A Redis object cache for WordPress

Written late at night in English • Tags: , , , ,

WordPress Site Health had been nagging me to use a persistent object cache. I already run Zend OpCache, so I wondered what else I needed.

OpCache is an opcode cache: it stores the compiled bytecode of the PHP source so the engine need not recompile it on every request. The object cache is a different layer, holding the results of database queries and transients. WordPress ships with a non-persistent object cache that lives only for the duration of a single request; making it persistent means backing it with something that survives across requests, such as Redis.

On this site I manage the WordPress tree with svn and do not let PHP write into it, which changes a couple of the steps from the usual click-in-the-dashboard instructions. While I also generally prefer nginx and PHP-FPM, this site is still on Apache with mod_php. However, the installation is basically the same regardless of the web server software, but troubleshooting differs between them. I’m covering both here. (more…)

»
TIL: Switching a WordPress site to HTTPS will result in mixed content. (more…)
»
WordPress 4.0 “Benny” is out!
»
When I click on Preview in the WordPress editor, Fluid makes a GET request to the web server. It still uses the action address specified in the #post form (post.php), just not the POST method. But none of the form values are included, so I end up staring at a listing of all posts instead of the preview I wanted. Maybe it is getting confused by the fact that the #post-preview “button” is actually an HTML link (an a element)? There is also some JavaScript that attaches to the click event of the link (see the doPreview() function).
»
Upgraded to WordPress 3.6. The admin bar went missing on the front end…

Two-factor authentication for WordPress

Written late in the morning in English • Tags: , , ,

Content management systems are being targeted by brute-force password attacks. Improve the security of your self-hosted WordPress blog by installing the Google Authenticator plugin. (more…)

Hiding from spammers

Written at lunch time in English • Tags: ,

For a long time now I’ve removed the generator meta tag from all WordPress installations I’ve setup. Mentioning WordPress is just honey for the bees. Since I removed the meta tags the amount of spam has decreased remarkably. Posts about WordPress are targeted much sooner and for much longer than other posts.

Starting with WordPress 2.4 the generator information is inserted by the core code, as opposed to the theme. This means that the meta tag will reappear even if you have removed it from your theme. However, this is actually a good change, because now you can disable the tag not only from the HTML pages generated by the theme, but also from all other formats WordPress outputs. The information is created by a couple of functions centrally instead of scattered instances through the code.

I’ve created a plugin to accomplish this: No Generator works with the trunk code from svn, and will work with 2.4 once it is released.

Suomenkielinen WordPress 2.2.3

Kirjoitettu puoliltapäivin suomeksi • Tägit:

WordPressin versio 2.2.3 on tietoturvapäivitys. Sen asentamista suositellaan välittömästi.

Lataa suomenkielinen WordPress 2.2.3

Lisätietoa englanniksi: korjatut bugit ja muuttuneet tiedostot.

WordPress 2.2.2 ja 2.0.11 suomeksi

Kirjoitettu puoliltapäivin suomeksi • Tägit:

Suomenkielinen WordPress on taas ajan tasalla. Versiot 2.2.2 ja 2.0.11 julkaistiin 3 tuntia sitten englanniksi ja sisältävät tietoturvaan liittyviä korjauksia. Suomenkieliset versiot niistä voi nyt ladata suomenkielisen WordPressin kotisivulta:

http://kimmo.suominen.com/sw/wordpress-fi/

Itse törmäsin päivityksessä palvelimen oletusasetusten tuomaan yllättävään lisäongelmaan. (jatkuu…)

»
Version 3.0 of the DoFollow plugin can differentiate between comments left by registered users and other visitors. (more…) (4)