h4x3d.com

- h4x3d.com

Archive
Tag "Wordpress"

Wrong character encoding – Latin-1, UTF-8 data in MySQL

By: jz
24-06-2011
Wordpress
0 comments

This article saved me quite some headache – also this is the cleanest solution of all. For several other workarounds, see Stackoverflow here.

The solution that works was:

mysqldump -h (your ip) -u (your username) -p  --opt --quote-names \
--skip-set-charset --default-character-set=latin1 (your db name) > (your db name)-dump.sql
mysql -h (your ip) -u (your username) -p \
--default-character-set=utf8 (your db name) < (your db name)-dump.sql

delete the brackets, dont fill in the brackets (your ip) = 127.0.0.1 for instance

Read More

How to remove W3 Total Cache html comment in footer

By: jz
10-09-2010
code, how to, Wordpress
1 comment

I am not discussing whether it should be done or not, but just saying where to do it.
W3 Total Cache is a great plugin and they surely deserve some SEO juice / kudos for their work, but I have seen questions unanswered on the net of people not knowing where to delete pieces of comments that are inserted into their pages. Again, I am not touching the ethics of removing credits, but just offer the tools. Use as liked.

/wp-content/plugins/w3-total-cache/lib/W3/Plugin/TotalCache.php

and uncomment/change as desired.

from

/wp-content/plugins/w3-total-cache/w3-total-cache.php

you can find the lead (the references to the above mentioned file).
find the lines using the search for the html comment…

Read More

WordPress Mu embed not working for youtube, input, code, etc.

By: jz
01-12-2009
code
0 comments

Today I wanted to publish a real quick post about how to embed a paypal button into your wordpress post. A topic that has been covered many times elsewhere (if you consult google), but yet many paypal buttons failed to hide the merchant’s email address which would result in evil spam to be sent. Anyhow, I thought posting this quick article would take max 5 minutes or so, but it turned out to be more difficult: WordPress MU for security purposes does not allow specific HTML code to be included in posts or pages.
This is for security reasons, as mentioned before, because in a multi-blog environment people could post all sorts of crap to compromise your site, server and work, ultimately driving you nuts and causing all sorts of havoc.

After some Googling I found several interesting articles, most of them repeated themselves and said “well.. edit the ksas.php file in wp-includes” and then stated a long-list with many interesting HTML pieces. This works, but a plugin is more fancy I thought: so I googled on and found a plugin called “unfiltered” content WordPress MU, released by the WordPress guys. This is in so far cool, as you can either stick it in the mu-plugins folder and have it sidewide, or in the regular plugins folder and just activate it on a blog by blog basis. Since I am running this WordPress MU installation on my own and do not have posts to monitor for “havoc causing script includes”, I decided to go for the plugin and enable it side-wide. This way I can upgrade my wordpress mu next time a new version comes out and keep my sanity (because by then I would probably have forgotten about the includes folder and the php file that I need to update every time…)

Hope this helps,
best,
jez

Read More

Adding a paypal button to your wordpress page

By: jz
01-12-2009
asides, code
0 comments

update: f§*king wordpress mu won’t let me enter tags in my posts. I have tried the wordpress RAW plugin and other filters, but still. more updates on this tomorrow -> solution

There are different approaches to doing this (adding a paypal button to your wordpress page, or any html or php website):

You can copy&paste the code you find on most pages and wonder why you get really a lot of spam emails
or you can use the “secure merchant id” code from paypal
or you can grab a plugin at wordpress.org

To explain the first (revealing code)

<form name=”_xclick” action=”https://www.paypal.com/cgi-bin/webscr” method=”post”>
<input type=”hidden” name=”cmd” value=”_xclick”/>
<input type=”hidden” name=”business” value=”user@spam-me-please.com”/>
<input type=”hidden” name=”item_name” value=”Customer Service”/>
<input type=”hidden” name=”currency_code” value=”USD”/>
<input type=”hidden” name=”amount” value=”1.00″/>
<input type=”image” src=”http://www.paypal.com/en_US/i/btn/btn_donate_LG.gif” border=”0″ name=”submit” alt=”Make payments with PayPal - it’s fast, free and secure!”/>
</form>

While this has its advantages: you can easily specify the parameters, it also has the problem that your email address is very likely to be scraped and spammed by bots. So next time you receive one of those fake paypal “you need to click here to reactivate your account” emails… guess why you are receiving it.

I use the second version, the paypal secured id, because I am not too keen to exposing (any) email address to spam bots. The code below will generate a paypal button with my id in it. To change that or to get your code you need to login to paypal and get it from the merchant tab. Or you can enter “paypal button” in the search field top right of the page.

2) Click on Merchant services.
3) Click on websites payment standards.
4) Click on accept contributions.
5) Click on get donation button.

<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick"/>
<input type="hidden" name="hosted_button_id" value="10155388"/>
<input type="image" src="https://www.paypal.com/en_US/i/btn/btn_donate_LG.gif" style="width: 100px; float: right;" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!"/>
</form>

And now to the fun part actually: you will not be able to copy and paste the code(s) mentioned above, because wordpress will strip the input fields and nothing will display. So unless you are putting this code into your template (e.g. by including it in a separate php file), it won’t work, I believe.

You can however grab a wordpress plugin, like this paypal plugin to help you out.

Also of help – this support post at wordpress

hope this helps anyone,
best,
jez

Read More

Unable to find Akismet servers or The key below was previously validated but a connection to akismet.com can not be established at this time.

By: jz
24-10-2009
Uncategorized
0 comments

Seems like either my server’s DNS management is entirely bust or WordPress/Automattic/Akismet changed something their end, because as discussed yesterday in my cannot resolve downloads.wordpress.org and dashboard (RSS) empty post, the fix is rather straight forward:

add the needed IPs and the corresponding hostname to /etc/hosts (on the server, not local client!),
you can see how to do it in the before mentioned post.

You can get the akismet IPs yourself by pinging rest.akismet.com or just check their website and FAQ at http://blog.akismet.com/akismet-hosting-faq

Just use the first one:
72.233.69.3
72.233.69.2
66.135.58.62
66.135.58.61

Read More

Cannot resolve downloads.wordpress.org or WordPress Dashboard empty?

By: jz
23-10-2009
Uncategorized
0 comments

Cannot resolve downloads.wordpress.org ?
You are not alone!

I am running WordPress MU 2.8.4. and till today I have had no issues using the auto upgrade or auto update function of WordPress Plugins or WordPress MU Plugins until everything stopped working.

I pretty much googled for one hour and tried different solutions here and there, but nothing really worked, as the root/cause of the problem was literally at “root” level: I had to edit the /etc/hosts file on my server to reflect the correct IPs of wordpress.org

Open up the file /etc/hosts and add the following lines at the end:
You get to this file by ssh’ing into your server and typing “cd /etc/“.
On any unix server you can edit the hosts file by typing “vi hosts
In vi, press i to insert and paste (usual command+v) the lines below.
Press ESC briefly to exit the insert-mode. Then type in the following: :wq.
The : tells vi to change into command mode, the w to write to file and the q to quit the file.
Make sure to restart the httpd service by typing service restart httpd.
Some steps may be different depending on your setup, but this should in general work!

Below the IPs and the hostnames:

72.233.56.139 wordpress.org
72.233.56.138 downloads.wordpress.org
72.233.56.139 planet.wordpress.org
74.125.47.147 blogsearch.google.com
72.233.56.139 api.wordpress.org
72.233.56.142 codex.wordpress.org

(C/P’ed from http://mu.wordpress.org/forums/topic/14891)

Of course, if the IP addresses change in future, the ones entered before will have to be changed.
This can be done by simply pinging the domains from either command line (terminal on Mac OS X or cmd on Windows), using “ping”. On Mac OS X you will want to use “ping -c 5 wordpress.org” to limit the query to five pings. If you want to stop your pinging before, just break the operation by pressing Command + C.

If you cannot use any command line tool you may want to consider using Ping.eu the cute pingu that helped me out with several network related operations in the past.

I hope this article will spare you the useless hours of Googling :)

Searched for “cannot resolve downloads.wordpress.org”
Did help:
mu.wordpress.org/forums/topic/14891

Searched for “RSS Error: WP HTTP Error: name lookup timed out”
Did not help:
WordPress › Support » Dashboard issues: RSS Error:… – wordpress.org
wordpress.org/support/topic/293871

Searched for “An Unexpected HTTP Error occurred during the API request. “
Did not help:
WordPress › Support » Plugin API HTTP Error – wordpress.org
wordpress.org/support/topic/227430
WordPress › Support » Plugin Installer Bugs – wordpress.org
wordpress.org/support/topic/215527

Searched for “An Error has occured: name lookup timed out”
Did not help:
Case Study: RSS Error: WP HTTP Error: name lookup timed out … – bestwpthemez.com
www.bestwpthemez.com/…/case-study­-rss-error-wp-http-error-name-looku
How-to Fix WP HTTP Error: name lookup timed out « Roll Over – fatlabmusic.com
fatlabmusic.com/blog/…/how-to-fix-­wp-http-error-name-lookup-timed-o…

Searched for “Download failed. name lookup timed out”
Did not help:
WordPress › Support » name lookup timed out – wordpress.org
wordpress.org/support/topic/225535
Quick ‘n Dirty solution for wordpress: Download failed.:… – minkfarmen.net
sirmc.minkfarmen.net/…/quick-n-dirty­-solution-for-wordpress-download-­…

http://www.hart-empire.com/2009/03/26/download-failed-name-lo…

Read More

How to harden your WordPress install (ssh)

By: jz
23-10-2009
Uncategorized
0 comments

I figured out how to harden wordpress using ssh and some common sense.

I changed ownership (user) of the cache and uploads folder to apache by

chown apache uploads
chown apache cache

to enable apache to write to it

chmod was set to more restrictive value of 755 each instead of easily
exploitable (as it happened on solarvps and zone.net) chmod 777

chmod 755 uploads
chmod 755 cache

giving me the following structure

ls -l /wp-content/

drwxr-xr-x 2 apache psacln 60416 May 3 05:39 cache
-rw-r--r-- 1 comh4x3d psacln 30 Nov 14 03:26 index.php
drwxr-xr-x 83 comh4x3d psacln 3072 Apr 17 12:48 plugins
drwxr-xr-x 9 comh4x3d psacln 1024 Apr 17 12:37 themes
drwxr-xr-x 5 comh4x3d psacln 1024 Mar 25 07:04 upgrade
drwxr-xr-x 3 apache psacln 8192 May 3 05:38 uploads

by that wordpress can upload files to the uploads folder and files can
be created in the cache folder.

to restrict the folders even more I added a
.htaccess file with chmod 644 each

vi .htaccess

for uploads:

Deny from all
Allow from 72.249.95.104 # server IP address

Options -ExecCGI # disallow execution of below files
AddHandler cgi-scriptscript .php .pl .py .jsp .asp .htm .shtml .sh .cgi
# we dont want any dodgy pearl scripts or php to executed

Order Allow,Deny
Deny from all
# deny everything but the
image and text files
Allow from all

# deny
opening those files
Order Allow,Deny
Deny from all

similar file for the cache folder, but instead of the image and doc
files only meta and html are allowed, make sure to remove html from
execcgi line

I hope you appreciate this article,

best,
julian klewes
h4x3d.com

Read More

WordPress 2.8-beta1-11402

By: jez
20-05-2009
unsorted
2 comments

Quite frankly I should rather be sitting down and study for the upcoming exams, but since I have been toying with my website redesign since October 2008 (last year, yes…) and the dark-ish, artistic version does not really “fit” to spring/summer anymore I am working on a day/night time theme which basically shows the old, white site when the sun is up and the dark, night-ish site when the sun is down. I was thinking how to realize this: I could have gone for an easy PHP-switch checking the server-time and therebased-on use stylesheet A or B, but since the website’s audience is spread over the world I am now opting to use a jquery javascript client-side approach. So every user, regardless of timezone and location, will be served the appropriate version.

So I hardened my wordpress by means of playing around CentOS usergroups and permissions and I was able to get the upload and cache folder to work with quite restrictive permissions (755 as the worst). Hopefully this will take care of the past security issues…

Anyhow, using the “automatic upgrade” function within wordpress I stumbled upon the “highly praised” WordPress 2.8 version (2.8-beta1-11402) and frankly it is doing “shit at all” but not displaying “pages” anymore (posts are fine). I suspect it has to do with changes in the theme terminology, but then again, why is it working on “posts” all fine? I am reverting, or at least trying to revert. The last “major issue” I have had with WordPress was the switch from 2.6 to 2.7.4… my advise: keep your fingers off betas if you can. There are not, as the devs say, for public use in open, active, systems.

I have some themes lined up, alongside the changes I mentioned above, but still exams till 2nd of June, 09. Gah…

Read More

Buddypress

By: jez
16-04-2009
Wordpress
0 comments

This week I have been extensively working with WordPressMU and buddypress.org, pretty much
setting up your own community sites with WordPress. Highly recommended (however
I do dig their logo that much)

My site(s) are hosted by SolarVPS and their friendly “can do attitude” is why I recommend them. This was posted via email

Read More

Changing themes over to GPL

By: jez
08-02-2009
Wordpress
0 comments

I am in the midst of changing all my themes over to GPL -
particularly interesting is the WTFPL license – http://sam.zoy.org/wtfpl/COPYING

which states:

Everyone is permitted to copy and distribute verbatim or modified
copies of this license document, and changing it is allowed as long
as the name is changed.

DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

0. You just DO WHAT THE FUCK YOU WANT TO.

I am almost tempted to use this one, because if GPL is boilt down to its core, this is basically what (as I understand) is meant by it. People, companies, evil can do whatever the crap they like with the work GPL’ed.

If those are the conditions to get my 10 something themes re-listed on the themeviewer for the community, so be it. My PR dropped recently from 6 to 5 anyway, so I am clearly not in for the link juice anyway.

WTF PL’ed themes mean you can also remove the footer link/change whatever you like as desired.
It would be nice however to retain it to show some appreciation.

Keep you posted,
jez

Read More

From the newsstand

After a recent breach in first layer security I wiped the domain to be safe and restored to a clean working copy. It will take some weeks to seed out the nasty bits and pieces that lead to this situation. Please bare with this not too bad 'default' theme in the meantime (I am on holiday till Mid July). Best, jz.

Recent entries

Categories

Recent comments

© 2011 h4x3d.com.

2,251 comments on this temporary theme for two weeks | thanks.