Remove the ugly green question mark from syntax highlighter for wordpress

Remove the ugly green question mark from syntax highlighter for wordpress

Syntax highlighter is an awesome plugin. It highlights code according to programming syntaxes.
However by default, it adds an ugly green question mark right in the middle of code boxes, and does not provide a setting option to disable it. Here’s what I’m talking about:

MWSnap001

Go to the directory where syntaxhighlighter plugin resides

Edit file syntaxhighlighter.php
Find the line

SyntaxHighlighter.all();

Just before this line, add the following code, so that it ultimately looks like this:

SyntaxHighlighter.defaults['toolbar'] = false;
SyntaxHighlighter.all();

You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

WordPress plugin updater script released

I have released the latest version of WordPress plugin updater script on Github
Wiki: https://github.com/droidzone/wordpress_plugin_updater/wiki
Code: https://github.com/droidzone/wordpress_plugin_updater

WordPress plugin updater is a useful perl script that when run on a folder containing your wordpress plugins, checks each plugin for newer versions in the WordPress repository, and updates each plugin to the latest version.

It accepts as argument a single folder or multiple folders of wordpress installations. This saves you the trouble of visiting your dashboard to update plugins, especially if you manage multiple sites, and have hundreds of plugins. Having older versions of plugins is a security hole, and hence this script helps secure your server.

You can easily run the script as a cron job at hourly-daily intervals and thus schedule updating your plugins.

Installation

Usage


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Changing database name of wordpress installation and updating i-mscp with the new name

After changing the database name and updating wp-config.php with the new name, one should edit the following in the database imscp:

imscp/sql_database:
Change sqld_name from old database name to new one.


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Blocking brute force attacks on Debian – Fail2ban

Install fail2ban for debian:

apt-get install fail2ban

Now create a new config file that you can modify safely:

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Now edit the following:

emacs /etc/fail2ban/jail.conf
bantime  = 86400
destemail = YOUREMAILADDRESS
action = %(action_mwl)s

Now restart fail2ban service:

service fail2ban restart

Configuring fail2ban with wordpress.
Get the plugin WP fail2ban

Activate it for your site
Go to the plugin’s folder, copy the .conf files:

cp public_html/wp-content/plugins/wp-fail2ban/filters.d/* /etc/fail2ban/filter.d/

Edit:

emacs /etc/fail2ban/jail.local

Add the following:

[wordpress-hard]
enabled = true
filter = wordpress-hard
logpath = /var/log/wpauth.log
maxretry = 1

[wordpress-soft]
enabled = true
filter = wordpress-soft
logpath = /var/log/wpauth.log
maxretry = 3

Restart fail2ban:

rm /var/run/fail2ban/fail2ban.sock
service fail2ban restart

You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

WordPress: This website has a redirect loop

I got the following error in Chrome after transferring my WordPress install across servers:

“This website has a redirect loop”, and seemed to redirect to a url with the signup link.

On Firefox, the error was: “The page isn’t redirecting properly. Firefox has detected that the server is redirecting the request for this address in a way that will never complete. This problem can sometimes be caused by disabling or refusing to accept cookies.”

I tried the following:

  1. Clearing cookies.. Duh
  2. Setting the following permissions (recommended for the install. See Codex.)
    [[email protected]] /htdocs #find . -type d -exec chmod 755 {} \;
    [[email protected]] /htdocs #find . -type f -exec chmod 644 {} \;
    [[email protected]] /htdocs #chown -R vu2009.vu2009 *
    

    where vu2009 was my webserver user (See cat /etc/passwd)

  3. Finally, logged into phpmyadmin and found that I’d forgotten to import my database!

You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.
Automatically update all WordPress plugins from Bash

Automatically update all WordPress plugins from Bash

I’ve updated the script radically. WordPress had changed their site structure so that the older script would fail. With the latest updates, it should still work.

Latest version:
Writeup
Download

I was searching for an idea on how to automatically update all my WordPress plugins from Linux command line. Google introduced me to a script by Ventz Petkov. It worked very well with minor modifications. This script could automatically download all plugins from WordPress.org according to the subdirectories in the WordPress plugin directory.

However a minor drawback of the script is that it would overwrite all plugins without checking whether our plugins are already up to date. I thought this was a waste of resources, since the obvious use of such a script is to get it to run as a cron job at regular intervals. There is no need to keep downloading the same versions of plugins that you already have, countless number of times. Even Petkov has conceded as much, stating that such an addition would be quite useful.

So there you are, my first perl script. I would like to record due credits to Petkov for his method of parsing the wordpress.org website, and his framework. All that I’ve done is to add code for comparing the plugin versions that are in your plugins directory, with those on the website to see if there are available updates. If there are, only then are the files downloaded.

The latest version of the script can always be downloaded from here (New link).

The script can take command line argument. Argument #1 is the path to plugin directory. Argument #2 is the plugin to update (meaning you can manually update one plugin at a time), and is a remnant of the original script. For my purpose, I wont be using Argument #2, since I intend the script to be run automatically, updating as when updates are found.

Screenshots:

Script command line options:

--help or -h: Display this help message
--source=/path/to/plugindirectory or -s/path/to/plugindirectory
	Multiple folders can be specified at a time.
	Eg: ./updater.pl --source=/var/www/virtual/joel.co.in/vettathu.com/htdocs/wp-content/plugins,/var/www/virtual/joel.co.in/drjoel.in/htdocs/wp-content/plugins
--version or -v: Display script version information
--plugin=PluginName or -pPluginName: Specify one or more plugins to process instead of all plugins under source directory. To specify more than one plugin,
you can either repeat this option, like:
	Eg: ./updater.pl --plugin=nextgen-gallery --plugin=genesis-beta-tester
	  Or,
you can alternately specify a comma seperated list of plugins, like:
	Eg: ./updater.pl --plugin=nextgen-gallery,genesis-beta-tester
--wp-path= or -wp: Specify wordpress root directory instead of plugin directory
	Eg: ./updater.pl --wp-path=/var/www/virtual/joel.co.in/droidzone.in/htdocs,/var/www/virtual/joel.co.in/vettathu.com/htdocs

Examples:

/root/wordpress_plugin_updater/updater.pl -w/var/www/virtual/joel.co.in/droidzone.in/htdocs

/root/wordpress_plugin_updater/beta.pl -s/var/www/virtual/joel.co.in/droidzone.in/htdocs/wp-content/plugins

If running from cron:

/usr/bin/perl /path/to/updater.pl -s/var/www/virtual/joel.co.in/vettathu.com/htdocs/wp-content/plugins

An example crontab entry would be:

* */6 * * * /usr/bin/perl /root/bash-advanced-scripts/updater.pl -s/var/www/virtual/joel.co.in/drjoel.in/htdocs/wp-content/plugins >> /root/wordpress_update.log

Here the script is being run sixth hourly every day, and a log appended. You can have multiple entries for multiple blogs.

The following line will automatically flush log files, keeping last 6 days of backups:

0 0 */3 * * mv /root/wordpress_update.log /root/wordpress_update.log.old

You can see the list of updated plugins by:

[[email protected]] ~/temp #cat /root/wordpress_update.log | grep -in 'updating' --color
83:Processing plugin: easy-contact-forms | Local version 1.4 | Remote version 1.4.2 | Updating now..
158:Processing plugin: wordpress-importer | Local version 0.6 | Remote version 0.6.1 | Updating now..
68527:Processing plugin: fancier-author-box | Local version 1.0.5 | Remote version 1.0.6.1 | Updating now..
68910:Processing plugin: fancier-author-box | Local version 1.0.5 | Remote version 1.0.6.1 | Updating now..
90869:Processing plugin: simple-backup | Local version 2.7.1 | Remote version 2.7.2 | Updating now..
91357:Processing plugin: look-see-security-scanner | Local version 13.01 | Remote version 13.04 | Updating now..
91740:Processing plugin: look-see-security-scanner | Local version 13.01 | Remote version 13.04 | Updating now..
113638:Processing plugin: bulletproof-security | Local version .48 | Remote version .48.1 | Updating now..
113686:Processing plugin: bulletproof-security | Local version .48 | Remote version .48.1 | Updating now..
113718:Processing plugin: bulletproof-security | Local version .48 | Remote version .48.1 | Updating now..

 

The current version as of 31/03/13 is included below:

#!/usr/bin/perl -w
# Original Author: Ventz Petkov
# Last updated by Original Author on
# Date: 06-15-2011
# Last: 12-20-2012
# Version: 2.0
#
# Rewritten by: Droidzone
# Date 31-03-2013 www.droidzone.in
# Version 3.0.0.2
# Usage:
# ./update-wp-plugins.pl
#   or
# ./update-wp-plugins.pl registered-name-of-plugin
# (and this works to update an exiting plugin or download+install a new one)

$progversion="3.0.0.2";
$debugmode=0;
use Term::ANSIColor;
print color 'bold blue';
print "Wordpress Plugin Updater script v$progversion.\n";
print color 'reset';
&argparser(@$ARGV);

if(!defined($ARGV[0])) {
    dprint ("No arguments supplied for folder path");
	$path="/var/www/virtual/joel.co.in/vettathu.com/htdocs/wp-content/plugins";
	dprint ("Path was specified on the command line\n");
}
else {
	#my @values = split(',', $ARGV[0]);	
	#foreach my $val (@values) 
	$path=$ARGV[0];
	print "Working on directory: $path\n";	    
    if ( -d $path )
    {
		dprint ("Path verified\n");
    }
    else
    {
		dprint ("The path does not exist\n");
	exit;
    }
}

dprint ("The path was set as ".$path."\n");
print "Plugin directory:$path\n";
chdir($path);

use WWW::Mechanize;
#use File::Find;
my $mech = WWW::Mechanize->new();
$mech->agent_alias( 'Mac Safari' );
my $wp_base_url = "http://wordpress.org/extend/plugins";

################################################
# Add New plugins Here:
# Format:
#   'registered-name-of-plugin',
#
my (@plugins, @plugins_notfound, @filepath, @pluginversion);

use File::Find::Rule;
use File::Spec;

my @folders = File::Find::Rule->directory->maxdepth(1)
    ->in( $path )
    ;

foreach my $i (@folders){
    ( $volume, $directories, $file ) = File::Spec->splitpath( $i );
	undef $volume, $directories;
    if ( $file ne "plugins" )
    {
        push @plugins, $file;
		push @filepath, $i;
		#print "Path: ".$i."\t Name: ".$file."\n";
    }
}

for (my $i = 0; $i < @plugins ; $i++ ) 
{
    dprint ("Processing ".$plugins[$i]."...");
    #print "Filename:".$filepath[$i]."/".$plugins[$i].".php"."\n";
    $filename=$filepath[$i]."/".$plugins[$i].".php";
	$varfound=0;
    if ( -f $filename ) 
    {
		dprint ("Meta File found at default location.\n");				
		open("txt", $filename);
		while($line = <txt>) 
		{			
			if ( $line =~ /^\s*\**\s*\bVersion:(.*)/i )
			{
				$pluginversion[$i]=$1;
				dprint ("Version found in file ".$filename);						
				$varfound=1;										
				dprint ($pluginversion[$i]."\n");
				dprint ("Array Num ".$i." Stored plugin name:".$plugins[$i]." Version found and stored ".$pluginversion[$i]);
			}
		}
		close("txt");			
    }
    else
    {
		$searchpath=$path."/".$plugins[$i];
		@files = <$searchpath/*.php>;
		dprint ("Search path is ".$searchpath."\n");
OUT: 	foreach $file (@files) 
		{
			dprint ("Checking alternate php file: ".$file."\n");
			open("txt", $file);
			while($line = <txt>) 
			{
				#  $line =~ /^[\s\*]*Version:(.*)/i
				# Discussion on regex: http://stackoverflow.com/questions/15728671/perl-regex-logic-error
				if ( $line =~ /^\s*\**\s*\bVersion:(.*)/i )
				{
					$pluginversion[$i]=$1;
					dprint ("Version found in file ".$file);						
					$varfound=1;										
					dprint ($pluginversion[$i]."\n");
					dprint ("Array Num ".$i." Stored plugin name:".$plugins[$i]." Version found and stored ".$pluginversion[$i]);
					last OUT;
				}
			}
			close("txt");	
		}
    }
	push @plugins_notfound, $plugins[$i];
}

if ( ! $varfound) 
{
	print "\nCould not parse version no from the follwing plugins:\n";
	for (my $i = 0; $i < @plugins_notfound ; $i++ ) 
	{
		print $i." ".$plugins_notfound[$i]."\n";
	}
}
else 
{
	dprint ("We found all version numbers");
}
print color 'red';
#print colored("Summary of scanning plugin directory", 'red'), "\n";
print "Summary of scanning plugin directory\n";
print "------------------------------------\n";
printf("%-4s %-45s %3s\n", "No", "Name", "Version");
print color 'reset';
#print "No:\tName\tVersion\n";
for (my $i = 0; $i < @plugins ; $i++ ) 
{
	$v = $pluginversion[$i];
	$v =~ s/[^a-zA-Z0-9\.]*//g;	
	printf("%-4s %-45s %3s\n", $i, $plugins[$i], $v );
	#print "$i\t$plugins[$i]\t$pluginversion[$i]\n";
}
print "\n";

################################################
$pluginsdone=0;

if(defined($ARGV[1])) {
    my $name = $ARGV[1];
    &update_plugin($name);
}
else {
	$i=-1;
    for my $name (@plugins) {
		$i++;
        &update_plugin($name,$i);
    }
}

print "Plugin updation completed successfully.\n";

if ( $pluginsdone > 1 )
{
	print "$pluginsdone plugin(s) were updated.\n";
}
else
{
	print "Plugins were already up-to-date. Nothing done.\n";
}

sub update_plugin {

    my $name = $_[0];
	my $index = $_[1];
    my $url = "$wp_base_url/$name";
    $mech->get( $url );
    my $page = $mech->content;
	$url="";
    my ($version,$description,$file) = "";
    if($page =~ /.*<p class="button"><a itemprop='downloadUrl' href='(.*)'>Download Version (.*)<\/a><\/p>.*/) 
	{
		$url = $1;
		$version = $2;
		if($page =~ /.*<p itemprop="description" class="shortdesc">\n(\s+)?(.*  
	)(\s+)(\t+)?<\/p>.*/) 
		{
			$description = $2;
		}
		if($url =~ /http:\/\/downloads\.wordpress\.org\/plugin\/(.*)/) 
		{
			$file = $1;
		}
    }	
	$oldversion = $pluginversion[$index];
	$version =~ s/[^a-zA-Z0-9\.]*//g;	
	$oldversion =~ s/[^a-zA-Z0-9\.]*//g;

    print "Processing plugin: ";
	print colored($name, 'green');	
	print " | Local version ";
	print colored($oldversion, 'green');		
	print " | Remote version ";

	if ( $version eq $oldversion )
	{
		print colored($version, 'green');	
		print " | ";
		print colored("Already update\n", 'green');
	}
	else
	{
		print colored($version, 'red');	
		print " | ";
		$pluginsdone++;
		print colored("Updating now..\n\n", 'blue');
		#print "Updating plugin $name now";
		`/bin/rm -f $file`; print "Downloading: \t$url\n";
		`/usr/bin/wget -q $url`; print "Unzipping: \t$file\n";
		`/usr/bin/unzip -o $file`; 
		print colored("Installed: \t$name\n\n", 'green');		
		`/bin/rm -f $file`;
	}
}

sub read_extract
{
	my $pl_version="";
    open("txt", my $file=$_[0]);
    while($line = <txt>)
    {
		for ($line)
		{
		 s/^\s+//;
		 s/\s+$//;
		}			
        if ( $line =~ /^Version:|^version:|^\* Version:/ )
        {
            $pl_version=&extract_version($line);
        }
    }
    close("txt");
	$pl_version;
}

sub extract_version
{
    my $line=$_[0];
    $string=substr($line,rindex($line, ":")+1);
    for ($string)
    {
     s/^\s+//;
     s/\s+$//;
    }
    $string;
}

sub dprint
{
	$debugtext=$_[0];
	if ($debugmode) 
	{
		print $debugtext."\n";
	}
}	

sub print_help 
{
	print "\nCommand syntax:";
	print "\n";
	print "wpupdater [path/to/plugin dir] [plugin name]\n";
	print "\nBoth arguments are optional\n\n";
}

sub argparser
{
	foreach (@ARGV) {
		$argu=$_;
		#print "Argument:$argu";
		if ($argu eq "--help")
		{
			&print_help;
			exit;
		}
	}

}

You can add these as a cron job.


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Change WordPress multi user admin username

You may have tried to change your wordpress username in phpadmin and found that you no longer have the Network Admin option on the Dashboard menu. If you did, you need to check with the procedure below and see if you followed it correctly, to change your multiuser admin username:

In Phpmyadmin,

Edit the follwing:

wp_users table:

Find the row corresponding to “ID” of 1. On the same row, edit the user_login field and change “admin” to a new user name.

wp_sitemeta table:

Find site_admins field containing the string “admin“.

It may be like:

a:2:{i:0;s:6:"totaluser";i:3;s:5:"admin";}

Note that the 5 just before admin is the character count of admin. So you need to change admin to your new user name, and substitute 5 by the new character count of your username.

There, that’s it! Now you’ve successfully changed your admin username and thus hardened your wordpress installation a bit further. If you need to secure it further, pick an alphanumeric long username, and a very long password containing alphanumerics and special characters.

To drive home the point, I will reiterate. If Network Admin menu is not visible under “My Sites” on WordPress, the main thing you need to check is whether your username and its character count are correctly set in the table wp_sitemeta, field site_admins.

Three cheers to [email protected] for his post regarding this.


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Reverting from wordpress development version to mainstream version

You need to do a manual update as follows:

Backup both files and database of your site, to offline location.

Now, delete wp-admin and wp-includes from old location

Copy over wp-admin and wp-includes from new location

Copy (without subdirectories) all files from root of wordpress zip(tar) file.

More detailed instructions are here.


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

Disable updraft plus ads and multisite warning

I hate advertisements. Whatever the reason, like using a free plugin, or visiting a website, I think forcing advertisements is a bad idea. Hence, having an advertisement at the top of every page on my dashboard, and others on a plugin settings page particularly made me irritated.

The plugin which is the subject for this is “Updraft Plus” backup plugin for wordpress blogs.

On top of displaying a banner stating that the plugin is incompatible with WordPress multisite installations, it also places advertisements in the plugin settings page.

It turns out that these ads depend on the presence of the definition of a single constant in the php file.

So to remove them, edit your wp-content/plugins/updraftplus/updraftplus.php

Add the following constant:

const UPDRAFTPLUS_PREMIUM='yes';

after the beginning php tag, so it looks like:

<!--?php
/*
Plugin Name: <span class="hiddenSpellError" pre=""-->UpdraftPlus - Backup/Restore
Plugin URI: http://wordpress.org/extend/plugins/updraftplus
Description: Backup and restore: your content and database can be automatically backed up to Amazon S3, Dropbox, Google Drive, FTP or email, on separate schedules.
Author: David Anderson
Version: 1.4.11
Donate link: http://david.dw-perspective.org.uk/donate
License: GPLv3 or later
Author URI: http://wordshell.net
*/
const UPDRAFTPLUS_PREMIUM='yes';
/*
TODO

Wham! All the ads and the big ugly banner is gone!

As of the latest version, the above no longer works. I will leave you to figure out for yourself how to fix the ads and the warning.

Disclaimer: I encourage you to buy Updraft plus to encourage the author’s efforts. The code is well within the realm of GPLv3 and you’re free to make any modifications you want, and distribute it, however.

Update: The following patch has been updated to work with Updraftplus 1.4.14:

--- /root/updraftplus/options.php       2013-02-20 21:23:54.340665318 +0530
+++ ../updraftplus/options.php  2013-02-20 21:33:01.900748290 +0530
@@ -77,7 +77,7 @@ class UpdraftPlus_Options {
        }

        public static function show_admin_warning_multisite() {
-
+       return ;
                global $updraftplus;

                $updraftplus-&gt;show_admin_warning('&lt;strong&gt;UpdraftPlus warning:&lt;/strong&gt; This is a WordPress multi-site (a.k.a. network) installation. &lt;a href="http://updraftplus.com"&gt;WordPress Multisite is supported by UpdraftPlus Premium&lt;/a&gt;. Non-premium UpdraftPlus does not support multi-site installations securely. &lt;strong&gt;Every&lt;/strong&gt; blog admin can both back up (and hence access the data, including passwords, from) and restore (including with customised modifications, e.g. changed passwords) &lt;strong&gt;the entire network&lt;/strong&gt;. Unless you are the only blog admin user across the entire network, you should immediately de-activate UpdraftPlus. (This applies to all WordPress backup plugins unless they have been explicitly coded for multisite compatibility).', "error");
--- /root/updraftplus/updraftplus.php   2013-02-20 21:23:54.339662943 +0530
+++ ../updraftplus/updraftplus.php      2013-02-20 21:31:28.415766309 +0530
@@ -9,7 +9,7 @@ Donate link: http://david.dw-perspective
 License: GPLv3 or later
 Author URI: http://wordshell.net
 */
-
+const UPDRAFTPLUS_PREMIUM='yes';
 /*
 TODO
 //Put in old-WP-version warning, and point them to where they can get help

 


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.

WordPress error: To perform requested action, wordpress needs access to webserver

The error message displayed is:

“Connection Information: To perform the requested action, WordPress needs to access your web server. Please enter your FTP credentials to proceed. If you do not remember your credentials, you should contact your web host.”

This occurs due to permission issue. Check ownership of files.

The reason is that certain files in your wordpress installation directory cannot be written to, as they’re not owned by the user running the apache process.

To find out the user runing apache, put the following code in a file testeuser.php and run it:

<!--?php echo(exec("<span class="hiddenSpellError" pre=""-->whoami")); ?&gt;

For me, it outputs:

rt6004

So I have to change ownership of my htdocs folder:

[[email protected]] ~/domains/htdocs #chown -R rt6004.www-data *

Here, rt6004 is the user and www-data is the group.


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.