Skip to content

Instantly share code, notes, and snippets.

@mcgwier
Forked from boogah/WP_Bag_of_Tricks.txt
Created February 16, 2012 17:53
Show Gist options
  • Save mcgwier/1846722 to your computer and use it in GitHub Desktop.
Save mcgwier/1846722 to your computer and use it in GitHub Desktop.
Things I've learned by being a WordPress nerd.
WP Bag of Tricks
1. Helpful Scripts/Plugins:
Hacks:
http://wordpress.org/extend/plugins/tac/
http://wordpress.org/extend/plugins/exploit-scanner/ (Can be extremely resource intensive.)
http://wordpress.org/extend/plugins/wp-malwatch/
Troubleshooting:
http://yoast.com/emergency-wordpress-access/
http://wordpress.org/extend/plugins/wpdb-profiling/ (I love this plugin!)
http://wordpress.org/extend/plugins/memory-viewer/ (Adds a breakdown of how much memory each hook is using to the footer!)
http://wordpress.org/extend/plugins/debug-bar/ (Adds a "debug" menu to the WP menu bar. Like Firebug for WP.)
http://wordpress.org/extend/plugins/debug-bar-extender/ (Adds a lot of helpful tools to the plugin above.)
Full Site Backups:
http://wordpress.org/extend/plugins/wp-time-machine/ (Can be easily hacked to work with DreamHost's Ceph beta.)
DB Backups:
http://wordpress.org/extend/plugins/dbc-backup/
http://wordpress.org/extend/plugins/wp-dbmanager/
Caching:
http://wordpress.org/extend/plugins/wp-super-cache/
http://wordpress.org/extend/plugins/db-cache-reloaded/
Spam:
http://wordpress.org/extend/plugins/akismet/
http://wordpress.org/extend/plugins/wp-hashcash/
2. On the Site:
Suppress any and all error messages in WordPress:
error_reporting(0); // Add this code to wp-config.php, right after the PHP declaration.
Hard coding the site URL via wp-config.php:
define('WP_HOME','http://domain.com'); // These two settings will remove the ability to change the site URL in wp-admin.
define('WP_SITEURL','http://domain.com'); // Use at your own peril!
Changing the URL values in the database via wp-config.php:
define('RELOCATE',true); // Visit wp-login.php. Log in. Remove this line!
Tell WordPress to use whatever URL you visit it from:
define('WP_HOME', 'http://'.$_SERVER['HTTP_HOST']);
define('WP_SITEURL', 'http://'.$_SERVER['HTTP_HOST']);
Change the URLs post site move before you have the chance to do a find/replace on the DB:
// Add this to wp-config.php - but then actually change the URLs in the database.
// Don't be lazy!
ob_start( 'nacin_dev_urls' );
function nacin_dev_urls( $buffer ) {
$live = 'http://olddomain.com';
$dev = 'http://newdomain.com'; return str_replace( $live, $dev, $buffer );
}
Repair & Optimize DB:
http://example.com/wp-admin/maint/repair.php
Clean debugging:
// Add this to wp-config.php to cleanly debug a site.
// Just make sure to turn it off when you're done!
define('WP_DEBUG', true); // Turn debugging ON
define('WP_DEBUG_DISPLAY', false); // Turn forced display OFF
define('WP_DEBUG_LOG', true); // Turn logging to wp-content/debug.log ON
# Drop this in a .htaccess file in wp-content to keep the log safe.
<files debug.log>
order allow,deny
deny from all
</files>
# tail -f wp-content/debug.log
TimThumb Debugging:
- Edit "timthumb.php".
- Find these lines:
if(! defined('DEBUG_ON') ) define ('DEBUG_ON', false); // Enable debug logging to web server error log (STDERR)
if(! defined('DEBUG_LEVEL') ) define ('DEBUG_LEVEL', 1); // Debug level 1 is less noisy and 3 is the most noisy
- And make them look like this:
if(! defined('DEBUG_ON') ) define ('DEBUG_ON', true); // Enable debug logging to web server error log (STDERR)
if(! defined('DEBUG_LEVEL') ) define ('DEBUG_LEVEL', 3); // Debug level 1 is less noisy and 3 is the most noisy
- Then look at the error when you try to pull up one of the broken images:
http://domain.com/wp-content/path/to/timthumb.php?src=image.jpg
White Screen of Death:
- Add "define('WP_DEBUG', true);" to "wp-config.php".
- Comment out "define('WP_CACHE', true);" line in "wp-config.php".
- Edit "wp-content/advanced-cache.php" and make sure the path matches up to the actual paths.
- Disable plugins by moving/renaming plugins directory.
- Change "template" and "stylesheet" in wp_options to another theme.
500 Errors:
- Disable plugins by moving/renaming plugins directory.
- Change "template" and "stylesheet" in wp_options to another theme.
When wp-login.php directs back to itself:
- Disable plugins by moving/renaming plugins directory.
- Check to make sure that the "siteurl" and "home" values match. Sometimes one is missing a www when the other has it - or is just wrong.
Seeing "Briefly unavailable for scheduled maintenance. Check back in a minute." error:
- Remove .maintenance file from user's home directory.
Change wp-admin to a language you can read:
- Comment out "define ('WPLANG', 'pt_BR');" or whatever value is set in "wp-config.php".
- Insert "define ('WPLANG', '');" into "wp-config.php". Now the dashboard is in English!
- Do what you need to do.
- Remove the inserted value and uncomment the old value.
- Make sure you can't read the dashboard anymore. ;)
Let yourself into wp-admin without password info:
- Open database in phpMyAdmin.
- Browse to "wp_users" or whatever it might be called with an alternate prefix.
- Click the little pencil icon next to the "admin" account.
- In "user_pass" field, copy out the hashed info in "Value" to a safe place.
- Select "MD5" from the Function dropdown for "user_pass".
- Insert plain text password in "Value" field where hashed value was.
- Click "Go".
- Use the password you set to log in to site's wp-admin and do what you need to.
- Change the password back by editing the user, pasting in the old (saved) value and pressing "Go". Do not select "MD5" from the dropdown!
Revisions & Auto Save:
Place these values in wp-config.php to limit and slow down auto saves:
define('AUTOSAVE_INTERVAL', 120 ); // Default value is 60 seconds.
define(’WP_POST_REVISIONS’, 3); // Number of revisions to save.
Place these values in wp-config.php to kill auto saves completely:
define(’WP_POST_REVISIONS’, false); // Turns off post revisions.
MySQL command to clear out revisions:
DELETE FROM wp_posts WHERE post_type = "revision";
MySQL command to clear out posts in the trash:
DELETE FROM wp_posts WHERE post_type = "trash";
MySQL command to clear out spam:
DELETE FROM wp_comments WHERE comment_approved = "spam";
MySQL command to clear out comments in the trash:
DELETE FROM wp_comments WHERE comment_approved = "trash";
MySQL command to clear out a large run of unapproved comments:
DELETE FROM wp_comments WHERE comment_approved = "0";
MySQL commands to run after moving a site to a new domain:
UPDATE wp_options SET option_value = replace(option_value, 'http://www.oldsite.com', 'http://www.newsite.com') WHERE option_name = 'home' OR option_name = 'siteurl';
UPDATE wp_posts SET guid = replace(guid, 'http://www.oldsite.com','http://www.newsite.com');
UPDATE wp_posts SET post_content = replace(post_content, 'http://www.oldsite.com', 'http://www.newsite.com');
UPDATE wp_postmeta SET meta_value = replace(meta_value, 'http://www.oldsite.com', 'http://www.newsite.com');
Re-running approved comments thru Akismet:
http://jasoncosper.com/archives/rekismet/ (Note: Very load intensive on sites with LOTS of comments.)
Secret Key (for wp-config.php) Generator:
https://api.wordpress.org/secret-key/1.0/ (For 2.5.x users. One key. Not recommended!)
https://api.wordpress.org/secret-key/1.1/ (For 2.6.x to 2.9.x users. Four keys.)
https://api.wordpress.org/secret-key/1.1/salt/ (For 3.0.x and up. Eight keys. This is the way to go!)
If the user has an SSL cert for their domain:
define('FORCE_SSL_ADMIN', true); // Force visits to wp-admin to go thru SSL.
Extra security - it's a good thing. ;)
3. Known Issues:
http://wordpress.org/support/
http://core.trac.wordpress.org/
https://irclogs.wordpress.org/
http://www.wpsecure.net/ (Current exploits)
Note: Paste errors into "Search" on first 3 links.
4. Developer News:
http://wpdevel.wordpress.com/
http://lists.automattic.com/mailman/listinfo/wp-hackers
5. URLs of Interest:
http://www.smashingmagazine.com/2010/07/01/10-useful-wordpress-security-tweaks/
http://ottopress.com/2011/how-to-cope-with-a-hacked-site/
http://www.exploit-db.com/search/?action=search&filter_description=wordpress&filter_type=6
http://www.w3-edge.com/weblog/2011/02/optimize-social-media-button-performance/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment