March 24, 2023 — The WordPress User Roles and Capabilities system provides a robust way to control user access to sensitive data on your WordPress site. It’s not only possible to create custom roles and assign capabilities to those roles, but it’s also possible to assign content type capabilities to your custom post types. This adds another layer of control over your site content, especially if you require different levels of access. In this session, we’ll be taking a look at the specific functionality that exists in the register_post_type function that pertains to post type capabilities, learn how this works, and how to best make use of it.

Presentation Slides »

March 17, 2023 — The WordPress User Roles and Capabilities system provides a robust way to control user access to sensitive data on your WordPress site.

While the predefined roles and capabilities should suffice for most requirements, it is also possible to add new user roles, and define capabilities for that role.

In this session, you’ll learn about the default WordPress roles and capabilities, how they are set up and stored in the WordPress database, and how you can create custom roles and assign capabilities.

Presentation Slides »

March 10, 2023 — This session picks up from the last preventing common security vulnerabilities session (https://wordpress.tv/2023/03/03/lets-code-preventing-common-security-vulnerabilities/), and cover’s how to use nonces to prevent cross-site request forgery vulnerabilities

Presentation Slides »

March 3, 2023 — Earlier this year, we looked at the theory behind developing WordPress plugins and themes securely. We covered how to develop a security mindset, and the guiding principles of secure development, and looked at the five examples of these principles, Sanitizing Data, Validating Data, Escaping Data, Nonces, and User Roles and Capabilities.

In this session, we will look at how these principles are applied in real-world examples, by understanding common security vulnerabilities, how they can be exploited by would-be attackers, and what you can do to prevent them.

Presentation Slides »

February 18, 2023 — In this session, I answer any developer-focused questions folks have. What questions do you have about WordPress development? Is there something you don’t understand, a piece of code you’re struggling with, or a problem you’re trying to solve?

February 10, 2023 — The WordPress REST API is more than just a set of default routes. It is also a tool for creating custom routes and endpoints. In this session, you’ll learn how to create custom routes and endpoints, and test them using Postman.

Presentation Slides »

February 3, 2023 — The WordPress REST API provides an interface for applications to interact with your WordPress site by sending and receiving data as JSON (JavaScript Object Notation) objects. By default, it provides REST endpoints (URLs) representing the posts, pages, taxonomies, and other built-in WordPress data types. Your application can send and receive JSON data to these endpoints to query, modify and create content on your site. However, it is also possible to extend the WP REST API, in order to perform specific actions that are outside of the scope of the default routes and endpoints. In this session, you will learn about one of the ways you can extend the WP REST API, by modifying REST responses.

Presentation Slides »

January 27, 2023 — In this session, we will continue to learn how to use the WP REST API and Backbone.js client by looking at how to make update requests, how to add or update custom fields on posts, and how to authenticate REST API requests when not logged into a WordPress site.

At the same time, we’ll review how to use the Postman API testing tool to test our WP REST API Requests

Presentation Slides »

January 20, 2023 — In the previous session you were introduced to the WordPress REST API, as well as the Backbone.js client to interact with it.

In this session, we will look at how you can interact with the WP REST API further, by adding and deleting data. We will also look at a useful developer tool for testing your REST API endpoints.

Presentation Slides »

January 13, 2023 — The WordPress REST API provides an interface for applications to interact with your WordPress site by sending and receiving data as JSON (JavaScript Object Notation) objects. It is the foundation of the WordPress Block Editor.

However, it also provides a more predictable and structured way to interact with your site’s content than using admin-ajax. In this session, you will learn how to use the WP REST API in place of using admin-ajax, in order to interact with existing WordPress data.

Presentation Slides »