WordPress XMLRPC attacks – How to prevent

What is wordpress XMLRPC RPC stands for Remote Procedure Call. Wordpress XMLRPC is a protocol which allows remote systems to communicate with Wordpress. The language to communicate is XML. With WordPress XMLRPC support, you can post to your WordPress blog using many popular Weblog Clients. XML-RPC functionality is turned on by default since WordPress 3.5. Brute Force Attack through wordpress XMLRPC Attackers user system.multicall method in XML-RPC to create hundreds of request combined in a single request to attack a system i.e. mostly to guess the username and password to the system. This is called as Brute Force Amplification Attacks  via WordPress XML-RPC How to prevent XMLRPC attack The most recommended way is to disable XML-RPC completely. To disable XML-RPC completely add following to your APACHE configuration file. [crayon-59c1011d883cf426367916/] Some plugins in wordpress e.g. Jetpack is based on XML-RPC. In that case it is not possible to disable XML-RPC entirely. In that case you can disable system.multicall requests through your firewall Check server logs regularly and find IPs...
Read More

Mandrill decides to discontinue service as a separate product

Mandrill has decided to discontinue their service as a separate product and is becoming a transactional email add-on to paid MailChimp accounts. This means the free 15000 emails/month service which Mandrill offered will soon be no longer available. All Mandrill users will be required to have a paid monthly MailChimp account. Here are the timelines Starting March 16, all new Mandrill users will create accounts through MailChimp. Also starting March 16, Mandrill users can merge their existing Mandrill account with a MailChimp account. Current users will have until April 27 to merge the accounts. So what are the alternatives: Generally Mandrill is used to send transactional emails like password reminders, notifications, etc taking the load off your own webserver. There are quite a few services which allow to send such transactions emails Amazon SES (this is the option recommeded by MailChimp) MailGun (10,000 emails/month free) SendGrid (12,000 emails/month free) ...
Read More

Moving wordpress site to a new server

Moving wordpress site or  any other site requires transferring atleast below mentioned files and settings to the new server Code and Media files residing in your public_html directory Database Cron Jobs Any Back up scripts or other shell scripts, snippets, config files, etc residing outside your public_html directory Some hosting companies like Siteground also provide free website transfer. However for number of reasons like complexity or security you may decide to perform the migration yourself. Below steps explains moving wordpress or any site from one server to another without using FTP or without requiring to download an upload files on your PC. Here are the steps for moving wordpress site 1. Clean up your old server and remove any unnecessary files or directory 2. Create a tar file from the entire public_html directory contents SSH to your legacy server and run below command [crayon-59c1011d889fd453965818/] 3. Create an SSH key To accept data from the legacy server, an SSH key from the legacy server is required to be added to the known hosts file on the new server. This key...
Read More

Adding a plugin textdomain / translation into wordpress

A plugin textdomain is required if you need to translate your own plugin in different langauges i.e. to internationalize the plugin. Here are the required steps Step 1: Decide the plugin textdomain name e.g. my_plugin_textdomain Step 2: Initialise the languages directory for the plugin textdomain Add below code to your plugin [crayon-59c1011d88e72506178484/] Create languages folder within your plugins directory. Step 3: Create PO file for the languages If you are creating a language translation for German then you would need to create a po file with below name my_plugin_textdomain-de_DE.po Download a sample PO file Open the file in a suitable text editor and add the necessary translations in the file Step 4: Create MO file Once all the translations are added to the PO file open the file in Poeditor and just save the file. Poeditor will automatically create corresponding mo file. Upload both the files on your plugin languages folder   For the translation to show up for the corresponding words or phrases __("sample text") is to be used within the plugin code....
Read More

When to use Database Triggers ?

What are Database Triggers ? A Database trigger is an SQL code which is made to run just before or after a certain event. That event could be an INSERT, UPDATE or a DELETE query on a particular database table. Thus a trigger is used to automate some of the events on your server/site/application. Examples of some Database triggers Sync user details from one table to another when a user updates them Geocode users location and store them in a separate table Maintaing log of certain events e.g. a product addition, updation or deletion (In this case we wish to know who did the change) When to use Database triggers There are few pros and cons about using database triggers. Pros: Yes they can automate quite a lot of activities For things like maintaining logs if you are doing this through your code then most probably you need to add the piece of code in a number of files. e.g. If you are maintaing a log about article updates then there may...
Read More

WordPress REST API v2 Examples

Here are a few examples on how to use Wordpress REST API v2 First of all Download and Install the plugin just like any other wordpress plugin Get list of posts [crayon-59c1011d890c3027505487/] Get list of pages [crayon-59c1011d890cb771450499/] Wordpress REST API for Custom Posts Prerequisite: REST API support needs to be added to custom posts while registering the custom post. Below parameters add the necessary support. For detailed instruction please refer Adding REST API support to Custom Post Types Suppose we have a Custom Post Type news, below parameters would add the necessary REST support to the Custom Post Type [crayon-59c1011d890cf946162221/] show_in_rest This allows the Custom post type to be accessed through the REST API rest_base => Optional Parameter This allows to change the REST API route. For e.g. if the custom post type is news. We can define a custom route to access the books post using rest_base parameter e.g. news_api rest_controller_class This is only required to be changed if you are using a custom namespace i.e. other than wp/v2 Once the necessary support is added as shown above the Custom...
Read More

Create a WordPress staging site through shell script

Creating a wordpress staging environment requires 4 things. Here we are assuming that the staging environment is on the same server. Requirements for creating a wordpress staging environement Clone Database - Each Time Copy the code - Only the wp-content folder Edit wp-config to point to the Staging Database (single site only) plus the Staging Domain (multisite) - Once Only Update the wp-options table with the Staging Domain (single site), Update the wp_blogs, wp_site, wp_options, wp_1_options, etc tables with the Staging Domain (multisite) - Each Time So how to to achive creating a wordpress staging environement with a single script? Here are the steps. Step 1: Create staging.sh and define variables Create a file named staging.sh inside a directory named staging (preferably outside your public_html folder) Define all the variables related to your production and staging database connection as shown below [crayon-59c1011d894da988628797/] Step 2: MySQL Dump of the Production database Add below code to staging.sh file to get MySQL Dump of the current production database [crayon-59c1011d894e3053377606/] Step 3: Export the Database to the Staging database Again...
Read More

How to update shipping cost in cart dynamically (ajax) based on a custom field in WooCommerce

WooCommerce by default offers only a few basic options to decide the way shipping cost is calculated. In lot of cases these options may not be sufficient and you may require to create additional checkout fields based on which shipping cost calculations are to be done Here are a few scenarios Distance based shipping costs. In some countries e.g. district/territory field is required to decide shipping cost. For some peculiar products you may want the buyer to agree to some terms before the purchase can be made and extra cost added accordingly. Extra handling cost based on the type of packing selected Here are the steps to achieve such requirements Step 1: Create the necessary extra checkout fields e.g. district . Step 2: Create JQuery file to send the parameter as a checout parameter so that the necessary calculations can be made based on the custom checkout field update [crayon-59c1011d899b1438548663/] Step 3: Peform calculation based on the custom checkout field and add the value to the session variable [crayon-59c1011d899ba583919549/] Step 4: Retreive the...
Read More

preg_grep – find keys in an array that match a pattern

Sometimes there is a need to find a key/s of an array that matches a particular pattern. array_search searches the array for a given value and returns the corresponding key but it matches the entire word. Here's a scenario. You have a list of tags and you want to provide a user to seach a particular tag which closely matches to their search. So here are some of the tags in an array [crayon-59c1011d8a37a333555077/] If the user enters Wordpress we want to show Wordpress Plugins as well as Wordpress Tweaks. So this is how it can be done using preg_grep [crayon-59c1011d8a38a390449254/] where $key is the user input i.e. Wordpress in this case In our case $filtered_tags will be an array and will return 0=>Wordpress Plugins 1=>Wordpress Tweaks  ...
Read More

WordPress plugin – Create an explore topics page for your site/blog

Tags can be used quite effectively to show various topics you have covered on your site/blog. Here is a plugin which lets you create an alphabetical listing of tags with search as you type filter as shown below This plugin automatically lays all your tags in alphabetical order on a page and adds an ajax filter input box which allows to search as you type for a particular topic/tag. Download the plugin from Wordpress Plugin Repository Features Search for topics as you type, Supports Multisite, Show your users the vast range of topics covered on your site, Help in visitor retention and reduce Bounce Rate, Simple and easy to configure  ...
Read More