Save 20% off the first payment with WP Engine! Offer ends October 31, 2017

Top 25 Worst Passwords of 2014

In previous post, I showed you how to possibly discover username on a WordPress site using WPScan. On a regular site without extra layer of security such as 2 factor authentication, username and password are all one needs to gain access to WordPress dashboard.

WPScan has “brute force” option which can brute force test (or say attack if you like) any WordPress site. To use this feature is easy, a valid username and a common password wordlist.

Continue Reading →

How to Manually Cleanup Malware from WordPress Site

Is your WordPress site infected with malware? It can be extremely headache to deal with. Scanning and cleanup a hacked site isn’t a simple task. There are many things involved and many techniques required to get it done properly. But sometimes, if a site is just slighted infected, cleaning up the malicious code and infected file isn’t as difficult as you may think.

I happen to have a site like this recently. It didn’t take me too long to identify the infected files and cleanup the site. It is a very good example to demonstrate some basic skills and steps to cleanup malware from infected WordPress site. Hope it could give you some ideas, and help you in your battle fighting malware.

Continue Reading →

WooCommerce Subscriptions Customization: Restore Additional Profile Field Added by PMP Register Helper

Can’t find a good title for this one. Here is the background. On a membership website, the membership feature was achieved by using Paid Membership Pro (PMP) plugin. An extra profile field was added using PMP Register Helper. Few months ago, a WooCommerce online store integration project brought in WooCommerce Subscriptions plugin to replace the membership purchase and recurring billing function which were provided by PMP. If you happen to be on the same boat, you know exactly what happens: The PMP check out page is replaced by WooCommerce checkout page. The additional profile filed is also bypassed.

The task: to restore the additional profile field using WooCommerce filter & hook.

Continue Reading →

BackWPup: SSL3_GET_SERVER_CERTIFICATE: certificate verify failed

I backup database daily, and send multiple copies to different locations. One is my Amazon S3 bucket for backups. If backup task failed, a notification email will be sent to me. And I am getting notification email of this sort recently, constantly from one website. One time isolated failure can be ignored for temporary cause (bad connection for example), not continuous failures.

Continue Reading →

WordPress Security with WPScan: Username

WPScan is a popular black box WordPress security scanner. For anyone who is serious about WordPress security but still stuck with a list of to-do tasks, it is highly recommended to check WPScan out, and learn how to implement it into your workflow.

Continue Reading →

How to Create a WordPress Plugin

Plugins are ways to extend and add to the functionality that already exists in WordPress. We don’t have to be a dedicated plugin developer to write WordPress plugin. There are situation where we need to alter some existing functions, or add some features to existing site. You may learn from various resources that, to add this, you need to drop code snippet to function.php. The fact is, making changes to function.php isn’t always the best solution.

Continue Reading →

Dynamically Populate a Select field from Custom List

When we start using Custom Post Type & Custom Field to enrich our WordPress website, to meet various real world situation, building relationship between different datasets becomes a common practice. A simple example, is project & client relationship. If we manage this in database, we always link client to project using client ID, because client may repeat in multiple projects. If we use Custom Post Type to manage project and client in WordPress, the challenge is: how do we dynamically populate a latest client list into a client choices for a project?

Continue Reading →

Take Control of Post Revisions

WordPress revisions system saves a record of each saved draft or published update. This feature is important to site owners, because it provides some sort of “backup” for the content in case you accidentally edit posts the wrong way. By default, WordPress saves every copy of revision when you click Save button. All the revision copies take up room in database, will eventually slow down the query time, especially on sites with many blogs.

Continue Reading →

Restore Custom Post Type from History that doesn’t have Revisions Enabled

I know the title sounds a little wired, here is the background story. WordPress has Revisions system stores a record of each saved draft or published update. It is enabled for Post & Page. But in Custom Post Type, Revisions support is up to the theme developer to enable it. As long as you use themes, you should have noticed that, in some themes, the revisions is disabled on Custom Post Type by default. When Custom Post Type is used for short content such as Testimonial, it isn’t much of trouble to restore a revision. But not for a CPT post with a lot of content.

Continue Reading →

Quick Fix for Working with Absolute Path on Temporary URL

Can’t think of a better title, here is the scenario: After creating a new account at hosting service provider, we are normally assigned a temporary URL before link this hosting account to domain of final production site, for example: http://hostingserver.com/~username. Sometimes, we have to work on the temporary URL through development stage before site goes live for various reasons. The temporary URL creates temporary trouble to some not well-written code in case “absolute path” is used in either themes, plugins, or existing site. The trouble can be either broken links, or missing images.

Continue Reading →