Updates from January, 2012 Toggle Comment Threads | Keyboard Shortcuts

  • Jay Versluis 12:42 pm on January 28, 2012 Permalink | Reply

    Categories: MySQL ( 19 ), WordPress ( 145 )   

    How to deploy HyperDB 

    Ever since I’ve started experimenting with HyperDB I thought that once I’ve got enough servers at my disposal, and if I ever figure out how to setup MySQL replication I’d bring the two together. I believe that day has finally come: HyperDB is now deployed across over 60 sites I’m taking care of.

    I want to share with you my configuration and some of the pitfalls I’ve come across – if it helps, great. But mainly these notes are for me to remember how I did it when the next cluster needs to be built.

    (More …)

    • Jay Versluis 6:19 pm on February 6, 2012 Permalink | Reply


      It’s been three weeks since I’ve had HyperDB running in the above sample configuration on about 6 test sites. The concept works, albeit with minor performance decreases over a standard dual-server setup. However I’ve run into a couple of problems twice over the three weeks: MySQL database inconsistencies.

      MySQL just crashes every once in a while. Sad but true – and I don’t know why, I’m just the observer here. And it’s no biggie either, you just go and reboot the service. This means that one of the slaves takes about a minute to catch up with the master. No problem here either.

      But as soon as one server is out of sync with the others the real nightmare begins: say server 1 recorded a change before server 2 crashes. Server 2 reboots and applies the changes one cycle too late so he misses creating a database table for example. Now you delete said table on server 1… Server 2 tries to apply this change, finds that this table doesn’t exist and throws out an error – and by the looks of it stops replicating altogether. That’s extremely ungood!

      It means you have to play catch-up with every server and set the master log coordinates manually again. This can get ugly, and I had to do this twice. I’m sure there’s another way to avoid this, but sadly I don’t know how at this moment.

      There is a project which may help called MMM (or MySQL Multi Master Replication Manager): http://mysql-mmm.org/ – looks extremely complicated to setup so I’m going to leave this for another long winter night.

    • Tung 6:46 am on July 10, 2013 Permalink | Reply

      Hi, why do you 2 commands to add Master 1 for write queries and read queries? Why don’t use combine them into 1 command with (read=>1, write=>1) instead of (read=>1, write=>0) and (read=>0, write=>1)

      • Jay Versluis 8:18 am on July 11, 2013 Permalink | Reply

        Both work fine for the example, but in a production environment it is plausible to have a master purely for writes and never for reads (and let the slaves do that) hence I split it up. It’s just for clarity really.

  • Jay Versluis 10:30 pm on January 20, 2012 Permalink | Reply  
    Categories: Announcements ( 7 ), WordPress ( 145 )   

    Calling all Forum Beta Testers 

    Great News: I’ve been meaning to add a general WordPress forum to this site for a while, but none of the options seemed to work well for what I wanted to do.

    All I needed was a simple discussion forum, integrated into WordPress – I really didn’t want to mess around with phpBB or the likes. bbPress is in a constant state of beta and gives me a headache every time I want to make it work, SimplePress is ugly and basically all of the above are overcomplicated.

    Enter Tal.ki – an embeddable forum solution that promises to give me a forum with only one line of code, or alternatively as a WordPress Plugin! It’s not live on this site – let’s test it out!

    (More …)

    • Jay Versluis 8:51 pm on January 21, 2012 Permalink | Reply

      Looks like I found something that isn’t as smooth as it could be:

      Even though I love the fact that it’s really easy to sign in with so many options, you could end up with multiple profiles while doing so. Say the first time you want to login you do so using Facebook, but when you come back you sign in with Twitter. Tal.ki now sees you as a separate user – and creates a new profile for you. Yikes!

      In order to avoid that make sure you REMEMBER your favourite signup option and always use that. Any other issues, please let me know in the Forum Issues section at https://wpguru.co.uk/forum

    • Jay Versluis 5:31 am on March 9, 2012 Permalink | Reply

      Thanks to everyone who’s been providing feedback over the last couple of months. I’m afraid the forum doesn’t work very well for me, so I’ve decided to close it down.

      I like the open concept that everyone can ask a question which is not related to any of my articles, but I don’t like the way it’s executed by Tal.ki. For example, I never get to find out if there’s a new post – which sucks. There are many other points that don’t quite do it for me.

      I’m not sure what I’ll replace this forum with, sadly every solution I looked into didn’t cut the mustard. Maybe it’ll just be comments on posts like it used to be. Tal.ki is a nice idea, but really only a concept. They’re not developing this product anymore, or too slow – and for that reason, I’m out.

    • David 9:36 pm on April 2, 2012 Permalink | Reply

      too bad this doesn’t work well. But is it possible to embed the forum on a wordpress.com blog? or only in a wordpress.org?

      Because I’m looking for something very simple like in this internet site here: http://www.iphoneography.com/discussion-board/
      That’s what I need, I don’t want to have an external forum. Is there a way to do it on a wordpress.com blog that you know?


      • Jay Versluis 9:54 pm on April 2, 2012 Permalink | Reply

        Hi David,

        Tal.ki is such a wonderful idea, and it’s the simplicity that really attracted me. Everything works and you don’t have to worry about installing anything or tweaking your theme, really good.

        The only drawback for me is that if a new forum post is left by a user, I don’t get to find out about it unless I check manually. I get an email if there’s a comment on an existing post, but not on a new one.

        If you can live with that, go for it – if you want to put it into a WordPress.com blog then the standalone version is for you. It’s just one line of JavaScript code – sometimes this works on WordPress.com, sometimes it does not – they’re eager not to let you execute your own code for system security. It’s free to use, try it out and let me know if it works for you.

        For self-hosted installations, the Tal.ki plugin does it all for you: install the plugin and you’ve got a forum. It’s super easy.

        I’ve even read about a workaround for the new posts notifications: I believe they’re working on it, and in the meantime they reckon you can use an RSS feed reader to check your forum feed and let that send you notifications. I’ve not tired this though.

    • David 6:01 pm on April 16, 2012 Permalink | Reply

      Hi Jay,

      Sorry I didn’t answer before but I haven’t received any email notification , probably I haven’t checked the spam folder well.

      By the way, I haven’t created one yet because I’m not sure if it’s working on wp.com. I’m not an expert, is it an iframe code? Usually in wp.com they allow only few external codes from the company they know and they want to. Not so many unfortunately. And there no way to use any external plugin.

      There was a link on tal.ki about it but it’s broken and it seems there are not so many answers in the support forum as well. I have the feeling to open something that will be shut down soon, or with no help at all. Even the most of their examples are broken :S

      • Jay Versluis 6:28 pm on April 18, 2012 Permalink | Reply

        I’m phasing it out too, it’s just not as mature as I’d like it to be. Sorry, Tal.ki!

    • Emma 1:08 pm on May 2, 2012 Permalink | Reply

      I use WP Symposium for my community needs. It’s easy to set up and also allows members to have their own profile page. It does cost $39 a year but it’s being updated constantly and the developer takes on new ideas. Well worth looking into

    • Jose 7:03 am on October 6, 2013 Permalink | Reply

      Hi, I need a tal.ki forum programmer that I can hire to do some tweaks. If anybody does, please email me.


  • Jay Versluis 1:11 pm on January 11, 2012 Permalink | Reply
    Tags: ,   

    Categories: Linux ( 101 )   

    How to prevent direct file access in your wp-content directory 

    I was working on a secure site with sensitive video material that we needed strict members access to. Even though many plugins can make sure your direct permalinks can only be seen by logged in members, direct links to files in your wp-content directory are still accessible to others. They can even be hotlinked from other sites.

    One way around this is to move the wp-content directory outside the web visible portion of your directory on the server, but even so WordPress can always link to such files. A better way is to tell your server not to give access to certain files (say ending with mp4 or mp3) and only allow access from your own domain.

    We can use Apache Mod Rewrite for this – it’s a complex language that you can utilise in your .htaccess file within the wp-content folder.

    Let me show you how to keep prying eyes out of your content.

    (More …)

    • Carl 9:11 pm on August 5, 2017 Permalink | Reply

      Hi Jay, this is just what I needed and works fine, however, web browsers are now reporting non secure content and blocking images etc. Removing the htaccess file makes it secure again! Any Idea what can be happening?

      • Jay Versluis 3:45 pm on August 6, 2017 Permalink | Reply

        Hi Carl, no actually, that’s the first I’ve heard about it. I do know however that the new generation of browsers will report a non-secure website if the URL is a plain http rather than https. Since the last line of this ruleset creates a plain http re-write, perhaps it’s the reason for the browsers reporting an insecurity.

        Provided your website supports https and a certificate is installed properly, and WordPress is setup that way, you can try and create the .htaccess re-wrote so that it does a https instead of http in the last statement. Let me know what you find!

        • Carl 6:22 pm on August 6, 2017 Permalink | Reply

          Hey Jay, well it appears to solve it! Who’d have thought one bit of code would cause that! I changed to https on the top line too, just be doubly sure!

          I quite often get a non secure report if I don’t rebuild the cache after I have changed something in WordPress, and yes when I check the address it has changed from https to http. Not sure if that is a known thing or not, or what actually “decides” to drop the “s”, I am all very new to WP and website building in general. Thanks for your help, Carl.

    • denisdoyon 2:40 pm on August 22, 2017 Permalink | Reply

      This solution worked beautifully for me, with one exception. My WordPress site sells online music lessons, which include mp3 and pdf files. I recently discovered that people could Google these files, connect directly to them, and download them. Gasp!

      Your .htaccess solution prevents people who are not logged in to the site from doing this, which is probably 99.9% of the threat. However, if someone is logged into the site (they can create a free account in a minute) they can still access these files directly, even if they haven’t purchased that music lesson.

      Is there anything I could do to prevent this?

      Important PS for others using this solution: I cut and pasted the code above into my .htaccess file, and discovered that all images on the site (photos, site logo, etc.) were blocked unless the user was logged in. Not good. I removed the jpg and png extensions from the exclusion list (along with some others) and everything went back to normal.

      • Jay Versluis 12:09 pm on August 23, 2017 Permalink | Reply

        Hi Dennis,

        That’s not something you can do with an Apache rewrite rule. The rewrite rule only tells the web server “if the requested file is requested from this domain, and if the user is logged into WordPress, then serve it. Otherwise, redirect”. It was originally designed to block sites hot linking to files on your server.

        What you need is a membership plugin. They’re usually quite complex to setup and often integrate with a shopping cart solution, making the setup even more complex. One such solution is the excellent WP eMember by Tips and Tricks HQ. I’m using it successfully over on my iOS Dev Diary. Feel free to test drive it there (I’ll give you a refund when you’re done of course).

        Alternatively, if such a solution is overkill, I’d recommend an external service such as Gumroad.com. You can upload files and sell them, and your users need to login with them to download content. It’s super simple to use and avoids the overhead of integration and configuration.

        Hope this helps, and all the best!

    • SQ 11:33 pm on September 4, 2017 Permalink | Reply

      Seems to work fine for all files EXCEPT xlsx?

      Works on xls files
      Works on xlsm files (added additional file type)

      But, when accessing xlsx – It is still prompting to download…

      • Chrisuwien 3:13 pm on November 27, 2017 Permalink | Reply

        You have to add appropriate MIME-type to the .htaccess-file bevor the code:
        AddType application/vnd.ms-word.document.macroEnabled.12 .docm
        AddType application/vnd.openxmlformats-officedocument.wordprocessingml.document docx
        AddType application/vnd.openxmlformats-officedocument.wordprocessingml.template dotx
        AddType application/vnd.ms-powerpoint.template.macroEnabled.12 potm
        AddType application/vnd.openxmlformats-officedocument.presentationml.template potx
        AddType application/vnd.ms-powerpoint.addin.macroEnabled.12 ppam
        AddType application/vnd.ms-powerpoint.slideshow.macroEnabled.12 ppsm
        AddType application/vnd.openxmlformats-officedocument.presentationml.slideshow ppsx
        AddType application/vnd.ms-powerpoint.presentation.macroEnabled.12 pptm
        AddType application/vnd.openxmlformats-officedocument.presentationml.presentation pptx
        AddType application/vnd.ms-excel.addin.macroEnabled.12 xlam
        AddType application/vnd.ms-excel.sheet.binary.macroEnabled.12 xlsb
        AddType application/vnd.ms-excel.sheet.macroEnabled.12 xlsm
        AddType application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx
        AddType application/vnd.ms-excel.template.macroEnabled.12 xltm
        AddType application/vnd.openxmlformats-officedocument.spreadsheetml.template xltx

        • Jay Versluis 3:17 pm on November 27, 2017 Permalink | Reply

          Thank you so much for sharing this, Chris! Great 🙂

          • Chrisuwien 3:38 pm on November 27, 2017 Permalink

            Yeah… an addition to the main article: the .htaccess-file has to be in the wp-content/uploads folder! I guess if someone use year/month folders in each on has to be this file.

    • Venkata Shyam Kumar Gundala 1:37 pm on October 6, 2017 Permalink | Reply

      Thanks a lot.. It really helped me..

    • Axel 7:39 am on October 29, 2017 Permalink | Reply

      Why is the rule based on the file extension? Should‘t it be the sub folder? I would never put a PDF if GIF in the wordpress root but rather in /downloads.

    • Admin 9:56 am on December 14, 2017 Permalink | Reply

      Awesome! I would never leave here without dropping my comments.
      It worked perfectly like MAGIC! I have tried so many of this codes, but yours seems the only one that worked on my website.

      Actually, mine was for zip files so I moderated the code as shown below:

      RewriteEngine On
      RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourwebsite\.com/ [NC]
      RewriteCond %{REQUEST_URI} !hotlink\.(zip) [NC]
      RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]
      RewriteRule .*\.(zip)$ http://yourwebsite.com/ [NC]


    • Admin 10:10 am on December 14, 2017 Permalink | Reply

      But i can no longer download the zip files directly from my website as it redirects to the homepage, can you help out?

      • Jay Versluis 11:44 am on January 20, 2018 Permalink | Reply

        Remember, the script works for everybody – including you! So for you to be able to download your own files, you must either be logged in, or use a link on your own website that links to those files.

        • Admin 8:10 am on May 20, 2018 Permalink | Reply

          Thanks Though, Please how do i enable hotlink so people can download a file only from my website as when the direct download link to the files is been shared, it should redirect to the homepage of my website.

          E.g Say i have a file named file.zip located at the wp-contents/uploads, Now i created a post on my website, http://www.mydomain.com/file-download and i dropped a download link to this file there. I only want people to download the file directly from my website. If the direct link to the file (eg. http://www.mydomain.com/file-download.zip) is to be shared to someone else, it should redirect to the homepage of my website.. Hope You Understand what i mean?

          • Jay Versluis 8:16 am on May 20, 2018 Permalink

            Hi Admin! You know, that is exactly what this code does. Anyone who would click on a hotlink to yourdomain.file-download.zip will be redirected to your front page and cannot download the file.

          • Admin 4:39 pm on May 20, 2018 Permalink

            @Jay Versluis: My Website dosen’t need someone to login before they can download on the website… What can i do now?

          • Jay Versluis 11:41 pm on May 20, 2018 Permalink

            From what you told me before, it sounded like this solution could work for you. But it has its limitations. If you’re serious about your file protection, look into a membership plugin (I’ve linked to one in the Alternatives section). There’s a big difference between the two approaches: this .htaccess solution is a quick and easy trick, but not 100% secure in all circumstances. A membership plugin is 100% secure, but comes with some additional setup and maintenance overheads – which might be overkill depending on your situation. Ultimately only you can decide what you need and what is important to you.

    • stepnyon 1:46 am on April 17, 2018 Permalink | Reply

      great thanks for this article.
      Can you explain me why it doesn’t with samsung tablet default internet browser or web browser.
      The same page with your .thaccess file is ok on samsung with firefox or samsung but not with default internet browser or web browser with mp3 or mp4 : it say:
      Media error:Format not supported or source not found
      Download Filt: http://xxxxx/wp-contnet/uploads/2014//04/xxxx.mp4?_=2
      If I remove the .Htaccess file the same page with same mp4 and mp3 is readeok
      Best regards

      • Jay Versluis 9:29 am on April 17, 2018 Permalink | Reply

        Hi stepnyon, I’m afraid I have no idea why that happens.

        • stepnyon 4:44 am on April 20, 2018 Permalink | Reply

          Thanks for the reply:
          In fact the prevent hotlinking works for pdf,jpg…but not for mp3 and mp4 on some browser:
          you can test it on safari on windows..If somebody has a solution…I’m here
          best regards

Compose new post
Next post/Next comment
Previous post/Previous comment
Show/Hide comments
Go to top
Go to login
Show/Hide help
shift + esc