Friday, October 16, 2015

WordPress security : disallow author query

Friday afternoon. Looking at the access log... here are some "nice" requests. Happened at the same millisecond, and look very "hack-ish" to me. - - [16/Oct/2015:18:46:25 +0000] "HEAD /?author=5 HTTP/1.1" 404 159 "-" "-" - - [16/Oct/2015:18:46:25 +0000] "HEAD /?author=1 HTTP/1.1" 404 159 "-" "-" - - [16/Oct/2015:18:46:25 +0000] "HEAD /?author=3 HTTP/1.1" 404 159 "-" "-" - - [16/Oct/2015:18:46:25 +0000] "HEAD /?author=2 HTTP/1.1" 404 159 "-" "-" - - [16/Oct/2015:18:46:25 +0000] "HEAD /?author=4 HTTP/1.1" 404 159 "-" "-"

Well, they all resulted in 404 Page not found...

...because I have this in .htaccess:

# - Do not allow author query to avoid real names exposure
RewriteCond %{QUERY_STRING} ^author=\d+
RewriteRule ^ - [R=404,L]

It's that simple. :)

Tuesday, September 29, 2015

WPGlobus multilingual plugin (Checking Facebook post embedding....)

WPGlobus will work with any WordPress theme. Some configuration is required to translate the theme options.
Posted by WPGlobus on Monday, September 28, 2015


1. Do not need this:
<div id="fb-root"></div>
Facebook perfectly works without, and having multiple DIVs with the same id is wrong. So, just remove.

2. To see what's embedded, must not be logged to FB as a page, only as a person.

3. Do not expect any links from it. It's JS, iframe, etc. Link in the post: - multilingual plugin for WordPress

Wednesday, August 12, 2015

PHPStorm: mark a single file as excluded

PHPStorm allows to mark a folder as "Excluded" (Go to Project view, right-click on a folder and choose "Mark Directory as... Excluded". Then, all the files in that folder will be ignored by the PHPStorm when it looks for functions, constants, etc. So, for example, if you have an older versions of a library, in "archive" folder, you can exclude it, and Code Inspection will not refer to those older method definitions, constants, etc.

But what if you need to exclude just a single file? The only way I found was to mark it as a plain text:

It's particularly useful for WordPress projects: those two files


have tons of "dummy" methods:

* @ignore
function add_filter() {}

- with no parameters or bodies. PHPStorm finds them, considers no params and a void return and issues useless inspection errors.

There is an alternative solution, suggested by Slava Abakumov: add the file(s) to the Settings->Editor->File Types->Ignore...
The drawback is that the file disappears completely from the Project view, and even by typing its name, you won't be able to find it. Ignored completely. This can be quite inconvenient if you want to ignore a file, but still be able to edit it.

A Pro-tip from the creators of WPGlobus Multilingual Plugin for WordPress

Thursday, August 6, 2015

makepot.php for single textdomain only

Here is a patch to the entry.php file that allows to ignore all strings that are not from a single textdomain.
Ugly. Hard-coded. Enjoy :)

Thursday, February 19, 2015

Codeception: XPath `...` is malformed!


Codeception PHP Testing Framework v2.0.11
Powered by PHPUnit 4.4.5 by Sebastian Bergmann.


* I am on page "/"
* I click "Terms of Use"

  XPath `Terms of Use` is malformed!


$I->click( "Terms of Use" );


$I->click(['link' => "Terms of Use"]);

From the documentation:

// using strict locator
$I->click(['link' => 'Login']);

Tuesday, August 19, 2014

WooCommerce: SQL to fix sorting by date

In one of the projects, I needed to import a product data from a non-WP website to WooCommerce.

After importing, the "Sort by newness" did not work correctly, because the post dates were all the same.

A simple SQL solved my problem: