New plugins: SSO Cross Cookie and SSL Subdomain

Posted on by
1

We are pleased to announce two new WordPress plugins designed for supporting SSL security and custom domains in WordPress Multisite — SSL Subdomain and SSO Cross Cookie.

I have discovered that trying to explain what these plugins do succinctly and generically while being accurate is actually quite difficult, so let’s do a scenario!

The Scenario

We have a WordPress Multisite network. Let’s call it mynetwork.com. We bought a fancy SSL wildcard certificate so we can offer *.mynetwork.com over a secure connection.

We’d very much like to use this secure connection for all logins, and for all admin access.

We also allow sites on this network to use a custom domain — like demo-site.com. We might be using WPMU Domain Mapping to achieve this. These sites have two domains, then — demo-site.com and demo-site.mynetwork.com.

If we switch on FORCE_SSL_LOGIN or FORCE_SSL_ADMIN, we have a problem. When users go to https://demo-site.com/wp-login.php, they get a certificate error. We have a wildcard certificate for *.mynetwork.com, but we can’t possibly have a valid SSL certificate installed for every custom domain!

Instead, we want to force all login pages and admin pages to be:

https://demo-site.mynetwork.com/wp-admin/

We want all regular access to be:

http://demo-site.com/

SSL Subdomain solves this first problem — rewriting the URLs so that your network sites are accessed over their custom domains over HTTP, but that all login and admin access is over the SSL-secured subdomain.

This still leaves us with one problem — when a user logs in to their admin panel, they are logged in to that, but not to their site URL on the custom domain. The two locations are separate domains, and therefore require separate cookies that let WordPress know you are logged in.

This is where SSO Cross Cookie steps in. As its name might suggest, it sets a cookie across both domains, allowing for Single Sign On (SSO). In concert with the first plugin, we now have:

  • Regular site access using the custom domains.
  • Login and admin over SSL-secured subdomains, always.
  • Seamless single sign on for access to both the SSL-secured admin panel and the actual site on the custom domain.

The best of both worlds — and as secure as we possibly can be without having the expense and complexity of an SSL certificate (and therefore a separate server IP address) for each and every custom domain on our network.

To download and for more information, see the pages on the WordPress plugin directory for SSL Subdomain and SSO Cross Cookie.

If you want to follow bleeding-edge development more closely, there are also GitHub projects for SSL Subdomain and for SSO Cross Cookie.

New plugin: VPM Custom Admin for branded WordPress

Posted on by
Reply

Have you ever wanted to customize the WordPress admin panel so your clients see a custom look specific to you and your business? It’s actually super easy, and with our new plugin, VPM Custom Admin, we’ve made it even easier.

VPM Custom Admin is a simple plugin that helps designers and developers white-label WordPress quickly and easily. It has a few cool features included by default:

  • Replace the WordPress logo on the login page with your own custom logo
  • Remove the WordPress menu in the admin menubar
  • Add your link and logo to the WordPress footer (we also move the Credits and Freedoms links there, in the interest of being good citizens)
  • Remove a bunch of widgets from the dashboard
  • Add a custom RSS widget pointing to your blog or website RSS feed to the dashboard

It also has the abillity to auto-update from a custom update endpoint. What the heck does that mean? Well, you probably won’t want to submit your customized version of this plugin to the WordPress Plugins Directory (who else would want it?) but auto-updating functionality is super useful, especially if you have a lot of clients. We solve that problem by looking for updates at a location you define. We set up https://updates.vanpattenmedia.com/, but you’ll want to change that. The information available here is a good reference on how to set up your custom update endpoint (it’s very easy).

For maximum freedom, we’ve licensed this plugin under the Unlicense, effectively releasing it into the public domain. That doesn’t apply to our custom CSS and the images and RSS the plugin references (but why would you want those anyway?).

As with all our other open source projects, you can find the plugin at Github. We welcome your bug reports, pull requests, and comments!

Rach5 updates and changes

Posted on by
1

Hey mad scientists of the world:

I just unveiled a bunch of changes to Rach5, our boilerplate for building better WordPress websites. Rach5 is a full package for building in WordPress from the ground up, aimed at giving you the tools you need (and a few sensible defaults) and then getting out of your way. It’s your design: we just help you get from 0 to 60 a lot faster.

Here’s what’s new today:

  • The whole theme has been reconfigured to remove the scourge of tag spanning across files. Although it’s introducing a bit of code duplication as a result (the bulky HTML5-compatible doctype), it should make it significantly easier to get a bigger picture of your code and markup at a glance.
  • inc/functions.php has been cleaned up, and we’ve started separating functions out to functionality-appropriate files. This should make it easier to update files, as well as override specific unneeded features.
  • rgbapng is now a required rubygem. This great gem lets you create RGBA backgrounds that are compatible in any browser that doesn’t support RGBA natively, by generating an alpha-transparent PNG of the appropriate color and alpha transparency. If IE6 is a priority, use the also-included DD_belatedPNG to get alpha-transparent PNG support.
  • Rach5 now bundles the responsive media queries from Skeleton, a great CSS boilerplate. We are not including the style components of Skeleton, as the aim of Rach5 is to be (almost) completely style agnostic.
  • The default font stacks are now more specific, and now include open source fonts from the Liberation and GNU OpenFont families.
  • homepage.php has been removed in favor of front-page.php, a standard WordPress template file.

There are a whole bunch of other changes (removed files, new paths, etc.) but above are the major changes that will most affect the way you use Rach5.

I’m really excited about the direction Rach5 is going. I’d love to hear your feedback and ideas, as well as questions and concerns.

Thanks so much!

Announcing the Very Simple PayPal Bridge

Posted on by
2

As part of our ongoing commitment to the free software and open source communities, we are very excited to announce the release of a new project — the Very Simple PayPal Bridge, released under a Modified BSD License.

Interacting with the PayPal NVP API is something that a lot of e-commerce websites need to do. If you’re writing your own code for a bespoke e-commerce solution, rather than shoehorning in generic ‘Shopping Cart’ software, there is quite a lot to think about in order to communicate successfully with the API and provide a great payment experience for the site’s customers.

The Very Simple PayPal Bridge is a PHP class that, as the name suggests, provides a very simple interface for the PayPal NVP API.

In any situation where you need to interface more directly with the PayPal API, the VSPB provides a clean interface for the other layers of your code, dealing with all of the implementation details of sending requests via cURL, encoding and decoding the arguments, as well as offering full support for graceful error handling with PHP exceptions. It is great as a lower-level component of a wider PHP e-commerce solution.

For the full lowdown on the project and to get the code, please go to its page on GitHub.

Hello world!

Posted on by
Reply

At Van Patten Media, we’re thrilled to support the free and open source software community.

As part of our commitment to open source, we strive to release our own software to the community, whenever appropriate and possible.

Here’s what we have currently available:

  • Amalia: a database-free PHP content management system “for the rest of us”
  • Rach5: a WordPress theme development boilerplate, that provides “sensible defaults” for WordPress functions and makes (essentially) no style choices for the end user

Feel free to contribute on Github. We’ll have more information and more projects in the coming weeks and months!

Thanks,

The Van Patten Media Team