Created
April 30, 2010 00:51
-
-
Save boogah/384539 to your computer and use it in GitHub Desktop.
Things I've learned by being a WordPress nerd.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| WP Bag of Tricks | |
| 1. Helpful Scripts/Plugins: | |
| Hacks: | |
| http://wordpress.org/extend/plugins/tac/ | |
| http://wordpress.org/extend/plugins/exploit-scanner/ (Can be extremely resource intensive.) | |
| http://wordpress.org/extend/plugins/wp-malwatch/ | |
| Troubleshooting: | |
| http://yoast.com/emergency-wordpress-access/ | |
| http://wordpress.org/extend/plugins/wpdb-profiling/ (I love this plugin!) | |
| http://wordpress.org/extend/plugins/memory-viewer/ (Adds a breakdown of how much memory each hook is using to the footer!) | |
| http://wordpress.org/extend/plugins/debug-bar/ (Adds a "debug" menu to the WP menu bar. Like Firebug for WP.) | |
| http://wordpress.org/extend/plugins/debug-bar-extender/ (Adds a lot of helpful tools to the plugin above.) | |
| Full Site Backups: | |
| http://wordpress.org/extend/plugins/wp-time-machine/ (Can be easily hacked to work with DreamHost's Ceph beta.) | |
| DB Backups: | |
| http://wordpress.org/extend/plugins/dbc-backup/ | |
| http://wordpress.org/extend/plugins/wp-dbmanager/ | |
| Caching: | |
| http://wordpress.org/extend/plugins/wp-super-cache/ | |
| http://wordpress.org/extend/plugins/db-cache-reloaded/ | |
| Spam: | |
| http://wordpress.org/extend/plugins/akismet/ | |
| http://wordpress.org/extend/plugins/wp-hashcash/ | |
| 2. On the Site: | |
| Suppress any and all error messages in WordPress: | |
| error_reporting(0); // Add this code to wp-config.php, right after the PHP declaration. | |
| Hard coding the site URL via wp-config.php: | |
| define('WP_HOME','http://domain.com'); // These two settings will remove the ability to change the site URL in wp-admin. | |
| define('WP_SITEURL','http://domain.com'); // Use at your own peril! | |
| Changing the URL values in the database via wp-config.php: | |
| define('RELOCATE',true); // Visit wp-login.php. Log in. Remove this line! | |
| Tell WordPress to use whatever URL you visit it from: | |
| define('WP_HOME', 'http://'.$_SERVER['HTTP_HOST']); | |
| define('WP_SITEURL', 'http://'.$_SERVER['HTTP_HOST']); | |
| Change the URLs post site move before you have the chance to do a find/replace on the DB: | |
| // Add this to wp-config.php - but then actually change the URLs in the database. | |
| // Don't be lazy! | |
| ob_start( 'nacin_dev_urls' ); | |
| function nacin_dev_urls( $buffer ) { | |
| $live = 'http://olddomain.com'; | |
| $dev = 'http://newdomain.com'; return str_replace( $live, $dev, $buffer ); | |
| } | |
| Repair & Optimize DB: | |
| http://example.com/wp-admin/maint/repair.php | |
| Clean debugging: | |
| // Add this to wp-config.php to cleanly debug a site. | |
| // Just make sure to turn it off when you're done! | |
| define('WP_DEBUG', true); // Turn debugging ON | |
| define('WP_DEBUG_DISPLAY', false); // Turn forced display OFF | |
| define('WP_DEBUG_LOG', true); // Turn logging to wp-content/debug.log ON | |
| # Drop this in a .htaccess file in wp-content to keep the log safe. | |
| <files debug.log> | |
| order allow,deny | |
| deny from all | |
| </files> | |
| # tail -f wp-content/debug.log | |
| TimThumb Debugging: | |
| - Edit "timthumb.php". | |
| - Find these lines: | |
| if(! defined('DEBUG_ON') ) define ('DEBUG_ON', false); // Enable debug logging to web server error log (STDERR) | |
| if(! defined('DEBUG_LEVEL') ) define ('DEBUG_LEVEL', 1); // Debug level 1 is less noisy and 3 is the most noisy | |
| - And make them look like this: | |
| if(! defined('DEBUG_ON') ) define ('DEBUG_ON', true); // Enable debug logging to web server error log (STDERR) | |
| if(! defined('DEBUG_LEVEL') ) define ('DEBUG_LEVEL', 3); // Debug level 1 is less noisy and 3 is the most noisy | |
| - Then look at the error when you try to pull up one of the broken images: | |
| http://domain.com/wp-content/path/to/timthumb.php?src=image.jpg | |
| Disable Theme & Plugin Editor: | |
| define( 'DISALLOW_FILE_EDIT', true ); | |
| White Screen of Death: | |
| - Add "define('WP_DEBUG', true);" to "wp-config.php". | |
| - Comment out "define('WP_CACHE', true);" line in "wp-config.php". | |
| - Edit "wp-content/advanced-cache.php" and make sure the path matches up to the actual paths. | |
| - Disable plugins by moving/renaming plugins directory. | |
| - Change "template" and "stylesheet" in wp_options to another theme. | |
| 500 Errors: | |
| - Disable plugins by moving/renaming plugins directory. | |
| - Change "template" and "stylesheet" in wp_options to another theme. | |
| When wp-login.php directs back to itself: | |
| - Disable plugins by moving/renaming plugins directory. | |
| - Check to make sure that the "siteurl" and "home" values match. Sometimes one is missing a www when the other has it - or is just wrong. | |
| Seeing "Briefly unavailable for scheduled maintenance. Check back in a minute." error: | |
| - Remove .maintenance file from user's home directory. | |
| Change wp-admin to a language you can read: | |
| - Comment out "define ('WPLANG', 'pt_BR');" or whatever value is set in "wp-config.php". | |
| - Insert "define ('WPLANG', '');" into "wp-config.php". Now the dashboard is in English! | |
| - Do what you need to do. | |
| - Remove the inserted value and uncomment the old value. | |
| - Make sure you can't read the dashboard anymore. ;) | |
| Let yourself into wp-admin without password info: | |
| - Open database in phpMyAdmin. | |
| - Browse to "wp_users" or whatever it might be called with an alternate prefix. | |
| - Click the little pencil icon next to the "admin" account. | |
| - In "user_pass" field, copy out the hashed info in "Value" to a safe place. | |
| - Select "MD5" from the Function dropdown for "user_pass". | |
| - Insert plain text password in "Value" field where hashed value was. | |
| - Click "Go". | |
| - Use the password you set to log in to site's wp-admin and do what you need to. | |
| - Change the password back by editing the user, pasting in the old (saved) value and pressing "Go". Do not select "MD5" from the dropdown! | |
| Revisions & Auto Save: | |
| Place these values in wp-config.php to limit and slow down auto saves: | |
| define('AUTOSAVE_INTERVAL', 120 ); // Default value is 60 seconds. | |
| define(’WP_POST_REVISIONS’, 3); // Number of revisions to save. | |
| Place these values in wp-config.php to kill auto saves completely: | |
| define(’WP_POST_REVISIONS’, false); // Turns off post revisions. | |
| MySQL command to clear out revisions: | |
| DELETE FROM wp_posts WHERE post_type = "revision"; | |
| MySQL command to clear out posts in the trash: | |
| DELETE FROM wp_posts WHERE post_type = "trash"; | |
| MySQL command to clear out spam: | |
| DELETE FROM wp_comments WHERE comment_approved = "spam"; | |
| MySQL command to clear out comments in the trash: | |
| DELETE FROM wp_comments WHERE comment_approved = "trash"; | |
| MySQL command to clear out a large run of unapproved comments: | |
| DELETE FROM wp_comments WHERE comment_approved = "0"; | |
| MySQL commands to run after moving a site to a new domain: | |
| UPDATE wp_options SET option_value = replace(option_value, 'http://www.oldsite.com', 'http://www.newsite.com') WHERE option_name = 'home' OR option_name = 'siteurl'; | |
| UPDATE wp_posts SET guid = replace(guid, 'http://www.oldsite.com','http://www.newsite.com'); | |
| UPDATE wp_posts SET post_content = replace(post_content, 'http://www.oldsite.com', 'http://www.newsite.com'); | |
| UPDATE wp_postmeta SET meta_value = replace(meta_value, 'http://www.oldsite.com', 'http://www.newsite.com'); | |
| Re-running approved comments thru Akismet: | |
| http://jasoncosper.com/archives/rekismet/ (Note: Very load intensive on sites with LOTS of comments.) | |
| Secret Key (for wp-config.php) Generator: | |
| https://api.wordpress.org/secret-key/1.0/ (For 2.5.x users. One key. Not recommended!) | |
| https://api.wordpress.org/secret-key/1.1/ (For 2.6.x to 2.9.x users. Four keys.) | |
| https://api.wordpress.org/secret-key/1.1/salt/ (For 3.0.x and up. Eight keys. This is the way to go!) | |
| If the user has an SSL cert for their domain: | |
| define('FORCE_SSL_ADMIN', true); // Force visits to wp-admin to go thru SSL. | |
| Extra security - it's a good thing. ;) | |
| 3. Known Issues: | |
| http://wordpress.org/support/ | |
| http://core.trac.wordpress.org/ | |
| https://irclogs.wordpress.org/ | |
| http://www.wpsecure.net/ (Current exploits) | |
| Note: Paste errors into "Search" on first 3 links. | |
| 4. Developer News: | |
| http://wpdevel.wordpress.com/ | |
| http://lists.automattic.com/mailman/listinfo/wp-hackers | |
| 5. URLs of Interest: | |
| http://www.smashingmagazine.com/2010/07/01/10-useful-wordpress-security-tweaks/ | |
| http://ottopress.com/2011/how-to-cope-with-a-hacked-site/ | |
| http://www.exploit-db.com/search/?action=search&filter_description=wordpress&filter_type=6 | |
| http://www.w3-edge.com/weblog/2011/02/optimize-social-media-button-performance/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi ... I'm now supporting / have adopted DBC Backup as a plugin ... Can I suggest you change line 25 please and update it. You can find the plugin on WordPress at http://wordpress.org/extend/plugins/dbc-backup-2/