Category: WordPress Toggle Comment Threads | Keyboard Shortcuts

Tips and Tricks on WordPress usage and development. I am very passionate about WordPress, but it doesn’t work just by itself – it needs a rich environment to live and breathe in.

If you’re after theme and plugin alterations, we have a category for that.

  • Jay Versluis 11:58 am on April 27, 2015 Permalink | Reply  
    Categories: Plesk, WordPress ( 65 )

    How to fix WordPress Media upload trouble caused by open_basedir restriction 

    I’ve recently migrated a WordPress site from one server to another (running Plesk) and noticed that file uploads were no longer working. All existing files showed up fine, but new uploads were always aborted with a message such as “Is your uploads directory writable?” – which of course it was.

    Here’s what it looked like – a familiar sight for anyone with WordPress issues:

    Screen Shot 2015-04-27 at 11.29.46

    Uploads had been working fine on the pervious server, and other sites on the new server didn’t have a problem. Puzzles like that rob me of sleep and sweet dreams. I decided to poke into any error logs on the new server (which wasn’t even that new mind you).

    To my surprise I found that in /var/www/vhosts/system/domain.com/logs, there was an error log that was seemingly growing out of control very quickly. At one point it was over 500GB in size. Obviously this had a very adverse effect on the that server, which was running out of space when it shouldn’t have.

    The repeating error message was this:

    mod_fcgid: stderr: PHP Warning:  is_dir(): open_basedir restriction in effect. 
    File(/) is not within the allowed path(s): (/home/www/vhosts/domain.com/:/tmp/) 
    in /home/www/vhosts/domain.com/httpdocs/wp-includes/functions.php on line 1501

    Sure I thought, I can understand why the server had a problem with this: the path is just NOT where domain data is saved on my target server. Why was it addressing a path that may have worked on the source server? Shouldn’t WordPress adjust itself automatically?

    Why yes, usually it does – unless of course there’s an old database entry that specifies this path. Many options have been removed from the WordPress admin interface over time, but the values that could be set are still in effect. Thankfully it was an easy fix – even though it took me days to think of this: that nasty path was defined under Settings – Media:

    Screen Shot 2015-04-27 at 11.28.24

    Anything in the top field is a full server path. If it starts with a slash it’s a root path, while no slash at the beginning is a relative path. A wrong path (like mine) messed up all future uploads. All I had to do was delete anything in that field.

    Note that this option only shows up if a path is defined: as soon as I cleared the field, the option disappeared.

    Thanks to cleasterwood for this tip, who had this problem 5 years ago (goes to show how old my WordPress installation really was):

    As for that huge 500GB log file, that’s another story: simply deleting it was not enough to free up space on the server. Because Apache kept an open write connection to that file, I was still running low on space – even though the file was gone. Restarting Apache didn’t do the trick either.

    What did work here was a full server restart. It took a little longer than usual, but the massive log file was gone, and over 500GB of space was back at my disposal. And more importantly, my WordPress instance was accepting uploads again.

    Phew!





     
  • Jay Versluis 9:54 am on April 23, 2015 Permalink | Reply
    Tags:   

    Categories: WordPress ( 111 )

    What is the Prove your Humanity login feature in WordPress 

    Screen Shot 2015-04-21 at 08.31.32

    Some of my clients have recently noticed a new math question on their WordPress login screen. It prompts to Prove your humanity in addition to your user name and password.

    This feature was recently introduced in Jetpack as part of the Protect Feature, which prevents hackers from trying to gain access to your WordPress site via brute-force attacks. Prove your humanity means that bots have a hard time logging in. You can even see how many times Jetpack has prevented unsuccessful login attempts.

    To remove the math question you can whitelist your own IP so that Jetpack knows you’re logging in from a legitimate address. To do this, login to your admin interface and head over to Jetpack – Settings – find the Protect Feature and hit Configure. This brings up a window similar to the one below.

    Screen_Shot_2015-04-23_at_09_38_18

    You will see your current IP address. Add it to the list and click save – and you won’t see the additional math question again, provided you login from the same IP. Repeat the process and add additional IPs if needed. If you have multiple users on your team who all contribute to the site, ask them to provide their IP via http://whatsmyip.org or similar services.

    If you’ve been accidentally logged out can cannot gain access to WordPress anymore, you can add a single IP address to your wp-config.php file by defining the following constant:

    define('JETPACK_IP_ADDRESS_OK', '12.34.56.78');

    Replace 12.34.56.78 with your actual IP address (obviously).





     
  • Jay Versluis 11:00 am on March 31, 2015 Permalink | Reply
    Tags: Editor   

    Categories: WordPress ( 111 )

    How to disable the WordPress Theme and Plugin Editor 

    AppIcon76x76@2xOne of my readers had a mysterious problem: the WordPress Editor was not showing up under Appearance or Plugins. It’s a handy tool for quick edits to any plugin or theme file, and I’ve relied on it more times than I can count.

    Having it enabled is a double-edged sword of course, because with great power comes great responsibility too: make a change to a plugin file and accidentally remove a semicolon from the end of a line, and your WordPress site will go down – and the best minds will have a hard time tracking the problem down.

    There is a way to remove the editor functionality completely from WordPress to save tinkerers from themselves: add the following line to the wp-config.php file:

    define('DISALLOW_FILE_EDIT', true);
    

    This will remove the Editor from both Appearance and Plugins. The change will be in effect as soon as you save the file and refresh the admin interface.

    Screen Shot 2015-03-31 at 10.51.27

    Screen Shot 2015-03-31 at 10.36.58

    To bring the editor back, simply remove the entire line from wp-config.php, or set the value “true” to “false”.

    Many thanks to Dr. Markus Drabe for bringing this puzzle to my attention!





     
  • Jay Versluis 10:06 am on February 16, 2015 Permalink | Reply
    Tags:   

    Categories: WordPress ( 111 )

    How to block Spam Trackbacks in WordPress 

    wordpress-iconTrackbacks are a great way for other blogs to notify your blog about a link back to you. Many blogging platforms support this feature, including WordPress.

    But sometimes it’s very obvious that those trackbacks aren’t coming from a legitimate source, especially when you get several dozen of them every day from the same source.

    No one loves you that much.

    The most recent two examples are semalt.com and buttons-for-website.com, the latter can’t even properly mix a plural with a singular. But that’s not for here.

    To make sure those trackbacks don’t bother our WordPress site anymore, we can add a bit of code to your re-reite rule file. If your host is using Apache then this will be your .htaccess file, famously in use for Pretty Permalinks and some cache plugins.

    A typical .htaccess file is either empty or contains a block of code courtesy of WordPress. It’s a simple text file. If we add this little snippet to the bottom of the file, friendly trackbacks from semalt.com will no longer notify our website:

    # Block Semalt Trackbacks
    RewriteEngine On
    RewriteCond %{HTTP_REFERER} semalt\.com
    RewriteRule ^.* - [F,L]
    

    This rather strange looking code is a rewrite rule. It says “if you encounter a link or a visitor from semalt.com, then forbid them access to anywhere on this site”.

    Notice the backslash, followed by the domain extension in semalt\.com. This is necessary to escape the dot character, otherwise Apache would interpret it as an instruction. In our other example, buttons-for-website.com, we need to deal with the slashes in the domain name in the same way:

    # Block buttons-forwebsite Trackbacks
    RewriteEngine On
    RewriteCond %{HTTP_REFERER} buttons\-for\-website\.com
    RewriteRule ^.* - [F,L]
    

    You can stack these rules in your .htaccess file and add as many as you like for your very own Trackback Spammers. Simply replace the URL in the code with your own, escaping special characters as seen above (a special character is anything that isn’t “a to z” or “0 to 9″).

    Note that these rules do not prevent such websites from linking to you. However as soon as someone from the offending website clicks a link to your website, they will be denied access. On the other hand, when the same visitor would type in your URL, or come from a different website, they will be able so see your content without problems.





     
  • Jay Versluis 10:10 pm on February 10, 2015 Permalink | Reply
    Tags: , ,   

    Categories: WordPress ( 111 )

    FIXED: WordPress refuses to send you a Password Reset Link 

    Screen Shot 2015-02-10 at 21.33.07

    I ran into an interesting problem today: on a CentOS 6 server a colleague of mine wanted to reset her WordPress password via the handy link provided in the login dialogue. But rather than sending an email, WordPress got back to her with the following error message:

    The e-mail could not be sent.
    Possible reason: your host may have disabled the mail() function.

    Intrigued I had a look at the server. To my surprise sendmail was installed, and emails could be sent from the command line as well as from PHP scripts. But not from WordPress. What was going on?

    Examining the logs I came across the following error message:

    sendmail: fatal: chdir /var/spool/postfix: Permission denied

    followed by a Web Server 500 error caused by the password reset link. Interesting.

    Turns out it was an old acquaintance of mine, someone who has been spoiling the broth on many occasions: SELinux.

    SELinux can prevent Apache from sending mail when enabled, but lucky for us there’s a quick way to fix this, courtesy of manyon over at the Simple Machines Forum.

    To test if SELinux is preventing mail from being sent, try this test from the command line:

    /usr/sbin/getsebool httpd_can_sendmail
    

    It will return with httpd_can_sendmail –> on or off, and if your server is set to the latter then mail can’t be sent.

    To change this, execute the following, switching this bool to on:

    sudo setsebool -P httpd_can_sendmail 1
    

    Note that this can take a minute or two (literally) because the entire SELinux policy needs to be recompiled. Be patient, your server isn’t hanging.

    Once changed, make sure to restart Apache:

    service httpd restart
    

    Now WordPress can send the password reset link. #result





     
  • Jay Versluis 12:32 pm on January 7, 2015 Permalink | Reply  
    Categories: WordPress ( 111 )

    How to allow additional file type uploads in WordPress 

    AppIcon76x76@2xYou can upload a lot with the WordPress Media Uploader, but depending on the file extension the system will not allow everything on your server by default – for security reasons. ZIP files and PDFs are fine, but something more obscure – particularly non-standard extensions or executable files – are not. I like it that way too!

    One way around this limitation is to simply ZIP up your obscure file and upload the archive – but that’s not always an option. Besides, you may need your file to be openable directly.

    In this article I’ll show you how to add additional file extensions to WordPress so that they can be uploaded with the Media Uploader.

    Screen Shot 2015-01-07 at 11.54.45

    Principle

    WordPress takes care of allowed file extensions in an array of MIME Types. Those are comprised of a type and a subtype (for example, text/html or image/jpeg). Here’s a list of MIME Types commonly in use:

    When in doubt about your file type, text/plain is a good starting point. In this example I’ll add the .brush file extension because I wanted to share some Procreate Brushes, and iPad visitors should be able to open them directly in Procreate when they hit my link.

    Adding File Types

    We’ll setup a function which adds our file extension to the existing array of mime types, then let WordPress call this function with a filter. Add this code to your theme’s functions.php file, or anywhere in your plugin:

    function allow_personal_uploads ( $existing_mimes=array() ) {
     
    // add your own extension here - as many as you like
    $existing_mimes['brush'] = 'text/plain'; 
     
    // return amended array
    return $existing_mimes;
    }
    
    // call our function when appropriate
    add_filter('upload_mimes', 'allow_personal_uploads');
    

    It’s always wise to prefix such functions with your own initials or known prefix (like prefix_allow_personal_uploads). This avoids potential duplicate functions and conflicts with WordPress and existing plugins.

    That’s it – .brush files are now allowed by the Media Uploader.

    Removing File Types

    With the same principle we can also disallow certain file types to be uploaded. For example, GIF files are allowed by default, but we can remove them if we wish:

    function disallow_personal_uploads ( $existing_mimes=array() ) {
     
    // remove GIF files
    unset ($existing_mimes['gif']); 
     
    // return amended array
    return $existing_mimes;
    }
    
    // call our function when appropriate
    add_filter('upload_mimes', 'disallow_personal_uploads');
    

    No more GIF uploads.

    Multisite Considerations

    To make your new file extensions available on Multisite Installations, you need to add those under Network Admin – Settings – Network Settings – Upload Settings. There’s a text box there with default values, just add yours at the end, separated from the rest with a space:

    Screen Shot 2015-01-07 at 12.29.42

    No need to remove any here, they simply won’t be allowed when users try to upload extensions you’ve forbidden by using the upload_mimes filter.

    Further Reading





     
  • Jay Versluis 10:04 pm on December 24, 2014 Permalink | Reply  
    Categories: Linux, Plesk, WordPress ( 68 )

    FIXED: The wp-content folder does not show itself via FTP in Plesk 12 and CentOS 7 

    Screen Shot 2014-12-24 at 21.49.49

    I’ve noticed a weird bug in Plesk 12 on CentOS 7: when you connect via FTP, the wp-content folder does not show up – all other folders can be seen as usual. It’s a rather crucial folder for WordPress users.

    At first I had suspected a problem with the ProFTP service which is not the stock version, but a specially compiled version for use with Plesk, and Plesk takes care of this system services (it’s called psa-proftpd in case you’re interested). But ProFTP is not the problem.

    Thanks to the amazing Sergey Lystsev from Parallels for letting me know that the issue is instead with SELinux: when it’s used in Enforcing mode (which is the default), wp-content does not show itself via FTP. Switching it to Permissive mode or disabling SELinux altogether solves the problem.

    The entire issue will be fixed in the next release of Plesk, and it’s already working in the latest update to the Plesk Preview 12.1.13. CentOS 5 and 6 are not affected.

    How do we fix it, Cap’m?

    To disable SELinux on CentOS 7 we can use this:

    setenforce 0
    

    Or, to switch to permissive mode, use this:

    setenforce permissive
    

    Now we’ll need to restart the xinetd service as well as Plesk for the changes to take effect:

    systemctl restart xinetd.service
    service psa stopall
    service psa restart
    

    Connect to your site via FTP and see if the wp-content folder shows itself.

    To permanently change the SELinux configuration so that it survives a server restart, check out my other article here:





     
    • Ronald 7:56 am on January 20, 2015 Permalink | Reply

      Thanks a lot for this post! I was experiencing the exact same problem and this solved it. Thanks.

      • Jay Versluis 9:16 am on January 20, 2015 Permalink | Reply

        You’re very welcome, Ronald!

  • Jay Versluis 3:58 pm on December 5, 2014 Permalink | Reply
    Tags:   

    Categories: MySQL, WordPress ( 18 )

    How to find and replace in MySQL with phpMyAdmin 

    mysqlSometimes you need to replace a string in your database with another string, and it can be rather tedious to plough through a large table manually. Thankfully MySQL can execute raw queries such as find and replace.

    This comes in handy if you’ve moved a WordPress installation to another URL: you only need to tweak two values in the options table, but there may be countless image references and links in the posts and options table too. That’s where find and replace can come in handy.

    You can execute the following statement either on the MySQL command line, or use phpMyAdmin’s Raw SQL option:

    Screen Shot 2014-12-05 at 15.42.10

    That big text field is where we’ll use the following code. Before we do however, make a backup of your database because there is NO UNDO FUNCTION in MySQL. A cute typo can break things beyond repair!

    Here’s what the find and replace statement looks like in principle:

    update table_name set field_name = replace(
    field_name, 'original text',
    'replacement text');
    

    For WordPress specifically, if you’d like to replace text strings inside posts and pages, then wp_posts would be your table, and field_name is the column of that table. So for wp_posts this will be post_content. You can see the field labels at the top of each column when you select a table.

    To replace a URL in all posts and pages the statement would look like this:

    update wp_posts set post_content = replace(
    post_content, 'http://oldurl.com/',
    'http://newdomain.com/subfolder/');
    

    As soon as you hit GO, MySQL will go to work and show you a success or failure message. The above would replace all image references and links from your old domain to the new one, where WordPress is installed in a subfolder.

    Make a note of your table prefix and replace it accordingly. wp_ is the default, but this can easily be changed into something else for security reasons. Be cautious of trailing slashes when you’re replacing URLs.

    Also note that a small letter “l” and a capital “I” look surprisingly similar in the phpMyAdmin! If you keep getting errors like “this table does not exist”, it’s something to watch out for before questioning your sanity again 😉

     

    Replacing URL strings in WordPress

    I use this technique when I need to replace URLs across an entire WordPress installation. Those can hide not only in posts, but also in widgets and menus. Here’s a list of places to hunt for them:

    • wp_posts table, in the posts_content field (links inside posts and pages)
    • wp_links table, in the link_url field (the old Link Manager)
    • wp_postmeta table, in the meta_value field (URLs of Custom Menu items)
    • wp_options table, in the option_value field (anything saved by themes and plugins)
    • wp_comments table, in the comment_content field (URLs inside comments)

    And while we’re talking about replacing URLs: if you need to change the root URL of a WordPress installation, this is done in wp_options too. Look for two values called siteurl and home.

     

    Further Reading





     
  • Jay Versluis 11:31 am on September 20, 2014 Permalink | Reply
    Tags:   

    Categories: WordPress ( 111 )

    P2 Header Ad – Version 1.5 released 

    Screen Shot 2014-09-20 at 11.15.53

    I’ve just updated my P2 Header Ad plugin with some new options:

    • you can now display the same ad again after the post content (before the comments)
    • you can do this on single posts, and additionally on the front page if you like

    These options are not enabled by default and work best if you have longer posts on your site – the look a bit naff if you use your P2 site mainly for short status updates.

    I’ve also spruced up the graphic assets that are used on WordPress.org while I was at it. Check out the new options in the Admin Interface (it’s still under Appearance – P2 Header Ad):

    screenshot-2

    Note on Google Adsense ads

    If you’re using both options above with Google Adsense ads, please note that those can only be shown up to 5 times on a single page. If your front page shows 5 posts or more, then the ad can no longer be displayed in the header (which is called last for performance reasons).

    If you want to use the after-content-front-page-ad feature, and you want the header to show first, you can tweak line 293 of the main plugin file (p2-header-ad.php) from this

    add_action ('get_footer', 'p2DisplayAdvert');
    

    to

    add_action ('get_header', 'p2DisplayAdvert');
    

    I may make this an option in the admin interface in a future update. Let me know if you have any questions. Enjoy the plugin, you can download it from within WordPress, on WordPress.org on GitHub:





     
  • Jay Versluis 12:30 pm on September 8, 2014 Permalink | Reply
    Tags:   

    Categories: WordPress ( 111 )

    How to add Icons and Banners for your Plugins hosted on WordPress.org 

     

    Screen Shot 2014-09-08 at 12.29.32

    WordPress 4.0 introduced a new way to browse Plugins in the admin interface: beautiful icons show up that make Plugins looks like Mini-Apps. When a user clicks on one they get a description right there and then without the need to browse to the WordPress site in a different tab. This gives easy and instant access to important info without disrupting the user experience. Simply put: it’s beautiful!

    It’s very simple to add your own icons and banners to this experience and stand out from the crowd. Let me show you how.

    Plugin Icons

    Create a square icon, much like you would for iOS and Android Apps. Avoid text and keep it simple. Icons can be either jpg or png (transparency is recognised in the latter format). You can upload two sizes with the following file names:

    • icon-128×128.jpg (or icon-128×128.png) for standard displays
    • icon-256×256.jpg (or icon-256×256.png) for retina/hi-res displays

    The second file is optional and will show up if a suer browses on an iPad or Retina Laptop. Both files need to reside in the plugin’s assets folder. This is something that is not download when a plugin is installed and only lives on the WordPress repo.

    Assets is the same folder that houses your screenshots you may have added which show up in the plugin descriptions. If yours live in the main plugin folder, perhaps now is a good time to move them into assets and keep downloads smaller.

    If you don’t already have an assets folder, create one in your root directory of your svn repo (as provided by the WordPress Plugin Master), on the same level as trunks, tags and branches:

    your-plugin-folder (root)
        trunk
            plugin-files-live-here
        tags
            1.0
            1.1
        branches
        assets
            icon-128x128.png
            icon-256x256.png
    

    Commit your files using your favourite SVN Tool and now they’ll show up in the WordPress admin interface as seen in the screenshot above. It’s that simple.

    Plugin Banners

    Banners were introduced to plugin authors sometime in July 2012. Back then they were only displayed on the WordPress.org site as part of your plugin URL, like this: http://wordpress.org/plugins/child-theme-wizard

    Screen Shot 2014-09-08 at 11.48.04

    The new feature in WordPress 4.0 is that those banners now show up when a user clicks your plugin to get more information.

    And just like with icons, those banners live in the same assets directory and follow the same pattern for standard and retina displays. Banner sizes are 772×250 and 1544×500 respectively. Again both jpg and png formats are accepted:

    your-plugin-folder (root)
        trunk
            plugin-files-live-here
        tags
            1.0
            1.1
        branches
        assets
            banner-772x250.png
            banner-1544x500.png
    

    Here’s what a banner looks like in the WordPress admin interface:

    Screen Shot 2014-09-08 at 11.50.08





     
c
compose new post
j
next post/next comment
k
previous post/previous comment
r
reply
e
edit
o
show/hide comments
t
go to top
l
go to login
h
show/hide help
shift + esc
cancel