A few handy commands to cut to the chase and find the crap spammers/skiddies have added to a WP install:
Find files containing text recursively:
A good use of this is to search for the below. It can return false positives, but finds a function commonly used to obsfucate code:
Diff two installations. If you have a clean copy of WP, you can compare it to a compromised version to find the differences. Here I am excluding the error_log file, and sending the output to diff.txt for review:
Find php files (and other filetypes that should not be present in the uploads directory. This is typically one if the first places things are placed:
Grep the DB. Sometimes things get hidden in the database in an effort to hide malware. Considering that a WordPress database is tiny in the grand scheme of things, a simple way to quickly review what is in the database is to use mysqldump, phpmyadmin or whatever tool you would like to export the entire database to SQL. Then you can review the contents easily. Be on the lookout for base64 encoded strings, they are a good giveaway.
Find recently modified PHP files:
I recently deployed a WordPress site. As part of the development cycle, we first built the site on staging.example.com, then moving it to the primary domain at launch. One issue that this can cause is when creating content, WordPress will create links with the full site’s URL. In our case the staging domain was linked on most images and links. When we went live, this caused some issues. It’s not a uncommon thing to run into, and fortunately there is a simple solution. The following PHP script will connect to the database, searching all tables for the specified string (in our instance a domain name) and replacing it with another string.
Simply update the username, password, database, string_to_replace and new_string with the appropriate values and you are off! I would recommend backing up the database to be safe.
Thanks to jimmy.zoger on Stack Overflow for the useful solution.
A follow up to this, is that if the values in the database are serialized, a find/replace can wreak havoc on things as it will likely break the serialization unless the character count is the same. A very nice utility I found is the following and it handles the serialization perfectly: https://interconnectit.com/products/search-and-replace-for-wordpress-databases/
I recently updated some webservers to use PHP 5.4 from 5.3. For a few WordPress sites, this caused it to begin spitting out Warning messages on the website. The warning messages in some cases caused other issues because response headers were already written due to the error, etc.
While the real solution here is to refactor the code to not use deprecated functions, a simple quick and dirty workaround is to add the following directive to the wp-config.php file:
How does it work?
This code checks/unchecks all checkboxes within the same fieldset. Simple and semantic.
Add checkboxes however you like, just make sure they are within the same fieldset.
And the jQuery to go along with it:
Ran into a issue where I wanted to do a mysqldump of a database in order to transfer it to a new server.
This failed saying that three of the tables were corrupted. I ran the mysqlcheck utility to see if it could be repaired:
It outputted the following errors among checking the rest of the tables successfully:
I was strongly suspecting that these tables were old remnants of a old software version or something along those lines.
I tried to re-run the command, telling it to repair the tables. It kicked out the same errors about the tables not being found.
Went ahead and issues a drop command for the three tables, as I suspect this is unused and leftover from a previous upgrade.
After each of the drop statements, MySQL reported a error that it was unable to delete as it could not find the table. I re-ran mysqlcheck and found that it actually did remove them, and it reported no issues. I was then able to go ahead and re-run my mysqldump command and completed extracting the database.
You don’t need a merchant account or gateway. Stripe handles everything, including storing cards, subscriptions, and direct payouts to your bank account.
Stripe.js lets you build your own payment forms while still avoiding PCI requirements.
Bonsai’s main features include:
Architecturally separated runner and renderer
iFrame, Worker and Node running contexts
Assets (Videos, Images, Fonts, SubMovies)
Keyframe and time based animations (easing functions too)
and much more…
Bones is a WordPress Theme for Developers — Built around the HTML5 Boilerplate, Bones is a rock solid foundation to start any WordPress project. Keep what you need, remove what you don’t. It’s totally up to you.
Bones is not a Framework — Frameworks are great, but sometimes they make things more complicated than they need to be. Bones is bare and as minimalistic as possible. It’s meant to be used as a per-project template, this means no Child Themes. Hooray!
I recently had a client of mine have a link to their website published in a online newspaper. The paper typo’d the URL and tacked a trailing . to the end of the HREF. A quick .htaccess edit resolved the issue:
The NHP Theme Options Framework has an exhaustive list of features, which include…
Simple, Easy to use
Simple Theme Options Framework for WordPress, Leaving you to concentrate on creating beutiful WP Themes.
Built In Field Types
Contains many built in field types for easy use (all basic field types like text, checkbox, select, upload are built in).
Built In Validation Methods
Contains many built in validation methods for clean data saving (email, url, numeric, escape js, no html, html).
Custom Error/Warning Handling
Using the Validation methods you can create custom errorand warning messages for each field type.
Multiple Option Sections
Have as many, or as little sections as you need.
Custom Tab Sections
Want to show additional info in your options panrl? Its there for you to use and abuse.
Extendable Field Classes
Easily create custom field classes for use in your theme options. View WIKI
Extendable Validation Classes
Want custom validation? Just use the extendable Validation Class methods. View WIKI
Many Hook points to customise the Framework to your requirements. View WIKI
Action hooks and filters are very useful in WordPress. They allow you to “hook” a custom function to an existing function, which allows you to modify WordPress functionality without editing core files.
A cool button generator with a large array of customizable features: