2015-10-16

WordPress security : disallow author query

Friday afternoon. Looking at the access log... here are some "nice" requests. Happened at the same millisecond, and look very "hack-ish" to me.

54.80.2.64 - - [16/Oct/2015:18:46:25 +0000] "HEAD /?author=5 HTTP/1.1" 404 159 "-" "-"
54.80.2.64 - - [16/Oct/2015:18:46:25 +0000] "HEAD /?author=1 HTTP/1.1" 404 159 "-" "-"
54.80.2.64 - - [16/Oct/2015:18:46:25 +0000] "HEAD /?author=3 HTTP/1.1" 404 159 "-" "-"
54.80.2.64 - - [16/Oct/2015:18:46:25 +0000] "HEAD /?author=2 HTTP/1.1" 404 159 "-" "-"
54.80.2.64 - - [16/Oct/2015:18:46:25 +0000] "HEAD /?author=4 HTTP/1.1" 404 159 "-" "-"


Well, they all resulted in 404 Page not found...

...because I have this in .htaccess:

# - Do not allow author query to avoid real names exposure
RewriteCond %{QUERY_STRING} ^author=\d+
RewriteRule ^ - [R=404,L]

It's that simple. :)

2015-09-29

WPGlobus multilingual plugin (Checking Facebook post embedding....)


WPGlobus will work with any WordPress theme. Some configuration is required to translate the theme options.
Posted by WPGlobus on Monday, September 28, 2015

Notes:

1. Do not need this:
<div id="fb-root"></div>
Facebook perfectly works without, and having multiple DIVs with the same id is wrong. So, just remove.

2. To see what's embedded, must not be logged to FB as a page, only as a person.

3. Do not expect any links from it. It's JS, iframe, etc. Link in the post: www.wpglobus.com - multilingual plugin for WordPress

2015-08-12

PHPStorm: mark a single file as excluded

PHPStorm allows to mark a folder as "Excluded" (Go to Project view, right-click on a folder and choose "Mark Directory as... Excluded". Then, all the files in that folder will be ignored by the PHPStorm when it looks for functions, constants, etc. So, for example, if you have an older versions of a library, in "archive" folder, you can exclude it, and Code Inspection will not refer to those older method definitions, constants, etc.

But what if you need to exclude just a single file? The only way I found was to mark it as a plain text:



It's particularly useful for WordPress projects: those two files

wp-admin/load-scripts.php
wp-admin/load-styles.php

have tons of "dummy" methods:

/**
* @ignore
*/
function add_filter() {}

- with no parameters or bodies. PHPStorm finds them, considers no params and a void return and issues useless inspection errors.

UPDATE:
There is an alternative solution, suggested by Slava Abakumov: add the file(s) to the Settings->Editor->File Types->Ignore...
The drawback is that the file disappears completely from the Project view, and even by typing its name, you won't be able to find it. Ignored completely. This can be quite inconvenient if you want to ignore a file, but still be able to edit it.




--------
A Pro-tip from the creators of WPGlobus Multilingual Plugin for WordPress

2015-08-06

makepot.php for single textdomain only

Here is a patch to the entry.php file that allows to ignore all strings that are not from a single textdomain.
Ugly. Hard-coded. Enjoy :)

2015-02-19

Codeception: XPath `...` is malformed!

Environment:

Codeception PHP Testing Framework v2.0.11
Powered by PHPUnit 4.4.5 by Sebastian Bergmann.

Symptom:

* I am on page "/"
* I click "Terms of Use"

  XPath `Terms of Use` is malformed!

Cause:

$I->click( "Terms of Use" );

Cure:

$I->click(['link' => "Terms of Use"]);

From the documentation:

http://codeception.com/docs/modules/WebDriver#click

// using strict locator
$I->click(['link' => 'Login']);