-
-
Save getsource/1317860 to your computer and use it in GitHub Desktop.
Things I've learned by being DreamHost's resident WordPress nerd.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| WP Bag of Tricks | |
| 1. Helpful Scripts/Plugins: | |
| Hacks: | |
| http://wordpress.org/extend/plugins/tac/ | |
| http://wordpress.org/extend/plugins/exploit-scanner/ (Can be extremely resource intensive.) | |
| http://wordpress.org/extend/plugins/wp-malwatch/ | |
| Troubleshooting: | |
| http://yoast.com/wordpress-debug-theme/ | |
| http://yoast.com/emergency-wordpress-access/ | |
| http://wordpress.org/extend/plugins/wpdb-profiling/ (I love this plugin!) | |
| http://wordpress.org/extend/plugins/tpc-memory-usage/ | |
| http://wordpress.org/extend/plugins/debug-bar/ (Adds a "debug" menu to the WP menu bar. Like Firebug for WP.) | |
| http://wordpress.org/extend/plugins/debug-bar-extender/ (Adds a lot of helpful tools to the plugin above.) | |
| Full Site Backups: | |
| http://wordpress.org/extend/plugins/wp-time-machine/ (Can be easily hacked to work with Ceph beta.) | |
| DB Backups: | |
| http://wordpress.org/extend/plugins/dbc-backup/ | |
| http://wordpress.org/extend/plugins/wp-dbmanager/ | |
| Caching: | |
| http://wordpress.org/extend/plugins/wp-super-cache/ | |
| http://wordpress.org/extend/plugins/db-cache-reloaded/ | |
| Spam: | |
| http://wordpress.org/extend/plugins/akismet/ | |
| http://wordpress.org/extend/plugins/wp-hashcash/ | |
| 2. On the Site: | |
| Hard coding the site URL via wp-config.php: | |
| define('WP_HOME','http://domain.com'); // These two settings will remove the ability to change the site URL in wp-admin. | |
| define('WP_SITEURL','http://domain.com'); // Use at your own peril! | |
| Changing the URL values in the database via wp-config.php: | |
| define('RELOCATE',true); // Visit wp-login.php. Log in. Remove this line! | |
| Tell WordPress to use whatever URL you visit it from: | |
| define('WP_HOME', 'http://'.$_SERVER['HTTP_HOST']); | |
| define('WP_SITEURL', 'http://'.$_SERVER['HTTP_HOST']); | |
| Change the URLs post site move before you have the chance to do a find/replace on the DB: | |
| // Add this to wp-config.php - but then actually change the URLs in the database. | |
| // Don't be lazy! | |
| ob_start( 'nacin_dev_urls' ); | |
| function nacin_dev_urls( $buffer ) { | |
| $live = 'http://olddomain.com'; | |
| $dev = 'http://newdomain.com'; return str_replace( $live, $dev, $buffer ); | |
| } | |
| Repair & Optimize DB: | |
| http://example.com/wp-admin/maint/repair.php | |
| Clean debugging: | |
| // Add this to wp-config.php to cleanly debug a site. | |
| // Just make sure to turn it off when you're done! | |
| define('WP_DEBUG', true); // Turn debugging ON | |
| define('WP_DEBUG_DISPLAY', false); // Turn forced display OFF | |
| define('WP_DEBUG_LOG', true); // Turn logging to wp-content/debug.log ON | |
| # Drop this in a .htaccess file in wp-content to keep the log safe. | |
| <files debug.log> | |
| order allow,deny | |
| deny from all | |
| </files> | |
| # tail -f wp-content/debug.log | |
| White Screen of Death: | |
| - Add "define('WP_DEBUG', true);" to "wp-config.php". | |
| - Comment out "define('WP_CACHE', true);" line in "wp-config.php". | |
| - Edit "wp-content/advanced-cache.php" and make sure the path matches up to the actual paths. | |
| - Disable plugins by moving/renaming plugins directory. | |
| - Change "template" and "stylesheet" in wp_options to another theme. | |
| 500 Errors: | |
| - Disable plugins by moving/renaming plugins directory. | |
| - Change "template" and "stylesheet" in wp_options to another theme. | |
| When wp-login.php directs back to itself: | |
| - Disable plugins by moving/renaming plugins directory. | |
| - Check to make sure that the "siteurl" and "home" values match. Sometimes one is missing a www when the other has it - or is just wrong. | |
| Seeing "Briefly unavailable for scheduled maintenance. Check back in a minute." error: | |
| - Remove .maintenance file from user's home directory. | |
| Change wp-admin to a language you can read: | |
| - Comment out "define ('WPLANG', 'pt_BR');" or whatever value is set in "wp-config.php". | |
| - Insert "define ('WPLANG', '');" into "wp-config.php". Now the dashboard is in English! | |
| - Do what you need to do. | |
| - Remove the inserted value and uncomment the old value. | |
| - Make sure you can't read the dashboard anymore. ;) | |
| Let yourself into wp-admin without password info: | |
| - Open database in phpMyAdmin. | |
| - Browse to "wp_users" or whatever it might be called with an alternate prefix. | |
| - Click the little pencil icon next to the "admin" account. | |
| - In "user_pass" field, copy out the hashed info in "Value" to a safe place. | |
| - Select "MD5" from the Function dropdown for "user_pass". | |
| - Insert plain text password in "Value" field where hashed value was. | |
| - Click "Go". | |
| - Use the password you set to log in to site's wp-admin and do what you need to. | |
| - Change the password back by editing the user, pasting in the old (saved) value and pressing "Go". Do not select "MD5" from the dropdown! | |
| Revisions & Auto Save: | |
| Place these values in wp-config.php to limit and slow down auto saves: | |
| define('AUTOSAVE_INTERVAL', 120 ); // Default value is 60 seconds. | |
| define(’WP_POST_REVISIONS’, 3); // Number of revisions to save. | |
| Place these values in wp-config.php to kill auto saves completely: | |
| define(’WP_POST_REVISIONS’, false); // Turns off post revisions. | |
| MySQL command to clear out revisions: | |
| DELETE FROM wp_posts WHERE post_type = "revision"; | |
| MySQL command to clear out posts in the trash: | |
| DELETE FROM wp_posts WHERE post_type = "trash"; | |
| MySQL command to clear out spam: | |
| DELETE FROM wp_comments WHERE comment_approved = "spam"; | |
| MySQL command to clear out comments in the trash: | |
| DELETE FROM wp_comments WHERE comment_approved = "trash"; | |
| MySQL command to clear out a large run of unapproved comments: | |
| DELETE FROM wp_comments WHERE comment_approved = "0"; | |
| Re-running approved comments thru Akismet: | |
| http://jasoncosper.com/archives/rekismet/ (Note: Very load intensive on sites with LOTS of comments.) | |
| Secret Key (for wp-config.php) Generator: | |
| https://api.wordpress.org/secret-key/1.0/ (For 2.5.x users. One key. Not recommended!) | |
| https://api.wordpress.org/secret-key/1.1/ (For 2.6.x to 2.9.x users. Four keys.) | |
| https://api.wordpress.org/secret-key/1.1/salt/ (For 3.0.x and up. Eight keys. This is the way to go!) | |
| If the user has an SSL cert for their domain: | |
| define('FORCE_SSL_ADMIN', true); // Force visits to wp-admin to go thru SSL. | |
| Extra security - it's a good thing. ;) | |
| 3. Known Issues: | |
| http://wordpress.org/support/ | |
| http://core.trac.wordpress.org/ | |
| https://irclogs.wordpress.org/ | |
| http://www.wpsecure.net/ (Current exploits) | |
| Note: Paste errors into "Search" on first 3 links. | |
| 4. Developer News: | |
| http://wpdevel.wordpress.com/ | |
| http://lists.automattic.com/mailman/listinfo/wp-hackers | |
| 5. URLs of Interest: | |
| http://www.smashingmagazine.com/2010/07/01/10-useful-wordpress-security-tweaks/ | |
| http://ottopress.com/2011/how-to-cope-with-a-hacked-site/ | |
| http://www.exploit-db.com/search/?action=search&filter_description=wordpress&filter_type=6 | |
| http://www.w3-edge.com/weblog/2011/02/optimize-social-media-button-performance/ | |
| 6. WP on nginx: | |
| This goes in "/home/user/nginx/example.com/wordpress.conf" at DreamHost. | |
| ####################### | |
| # FeedBurner | |
| # This always goes on top of any permalink rules. | |
| # Swap "your-feed" and "your-comment-feed" for the appropriate feeds at FeedBurner. | |
| if ($http_user_agent !~ FeedBurner) { | |
| rewrite ^/comment/feed/ http://feeds.feedburner.com/your-comment-feed last; | |
| rewrite ^/feed/ http://feeds.feedburner.com/your-feed last; | |
| } | |
| ####################### | |
| # Classic Permalinks | |
| # You should be caching. But if you're not, here's what you need. | |
| if (!-e $request_filename) { | |
| rewrite ^.*$ /index.php last; | |
| } | |
| ####################### | |
| # WP Super Cache | |
| # Use these in place of the standard permalink rules if WP Super Cache is on. | |
| # Not needed if "Use PHP to serve cache files." is checked in WP Super Cache. | |
| # if the requested file exists, return it immediately | |
| if (-f $request_filename) { | |
| break; | |
| } | |
| set $supercache_file ''; | |
| set $supercache_uri $request_uri; | |
| if ($request_method = POST) { | |
| set $supercache_uri ''; | |
| } | |
| # Using pretty permalinks, so bypass the cache for any query string | |
| if ($query_string) { | |
| set $supercache_uri ''; | |
| } | |
| if ($http_cookie ~* "comment_author_|wordpress|wp-postpass_" ) { | |
| set $supercache_uri ''; | |
| } | |
| # if we haven't bypassed the cache, specify our supercache file | |
| if ($supercache_uri ~ ^(.+)$) { | |
| set $supercache_file /wp-content/cache/supercache/$http_host/$1index.html; | |
| } | |
| # only rewrite to the supercache file if it actually exists | |
| if (-f $document_root$supercache_file) { | |
| rewrite ^(.*)$ $supercache_file break; | |
| } | |
| # all other requests go to Wordpress | |
| if (!-e $request_filename) { | |
| rewrite ^.*$ /index.php last; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment