Sign up to get extra content & updates via email!

Thanks for signing up!
I appreciate it!

WP Plugin Packer – Create Plugin Packs for WordPress

banner-772x250WP Plugin Packer – In the past few weeks (on my free time), I developed an interesting idea of mine into a WordPress plugin called.

The concept is simple: I wanted to group together WordPress plugins, and import/export them to other WordPress websites.
I also wanted to have them in packs for the sake of order, so I could easily disable a bunch of related plugins all at once.

Current Features:

  • Arrange Plugins inside Packs (basically groups) – to better categorize your WordPress plugins.
  • Enable/Disable entire Packs – especially good if you have different plugins that are dependent on each other.
  • Import/Export Packs – you can export multiple packs, single plugins, several plugins, and import it into another WordPress installation.
  • Indication if the imported plugins are not installed – if you import Packs that include plugins that don’t exist in your WP website, WP Plugin Packer will give you a notification with a link to install them.

The export format is a simple JSON file, incredibly simple to understand.
Currently, if you’re importing plugins that don’t exist on your local WordPress website, it will simply show you a notification with a link to the plugin installation.
I tried to have the plugins install automatically in case they don’t exist (thus making the import process a single-step process), but I ran into some issues with the Plugin API.

There were a few problems – the plugins slugs on the website don’t necessarily match the local slugs (which is quite problematic), and on top of that – the way WordPress plugins are installed is still too cumbersome, complex, and will likely change in the near future.

There is also the issue of plugins that are not on
This is a growing trend because of’s strict approval process & the fact that they still use SVN for their plugin repository (what’s up with that?!).

More and more WordPress plugins are moving to GitHub, there is even a tool – GitHub Updater, that lets you update your plugins directly from GitHub.
This is a pretty good idea, but it mainly shows that the automatic plugin installation process is far from being a stable option, so I settled with giving the user a link to install the missing plugins manually.

Some Screenshots:


2 Plugin Packs, the Image Galleries plugins are missing (which is why they have a red background & there’s a warning on top with links to install those plugins).



2 Plugin Packs – Basic Stuff & Social Media.


I’m looking forward for some feedback on this, accepting issues/feature requests in the GitHub repository:

Tagged with: , , ,
Posted in Technology

Do not send me my password via Email

login-570317_640A few days ago, for the first time in literally years, I received an Email from a website i signed up to, containing the password I used to sign up.

Here’s why it’s a terrible idea:

  • Seeing my password on that Email makes me assume the password is being saved as plain text on the website’s database.
    This means, as soon as someone hacks the DB (happens to the biggest brands in the world, can happen to anyone) – my password is out.
  • The website sends an unencrypted Email – that in itself could be intercepted by someone else.
  • If my Email is hacked, and I manage to eventually get my access back, my account on that website could be easily hacked as well (without the need to reset the password, so I wouldn’t even know about it).

The simplest solution would be encrypting the password via SHA1, but SHA is now breakable.

I suggest using Bcrypt, StackOverflow goes over this (for PHP) solution and it is one of the safest way of storing passwords.
In fact, Meteor Accounts, Meteor’s default User Accounts System, uses Bcrypt out of the box!

If you do encounter a website that sends your password via Email, please submit it to Plain Text Offenders, they have a handy collection of websites that still do that.

Tagged with: , ,
Posted in Technology

Tom Wheeler is not a Dingo!

In a big, massive, amazing move, the FCC has decided to approve the Net Neutrality rules!
This would mean that internet companies don’t have the risk of paying extra to ISPs so they won’t throttle their bandwidth.
Just as a reminder if anyone thinks this is purely a theoretical subject, when Netflix was negotiating with Comcast for an agreement, they throttled the hell out of their speeds:
net speed

So this has been done before, many times actually. Today marks the day where it is (hopefully) no longer a discussion whether ISPs can limit bandwidth to specific services, just because they use a lot of it.
Imagine if YouTube got throttled back in 2005, that site would’ve been down in a matter of months.

So, in conclusion, good day for the internet as a whole, and also, time for John Oliver to apologize, Tom Wheeler is in fact, not a Dingo.

Tagged with: , ,
Posted in Technology

Why Meteor is the dominating Full Stack framework

meteor-logoToday I’ve decided to check the status on various JS Frameworks: Meteor, Express, Sails.js, MeanJS, AngularJS, Backbone.js, and Ember.js.

First of all, I am aware that some of these frameworks are Frontend, while the others are Backend, and some (like Meteor & MeanJS) are full stack. I still wanted to know about their popularity compared to one another.

The results really surprised me honestly:

How did I compare? I summed the StackOverflow questions (by tag), GitHub Stars + Watches, and GitHub Forks.
That should be a pretty good indication of developers’ interest in a framework.

As anyone can easily see, AngularJS is far more popular than most of these frameworks COMBINED.
My surprise came when I looked into Meteor‘s stats.

Last I’ve checked, Meteor wasn’t even close to ExpressJS in user base numbers, but it really seems to be catching up, lets look a little closer (with Angular removed):


As you can see, MeteorJS is quite a dominant force, and as the only Full Stack solution with such popularity.

I’ve wondered what the change was in the last 12 months, so I used Google trends to find out:

Meteor seems to be getting closer and closer to Express, they were just as popular for a week there even.
I’ve also added ReactJS to the graph, just to show a very interesting curve happening there.

Why did ReactJS make such a big jump on January 25th? Probably because of the React.js Conf that same week.
That week Facebook made some amazing presentations that showed us the potential power of React.js.
There is a pretty steep fall happening right now though, since the conference is now over.
It’s also important to note that React.js is not a full stack JS framework.

A few things I’ve learned from this small but interesting research:

  1. Meteor seems to be dominating the Opinionated Full Stack JS framework arena
  2. Meteor has solid numbers, even compared to none full stack frameworks
  3. React.js EXPLODED for having its own popular conference, Meteor should do the same

Hope you find this information useful.

Until next week!

Tagged with: , , , , ,
Posted in Technology

WordPress – make a file download on a plugin settings page

file-downloadI’ve been working on a WordPress plugin lately, and one thing I’ve been trying to do is to create a file download out of some plugin settings (i.e. text data, json file).

In general in order to do that via PHP, you have to send the right headers:

$length = strlen( $content );
header( 'Content-Description: File Transfer' );
header( 'Content-Type: text/plain' );
header( 'Content-Disposition: attachment; filename=export.json' );
header( 'Content-Transfer-Encoding: binary' );
header( 'Content-Length: ' . $length );
header( 'Cache-Control: must-revalidate, post-check=0, pre-check=0' );
header( 'Expires: 0' );
header( 'Pragma: public' );
echo $content;

As you see this will make a user’s browser download a file named export.json, with the content $content.

The trouble is, if you’re in the settings page, you can’t send Headers, so we have to send them earlier.
The easiest way is to hook into admin_init (your plugin probably already has a function that hooks into it)

add_action( 'admin_init', array( $this, 'handle_file_download' ) );

Okay, next it would probably be a good idea to make the function only send the headers if it gets the right action parameter, we’ll call it export_file:

public function handle_generate_export_file() {
	if ( isset( $_GET['action'] ) && $_GET['action'] == 'export_file' ) {
		if ( ! wp_verify_nonce( $_GET['nonce'], 'export_file_nonce' ) ) {
			$content = stripcslashes( get_option( 'plugin_settings' ) );
			$length = strlen( $content );
			header( 'Content-Description: File Transfer' );
			header( 'Content-Type: text/plain' );
			header( 'Content-Disposition: attachment; filename=export.json' );
			header( 'Content-Transfer-Encoding: binary' );
			header( 'Content-Length: ' . $length );
			header( 'Cache-Control: must-revalidate, post-check=0, pre-check=0' );
			header( 'Expires: 0' );
			header( 'Pragma: public' );
			echo $content;


So first I’m checking if the action is there, and then I’m verifying the nonce (WP’s Nonce, very important to use this for security).

Notice I’m just using the get_option() function to get my plugin settings (generic name of course), you can pull whatever you want to here, including using file_get_contents.

Now it’s time to build the side that actually makes the call.
After doing some research, I found out the safest way to make sure it works on all browsers, is to append an IFrame to the document’s body. This would work on all browsers.

form.find( '.export-button' ).click( function() {
	if ( $( '#export_file_iframe' ).length ) {
		$( '#export_file_iframe' ).attr( 'src', function ( i, val ) { return val; });
	} else {
		var iframeHTML = '<iframe id="export_file_iframe" src="' + document.URL + '&action=export_file&nonce=' + extraStrings.nonce + '"></iframe>';
		var windowIFrame = $( 'body' ).append( iframeHTML );				

Ok now let’s break it down a bit, first of all we need to check if the IFrame already exists, so we don’t append multiple IFrames.
If the IFrame exists, we just want to refresh it, easiest way to do that would be to change the ‘src’ attribute its current value (i.e. src = src), that’s what that function does, it can also be done via:

var src = $( '#export_file_iframe' ).attr( 'src');
$( '#export_file_iframe' ).attr( 'src', src);

But the former solution saves you a line (and looks cooler).
Now, when we build the iframe, you notice document.URL is of course the current URL, and extraStrings.nonce is being sent on the PHP page that’s calling the script, using wp_localize_script().

Tagged with: , ,
Posted in Technology

Why are App Stores charging so much for In-App Purchases?

android_iosRecently I’ve started building apps (again), namely a cross platform game that I personally find pretty addictive.
As part of the potential plans to create revenue from this game (would be nice to get a small return for the development hours, not to mention future updates), I’ve considered a few possible plans:

  1. Make the game a paid app
  2. Make the game free, but put some Ads inside of it.
  3. Make the game free, but let people buy nice power ups and/or access to extra levels.

I didn’t like the idea of blocking access to everyone not willing to buy the game immediately, as I wanted people to try it first.
I also didn’t like the idea of putting Ads in the game, this is not an experience I personally enjoy, and it didn’t feel right to do that to my users.
The final option is the one I chose to go with, I think it’s very fair to give everyone access to the game, not annoy them with Ads, but also let them experience extra features/parts of the game if they wish to.

Looking into in-app purchases, I’ve come across this startling fact:
Apple charges 30% for ALL In-App Purchases!

What? 30%? I would understand if it were 10%, maybe 15%, but 30% ? I’m not sure I even understand where it’s coming from (the website states that “you receive 70% of the purchase price”, thank you Apple Almighty)

Oh well, iOS developers already pay through the nose for devices, developer licenses, and so on, I figured Android would give me a better deal.

Checking out the Google Support website, what do I find out?

Google charged 30% for ALL In-App Purchases too!

Ok, it’s one thing to charge 30% (as huge as it may be), but it’s another thing to match the exact amount that Apple charges.

I don’t like this price matching, I don’t like it at all.
App Stores should fight to get developers on their platform, I doubt that this 30% makes a significant change to the business of Android or iOS, but I know it is VERY significant for developers.

So hey Google & Apple, how about lowering the In-App profit tax rate?

Tagged with: , , ,
Posted in Technology
Welcome to KidsIL
A blog for Web Development & Technology

Check out my new series about MeanJS: Take a look at StartCast.
A podcast with the sole purpose of interviewing co-founders of Startups in Europe & around the world.

You should try Berlin On Feier, an App I built for finding the best parties in Berlin.