Adding Shortcode Support
Available from 27 March 2024
Recently added a new feature to this plugin is: shortcode support. This feature allows you to easily insert a tag cloud into your posts or pages using a simple shortcode.
How to Use the Shortcode
To use the shortcode, simply add [sftc]
to your post or page where you want the tag cloud to appear. The plugin will automatically generate a tag cloud at that location.
Customizing the Heading
You can also customize the heading of the tag cloud by adding h2
or h3
attributes to the shortcode. For example, if you want to add an h2
heading, you can use the shortcode like this:
[sftc h2="Read articles related to tags"]
.
Similarly, for an h3
heading, you can use:
[sftc h3="Read articles related to tags"]
.
In both cases the heading above the tag cloud will be “Read articles related to tags“, of course.
Change the Number of Displayed Tags
If for some reason you would like to increase or decrease the number of displayed tags, you can simply modify the snippet as follows: [sftc h2="Read articles related to tags" items=17]
. As demonstrated, this should display 17 tags.
Theme integration
Implementing shortcode in theme file:
<?php echo do_shortcode('[sftc]'); ?>
<?php echo do_shortcode('[sftc items=17]'); ?>
<?php echo do_shortcode('[sftc h2="This is heading H2" items=17]'); ?>
etc.
Respecting Plugin Settings
The shortcode respects all the settings defined in the SEO Friendly Tag Cloud plugin’s settings page. This includes Number of Items, Item CSS, Exclude Items, Disable Transients Cache.
In conclusion, the addition of shortcode support to the SEO Friendly Tag Cloud plugin provides a flexible and easy way to insert a customizable, SEO-friendly tag cloud into your posts or pages. It respects all the settings defined in the plugin’s settings page, ensuring that the tag cloud behaves exactly as you want it to. Whether you’re a seasoned WordPress user or a beginner, this new feature can help enhance your site and improve its SEO.
Enhancing Security
While this feature is incredibly useful, it’s crucial to ensure that it’s secure and resistant to potential Cross-Site Scripting (XSS) attacks. XSS attacks occur when an attacker injects malicious scripts into content that’s viewed by other users.
To mitigate the risk of XSS attacks, the shortcode function in the SEO Friendly Tag Cloud plugin has been enhanced with additional security measures. These measures ensure that any user-supplied data is properly escaped before it’s output, effectively neutralizing any potentially harmful scripts.
Escaping User-Supplied Data
In WordPress, escaping user-supplied data can be done using various escaping functions. In the shortcode function for the SEO Friendly Tag Cloud plugin, the esc_html__()
function is used to escape the heading text. This function ensures that any HTML tags in the heading text are treated as plain text, not as actual HTML.
However, it’s not just the heading text that needs to be escaped. Other output, such as the tag name and the custom CSS, should also be escaped to prevent potential XSS attacks.
To further enhance security, the esc_url()
function is used to escape the tag link, and the esc_attr()
function is used to escape various attributes. The esc_html()
function is used to escape the tag name. These functions ensure that any potentially harmful scripts are neutralized.
For example, the esc_url()
function is used to sanitize the URL of the tag link. This function removes any invalid or dangerous characters from the URL, ensuring that it’s safe to use.
Similarly, the esc_attr()
function is used to sanitize various attributes such as the hover text and the aria label text. This function ensures that these attributes are safe to use and don’t contain any harmful scripts.
Finally, the esc_html()
function is used to sanitize the tag name. This function ensures that the tag name is safe to display and doesn’t contain any harmful scripts.
Conclusion
By implementing these security measures, the shortcode function in the SEO Friendly Tag Cloud plugin is now more secure and resistant to potential XSS attacks. This ensures that users can safely use the shortcode feature without worrying about potential security risks.
Remember, while these enhancements significantly improve the security of the shortcode function, it’s always important to keep WordPress and all plugins up-to-date to ensure the highest level of security. Regular updates often include security patches that protect your site from known vulnerabilities.