Fail2WP for WordPress 1.0.0 has been released and is available via the WordPress Plugin repository and code.webbplatsen.net
Fail2WP provides security functionality for WordPress sites and plays nicely with Fail2ban and Cloudflare too!
~/virtual/home/joho | DeltaFelter | Stealth Cookie | FidoNet | Joaquim Homrighausen | joho68
Fail2WP for WordPress 1.0.0 has been released and is available via the WordPress Plugin repository and code.webbplatsen.net
Fail2WP provides security functionality for WordPress sites and plays nicely with Fail2ban and Cloudflare too!
The WordPress plugin Shortcode for Font Awesome (SCFA) 1.1.0 has been released:
You can get it from:
The GitHub repo is here: github.com/joho1968/SCFA
Cloudbridge Mattermost is a WordPress plugin that provides integration between WordPress and Mattermost. In the initial release, we focus on login notifications (successful, failed, unknown) from the various WordPress user roles.
We will, of course, be adding more functionality in the future.
You can download it from the official WordPress repository:
wordpress.org/plugins/cloudbridge-mattermost
You can also get it from GitHub, should you prefer that source:
github.com/joho1968/cloudbridge-mattermost
This is the initial release of this plugin.
While writing a WordPress plugin that displays the available user roles, I came across a snag: the user roles that I had fetched from WordPress weren’t translated into the site’s current language.
I’m not quite sure I understand the reasoning behind this since WordPress offers functions to return an array with the actual role as the key, and the display string as the array value, like:
array( 'administrator' => 'Administrator' );
So why can’t WordPress return the “correct” (i18n) language string for the array value … anyway, there’s a solution.
Looking at how WordPress does it under “Settings > General” in the WordPress Admin, I eventually found a call to translate_user_role(), which requires one parameter, the role array name value, e.g. “Administrator”. The function will then return the correct (language context aware) display string.
So to put it into a functional context, it may look something like this:
function i18n_get_wp_roles() { $wp_roles = wp_roles(); if ( is_object( $wp_roles ) ) { $roles = array_keys( $wp_roles->roles ); $role_names = $wp_roles->get_names(); } else { $roles = false; $role_names = array(); } $return_roles = array(); if ( is_array( $roles ) ) { foreach( $roles as $role_k => $role_v ) { if ( ! empty( $role_names[$role_v] ) ) { $return_roles[$role_v] = translate_user_role( $role_names[$role_v] ); } else { $return_roles[$role_v] = 'Unknown role (' . $role_v . ')'; } } } else { error_log( basename(__FILE__) . ' (' . __FUNCTION__ . '): wp_roles() returned empty' ); } return( $return_roles ); }
Using the APIs over at trafiklab.se can yield some quite useful results. I needed to be able to display the commute stop departure times for public transport in a given place, so I wrote this WordPress plugin called Stopsign. It uses the Trafiklab.se API. The plugin is free (GPLv2) and open source.
Knock yourself out: github.com/joho1968/Stopsign
There are many posts about nginx, re-directs, PHP, and WordPress. There are somewhat fewer posts that talk about (internal) re-writes, where the request by the web browser is mangled to be served by another resource than the one requested.
For example, I may want a request for https://mysite.foo/cool/penguin to actually be served by https://mysite.foo/coolstuff.php?id=penguin, or simply setup an alias such as https://mysite.foo/cool/penguin to be served by https://mysite.foo/cool/linux, but preserve the URL in the browser address bar.
With PHP-FPM and nginx, you run into an additional problem, which is the fastcgi_parm variables that are passed from nginx to PHP-FPM. So even if you have really fancy URL re-writing configured (and working), the end result may not be passed on to PHP-FPM from nginx.
So solve this, you should look into this construct, which is present in many nginx configurations as a default setup:
fastcgi_param REQUEST_URI $request_uri;
Since your needs probably differ from mine, I wont make this post any longer than it has to be, but that fastcgi_param line above may be a good starting point if you’re experiencing problems with nginx, PHP-FPM, and URL re-writing.
Good luck!
The list of things to do to harden a WordPress site with Apache is long, but some things that could be done include:
FileETag None <Files wp-config.php> Require all denied </Files> <Files xmlrpc.php> Require all denied </Files> <LocationMatch "/wp-content/uploads/.*(?i)\.php$"> Require all denied </LocationMatch>