After WordCamp 2012 in San Francisco, I started to realize how many people were using WordPress as a platform for their web based application. Well with web based application come API’s and with that, unique user keys. I’ve been working on such a service lately and was in need of setting up a quick script that assigns an API Key to a user when they signup on a WordPress site. Here’s the code, and a quick explanation.

user_email . timestamp();
  $user_api_key = sha1( $pre_obfu );
  update_user_meta( $user_id, 'wpcronme_user_api', $user_api_key );
add_action( 'user_register', 'ck_assign_api_key' );

Ok, so what we did was hook onto the user_register hook. This passes along a user ID. From there we can get all the information we need about the newly registered user.

So, what’s the next part:

$pre_obfu = $user_id . NONCE_SALT . $user_data->user_email . timestamp();

We’re making a string that’s unique to this user, this site, and this timestamp (important later). When creating User API Keys the important thing is that they be unique. With WordPress this is pretty easy in that, by default, an email address can only be assigned to one account. Using the user ID and the email address as part of the hash assures we don’t get a duplicate. You may be asking about the other two parts NONCE_SALT and timestamp().

If you are following best security practices you have added unique keys and salts to your wp-config.php file right? …Right?! Go do this now if you haven’t. Now, this is a unique string to your site, meaning that unless someone else has the same key as you, they can’t replicate the exact same User API Keys.

The timestamp call does one thing and it’s very important. The first 3 items are unique, and don’t typically change. If someone’s User API Key get’s missused, you need a way for the users to recreate a new key so the previous one is invalidated. This timestamp will allow the API Key to be different if you run the same function again after a user edit, or something of the likes (I’ll leave that code up to you).

So that’s it, quickly generated unique keys for new users in WordPress. Hope this helps someone out.


You may have noticed that I have added a little bit of an enhancement to my themes lately, with the custom post thumbnails added to the to of some (soon to be all) posts. You may also be wondering how I did this. Well, you are in luck. Here’s how I did it.

First I started with a little tutorial over at ‘ThemeBig’ about Adding WordPress Post Thumbnails to Thesis. This was a great start but it had a few things added that I didn’t want like the teaser images and was missing something I found necessary which was the proper title attribute on the images. So here’s the custom_functions.php and custom.css additions you’ll need to make and what they do.
[click to continue…]


Using Varnish Cache with WordPress

June 17, 2012 WordPress

Varnish Cache is a power Caching proxy that you can use to help mitigate large amounts of traffic from hitting your http server (typically Apache, Lighttpd, or others). What Varnish does is keeps a cached copy of a URL in memory when it’s loaded, and then the next person to request that page, will receive […]

Read the full article →

WordPress Installation via Subversion

March 30, 2012 Tips

The installation process of WordPress has become easier and easier as web hosting providers create ‘1-Click Installations’ for people to use, so why learn a new way to install WordPress? As a developer it’s sometimes important to use older versions during testing, or in some cases, unreleased ‘beta’ versions of WordPress to verify your plugins […]

Read the full article →

Creating a custom WordPress Installation with default settings [updated]

September 24, 2011 Tips

One of the things that I’ve learned throughout my years of software development is that if you can automate something, do it. Automation, when done correctly, saves time, creates less bugs, and bring consistency. As someone who sets up quite a few WordPress sites, one of the things I’ve come to loath is the installation […]

Read the full article →

Better AdSense Targeting updated to version 1.1

September 17, 2011 Updates

I’ve pushed an update to the Better AdSense Targeting plugin for WordPress. Version 1.1 has been pushed to the WordPress Plugin Repository. This is a maintenance update to help improve your experience and results. As noted below, I did remove the option to target or ignore the ‘comments section’ due to the ability to accurately […]

Read the full article →

Advanced WordPress Custom Menus

September 15, 2011 WordPress

With the release of WordPress 3.0 came one of the most sought after features from the WordPress Community, custom menus. Custom Menus allow users to create menus in a visual editor and, given their theme supports it, assign them to different types of pages or posts. Previously it was up to the theme developer to […]

Read the full article →

5 Ways you can Contribute to WordPress

August 15, 2011 WordPress

You may use WordPress every day to maintain your website and build your presence online, but did you know there is a dedicated team of developers, designers, and authors who build and maintain the core of WordPress? If you want to know who they are check out the About Page @ WordPress also has […]

Read the full article →

WordPress 2011 Survey is Live

August 9, 2011 WordPress

It’s that time of year again, the WordPress Survey is up and waiting for your data. Please go supply some information about how you use WordPress. Before you get all scared about giving them information, here’s a little snippet about what it’s used for: We hope that your answers can be beneficial to lots of […]

Read the full article →

Plugin Review: Quick Drafts Access

July 31, 2011 Tips

The ‘draft’ status is a feature in WordPress that I use heavily. When I get an idea for a topic, I will typically just write up a title to remind me I have something I want to write about. I went looking for a way to quickly access my drafts and stumbled upon ‘Quick Drafts […]

Read the full article →