Recent Updates Toggle Comment Threads | Keyboard Shortcuts

  • Jay Versluis 12:32 pm on January 7, 2015 Permalink | Reply  
    Categories: WordPress ( 106 )

    How to allow additional file type uploads in WordPress 

    AppIcon76x76@2xYou can upload a lot with the WordPress Media Uploader, but depending on the file extension the system will not allow everything on your server by default – for security reasons. ZIP files and PDFs are fine, but something more obscure – particularly non-standard extensions or executable files – are not. I like it that way too!

    One way around this limitation is to simply ZIP up your obscure file and upload the archive – but that’s not always an option. Besides, you may need your file to be openable directly.

    In this article I’ll show you how to add additional file extensions to WordPress so that they can be uploaded with the Media Uploader.

    Screen Shot 2015-01-07 at 11.54.45

    Principle

    WordPress takes care of allowed file extensions in an array of MIME Types. Those are comprised of a type and a subtype (for example, text/html or image/jpeg). Here’s a list of MIME Types commonly in use:

    When in doubt about your file type, text/plain is a good starting point. In this example I’ll add the .brush file extension because I wanted to share some Procreate Brushes, and iPad visitors should be able to open them directly in Procreate when they hit my link.

    Adding File Types

    We’ll setup a function which adds our file extension to the existing array of mime types, then let WordPress call this function with a filter. Add this code to your theme’s functions.php file, or anywhere in your plugin:

    function allow_personal_uploads ( $existing_mimes=array() ) {
     
    // add your own extension here - as many as you like
    $existing_mimes['brush'] = 'text/plain'; 
     
    // return amended array
    return $existing_mimes;
    }
    
    // call our function when appropriate
    add_filter('upload_mimes', 'allow_personal_uploads');
    

    It’s always wise to prefix such functions with your own initials or known prefix (like prefix_allow_personal_uploads). This avoids potential duplicate functions and conflicts with WordPress and existing plugins.

    That’s it – .brush files are now allowed by the Media Uploader.

    Removing File Types

    With the same principle we can also disallow certain file types to be uploaded. For example, GIF files are allowed by default, but we can remove them if we wish:

    function disallow_personal_uploads ( $existing_mimes=array() ) {
     
    // remove GIF files
    unset ($existing_mimes['gif']); 
     
    // return amended array
    return $existing_mimes;
    }
    
    // call our function when appropriate
    add_filter('upload_mimes', 'disallow_personal_uploads');
    

    No more GIF uploads.

    Multisite Considerations

    To make your new file extensions available on Multisite Installations, you need to add those under Network Admin – Settings – Network Settings – Upload Settings. There’s a text box there with default values, just add yours at the end, separated from the rest with a space:

    Screen Shot 2015-01-07 at 12.29.42

    No need to remove any here, they simply won’t be allowed when users try to upload extensions you’ve forbidden by using the upload_mimes filter.

    Further Reading

     
  • Jay Versluis 4:58 pm on January 4, 2015 Permalink | Reply
    Tags:   

    Categories: Plesk ( 52 )

    How to recalculate statistics in Plesk 

    Plesk-LogoPlesk recalculates all usage statistics once every day as part of a daily maintenance script. Sometimes however you’ve made a change and would like to see statistics updated immediately rather than “sometime tomorrow”.

    The solution: run the statistics recalculations script manually.

    On CentOS the path to the file is /usr/local/psa/admin/sbin/statistics. When used on its own all statistics are recalculated on the spot.

    You can use the script with options too, for example to update a single domain only. Use the –help switch to see the full array of options:

    /usr/local/psa/admin/sbin/statistics --help
    
    Usage: /usr/local/psa/admin/sbin/statistics [ options ]
    
    --calculate-all               Calculate statistics for all domains
    --calculate-one               Calculate statistics for <domain-name>
    --domain-name|-d <string>     
    --calculate-list              Calculate statistics for listed domains
    --generate-all-webstat        Generate web-statistics pages for all domains
    --generate-domain-webstat     Generate web-statistics pages for <domain-name>
    --domain-names|-n <string>    List of domains, comma separated
    --domain-ids|-i <string>      List of domains IDs, comma separated
    --process-domains|-p <string> Calculate statistics for <domain-name>
    --all                         Calculate all aspects of statistics
    --antivirus                   Calculate antivirus and antispam statistics
    --no-webstat                  Do not generate web-statistics pages (always set for PPA mode or Windows)
    --help|-h                     display this help and exit
    
    If no options specified - calculate statistics for all domains
    

    Depending on the amount of domains you have this can take a minute or two. If you’re only interested in refreshing statistics for a single domain you can use this syntax:

    /usr/local/psa/admin/sbin/statistics --calculate-one -d yourdomain.com
    

    Have fun ;-)

     
  • Jay Versluis 3:34 pm on January 3, 2015 Permalink | Reply
    Tags: dovecot, , ,   

    Categories: Linux, Plesk ( 53 )

    How to install and secure Dovecot in Plesk 12 

    dovecotI’ve just installed the Dovecot Mail Service on one of my Plesk 12 servers. It’s an alternative to the old favourite Courier IMAP/POP and a new addition in Plesk 12.

    Dovecot does more or less the same as Courier (i.e. lets you receive mail), but it’s a bit more configurable and debug friendly. It also offers server-side mail filtering which is accessible via the Plesk Webmail services Roundcube and Horde.

    In this article I’ll show you how to install Dovecot in Plesk 12, and how to add your own SSL certificates for mail. In my previous article I’ve explained how to do this with the standard Courier Mail service.

     

    Installing Dovecot in Plesk 12

    Head over to

    • Tools and Settings (or the Server Tab)
    • under the Plesk heading
    • Updates and Upgrades

    Select Add or Remove Components and under Mail Hosting Features, find the option for Different IMAP/POP3 server:

    Screen Shot 2015-01-03 at 15.14.37

    You can only install either Courier or Dovecot. Switching will automatically uninstall the component you currently have and instead install the other one.

    Note that switching Courier for Dovecot will preserve all mailboxes and will not affect your outgoing mail services. Give Plesk a moment until your see the “installation has finished” message.

    You’re now running Dovecot!

     

    Patching Dovecot SSL Certificates

    As with Courier, Dovecot will use self-signed certificates for secure connections. This means that a nasty window is likely to pop up when clients connect. You can suppress this window by specifying your own SSL Certificates.

    Screen Shot 2015-01-03 at 15.12.08

     

    The default configuration file for Dovecot is in /etc/dovecot/dovecot.conf. However the file states that any changes you make here are wiped when an upgrade comes along. Instead, take a look at the /etc/dovecot/conf.d/ directory in which you’ll find three files by default:

    • 10-plesk-security.conf
    • 15-plesk-auth.conf
    • 90-plesk-sieve.conf

    You can add your own configuration snippets here, each beginning with a number and ending with .conf. The lower the number, the earlier your snippet is loaded. The higher the number, the later it is loaded. You get the picture.

    Let’s create /etc/dovecot/conf.d/5-ssl.conf for our purposes. Because I had already configured my certificates for Courier they are still in /usr/share/imapd.pem – but feel free to place your .pem files anywhere you like. Here’s what my file looks like:

    # SSL Certificates for Dovecot are defined here
    
    ssl = yes
    # Path to your Certificate, preferred permissions: root:root 0444
    ssl_cert = &lt;/usr/share/imapd.pem
    # Path to your Private Key, preferred permissions: root:root 0400
    ssl_key = &lt;/usr/share/imapd.pem
    

    Dovecot lets you have separate files for the certificate and the private key, something that’s not possible in Courier as far as I know. Dovecot is also happy to keep those in the same file though as in my example, and as in Courier. Easy going I say!

    For the changes to take effect we need to restart the Plesk Mail Service like so:

    /usr/local/psa/admin/sbin/mailmng --restart-service

    That’s it!

     

    How do I add a certificate for outgoing mail?

    Postfix (and QMail) deal with sending mail, Dovecot and Courier only deal with receiving it. I’ve described how to add SSL Certificates to Postfix in my article about Courer.

     

    Further Reading

     

     
    • prupert 2:32 pm on January 18, 2015 Permalink | Reply

      You may want to add the following directives for added security:

      Strong DH params

      ssl_dh_parameters_length = 2048

      Disable insecure SSL protocols

      ssl_protocols = !SSLv2 !SSLv3

      • Jay Versluis 3:35 pm on January 18, 2015 Permalink | Reply

        Thank you for the tip, prupert! Very much appreciated!

  • Jay Versluis 12:06 pm on December 30, 2014 Permalink | Reply
    Tags: Stack Overflow   

    Categories: How To ( 28 )

    How to find your starred questions (favourites) in Stack Overflow 

    Stack-Favourites

    You can mark questions in the Stack Exchange network simply by clicking the little star icon. A yellow star means you’ve marked it as a favourite, a grey one means you haven’t. It’s a convenient bookmarking system.

    But where can you see a list of what you’ve starred? It’s not exactly obvious, so let me show you how to access your favourited questions and up voted answers. I’m using Stack Overflow as an example, but the principle is the same on all Stack Exchange sites.

    • head over to your Stack Overflow profile (click on your badge at the top)
    • find favorites at the bottom
    • now select added to see your starred/favourited questions
    • or select votes to see which answers you’ve up-voted

    Hope this helps!

     
  • Jay Versluis 3:21 pm on December 29, 2014 Permalink | Reply
    Tags: ,   

    Categories: Windows ( 9 )

    How to change your DNS Servers in Windows 

    DNS is a service that translates a domain name into a numeric IP so that one computer can talk to another. We deal with it all the time, but most mere mortals are not aware of their importance. In this article I’d like to show you how to change your computer’s DNS entries in Windows.

     

    Why change DNS Servers?

    In a nutshell, if all works well on your system, perhaps you don’t need to tweak those settings. However, if you can consistently see some websites but not others, or you get weird intermittent connection problems, then your DNS entires may be querying servers that are not as “hot” as others.

    Faster DNS Servers can provide quicker answers, resulting in faster results when browsing.

    When the IP address of a domain changes, it takes a while for this change to propagate through the world. Some servers know changes quicker than others. Some servers may not see new data at all for several days.

    ISPs and corporate networks usually provide their own DNS Servers, but it’s never clear how good they are. Google and OpenDNS provide very fast and free services which usually outperform those provided by your ISP or corporate network.

     

    Change DNS Servers in Windows 7, Windows 8.1 and Windows 10

    It’s not easy to find this hidden option, but the good news is this works on all flavours of Windows.

    Search for “Network and Sharing Center” which will bring up a window that lets you choose the option “Change adaptor settings”. This will bring up the list of networks, one of which is likely connected to the internet.

    Screen Shot 2014-12-29 at 15.15.01

     

    In my case it’s a LAN connection, but it could also be a WiFi connection. Right-click the appropriate one and choose Properties.

    The next window looks rather scary and isn’t very intuitive for humans. Scour the list for something that relates to Internet Protocol Version 4 (TCP/IPv4) as highlighted here:

    Screen Shot 2014-12-29 at 14.10.08

    Select this item and click Properties. Another scary window opens. This one has two parts on the General Tab, and it’s the lower one about DNS that we’re interested in (the top part is for obtaining an IP address – let’s leave it alone).

    The default is “Obtain DNS Server automatically” which means we have no idea who is being queried. Instead, select “Use the following DNS server addresses” and add both DNS Servers of your choice. In this screenshot I’m using Google’s DNS:

    Screen Shot 2014-12-29 at 14.11.25

    As soon as you hit OK the changes will be in effect. You can close all other windows we opened during the course of this setup.

     

    Popular DNS Servers

    Google’s DNS Servers are:

    • 8.8.8.8
    • 8.8.4.4

    The OpenDNS Servers are:

    • 208.67.220.220
    • 208.67.222.222

    There are many other free and premium DNS Servers you can use. Search for “free dns servers” and see lists like these: http://pcsupport.about.com/od/tipstricks/a/free-public-dns-servers.htm

    Have fun ;-)

     
  • Jay Versluis 1:02 pm on December 29, 2014 Permalink | Reply
    Tags: , GMX,   

    Categories: iOS ( 220 )

    How to override auto-detected Email Settings in iOS 

    IMG_5845.PNG

    The nature of any automation is that sometimes it just doesn’t work. Apple’s iOS is no exception.

    When you add a new email account on your iOS device, several mail providers’ settings can be auto detected. It’s there to make our lives easier so that we don’t have to add details for mail servers and ports manually. Yahoo Mail and Gmail are detected perfectly, but other services – for example GMX – are not.

    This is no problem if iOS simply says that you need to add details manually (as with Plesk mail), but it is an issue if iOS has detected the correct POP settings and you’d much rather use IMAP. iOS offers no way to change these settings when auto detection was successful.

    There’s a trick which will let you specify your own settings by bodging your password. Do the following:

    • under Settings – Mail, Contacts, Calendars – add a new account
    • choose other, then select Add Mail Account
    • This will show you a dialogue similar to the one in the screenshot above. Fill out your details but deliberately choose the wrong password. A single letter of your choice will do.
    • Hit Next and the auto-detection goes to work, telling you the password was wrong.
    • Now configure the settings to your liking, including a choice of POP and IMAP, incoming and outgoing mail servers, encryption options and ports.

    I found this out by helping my friend Oliver leave POP behind for good on his new iPhone 6. In case you need the GMX IMAP details, they can be found here:

     
  • Jay Versluis 10:04 pm on December 24, 2014 Permalink | Reply  
    Categories: Linux, Plesk, WordPress ( 53 )

    FIXED: The wp-content folder does not show itself via FTP in Plesk 12 and CentOS 7 

    Screen Shot 2014-12-24 at 21.49.49

    I’ve noticed a weird bug in Plesk 12 on CentOS 7: when you connect via FTP, the wp-content folder does not show up – all other folders can be seen as usual. It’s a rather crucial folder for WordPress users.

    At first I had suspected a problem with the ProFTP service which is not the stock version, but a specially compiled version for use with Plesk, and Plesk takes care of this system services (it’s called psa-proftpd in case you’re interested). But ProFTP is not the problem.

    Thanks to the amazing Sergey Lystsev from Parallels for letting me know that the issue is instead with SELinux: when it’s used in Enforcing mode (which is the default), wp-content does not show itself via FTP. Switching it to Permissive mode or disabling SELinux altogether solves the problem.

    The entire issue will be fixed in the next release of Plesk, and it’s already working in the latest update to the Plesk Preview 12.1.13. CentOS 5 and 6 are not affected.

    How do we fix it, Cap’m?

    To disable SELinux on CentOS 7 we can use this:

    setenforce 0
    

    Or, to switch to permissive mode, use this:

    setenforce permissive
    

    Now we’ll need to restart the xinetd service as well as Plesk for the changes to take effect:

    systemctl restart xinetd.service
    service psa stopall
    service psa restart
    

    Connect to your site via FTP and see if the wp-content folder shows itself.

    To permanently change the SELinux configuration so that it survives a server restart, check out my other article here:

     
    • Ronald 7:56 am on January 20, 2015 Permalink | Reply

      Thanks a lot for this post! I was experiencing the exact same problem and this solved it. Thanks.

      • Jay Versluis 9:16 am on January 20, 2015 Permalink | Reply

        You’re very welcome, Ronald!

  • Jay Versluis 6:36 pm on December 18, 2014 Permalink | Reply
    Tags:   

    Categories: Plesk ( 52 )

    How to allow Passive FTP Connections in Plesk 

    Plesk-LogoA little while ago I’ve written an article about opening Passive FTP Ports specifically for using Plesk on Amazon AWS. Here’s a slightly more condensed version about how to do this on any server if you need it.

    Passive FTP ports are not open by default when you install Plesk. To make it happen we need to patch the ProFTP configuration with a range of ports (anything between 49152 and 65534) and open the same range in our firewall.

    You’ll find the ProFTP config file in /etc/proftpd.conf. There’s no need to open the whole available range, I’ll settle for 99 possible ports here. Add the following somewhere at the top of the file, outside any global declarations:

    # adding passive ports and public IP address
    PassivePorts 50001 50100
    

    For the changes to become effective we’ll need to restart the xinetd service which ProFTP is part of in Plesk:

    service xinetd restart
    

    This will allow passive connections – but you also need to open those in your firewall. The easiest way to do this is via the Firewall Extension in Plesk:

    Screen Shot 2014-12-18 at 18.20.48

    Select Modify Firewall Rules, then Add Custom Rule. Give it a title, then add your port rage and click OK. Your changes are not effective yet because Plesk needs to restart the firewall service. To do this hit “Apply Changes”, followed by “Activate”. Wait a moment and Plesk will have taken care of it.

    If you don’t want to use the extension, here’s how you can open those ports manually. On CentOS 6 you can manually add that port range on the command line like this:

    iptables –I INPUT –p tcp --dport 50001:50100 –j ACCEPT
    service iptables restart
    

    On CentOS 7 you can do it like this:

    firewall-cmd --zone=public --add-port=50001-50100/tcp --permanent
    firewall-cmd --reload
    

    Testing testing… this thing on?

    To make sure everything is working, simply use your favourite FTP client and try to make a passive connection. If you get timeout errors something isn’t right.

    You can also use a great web based tool to check if passive connections are working thanks to Tim Kosse: https://ftptest.net

    Enjoy!

    Further Reading

     
  • Jay Versluis 8:03 pm on December 8, 2014 Permalink | Reply
    Tags: vi   

    Categories: Linux ( 53 )

    How to quit vi without saving your changes 

    It just occurred to me that even though I know my way around vi fairly well, I never had to quit it without saving my changes. Usually I just go back in and overwrite my mistakes.

    Today I did something though that wasn’t as easy to eliminate: instead of pasting an IP address, I accidentally pasted a 4000+ character stylesheet. Dang!

    So how do we leave vi and NOT save our changes? Here’s how:

    • press ESC to exit editing mode (insert/append/whatever)
    • press : (the colon character)
    • enter q!

    Now you’re back on the command line without any saved changes.

    Remind me: how do we SAVE changes again?

    There are several ways of doing this, but my personal favourite is this:

    • press ESC to exit editing mode (insert/append/whatever)
    • press SHIFT + Z twice

    This will put you back on the command line and your changes are saved.

     
  • Jay Versluis 2:07 pm on December 8, 2014 Permalink | Reply
    Tags: , SELinux   

    Categories: Linux ( 53 )

    How to control SELinux in CentOS 7 

    SELinux – when installed – can take on one of three modes:

    • Enforcing
    • Permissive
    • Disabled

    To check which mode SELinux is running on, we can use either sestatus for a more detailed output, or simply getenforce for a one liner:

    sestatus
    
    SELinux status:                 enabled
    SELinuxfs mount:                /sys/fs/selinux
    SELinux root directory:         /etc/selinux
    Loaded policy name:             targeted
    Current mode:                   enforcing
    Mode from config file:          enforcing
    Policy MLS status:              enabled
    Policy deny_unknown status:     allowed
    Max kernel policy version:      28
    

    getenforce on the other hand will literally just say a single word, like “Enforcing”.

    To change this mode, edit /etc/selinux/config:

    vi /etc/selinux/config
    
    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #     enforcing - SELinux security policy is enforced.
    #     permissive - SELinux prints warnings instead of enforcing.
    #     disabled - No SELinux policy is loaded.
    SELINUX=enforcing
    # SELINUXTYPE= can take one of these two values:
    #     targeted - Targeted processes are protected,
    #     minimum - Modification of targeted policy. Only selected processes are protected. 
    #     mls - Multi Level Security protection.
    SELINUXTYPE=targeted
    

    Change the file according to the comments and restart the system for the changes to take effect.

    setenforce command

    If SELinux is running and either set to Enforcing or Permissive, you can change its mode on the fly without restarting the server using the setenforce command like so:

    // switch to permissive
    setenforce permissive
    
    // switch to enforcing
    setenforce enforcing
    
    // disable SELinux
    setenforce 0
    

    You won’t get any feedback if all goes well. Note that if SELinux is disabled, the setenforce command won’t work.

    Find out more about SELinux and what it’s good for here:

     
c
compose new post
j
next post/next comment
k
previous post/previous comment
r
reply
e
edit
o
show/hide comments
t
go to top
l
go to login
h
show/hide help
shift + esc
cancel