Visual Composer JS error, cause of custom JS include in WordPress backend

This happens to me often, because many people use the visual composer plugin to edit their content in a fast way. As a developer you write some awesome backend plugin with many options and stuff and try to make it look awesome and userfriendly and the activation of the plugin fucks up the VC config. There is an easy – but a bit dirty – way to deal with that. WP has an awesome function wherewith you can easily see on which page you are. Just call get_current_screen() and you can seperate by the base param of the result.

In combination with the wp_enqueue_script sections of your plugin, you will be able to only load the js file on that one page where it is necessary.



Sneaky phishing method in modern browsers

Chrome, Firefox and most other modern browsers allow you to execute base64 encoded data via data:text/html. For example we could prepend „data:text/html,“ to a trustworthy URL like „“ and instead of loading the displayed url we execute a bunch of other stuff encoded in our following script tag (yeah I know a programmer would not fall for it, but your parents will!)

{BASE64 ENCODED JS} can be replaced with any js. With some lines of code we can load anything we want and make the user believe he is browsing on

The whole code base64 encoded:


Add some spaces to the url and build a simple link so it doesn’t look suspicious and here we go:


Removed some spaces from the snippet.

So many spaces, that the script isn’t even visible.







How can I prevent getting phished like this?

  1. Use password managers that preserve your login urls (keepass, 1password, etc.).
  2. Don’t click on stuff in E-Mails ;D
  3. Check the certificate in your browser.
  4. Never login on any site after you opened it out of an email.

More about this topic:

  1. Gist by timruffles
  2. @tomscott

WordPress added SSL support to its future requirements

On December 1, 2016 WordPress announced it will move towards SSL in 2017. Many hosting partners provide SSL certificates for low prices, but you can also use letsencrypt for easy free SSL support. If you are hosting your sites using Plesk there is a pre-build plugin (can also be installed via Plesk installer!) for letsencrypt. Of course you can also install certificates with shell access, easy and free. Also the Google Chrome team announced that „none SSL pages“ will throw a warning from January 2017 on.

So if you are running WordPress projects and haven’t installed a certificate yet, there is no better time to do it.


Letsencrypt in Plesk project detail page.

In Plesk just select your project page and click on „Let’s Encrypt“. The next step lets you add the default „www.“ subdomain to your certificate and thats it. After the plugin has all work done for you, you need to edit your „.htaccess“ file and add the following lines, to only allow https:// in your domain. At last step edit your blogurl in your sites setting and add https instead of http to your blogurl.

If you have images, videos, internal links and those stuff (wich is quite normal) on your website, you need to update the absolute URLs WordPress has saved to your database. I recommend the WP Migrate Plugin to do this.


WordPress: GIT usage with automatic database backups

It’s always difficult how to use git with wordpress the best way. First step should always be a global .gitignore file that ignores all core files and only adds plugins and themes to your repo. The core could always be restored by the wordpress github repo or direct download, so there is no need to add that overhead to your own repository.

I just wrote a small .gitignore file for my own projects. Thats a simple base you can extend for your own purposes.

An other typical problem is the backup of databases. WordPress theme options and of course content is always saved in the database, so we need every change in there, when we commit file changes. The easiest way to do so, is the git hook „pre-commit“. Just add this file to .git/hooks/ and edit your absolute paths. On every commit git will backup your database and add it to your repo.



SQL REPLACE() function

SQL allows you to simply replace parts of a string by using REPLACE(fieldname, „replace-this“, „replace-with-this“) and yes you can encapsulate REPLACE() within other REPLACE(). Thats easy to use and efficient because you don’t need to order and sort your results in PHP or any other language, but directly get the correct format and order of your data.

Our table:



Enable bootstrap for wordpress backend plugins

In one of my recent plugins it was necessary to enable bootstrap for easy styling my plugin option pages. If you simply add bootstrap to the backend css, the whole backend gets the style, thats not really cool. With the use of less and a little wrapper class only for your plugin you can get rid of this circumstance.

First download the recent bootstrap distribution from

Move into the bootstrap directory and create a little less file:

Compile that file and you get a complete bootstrap css wrapped with your wrapper-class.
See for instructions.

Just add that file to the backend style of wordpress an there you go.

Every bootstrap component is available within wrapper-class.


Typo3 Viewhelper file exists

Um zu testen ob ein Datei existiert, habe ich mir diesen winzigen Viewhelper geschrieben. Dem Anschein nach kann Fluid das von sich aus noch nicht 🙁 (wird Zeit)




Mein neues WordPress Plugin: Tooltip Crazy

Nach Jahren des Bastelns und Probierens habe ich mich dazu durchgerungen auch mal ein Plugin soweit fertig zu stellen um es zu publizieren. Mit Tooltip Crazy (WordPress Plugin Directory) können die CSS Tooltips von Codrops direkt in WordPress genutzt werden.

Das Plugin bietet einen neuen Button im RTE an oder man nutzt direkt den Weg über den Shortcode. Zukünftige Plugins werden definitiv noch nutzerfreundlicher entwickelt ;D


mPDF Styling

Wer Daten in Form einer PDF serverseitig generieren will wird sich zwangsweise mit fpdf auseinandersetzen. mPDF erweitert die Bibliothek und erzeugt PDFs aus einer HTML Struktur heraus. Die Generierung erfolgt unerwartet einfach, hat aber noch Verbesserungsbedarf in Sachen Styling. Wer mit mPDF arbeiten möchte sollte folgendes beachten:

– Floating funktioniert nur, wenn das zu floatende Element eine angegebene Breite hat.

– Vererbung in CSS funktioniert nur bedingt.

Ein Element mit class=“class1 class2″ würde in der PDF keinen roten Hintergrund bekommen, man müsste in diesem Fall class=“class2″ nutzen, damit sich die CSS Angaben auswirken.

– Der im Normalfall (fullwidth, Hochformat) sichtbare Bereich ist 680px breit

– Große Tabellen werden nicht(!) auf mehrere Seiten umgebrochen sondern verkleinert dargestellt.

– Tabellen in div Containern sind grundsätzlich nicht zu empfehlen, die Darstellung ist in vielerlei Hinsicht falsch.


PHP simplexml soll CDATA nicht ignorieren

Beim Import von externen XML Daten stand ich kürzlich vor dem Problem, dass beim Auslesen der Rückgabewerte einige Elemente CDATA Inhalte beinhalteten.

Das unter PHP mögliche parsen mit simplexml ignoriert bzw. überspringt diese Elemente standardmäßig. Dieses Überspringen lässt sich durch Angabe einer libxml function verhindern.

Die Funktion LIBXML_NOCDATA bringt den gewünschten Erfolg.

Der simplexml Aufruf lautet dann wie folgt: