GNUCITIZEN WordPress Plugins

I didn’t know where to put this thing but I thought this might be the perfect place for it. Excuse my ignorance

https://www.gnucitizen.org/blog/gnucitizen-wordpress-plugins

Over the last couple of days we realized that hei, we have a bunch of cool inhouse WordPress plugins that we can give back to the community. So there you go! Here you will be able to find some of the many custom-built plugins for WordPress that we have developed because of basic needs. There is no guarantee that we will support them in the future. Drop us a nice word if you find them useful.

WordPress IPS (Intrusion Prevention System)

The WordPress IPS is probably one of the lightest plugins you will ever encounter but its power is immense and incomparable to anything else seen. The plugin is designed to simply block malicious requests before being processed by the WordPress engine and therefore secure against common and well known attack vectors. But wait, there is a lot more into it.

The GNUCITIZEN WordPress IPS works with PHP5 only and it is based heavily on the all-mighty PHP-IDS project. This plugin is an essential part of your Web threat survival kit.

App Gateway

This plugin allows you to define a secure storage for your online credentials and then use it in order to automatically loing into your online profiles. The Application gateway plugin can be used in situations where you trust your WordPress blog installation so much that you can use it as a primary authentication gateway to all other resources associated with your online persona, like Google, Yahoo, Microsoft Live, etc.

In case your WordPress instance is compromised, attackers won’t be able to get to your secret information. The data which resides within the database is encrypted with the Blowfish cryptographic algorithm on the client-side before being stored on the server. In order to get the data out, you have to decrypt it with the passphrase provided when encrypting the data. The stronger your passphrase is, the harder for attackers it will be to break your secure storage.

There are some funny implications that emerged while coding this plugin. It can also be used for client-side application launch pad. For example, blog administrators can write their own homemade client-side applications and provide them to the blog users. Check gc-app-gateway-catalog.jsn for more information.

Content Tags

This plugin is nothing special really. At the moment, all it does is to provide users with a mechanism to import feeds withing their posts. Here is a simple usage:

<!– feed https://www.gnucitizen.org/feed –>
<!– feed 5 https://www.gnucitizen.org/feed –>

The first comment tag will import and render the entire feed (all items), while the second comment tag will render only the first 5 items. More tags will come in the future as the need arises.

Custom Categories

Again, this is another not that special plugin for WordPress but it does an excellent job in what it does. The plugin will allow you the specify the name of the custom field, which you use for additional tags, keywords. While building your feeds, the plugin will lookup for this field and add extra categories for each entry. So, you can keep your categories list nice and clean and still define all the tags that you need. I think that WordPress 2.3 has a builtin support for this feature, though I need to verify. If this is the case, then we will simply make it redundant.

Custom Templates

The plugin makes possible to create per-post/page/comments customizations. You can define custom templates for each, without much of a trouble. Simply create a file called single-{post id here}.php within your template folder in order to customize the template of a single post. You can do the same with page-{post id here}.php and comments-{post id here}.php. This plugin is suitable in situations where you need to customize the blog to a greater degree. We use this plugin for all our database frontend interfaces.

Google Analytics

Well, what do you know? The plugin does nothing but to provide nice and clean interface for enabling and using Google Analytics. The reason we had to write this plugin was because all other Google Analytics plugins out there are vulnerable to simple and persistent XSS, no CSRF trickery required, just post your comments on the vulnerable site. Shame! It is absolutely possible to write an AJAX WordPress comment worm.

Nicer

WordPress can be a bit bulky and very dirty at some places. This plugin makes sure that the output is simply nice! Nice one! For example, the plugin will remove the default HTML autofix no-need feature WordPress currently implements and leave you to code your HTML straight from your management Window. Keep in mind that the security of the blog is not compromised when the feature is eliminated. So, if you are still struggling with posting code and weired tags on your site and you have editor and up access, this plugin is the right solution for you. It will also make your excerpts looks nice and even change the code output to look… what… you’ve got it: nice!

SSL Normalizer

Are you using WordPress via HTTP? You must be mad! Quickly login into your blog and change the transport protocol of your WordPress instance (i.e. from https://www.gnucitizen.org/wordpress to https://www.gnucitizen.org/wordpress). As a side effect, you will notice that not only your admin is served over SSL but also parts of your blog. Nc nc nc! WordPress cannot make the difference. The following plugin will resolve this issue and will make sure that only content served up from the admin console goes through SSL and everything else goes as normal. The plugin also provides some perks for attachment links. It normalizes them as well, so that your blog is nice, secure and kind of clean.

Thanks.