wordpress Archives » Pieter @ Kraaima

for the love of code

12/07/2019

Now that was a nice surprise.

Juliette Reinders Folmer presented us the latest do’s, dont’s and tips at the Zwolse WordPress Meetup (great setup, nice people)!

This is what it was all about:

Now that WordPress has committed to a minimum requirement of PHP 7 by the end of 2019, we can all start looking at modernizing the code we maintain. Removing hacks to support old versions is easy, but how can code be improved when it just works on PHP 7? Namespaces, generators, Intl are just a few of the features introduced since PHP 5.2, not to mention scalar type declarations and all the other awesomeness that came with PHP 7. But what does it all mean, and how can you take advantage of these goodies? Join Juliette to learn to identify where to make quick fixes, when to look into refactoring, and how to make your code faster, better and more secure by using modern PHP.

https://speakerdeck.com/jrf/for-the-love-of-code-modernizing-wordpress-plugins-and-themes-full-deck

Fail2ban and wordpress

25/07/2014

If you use fail2ban on your server and you are running WordPress you could use this plugin:

https://wordpress.org/plugins/wp-fail2ban/

“WP fail2ban logs all login attempts, whether successful or not, to syslog using LOG_AUTH.”

So now when kiddies try to “hack” your login page, Fail2Ban will kick in and do its job.

wordpress.conf:

# Fail2Ban configuration file
#
# Author: Charles Lecklider
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf


[Definition]

_daemon = wordpress

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values:  TEXT
#
failregex = ^%(__prefix_line)sAuthentication failure for .* from <HOST>$

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

# Fail2Ban configuration file

#

# Author: Charles Lecklider

#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from

# common.local

before = common.conf

[Definition]

_daemon = wordpress

# Option: failregex

# Notes.: regex to match the password failures messages in the logfile. The

# host must be matched by a group named "host". The tag "<HOST>" can

# be used for standard IP/hostname matching and is only an alias for

# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)

# Values: TEXT

#

failregex = ^%(__prefix_line)sAuthentication failure for .* from <HOST>$

# Option: ignoreregex

# Notes.: regex to ignore. If this regex matches, the line is ignored.

# Values: TEXT

#

ignoreregex =

WP fail2ban plugin:

<?php
/*
Plugin Name: WP fail2ban
Plugin URI: https://charles.lecklider.org/wordpress/wp-fail2ban/
Description: Write all login attempts to syslog for integration with fail2ban.
Version: 1.2.1
Author: Charles Lecklider
Author URI: https://charles.lecklider.org/
License: GPL2
*/

/*  Copyright 2012-13  Charles Lecklider  (email : wordpress@charles.lecklider.org)

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2, as
    published by the Free Software Foundation.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
*/


add_action( 'wp_login',
			function($user_login, $user)
			{
				openlog('wordpress('.$_SERVER['HTTP_HOST'].')',LOG_NDELAY|LOG_PID,LOG_AUTH);
				syslog(LOG_INFO,"Accepted password for $user_login from {$_SERVER['REMOTE_ADDR']}");
			},10,2);
add_action( 'wp_login_failed',
			function($username)
			{
				openlog('wordpress('.$_SERVER['HTTP_HOST'].')',LOG_NDELAY|LOG_PID,LOG_AUTH);
				syslog(LOG_NOTICE,"Authentication failure for $username from {$_SERVER['REMOTE_ADDR']}");
			});

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

<?php

/*

Plugin Name: WP fail2ban

Plugin URI: https://charles.lecklider.org/wordpress/wp-fail2ban/

Description: Write all login attempts to syslog for integration with fail2ban.

Version: 1.2.1

Author: Charles Lecklider

Author URI: https://charles.lecklider.org/

License: GPL2

*/

This program is free software; you can redistribute it and/or modify

it under the terms of the GNU General Public License, version 2, as

published by the Free Software Foundation.

This program is distributed in the hope that it will be useful,

but WITHOUT ANY WARRANTY; without even the implied warranty of

MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

GNU General Public License for more details.

You should have received a copy of the GNU General Public License

along with this program; if not, write to the Free Software

Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA

*/

add_action( 'wp_login',

function($user_login, $user)

{

openlog('wordpress('.$_SERVER['HTTP_HOST'].')',LOG_NDELAY|LOG_PID,LOG_AUTH);

syslog(LOG_INFO,"Accepted password for $user_login from {$_SERVER['REMOTE_ADDR']}");

},10,2);

add_action( 'wp_login_failed',

function($username)

{

openlog('wordpress('.$_SERVER['HTTP_HOST'].')',LOG_NDELAY|LOG_PID,LOG_AUTH);

syslog(LOG_NOTICE,"Authentication failure for $username from {$_SERVER['REMOTE_ADDR']}");

});

Testing facebook intergration

14/11/2013

We all have different websites we like to post to.

Facebook, twitter, your own personal blog, the companies news page etc etc.

check

So now I try to connect this blog to facebook to see if thats working..

Redirect to my blog

29/07/2010

This blog was created in the directory /blog/ so we needed to ad a little piece of code to redirect browsers to this blog.

So instead of going to http://pieter.blinkenshell.org/blog/ you can also browse to http://pieter.blinkenshell.org to get on this blog.

Edit (when your on blinkenshell):

/public_html/index.html

and add:

<html>

<head>

<meta HTTP-EQUIV=”REFRESH” content=”0; url=http://[YOUR.USERNAME].blinkenshell.org/blog/”>

</head>

<body>

</body>

</html>

Sure there are many other way’s to do this..

Disable comments in WordPress

29/07/2010

Ofcourse you can disable the comments in the admin dashboard

Settings > Discussion >
[ ] Allow people to post comments on new articles

But on some themes it will still show up on your blog.

So I took a dive into my theme files:

/blog/wp-content/themes/[mytheme]

and took the comment text out of:

comments.php and index.php

Done