How to Properly Set up an SSL Certificate for a News Site Based on WordPress

Posted by on Dec 19, 2016 in WordPress | 0 comments

Last month I had to set up an SSL certificate for a news site based on WordPress. The owner writes some of the content but there's also content that's pulled from various external sources. The last part posed some challenges. The external content contained a mix of secure and non-secure links to pages and images. Different browsers *complained* about different issues differently. The Solution All instructions are listed here: https://gist.github.com/lordspace/db99e4982839f16e9637de4af7ba099b In order to keep the browsers happy and see a nice green padlock in the address bar I had to make sure all of the resources are loaded from an https location. This applies to both internal and external links. To do that I had to capture the output very early on, do some magic with it and return it. Initially, I have tried with a system WordPress (mu-plugin) that hooked into a content filter but not all of the content was captured. I've also tried to capture the content using ob_start() in the mu-plugin but that didn't work either so I had to use ob_start() in the wp-config.php Correcting links The sites that supported secure links non-secure links were corrected to the secure links. Those links were from sites such as facebook, google, youtube, blogger, feedblitz, linkedin etc. All other links were passed through a redirect script hosted on the https version of the current site (e.g. https://example.com/r.php?r=http://some-external-site.com/test The images were also passed through that redirect script. Firefox was *ok* with that but Chrome still complained about mixed content in the Developer Console (F12). Chrome's warnings made me update the redirect script so it pulled the external images locally. The remote pulling was done once per month and images were stored in deep folder structure (wp-content/remote_images/a/b/c/site_com_image_some_hashasfasfasf) so they are quickly retrieved. It seems the site was also outputting some binary content so the output correcting script had to check if the content contained binary data the first 120 bytes contained one of these strings: ZIP, PDF, PNG, JPG etc.   SSL Provider I have kept an eye on the Let's Encrypt service for quite some time now so I have decided to give it a try. Let's encrypt gives you a free SSL certificate which is valid for 90 days. The client's site was on a VPS server (from linode) which I fully controlled so I wasn't going to be restricted in any way. Let's encrypt doesn't support Wildcard SSL and probably won't in near future so you have to list all of the domains and subdomains that need to be supported. I have seen examples that allow one SSL certificate to work for multiple domains but I prefer to keep each domain's certificates separate. Of course, if...

Read More

How to Send the Result from an Automated Task (Cron Job) to an Email

Posted by on Nov 29, 2016 in Automation | 0 comments

Yesterday, I launched a PPC campaign for one of my services and added some tracking on my end. As a developer I am supposed to be lazy so I decided to set up a regular cron job that will send me stats every few days. The idea I set up a cron job to call a given website every Monday, Wednesday & Friday at 8:30AM. The output from that link needed to be sent to an email address. The idea is to call a website which will generate some stats and those stats need to be emailed. This is a huge time saving  because I don't have to login anywhere and the stats are conveniently delivered to my email address. How I did it Log into linux server or you can use your control panel's interface to set it. crontab -e Add a cron job task # Mon, Wed, Fri at 8:30am 30 08 * * 1,3,5 lynx --source 'http://example.com/?orbisius_gen_stats=1' 2&gt;&amp;1 | mail -a "Content-type: text/html" -s "CPC Report" 'reports@example.com' 2>&1 is necessary so the output gets redirected from STDERR to STDOUT. -s "CPC Report" <== this is the subject line. If the app doesn't return the stats in HTML you can remove the following params: -a "Content-type: text/html" 'reports@example.com' <== This is the recipient. Make sure you use your email address ;)   Related...

Read More

How to Prevent Search Engines from Indexing the Entire WordPress Multisite Network

Posted by on Nov 28, 2016 in WordPress | 0 comments

From time to time you will need to block search engines from accessing to the entire WordPress Multisite network. Scanario 1: Staging site that is an exact replica of the live site. It's a great idea to have it because that way you can safely experiment with new functionality and/or design. Scenario 2: An agency has set up a staging site for their client so the client can see the progress during the development. Scenario 3: An agency is about to hire a developer/designer to work on the site. Before access is given the site is cleaned up from any client orders & data.   Password Protection Password protecting a site (basic authentication) is a valid option to protect a site. If the site is an ecommerce site which uses PayPal the password may/will cause problems. Because after each transaction Paypal calls your server to notify it about the recent transaction. If PayPal can't access the site (because of the password) then the orders would stay as pending/waiting for payment. You can search how to protect a folder based on the control panel (cPanel or Plesk). Telling search engines not to index the site The following examples assume that you're using Apache webserver. This example tells bots not to index the site (using .htacces). <IfModule mod_headers.c> # https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag Header set X-App-Env "Staging" Header set X-Robots-Tag "noindex, nofollow" </IfModule> Blocking all Bots <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTP_USER_AGENT} ^.*(bot|googlebot|bingbot|Baiduspider|Yandex|HTTrack|crawl|index|download|extract|stripper|sucker|ninja|clshttp|spider|leacher|collector|grabber|webpictures).*$ [NC] RewriteRule .* - [R=403,L] </IfModule>   Telling bots not to index the site (using a system / MU WordPress plugin). You will need to create a file in wp-content/mu-plugins/staging-noindex.php If wp-content/mu-plugins doesn't exist, create it. The php solution works a little bit differently. If checks if the WordPress site's domain contains one of the following keywords. If it does the system plugin will assume that's it's a staging environment. Only then the noindex is sent to the browser. That way when the site is finally moved to a production server the noindex will not be sent. Pretty smart :) staging, test, development, dev, sandbox, new, example, sample, testing, clients Examples: staging.example.com, dev.example.com, client-staging.com <?php ///////////////////////////////////////////////////////////////////////////////////////////////////// // Example 1 /** * Appends some code to the HTML head php to stop search engines from indexing the (staging) site. * @author Svetoslav (Slavi) Marinov | http://orbisius.com */ function qsandbox_staging_noindex() { $output_no_index = php_sapi_name() != 'cli' // the following below [w\.] is to skip any www\. stuff && ( ! empty( $_SERVER['SERVER_NAME'] ) && preg_match( '#(staging|test|development|dev|sandbox|new|example|sample|testing|clients)\d*\.#si', $_SERVER['SERVER_NAME'] ) ); if ( $output_no_index ) { echo "\n<!-- Staging -->\n<meta name='robots' content='noindex,nofollow' />\n<!-- /Staging -->\n"; } } add_action( 'wp_head', 'qsandbox_staging_noindex', 0 ); ///////////////////////////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////////////////////////// // Example 2 /** * Outputs the http headers using php...

Read More

How to Troubleshoot a WordPress Redirect Loop

Posted by on Nov 21, 2016 in WordPress | 0 comments

Redirects are one of the trickiest things to troubleshoot and can cause lots of coffee drinking and possibly sleepless nights :) Here's a video explanation for the whole process. I had to troubleshoot redirect loop issue with one of my recently semi-launched products: EasyWPHost.   The Issue The issue was when the user tried to register WordPress would redirect to default WordPress registration page and then do another redirect to the registration page that was provided by the Membership plugin. It was weird & frustrating. I've even installed xdebug extension to find out what's causing this but setting the debugger & IDE would have been time consuming . I have used Membership2 plugin from WPMUDEV. The funny thing is that I was 99% sure that it was the membership plugin that was causing the issue as all the leads were pointing to it. When I disable the content protection from its settings page the site would work normally. Adam and Predrag from WPMUDEV team tried very hard to troubleshoot the issue but since I am an advanced developer I also make advanced and hard to find bugs :)   Cause It turned out that I had my own redirect rules for links that contain the text: signup, join, register to redirect to the registration page. In hindsight it would have been better for me to hook into a 404 action/filter and then do my own processing. The logic should have been if a page doesn't exist process it... but we can only connect the dots looking backward, right?   The solution I find this part the most important/interesting part. I just couldn't let the issue go. I even dreamt about it. I hate leaving issues unresolved because they consume mental energy.  I was also curious was causing this. I remembered that WordPress has lots of hooks (filters and actions) and php has a great function called debug_backtrace(). debug_backtrace is a super awesome function because it shows function calls that were executed before the current function is executed, the exact lines the function was called from, originating file, function arguments etc. The debug output looks like this. Mon, 21 Nov 2016 07:42:42 +0000 IP: 127.0.0.1 location: [http://easywphost.com/app/manage/], status [301] Backtrace array ( 0 => array ( 'file' => 'C:\\Copy\\Dropbox\\cloud\\projects\\clients\\easywphost.com\\htdocs\\wp-includes\\plugin.php', 'line' => 235, 'function' => 'orb_dbg_redirect_trbl', 'args' => array ( 0 => 'http://easywphost.com/app/manage/', 1 => 301, ), ), 1 => array ( 'file' => 'C:\\Copy\\Dropbox\\cloud\\projects\\clients\\easywphost.com\\htdocs\\wp-includes\\pluggable.php', 'line' => 1154, 'function' => 'apply_filters', 'args' => array ( 0 => 'wp_redirect', 1 => 'http://easywphost.com/app/manage/', 2 => 301, ), ), 2 => array ( 'file' => 'C:\\Copy\\Dropbox\\cloud\\projects\\clients\\easywphost.com\\htdocs\\wp-includes\\canonical.php', 'line' => 516, 'function' => 'wp_redirect', 'args' => array ( 0 => 'http://easywphost.com/app/manage/', 1 => 301, ), ),...

Read More

How to Make Mailchmp Newsletter Form Stand Out

Posted by on Nov 18, 2016 in Marketing | 0 comments

Mailchmp is a great service. I use it. Here's a CSS code to make it more obvious. /* Mailchimp override */ #mc_embed_signup { background: #eee none repeat scroll 0 0 !important; padding: 3px; border: 1px solid #aaa; } #mc_embed_signup h2 { margin-top: 0px !important; }   Why is this important? We'll it will attract attention and therefore this will increase the likelihood of a person joining your mailing list. Of course you can customize the border, background etc.  You need to paste the CSS snippet above in the style.css file of your (child)...

Read More