Netflow Developments

The latest and greatest happenings in the world of Science, Technology and everything else Geek

Posts Tagged wordpress

The best deal on wordpress themes

Feb 5

Posted by admin in Internet | No Comments

Well I just purchased a year subscription to Elegant Themes and I had to write a little blurb about how bloody impressed I am.  As much as this would sound like a simple advert for these guys it’s not.  It’s me looking at the 73 themes I just bought for $39.99.  That’s just over $0.50 per theme and I am willing to bet you aren’t going to find this many amazing looking themes for this price.  I set out to find the best looking theme of 2012 and I found over 50 of them.

But in the words of Lavar Burton: Don’t take my word for it, check it out for yourself HERE

Some samples of their themes

 

Tags: , , , , ,

MapMyUser.com wordpress ‘hack’ means new theme for the site!

Jan 5

Posted by admin in Internet, Random Musings | No Comments

I call this a ‘hack’ but in reality there was no breach of security, it was a clever little trojan of sorts put into my old theme by it’s creators.   What I’m talking about is the sudden appearance of a little tab on the right hand side of the page that messed up my entire layout.  It was a little advert for a website called mapmyusers, which in itself seems pretty tame and safe, nothing too nefarious looking but the point is that it was put on my site without me knowing about it..

In the end I found that it was being called from the footer.php page and it wasn’t the only thing being called.. An entire subpage was being pasted on the bottom of my blog:

Internet Marketing Reviews by Jayson Hahn is what it was called and the theme was called ‘Life Cycle 1.00 by themepriview’

So if yuo’ve gotten this, change your theme and the problem will go away

Finally got me to change themes on this site, lordy lordy the old one was 3-4 years old.. Not that the new one is all that modern, but it was the next inline in the installed themes I had handy.. too lazy to go find a new fancy theme for this blog

Tags: , , ,

Lessons learned about speeding up WordPress and an apache webserver in general

Nov 8

Posted by admin in Internet, Linux / Freebsd, Technology | No Comments

Alright so I’ve been struggling with this for quite some time.  I run 60-70 wordpress blogs that make up a large network of travel websites providing information on news, restaurants, hotels, events and job postings for every major city in north america.  Chances are if you’ve searched one of those things for a particular city you’ve hit one of my sites(or at least that’s the idea).  Now the problem is that there are a LOT of hotels, restaurants, news articles and job postings in north america, 100′s of thousands of them.  This means that my blogs have 100′s of thousands of posts on them and this number grows every day as they are updated to reflect new jobs, news and everything else going on in your city.

The big problem arises now because I have 60 blogs all with 10′s of thousands of posts being accessed by 100′s and 1000′s of people every day, clearly this isn’t somethign wordpress was built for but I have a flavoured history of bending software to my will.  My CPU usage was constantly at 100% and it’s only recently that I’ve gotten around to fixing this, or so the germans would have me believe :)  Here’s what you need to do

  1. Make sure eAccelerator is installed on your server
  2. Tweak your apache settings.. Right now this is what I have my httpd.conf set to:
  3. MaxKeepAliveRequests 20
KeepAliveTimeout 2
Timeout 45
MaxClients 20
MinSpareServers 2
MaxSpareServers 7
StartServers  4
  4. Make sure that you have wp-super-cache installed.. I researched the crap out of caching plugins and this one consistently came out on top
    • Now here’s the kicker..  I had a script that installs and sets up new websites for me and much to my chagrin after 6 months I just noticed that none of my blogs were caching properly.. the reason was because wordpress didn’t have write access to wp-content/cache/supercache.  Make SURE the wp-content/cache directory and ALL subdirs are writable by apache
  5. Increase your expiry time substantially.  The default is 3600 seconds(1/2 hour) but why do I want all of my sites rebuilding their cached pages every 30 minutes when I only update the sites every 4 hours?  So change the expiry time to something more in line with the frequency of your updates so you’re server isn’t constantly rebuilding pages all the time
  6. Preload, preload preload: This one was huge for me because of the number of posts I have.  Go into the preload section and turn on preload mode.  After you’ve updated the settings click on preload cache now.  This will systematically go through and precache your entire website..  The beauty about preload mode is that the precached posts done here never expire or are ever recached.  The preloading processes is fairly slow so you can do a few sites at a time without worrying that it’s going to melt your server into the ground
  7. WP-Minify: This wonderful little plugin takes your CSS and JS files and compresses the hell out of them, as much as it can without breaking them so that instead of your people having to load 10 50k CSS files it crunches it down to 1 50k  CSS file or something ridiculous like that.  Definitely some tweaking to look at with that
  8. Remove all unnecessary plugins: The less that loads the less your load. Figure out what you absolutely don’t need and scrap it
  9. Disable all Apache logging:  In total I have a few hundred websites on the server and recently I’ve turned off all domain specific apache logging.  If I need to trouble shoot a domain I’ll just re-enable it and the repeat the problem to see what’s going on but disabling this has also reduced my cpu consumption by leaps and bounds.
  10. Nginx: Whatever you do don’t have all of your traffic flowing solely through apache, get something like nginx on there.
I’ve never seen high CPU usage from mysql with any of my blogs so I’ve given up trying to optimize that..I’ve gone through the process of trying to optimize mysql but never noticed a difference so I just leave that as stock.  Hopefully that helps you out, my server isn’t the flashiest or the beefiest of girls but she’s a well oiled and highly tuned machine.  With these tweaks I should be able to get a few more years out of the ole girl yet :)

Tags: , , , , , ,

Is your wordpress home page displaying a 404 error all of a sudden?

Nov 7

Posted by admin in Internet, Technology | No Comments

Just went through troubleshooting this for a friends site and thought I’d post teh fixes..There are two main possibilities here:

  1. You have no posts(ie: you even deleted the default post wordpress comes with
  2. In the ‘Reading Settings’ you’ve changed the front page from ‘display latest posts’ to ‘A Static Page (select below)
    • The key with the above problme is that you failed to read the (select below) portion and if you look at ‘Front Page’ the drop down box probably has –Select– selected, which means nothing is selected.. Pick a god damn page and you’re off the the races!

Tags: , , , , ,

Timthumb Exploit causing plethora of sites to redirect to Russia

Oct 13

Posted by admin in Internet | 2 Comments

UPDATE: Site hacked again, teaches me for not removing the backdoors.  Details on how to find those below

Well what a delight that I checked on one of my old unused sites to find malware warnings and it redirecting me to http://placecollocation.ru/ .  This of course made me look a little closer as it’s folly to assume a breach is contained to one little area and sure enough I found wordpress and drupal sites alike redirecting.  So being the good server admin I cleaned it out only to wake up the next morning with one of my users telling me that the server was hacked and then pointing me to this very page saying ‘here’s how to fix it :) ’, obviously he doesn’t know this is my blog but I had to lasugh

So after a few hours of scripting I’ve cleaned it all out again but I wanted to post up a little help for those going through the same thing.

First off a big thanks goes out to Hack Sparrow for this post: http://www.hacksparrow.com/wordpress-hacked-getting-forwarded-to-distributioncorporate-ru-solution.html  as that pointed me in the right direction immediately.  Although if I could be a little critical of our hacking/flying/chirping friend I would say you shuold have looked more closely at those backdoors.. Obviously they could go by many names so you need to be able to find them if their location or name changes.

So first step: Make a list of all infected .htaccess file

  • Go find one that know is infected, it will contain a whole lot of ^M or linebreaks in it and then show you some nice little code that redirects your users to some russian site.  The 3 I’ve heard of are placecollocation.ru , flyghtairline.ru or distributioncorporate.ru.  Copy that url
  • Go to your home root directory, or /usr/www  or whatever your webroot dir is and run: find . -name .htaccess -exec grep -H {RUSSIANDOMAIN GOES HERE} > infected.txt
  • Clean out all the undeeded data in that file so it’s just a list of files:
    • In linux: sed -i ‘s/:.*//g’ infected.txt
    • In BSD: sed -i ” -e ‘s/:.*//g’ infected.txt
  • Clean out duplicate listings: uniq infected.txt > infected.new && mv infected.new infected.txt

Second Step: Clean the infected files

  • Lucky for us this guy announces himself by putting a shitload of linebreaks which awk can easily recognize.. What we want to do is tell awk to look for two of these line after line and delete everything below their occurence, output that to a new htaccess and then copy that over the infected one.  *It wouldn’t hurt to back up your .htaccess files*
  • Run: awk ‘p $0 == “\r\r”{exit} $0 != “\r”{print $0}{p=$0}’ .htaccess > htaccess && mv htaccess .htaccess for each of the .htaccess files in your infected or alternatively just write a script that reads that file line by line, going through and performing the above command

Step 3: Finding the Backdoors

  • As a good sneaky fucking russian this guy leaves backdoors so that he can re-infect you hours after cleaning this out in the form of the following files: _wp_cache.php sm3.php or wp.php.  If you look at these files you'll see they start with something like this:
      • <?php # Web Shell by oRb
        $auth_pass = "";
        $color = "#df5";
        $default_action = 'FilesMan';
        $default_use_ajax = true;
        $default_charset = 'Windows-1251'
  • So the prudent thing to do would be to scan all .php files(or all files in general if yuo were really wanting to be careful) and search for smoething unique about this file, ie: Windows-1251 or Web Shell by oRb like so:  find . -name “*.php” -exec grep -H ‘Web Shell by oRb’ ;\ -exec rm {} \;

Final Step: Upgrade all outdated timthumb files

  • This whole mess was caused by an exploit in timthumbs, which goes by thumbs.php or timthumbs.php.  It’s very important to realize though that there could likely be other, non timthumbs files on yuor server called thumbs.php as it’s a pretty ambigious filename.  So you need to find all of your timthumb files and replace them with updated ones
  • So let’s grab the updated timthumb: wget http://timthumb.googlecode.com/svn/trunk/timthumb.php
  • find . -name “*thumb*.php”  -exec grep -H timthumb {} \; -exec cp timthumb.php {}

 

And that’s that!  You should be all good to go..
PS – One last thing I did was to chown root all of my .htaccess files and leave them chmodded to 444.  Make sure this doesn’t screw anything up on your end but hopefully it should prevent them from being overwritten in the future

Tags: , , , ,

How to have wordpress load plugins in a specific order

Apr 19

Posted by admin in Internet | No Comments

Or more specifically in this example how to get wordpress to load a specific  plugin before all others.  By default wordpress will load your plugins in alphabetical order as for the most part 99.99% of people could care less and are unaffected by plugin execution order.  However for that .01% of us(don’t you feel special now?) it can cause some serious havoc to have one plugin do it’s thang before another.  In order to give one plugin priority and load first you need to stick the following code in that plugin’s main php file:

 

function this_plugin_first() {
// ensure path to this file is via main wp plugin path
$wp_path_to_this_file = preg_replace('/(.*)plugins\/(.*)$/', WP_PLUGIN_DIR."/$2", __FILE__);
$this_plugin = plugin_basename(trim($wp_path_to_this_file));
$active_plugins = get_option('active_plugins');
$this_plugin_key = array_search($this_plugin, $active_plugins);
if ($this_plugin_key) { // if it's 0 it's the first plugin already, no need to continue
array_splice($active_plugins, $this_plugin_key, 1);
array_unshift($active_plugins, $this_plugin);
update_option('active_plugins', $active_plugins);
}
}
add_action("activated_plugin", "this_plugin_first");

Many thanks to jsdalton in this thread: http://wordpress.org/support/topic/how-to-change-plugins-load-order for posting up the solution and make sure you check out that thread for more discussions on the topic

 

Alternatively there is a handy little plugin that helps you do this and more found here: http://wordpress.org/extend/plugins/plugin-organizer/

Tags: , , , , ,

Disabling Breadcrumbs on only the home page for WordPress

Apr 1

Posted by admin in Internet | No Comments

Just spent a few minutes figuring this out, being a completely n00b with php it ended up being really simple. Just replace the bottom line of your header.php where it includes breadcrumbs with the following code:

<?php if (is_home()) { ?>
<?php } else { ?>
<?php include (TEMPLATEPATH . ‘/breadcrumbs.php’); ?>
<?php } ?>

Tags: , , , ,

How to use php includes inside of a wordpress post?

Apr 1

Posted by admin in Internet | No Comments

Unfortunately traditional Server side includes don’t work for loading external pages on remote domains/servers, or at least not that i’ve been able to find so far.  After a bit of research I’ve found two separate solutions to this:

1.)

The first solution is the more secure solution and is specifically for scenarios where you, the admin, or registered users of your blog only will be able to access the php includes.  You need to install the wordpress plugin: php-execution and then put the following code into your post:

<?
$a = file_get_contents(“http://www.somedomain.com/file.php”);
echo ($a);
?>

2.)

This next example is far less secure as php execution will be available to everyone hitting your website.  You will need to install the Exec-PHP plugin for this and insert the following code into your post:

<?php $a = file_get_contents(‘http://www.somedomain.com/file.php’); echo ($a); ?>

 

Hope that helps!

Tags: , , , ,

How to disable wordpress autoformatting (
and

tags)

Apr 1

Posted by admin in Internet | No Comments

I posted a few days ago about how to prevent wordpress from inserting <br \> and made a note that I would have to do a bit more research to figure out how to disable the <p>’s .  Well a bit more research later I’ve found the solution to getting rid of all the bloody tags that WP throws in there.

What you need to do is to go into your wp-content/plugins directory and either create a new directory and copy the following into a .php file or simply put this into a file into the plugins directory:

<?php
/* Plugin Name: WP Unformat
* Plugin URI: http://wpvibe.com
* Author: Jonathan Dingman
* Author URI: http://jonathan.vc
* Version: 1.0
* Description: Disables the <p> that is automatically inserted by WordPress
*/

remove_filter(‘the_content’, ‘wpautop’);

?>

Of course credit is due to Jonathan Dingman for writing this simple little ditty, but I can say it works great!  Also you should undo any edits to the formatting.php file if you want to use the above

Tags: , , , , , ,

How to Prevent wordpress from automatically inserting
tags everywhere

Mar 29

Posted by admin in Internet | No Comments

One of the more annoying features of wordpress is it’s need to auto-format all of your html to high hell, especially when you are importing posts in html format.  Everytime you have a line break WP will put a <br \> in there, screwing everything up.

There are a few plugins around to turn this off however the ones I tried didn’t do jack so I had to go into the wp-includes/formatting.php file and specify that I like my html the way it is thank you very much.

It’s easy enough, in your formatting.php file change the following line:

function wpautop($pee, $br = 1) {
to
function wpautop($pee, $br = 0) {

done.. Now WP will still insert <p> tags throughout but not as many fo them.. I haven’t gotten around to solving that problem but I imagine it’ll be just as simple.  Remember that when you upgrade to a newer version of WP you might have to go in and make this adjustment again

Tags: , , , ,

Page optimized by WP Minify WordPress Plugin