0

Locking Down WordPress WP-Admin

I’m pretty sure every WordPress [1] user out there has read much about different ways to limit access to the WordPress administration back-end (WP-Admin), and many of them are certainly good. My way is quite simple, although it most likely has a couple of penalties and some pitfalls I’m not yet aware of, but I can live with it.

My procedure of locking down the WP-Admin area consists of running Nginx [2] on a dedicated port (whichever port you prefer) bound to a internal/private/local IP address (i.e 127.0.0.1, 192.168.0.1 et cetera), configured with PHP-FPM, coupled with Apache2 as the front-end (with mod_proxy [3] enabled) to serve and process all requests to the WordPress administrative back-end. The requests are proxied to the Nginx instance via Apache. This configuration effectively translates to the following: I only keep Nginx running whenever I access the administration back-end of WordPress (WP-Admin), and when I’m done, I simply shutdown Nginx. Simple. The end result is that nobody will be able to access the WP-Admin area if Nginx isn’t running.

The only issues I have run into so far is that static resources are not being served properly, but that should be easy a fix. I’m looking into it.

Try accessing the WP-Admin area of k0nsl.org and see the result:
https://k0nsl.org/blog/wp-admin/

k0nsl-backend-down01

Everything in “/blog/wp-admin” results in a 503 ‘Service Temporarily Unavailable’ (check the headers with “curl -I https://k0nsl.org/wp-admin”) because Nginx is shutdown. It certainly is a simple solution; but it works

This configuration above coupled with various other tweaks (such as the CloudFlare-Country-Login [4]) makes WordPress a bit more secure to use.

Update: 11.21.13

I solved the assets issue not being served properly JS too; Earlier, I had accidentally forgot to enable Javascript concatenation by commenting out CONCATENATE_SCRIPTS define in wp-config.php. Everything works perfectly right now.

Notes

1. WordPress: Blog Tool, Publishing Platform, and CMS -> http://wordpress.org/
2. Nginx: The High Performance Reverse Proxy, Load Balancer, Edge Cache, Origin Server -> http://nginx.com/products/
3. Apache Module mod_proxy -> http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
4. WordPress: CloudFlare-Country-Login -> https://k0nsl.org/blog/wordpress-cloudflare-country-login/

0

Hide Google+ Goobly Gook from WP-Jetpack

I was annoyed with the injection of my Google+ details beneath every post when I activated the ‘Google+ Profile’ option in the WordPress plugin Jetpack [1] and couldn’t find any option to actually hide it entirely or change it’s placement. So I hacked it away, effectively hiding it, using a simple divider.
Like so:
wp-jetpack-gplus-authorshop01_k0nsl
You will want to jump to line 189 [2] in the file ‘gplus-authorship.php’ located in a subfolder of Jetpack (in effect: modules).
I do know it is possible to toggle it with the option ‘Show Google+ infomation with this post’. Perhaps the best practice would be to just remove the entire code block. Probably.
The authorship relation tag is not affected by this.

Here’s a gist of it:

$output = '';
$output .= '<div style="display:none" id="k0nsl">';
$output .= '<div class="sharedaddy sd-block sd-social sd-gplus">';
$output .= '<h3 class="sd-title">' . __( 'Google+', 'jetpack' ) . '</h3>';
$output .= '<div class="sd-content">';
$output .= $this->byline( $post );
$output .= $this->follow_button( $post );
$output .= '</div>';
$output .= '</div>';
$output .= '</div>';

Notes

1. Jetpack by WordPress.com http://wordpress.org/plugins/jetpack/
2. Exact position in pico: 189/209 (90%), col 1/30 (3%), char 6562/7082 (92%)

0

I’m using Redis now

I decided to temporarily ditch my traditional caching system in favour of Redis [1] and so far I’ve not encountered any negativities (touch on wood). I was supposed to have tinkered with this many months ago but other things got into the way for me so I never bothered following up on it, until now…

I feel it is working quite well. This blog – at least the index page – is very bulky and not very optimized either but the pages appear to be loading relatively fast now. I’m pretty happy with it!

k0nsl-redis-stats01 k0nsl-redis04

Notes

1. Redis is an open-source, networked, in-memory, key-value data store with optional durability. It is written in ANSI C. The development of Redis is sponsored by VMware. According to the monthly ranking by DB-Engines.com, Redis is the most popular key-value store.

2

WordPress: CloudFlare-Country-Login

This snippet allows us to tap into the CF_IPCountry [1] header and determine if this country is allowed to login. We put allowed countries into the array situated in the cf_country_login() function.
Put this snippet into your theme’s functions.php and you’re all done, but don’t forget to first edit $urel and the default array of allowed countries.

<?php
// Allow only logins from specified countries (requires CloudFlare IP Geolocation to be enabled)
add_action( 'wp_authenticate', 'cf_country_login', 1);
function cf_country_login()
{
  if ( !isset($_SERVER["HTTP_CF_IPCOUNTRY"]) )
  	return;

	if ( !in_array($_SERVER["HTTP_CF_IPCOUNTRY"], array('DK')) )
	{
                $urel = 'http://k0nsl.org';
                echo 'Sorry, but you cannot login at this time.';
                header("Refresh: 5; url='.$urlel.'");
		exit;
	}
}
?>

Available also @ GitHub:
https://github.com/k0nsl/k0nsl-misc/blob/master/CloudFlare-Country-Login

Notes

1. What does CloudFlare IP Geolocation do?

3

k0nsl Short URLs Plugin

I decided that the API for knsl.net should be open for anybody and not just exclusively k0nsl.org, therefore I have crafted a plugin for this purpose, and it’s based on the source of GentleSource Short URL plugin, with some minimal refinements in the code (not much so far).

knsl-short-urls01_k0nsl

So, if you’re in need of a short URL plugin via the knsl.net service you’re more than welcome to use my plugin.

Here is the “readme” using the default WordPress structure:

=== k0nsl Short URLs ===
Contributors: GentleSource (and k0nsl)
Tags: short url, short, url, shortener, url shortener, url shortening, urls, links, tinyurl, twitter, microblogging, k0nsl
Requires at least: 2.5
Tested up to: 3.6

Automatically shortens the blog post URL via knsl.net

== Description ==

This plugin creates a short URL from the blog post permalink and stores it
in the database. The URL is displayed below the blog post along with a link
to twitter that passes the short URL on.

== Installation ==

1. Upload the `k0nsl_shorturl` folder to `/wp-content/plugins/`.
2. Activate the plugin through the ‘Plugins’ menu in WordPress.
3. You can change the default short URL service in ‘Settings’ -> ‘Short URLs’

== Changelog ==

= 0.1 =

* Replaced hardcoded plugin directory path with a defined path via “k0nsl_plugin_path”.

== Frequently Asked Questions ==

No questions yet.

== Screenshots ==

1. Short URL settings page

screenshot-2

So far it has only been tested at MacAppsDaily which is running WordPress 3.6a:

http://macappsdaily.com/macappsdaily-set-sails.html

My own blog at k0nsl.org runs it’s own variant which works fine the way it is.

Download

Directlink to this plugin is: knsl.net/plugin/k0nsl-short-url.zip.

The official link to the plugin page is: http://k0nsl.org/blog/k0nsl-short-urls-plugin/

The official link may change should I post it to the main WordPress plugins repository, but it’ll be available on the current link even when submitted to the official main repository of WordPress.org 

Discussion

If you have any questions please peruse the devNET community forums, see:

http://devnet-software.org/discussion/64/k0nsl-short-urls-plugin

Edit

The plugin is now also available through the WordPress.org plugin repository:

http://wordpress.org/extend/plugins/k0nsl-short-urls/

 

0

Fixing WordPress Categories

Fixing WordPress Categories Fixing WordPress Categories

I’ve seen a lot of entries around the Web about people “loosing” their categories after restoring a backup [note #1 and #2]. Well, I somehow encountered something similar and this is how I solved it.

I will keep this short — as I do most of the time.

 

For starters, check your web server logs for the following entry:

[Fri Jan 18 20:18:20 2013] [error] [client x.x.x.x] WordPress database error Can’t create/write to file ‘/mysqltmp/#sql_170c [snipped]

 

Does that look familiar?

Well, first of all make sure /mysqltmp exists and that it has the right permissions and ownership. If it does not exist, create the directory along with the necessaries (i.e correct permissions and ownership). Easy.

 

Restart your web server, and voilà! Everything should work fine again. Usually this is merely a permissions issue.

Notes:

0

I’m Now Mirrored at GitHub

k0nsl.github.com k0nsl.github.com

Yesterday I looked into converting the blog to Jekyll for better performance and all the other benefits, but ended up merely doing a storage/holder [or mirror] on GitHub for most of the posts and pages located on the master blog [i.e k0nsl.org] and the conversion process went quite well with no hiccups to talk about.

The only issue is that I have been coding special short codes and using some already available short codes so that is one issue, and quite dumb of me to do, but it’s a nice way to save some time when creating posts. So that is the only issue with the mirror on GitHub – malformed posts.

For instance, take the image used in this post, I’m using short code for it when I should be doing HTML, like so:


[k0nsl-image="k0nsl image" u="http://some-image"]

But I should be using:

<div class="centered-image">
<div class="frame-border"></div>
<img src="kthumb.php?src=http://k0nsl.org/blog/k1/uploads/2013/01/github1_k0nsl.png&amp;w=390&amp;h=250&amp;zc=1&amp;q=100" alt="k0nsl.github.com"/>
<span class="caption-text">k0nsl.github.com</span>
</div>

But other than that the mirror is looking fine so far. Good to have redundancy, I suppose.

Mirror URL: