wordpress Archives - Digitalchild.Info

BuddyPress and WordPress Search

July 6, 2014 by Jamie Leave a Comment

I had a site that needed private messaging so I decided to use BuddyPress as it already has a great messaging system. It appeared to work well with all the existing plugins until I tried to use the site search. I use Facetious Search which is a really nice search plugin for WordPress. I have custom post types and a bunch of extra custom fields that I would like to search and Facetious makes that really easy. The only problem is that if you have both BuddyPress and Facetious Search installed, search stops working all together. No matter whether I used the built-in search or the Facetious widgets, any query would redirect to the base site URL. Disabling either plugin would result in search working again. This is what I had to do to get Buddypress and WordPress search working again.

After going line by line through Facetious I discovered that if I disabled the nice URLs in the plugin search started working again. I went through all the nice URL code and found that line 273 of facetious.php was where search would stop working.

</p>
<p>$this-&gt;search_base = apply_filters( 'facetious_search_base', $wp_rewrite-&gt;search_base );</p>
<p>

I tried to see if I could override this somehow but it wasn’t doing anything out of the ordinary. I started digging around BuddyPress and discovered that it likes to take over WordPress search. This meant that when Facetious tries to rewrite nice URLs BuddyPress would take over the search and redirect to the home page.

I found the section of code that was the culprit in the BuddyPress source code in bp-loader.php. In version 2.0.1 of BuddyPress it starts at line 284 of the bp-loader.php.

</p>
<p>// The search slug has to be defined nice and early because of the way<br />
// search requests are loaded<br />
//<br />
// @todo Make this better<br />
if ( !defined( 'BP_SEARCH_SLUG' ) )<br />
define( 'BP_SEARCH_SLUG', 'search' );</p>
<p>

I found it ironic that they have the ‘make this better’ as it takes over search. I tried various things trying to override this constant and I couldn’t get anything to work as it loads it too early for me to have the override in my theme.

Update: I posted my problem over on the BuddyPress forums and I got a response from Henry Wright suggesting I put this into a bp-custom.php file. I had attempted this before but for some reason it wasn’t working, It does now. This file is used to create customisations to BuddyPress and I’m already using this which is located in the plugins directory.

~~The only way I could get this to work was to define the constant in the WordPress config. Adding the following to your wp-config.php will allow both plugins to play nicely.~~

<br />
define( 'BP_SEARCH_SLUG', 'searchresults' );</p>
<p>

What this does is defines BuddyPress’s search slug to not be the same as the WordPress or facetious search slug. I’m not sure if this is the best way to do this but it works.

Update: Here is the github issue from Facetious search that I raised then worked through to find the answer.

Heartbleed Vulnerability and WordPress

April 9, 2014 by Jamie Leave a Comment

Unless you’ve been under a rock for the last day and a half you would have heard something about the latest OpenSSL vulnerability called Heartbleed. This article is going to help anyone that cares about the heartbleed vulnerability and WordPress SSL. What this vulnerability allows is for an attacker to steal information that is usually nice and tightly guarded behind your SSL certificates. They are able to get passwords, the private key that secures your SSL certificate that is in your servers memory and other information leaving no trace. This is very bad. Now I run a lot of WordPress websites and use SSL certificates for access to the admin area and for all user logins, you do too right, right?

You can check if you’re vulnerable by using the following tool developed by Filipp Valsorda at http://filippo.io/Heartbleed/

Almost all major operating systems that are vulnerable have already released patches for this and unless you’re with a dodgy web host they would have applied the patch by now. This is great however due to the fact that there is no way of knowing if there has been an attack you should generate a new SSL certificate and have that installed. You will then need to force all your users to log out and change their passwords.

You will need to force everyone to logout and then force them all to change their passwords.

Force Logout

In WordPress it is actually very easy to force all your users to log out by changing the security keys stored in your wp-config file. You can read how to do this here.

What you’ll need to do is open the wp-config.php file on your wordpress install and locate the lines that look like this.

<br />
define( 'AUTH_KEY',         't`DK%X:&gt;xy|e-Z(BXb/f(Ur`8#~UzUQG-^_Cs_GHs5U-&amp;Wb?pgn^p8(2@}IcnCa|' );<br />
define( 'SECURE_AUTH_KEY', 'D&amp;ovlU#|CvJ##uNq}bel+^MFtT&amp;.b9{UvR]g%ixsXhGlRJ7q!h}XWdEC[BOKXssj' );<br />
define( 'LOGGED_IN_KEY', 'MGKi8Br(&amp;{H*~&amp;0s;{k0<br />
define( 'NONCE_KEY', 'FIsAsXJKL5ZlQo)iD-pt??eUbdc{_Cn&lt;4!d~yqz))&amp;B D?AwK%)+)F2aNwI|siOe' );<br />
define( 'AUTH_SALT', '7T-!^i!0,w)L#JK@pc2{8XE[DenYI^BVf{L:jvF,hf}zBf883td6D;Vcy8,S)-&amp;G' );<br />
define( 'SECURE_AUTH_SALT', 'I6`V|mDZq21-J|ihb u^q0F }F_NUcy`l,=obGtq*p#Ybe4a31R,r=|n#=]@]c #' );<br />
define( 'LOGGED_IN_SALT', 'w&lt;$4c$Hmd%/*]`Oom&gt;(hdXW|0M=X={we6;Mpvtg+V.o&lt;$|#_}qG(GaVDEsn,~*4i' );<br />
define( 'NONCE_SALT', 'a|#h{c5|P &amp;xWs4IZ20c2&amp;%4!c(/uG}W:mAvy&lt;i44`jabup]t=]v&lt;`}.py(&lt;span class=&quot;hiddenSpellError&quot;&gt;wTP%%' );</p>
<p>

Use the online salt generator found here. This will output a set of new salts you can paste over the existing ones. Save the file and this will force everyone to log in again.

Force Password Change

This is also relatively easy if you are comfortable with PhpMyAdmin and SQL. WordPress won’t let someone log in if their password is blank so you can force everyone to change their password by updating ALL passwords to nothing. When a user tries to login it will deny them and they will have to use the lost/forgot password feature of WordPress to reset it.

You will need to check what your database prefix is (this is in your wp-config.php) and then run the following command in PhpMyAdmin on your wordpress database.

</p>
<p>UPDATE wp_users SET user_pass='';</p>
<p>

PLEASE NOTE: This assumes that your WordPress database prefix is wp, it might not be this if you are using any security plugins such as Better WP Security.

WordPress Plugins I Recommend

March 24, 2014 by Jamie Leave a Comment

I’ve been working and developing websites with WordPress since version 1.5 and before that I was using b2. WordPress has come along way from a blogging platform to a very powerful content management system. I’ve used WordPress to build catalog sites, e-commerce sites and even an ebay/etsy like market place. Some people like to have their say about it but you can’t deny the numbers. WordPress currently powers 19% of ALL websites on the Internet. I have a lot of people ask me what WordPress plugins I use so I thought I would write an overview of the ones I use. These are the free plugins I use but some of them have paid add ons you can get to enhance the functionality.

Security

The biggest argument for not using WordPress is security. A lot of general practices should be followed such as keeping your plugins updated, use a WordPress framework or theme that is secure and making sure you use the right plugins to keep the crap out.

Akismet

This plugin has shipped with WordPress for as long as I can remember. It is built by the guys behind WordPress Automattic. It’s primary role is to stop comment spam which can be a huge problem on your site if you configure it badly. Activate this and sign up for an account. If you have a high traffic site, pay for it. Otherwise you never know when a service like this is forced to go to a payment system.

WP Better Security

Soon to be renamed iThemes Security (cause they bought it). I’ve been using this plugin to harden WordPress for a quite a while now. It has a pretty easy recommendations page to tell you what you should be locking down. A lot of it can be pretty complex for the non-technical person but since using it I’ve seen a dramatic decrease in security related incidents. It also provides a backup system which is VITAL for any website. If you aren’t running regular backups you will wish you did.

WangGuard

This is a recent plugin I’ve added to my standard list and can’t recommend it highly enough. If you have a high traffic/visible site chances are you’ll have open registrations. This means you’ve opened the gates to spammer registrations. Spam comments is one thing but having your site fill up with bot/splogger accounts can be a real nightmare to manage. This is where WangGuard comes in handy with stopping these bad registrations. It uses an antivirus approach to block spam registrations and is very effective. On top of this it’ll scan the existing users on your site and mark ones that it thinks are spam accounts based on their very accurate system.

Statistics and SEO

JetPack

Jetpack is another plugin from the guys & girls at Automattic and provides quite a few different sub-plugins and features. I mainly use it for the contact form and the WordPress statistics. This will give you a pretty straightforward look at your site visitors what search terms are bringing people in and daily visits on the site and pages. It’s not very complex and if you want detailed stats you should look at google analytics or another complex stats tool. The contact form is simple and can reduce your overall plugins if you don’t need a fancy form such as whats provided by contact form 7. On top of this it hooks into Akismet to reduce spam on your forms.

WordPress SEO by Yoast

This is one plugin that you must install on your site if you want to get any traffic to come your way. It allows you very fine grained control over the SEO of your site and hooks in nicely to a number of other plugins and services. Its straight forward and being the most popular SEO plugin there are numerous how-to guides around the net.

Performance

W3 Total Cache

Site performance is an important part of making sure you keep your visitors and please the search engines. There are some interesting studies from a bunch of smart internet professionals about bounce rates and site load times. I’ll summarise it with this, if your site loads slowly then it will bother your users and the search engines. This is where W3 Total cache can come in very handy, it will make your site faster by reducing load times. WordPress is PHP based with a MySQL database on the backend which makes for a very dynamic engine which is great for a small site but can be problematic on the higher traffic sites. If you are on underpowered web hosting this can also help you. There are guides around on how to configure it so I won’t go into detail on that here. If you are smart about your front page design you can get some significant speed gains. A recent site I launched I got the front page load times from 10seconds down to 1.2 seconds with a simple design and caching.

E-Commerce

Woocommerce

Woocommerce is the go to e-commerce add-on to WordPress for me these days. It did take a bit of getting used to in terms of theme development but if you’ve got a theme that is already Woocommerce enabled you’ll be fine. It’s got a nice system but be prepared to pay for extra functionality, its a good system for small, medium or large catalogs. The latest version 2.1 has brought in a new admin interface and a REST API that allows for some cool extensions to come about.

Image Galleries

WordPress Gallery

Surprisingly the built in gallery that comes with WordPress is quite good for small galleries that you want to include in a post. It can get limited if you’ve got a site that is very image/gallery heavy. So long as your theme has support for the WordPress galleries you’ll be able to use them in your posts for the majority of what you need.

NextGEN

I have been using this plugin for years and can’t recommend it enough. I believe its also got the honour of one of most popular plugins of all time. If you need a complex gallery setup and like to have your images in a sensible order I can’t recommend this plugin enough. They have simple thumbnail galleries, slideshow galleries and more. You can embed the gallery in a post or have a dedicated album page.

Contact Forms

Contact Form 7

When I need more than a simple contact form from Jetpack I always turn to Contact Form 7 as my go to form editor. It’s got a pretty straightforward interface to build complex forms that allow you to have different forms on different pages. It uses email notifications to keep things simple. There are additional plugins you can get to allow you to store the responses in the database if you like.

Conclusion

There are a bunch of paid plugins I use but they are usually case specific to the client project. I also like to recommend the free ones as I know its hard to spend a lot of money on plugins. Especially with the new trend to subscription based models for plugins where you’re having to pay for the plugin every year.

SSL Certificate: Some files on this page are unencrypted.

February 20, 2014 by Remote Admin Leave a Comment

Ever developed a website, enabled SSL and then not had your browser show you a nice green SSL icon? You get the following in your browser?

You click on the icon and there is a warning message ‘Some files on this page are unencrypted.’ This is because something on the page is still referring to http://. Whenever I’m writing any URL’s in code I leave the protocol off.

</p>
<p>http://www.google.com</p>
<p>would become</p>
<p>//www.google.com</p>
<p>

This will let the browser decide which protocol to use and stop the issue where ‘some files on this page are unencrypted error. Then all your links on your pages will get this symbol in your address bar.

Instagram For WordPress

May 19, 2011 by Jamie Leave a Comment

As you can see in my sidebar I’ve got photos from my Instagr.am feed. Instagram is a cool little app for the iPhone that lets you throw some effects over your photos and share them. You can follow your friends and the likes. I wanted to get this on my site and as I’m using WordPress I thought, surely someone has written a plugin that’ll suit my needs. I wanted a simple plugin that would give me a widget that I could easily configure in my sidebar. So I start searching and came up with the following:

Instagram Embed just allowed me to add images to my posts, not what I was looking for. Instapress does a whole bunch of stuff and I just wanted the last 5 or 10 images and have them cycle through. Instagram for WordPress was the closest. A widget with 20 images, simple setup and nothing really to it. Great, except the transition speeds were way to fast. There is no option in the plugin to change this, so I decided to dig around the source code and find where to change it.

I found that the plugin author Eriks Remess had used the jQuery plugin Cycle to go through the images. The file that defines this is called ‘wpinstagram.js‘

wpinstagram.js

The definition looks something like this (line 2):

<br />
jQuery(&quot;ul.wpinstagram&quot;).cycle({fx: &quot;fade&quot;});<br />

All you’ll want to do to change the fade speed is to add the following to the end of the JS definition:

<br />
jQuery(&quot;ul.wpinstagram&quot;).cycle({fx: &quot;fade&quot;, speed:  2500});<br />

All the available options for jQuery Cycle can be found over at their website.