Tuesday, May 31, 2016

A curious case of "you are not allowed" in WordPress

Register a custom taxonomy. Everything looks great, except for one "tiny" problem: any attempt to Add New results in immediate "You are not allowed" message!

Blame Yoast, of course! :)
He suggested "is_admin, but not DOING_AJAX". So, the "register taxonomy" was hooked on "not AJAX". Oooooopsi!

Re-hooked. Ta-da!

Thursday, May 19, 2016

debug_backtrace and call_user_func in PHP 7

Before PHP 7, functions call_user_func() and call_user_func_array() appeared in debug_backtrace() as separate entries. Since the version 7, they do not.

Demonstration code Gist

Friday, October 16, 2015

WordPress security : disallow author query

Friday afternoon. Looking at the access log... here are some "nice" requests. Happened at the same millisecond, and look very "hack-ish" to me. - - [16/Oct/2015:18:46:25 +0000] "HEAD /?author=5 HTTP/1.1" 404 159 "-" "-" - - [16/Oct/2015:18:46:25 +0000] "HEAD /?author=1 HTTP/1.1" 404 159 "-" "-" - - [16/Oct/2015:18:46:25 +0000] "HEAD /?author=3 HTTP/1.1" 404 159 "-" "-" - - [16/Oct/2015:18:46:25 +0000] "HEAD /?author=2 HTTP/1.1" 404 159 "-" "-" - - [16/Oct/2015:18:46:25 +0000] "HEAD /?author=4 HTTP/1.1" 404 159 "-" "-"

Well, they all resulted in 404 Page not found...

...because I have this in .htaccess:

# - Do not allow author query to avoid real names exposure
RewriteCond %{QUERY_STRING} ^author=\d+
RewriteRule ^ - [R=404,L]

It's that simple. :)

Tuesday, September 29, 2015

WPGlobus multilingual plugin (Checking Facebook post embedding....)

WPGlobus will work with any WordPress theme. Some configuration is required to translate the theme options.
Posted by WPGlobus on Monday, September 28, 2015


1. Do not need this:
<div id="fb-root"></div>
Facebook perfectly works without, and having multiple DIVs with the same id is wrong. So, just remove.

2. To see what's embedded, must not be logged to FB as a page, only as a person.

3. Do not expect any links from it. It's JS, iframe, etc. Link in the post: www.wpglobus.com - multilingual plugin for WordPress

Wednesday, August 12, 2015

PHPStorm: mark a single file as excluded

PHPStorm allows to mark a folder as "Excluded" (Go to Project view, right-click on a folder and choose "Mark Directory as... Excluded". Then, all the files in that folder will be ignored by the PHPStorm when it looks for functions, constants, etc. So, for example, if you have an older versions of a library, in "archive" folder, you can exclude it, and Code Inspection will not refer to those older method definitions, constants, etc.

But what if you need to exclude just a single file? The only way I found was to mark it as a plain text:

It's particularly useful for WordPress projects: those two files


have tons of "dummy" methods:

* @ignore
function add_filter() {}

- with no parameters or bodies. PHPStorm finds them, considers no params and a void return and issues useless inspection errors.

There is an alternative solution, suggested by Slava Abakumov: add the file(s) to the Settings->Editor->File Types->Ignore...
The drawback is that the file disappears completely from the Project view, and even by typing its name, you won't be able to find it. Ignored completely. This can be quite inconvenient if you want to ignore a file, but still be able to edit it.

A Pro-tip from the creators of WPGlobus Multilingual Plugin for WordPress