Troubleshooting WordPress: Disable All Plugins?

wordpress-troubleshooting

Troubleshooting a WordPress website is challenging. Troubleshooting a live site posses more challenges. You may have read a lot of advice on the Internet from somewhere, among which, “disable all plugins” is one that mentioned most.

Should you?

Continue Reading →

WooCommerce Template Customization: Mobile Responsive Product Quantity Input Template

woocommerce-product-quantity-input

Although WooCommerce default page templates are mobile responsive overall, further polish is required to match the theme for each specific project. In one of my latest projects, I ran into the problem with default WooCommerce product quantity input box. It is designed for desktop browser, using a mouse and / or keyboard as input device. On mobile device, especially smartphone, changing product quantity can be fussy.

Continue Reading →

How to Clean Up a Hacked WordPress Site

wordpress-malware

One of client’s WordPress site got hacked. The client can’t access the site, even admin dashboard at the back-end, because the site is always being redirected to a phishing site: http://www.indoforextrading.com/. If you run into exactly same problem, here is how I fixed it.

Continue Reading →

My Top 20 Most Popular WordPress Plugins 2014

wordpress-plugins

I like listening to Matt Report podcast (A WordPress business podcast for entrepreneurs, startups and freelancers). One interesting question Matt asks his guests in the famous lightening round is, “What is the one plugin you can not live without?”. Interestingly, like myself, most guests vote “Gravity Forms” as their favorite plugin. I trust statistics more than personal feeling and know Gravityforms is my favorite. But curiosity drove me to dig deeper on this subject. I indeed conducted a study to gather statistics among WordPress sites I have access to the admin panel. The result is obvious, and also surprising.

Continue Reading →

Top 25 Worst Passwords of 2014

wordpress-security-lock

In previous post, I showed you how to possibly discover username on a WordPress site using WPScan. On a regular site without extra layer of security such as 2 factor authentication, username and password are all one needs to gain access to WordPress dashboard.

WPScan has “brute force” option which can brute force test (or say attack if you like) any WordPress site. To use this feature is easy, a valid username and a common password wordlist.

Continue Reading →

How to Manually Cleanup Malware from WordPress Site

wordpress-malware

Is your WordPress site infected with malware? It can be extremely headache to deal with. Scanning and cleanup a hacked site isn’t a simple task. There are many things involved and many techniques required to get it done properly. But sometimes, if a site is just slighted infected, cleaning up the malicious code and infected file isn’t as difficult as you may think.

I happen to have a site like this recently. It didn’t take me too long to identify the infected files and cleanup the site. It is a very good example to demonstrate some basic skills and steps to cleanup malware from infected WordPress site. Hope it could give you some ideas, and help you in your battle fighting malware.

Continue Reading →

WooCommerce Subscriptions Customization: Restore Additional Profile Field Added by PMP Register Helper

code-Snippet

Can’t find a good title for this one. Here is the background. On a membership website, the membership feature was achieved by using Paid Membership Pro (PMP) plugin. An extra profile field was added using PMP Register Helper. Few months ago, a WooCommerce online store integration project brought in WooCommerce Subscriptions plugin to replace the membership purchase and recurring billing function which were provided by PMP. If you happen to be on the same boat, you know exactly what happens: The PMP check out page is replaced by WooCommerce checkout page. The additional profile filed is also bypassed.

The task: to restore the additional profile field using WooCommerce filter & hook.

Continue Reading →

BackWPup: SSL3_GET_SERVER_CERTIFICATE: certificate verify failed

wordpress-error

I backup database daily, and send multiple copies to different locations. One is my Amazon S3 bucket for backups. If backup task failed, a notification email will be sent to me. And I am getting notification email of this sort recently, constantly from one website. One time isolated failure can be ignored for temporary cause (bad connection for example), not continuous failures.

Continue Reading →