WordPress – plugin – hello world

WordPress is a blogging software that runs on a webserver, the great thing about wordpress is that you are able to extend the functions to create the pages/comments/archives etc on the blogging site. You are also able to create your own themes that will use the functions that you can create within that theme So lets it straight, a plugin for the wordpress is the way that you can extend the functional aspects of the whole site that is not dependent on the theme that you using (a theme is what you view on the web page the “style” (css) of the site for example).

There is two main directories within the wordpress directory structure to add in new themes (wp-content/themes) and the plugins (wp-content/plugins) this is where you place the code to extend the basic wordpress install.

In this example I going to extend the action get_header, if you save the code below into the directory wp-content/plugins/codingfriends_helloworld as codingfriends_helloworld.php

Plugin Name: Coding friends hello world
Plugin URI: http://www.codingfriends.com/
Description: Outputs hello world
Version: 0.1
Author: Genux
Author URI: http://www.codingfriends.com
License: GPL2
function codingfriends_helloworld()
  echo "hello world";
add_action('get_header', 'codingfriends_helloworld');

once you have saved that file, then goto your wordpress admin page, on the left is the Plugins link, click on that and within there will be the “new” plugin called coding friends hello world, you just need to activate it and then hey presto it works. There will be “hello world” at the top of the wordpress installed pages within the main site (not the wp-admin part of the site).

What is happening is that you have created a function called codingfriends_hellworld, which outputs “hello world”, but the main part is the


this will add this function to a defined plugin action (to get a list of all of the actions (these happen within the core site), and filters (alter text within the site, e.g. pages that you add to the site, comments etc) you can use look here).

So when the action get_header is called within the main wordpress application, it will call your new function (codingfriends_helloworld).

There is tons of things that you can do with these, alter the comments when posted back to the site, pages etc, just look at the API list.

WordPress admin login

After reading on the SANS website about a dirty process of using distributed wordpress as from here. One of the ways to make sure that the user cannot keep on trying to use brute force to access your site is to set the password randomly, I use this website pctools which comes up with a very nice password for you.

Also within the brute force attach they are using the username of admin to try and login so you could change the admin username.

UPDATE wp_users SET user_login = '<insert name here>' WHERE user_login = 'admin';

Of course if you have setup the pre table name of wp_ instead it would be users table name.