front end.

Next, we need to intercept the request when the front end user submits the post password. We can do this with the following function:
```
function handle_custom_postpass() {
    if (class_exists('AIO_Login\AIO_Login')) {

       $slug = get_option('rwl_page');

       if ($_SERVER['REQUEST_URI'] == '/' . $slug . '?action=postpass' && $_SERVER['REQUEST_METHOD'] == 'POST') {
          require_once ABSPATH . 'wp-login.php';
          exit();
       }
    }
}
add_action('init', 'handle_custom_postpass');
```
WordPress will run this function during its initialization process, allowing us to intercept the request early. And again, we are checking to see if the AIO Login plugin is active in the same way as the previous function.

The beauty of this approach is that we’re not reinventing the wheel for password verification. We’re still using WordPress’s core functionality, but we’re controlling when and how it’s invoked. This ensures that all the security measures and hooks associated with password-protected content in WordPress are still in place, while allowing us to use our custom URL.

When a user submits the password for protected content, this function will catch that submission, pass it to WordPress’s standard handling, and then exit the script. WordPress will then handle the password verification, set the necessary cookies if the password is correct, and redirect the user appropriately.

This method maintains security while allowing for the custom URL structure we’ve implemented. It’s a good balance between customization and leveraging WordPress’s built-in security features.

In my specific case, I am using the Bootscore theme (version 5) which already has it’s own parent theme function to modify the post password form. To override the parent theme function in my Bootscore child theme, this is the function I created:
```
function bootscore_pw_form()  {
	if (class_exists('AIO_Login\AIO_Login')) {

		$slug = get_option('rwl_page');

		$output =
			'<form action="' . get_option('siteurl') . '/' . $slug . '?action=postpass" method="post" class="input-group pw_form mb-4">' . "\n" .
			'<input name="post_password" type="password" size="" class="form-control" placeholder="' . __('Password', 'bootscore') . '"/>' . "\n" .
			'<input type="submit" class="btn btn-outline-primary input-group-text" name="Submit" value="' . __('Submit', 'bootscore') . '" />' . "\n" .
			'</form>' . "\n";

		return $output;
	} else {
		$output = '
        <form action="' . get_option('siteurl') . '/wp-login.php?action=postpass" method="post" class="input-group pw_form mb-4">' . "\n"
              . '<input name="post_password" type="password" size="" class="form-control" placeholder="' . __('Password', 'bootscore') . '"/>' . "\n"
              . '<input type="submit" class="btn btn-outline-primary input-group-text" name="Submit" value="' . __('Submit', 'bootscore') . '" />' . "\n"
              . '</form>' . "\n";

    	return $output;
	}
}
add_filter( 'the_password_form', 'bootscore_pw_form' );
```
I added a simple else { } and added the original output from the parent theme function to fallback gracefully if the plugin gets deactivated for whatever reason.

Remember, add the functions you need to your theme’s functions.php file. I believe most other plugins that change the WordPress login URL work in similar ways so this approach should be able to be adapted to other plugins as well.

Please leave comments, questions and critiques below!
September 17, 2024