Posts tagged “wordpress”
The SearchAutocomplete WordPress Plugin does one thing and only one thing. That’s right, the plugin adds auto-complete to your WordPress search. And if your WordPress search is powered by Relevanssi you’ll be happy to know that SearchAutocomplete can query your Relevanssi index. Neat!
This article was updated on 26th September 2022.
When you’re still developing your WordPress website you usually want to keep things under wraps. Here is a list of WordPress plugins that will help support your websites while they are still in development.
Prevent development websites from updating WordPress: Advanced Automatic Updates
Advanced Automatic Updates gives you the option of preventing your WordPress core from updating in your development website. This will help minimize the risk of functionality breaking when things update. You have the option of completely disabling all updates, enabling major version updates or enabling security updates.
(Update 26th September 2022) Automatic Updates are a bit more complex than they used to be but not by much. To disable all Automatic Updates (core, plugins & themes) add the following line to your wp-config.php file:
define( 'AUTOMATIC_UPDATER_DISABLED', true );Check out Configuring Automatic Background Updates to learn how you can customize the automatic update behaviour.
Protect development websites from being seen: WP Maintenance Mode
There are a lot of “Under Construction” plugins available but I keep going back to WP Maintenance Mode. This plugin will display a customizable “Under Maintenance” message to all non-Admin users who have are not logged in. You can also select which WordPress users you want to grant access to.
An additional benefit of the plugin is that it keeps search engine crawl bots at bay too. You can allow them to crawl the development website or block them with a 503 HTTP response.
Fun fact: This is the plugin I use when doing routine website maintenance.
Get (some) Jetpack functionality without connecting to WordPress.com: Unplug Jetpack
Without getting into an argument about Jetpack’s bloat-factor, Unplug Jetpack gives you access to some Jetpack functionality without connecting to WordPress.com. Just install the plugin, activate it and… that’s all really.
(Update 26th September 2022) Unplug Jetpack hasn’t been updated in 3 years. While it still works (as of writing) it uses deprecated code which may one day cease to function. Fortunately Jetpack has an Offline Mode which you can enable by adding the following line to your wp-config.php:
define( 'JETPACK_DEV_DEBUG', true );When enabled there will be a notification on the Jetpack Dashboard.
There’s also a filter hook if you prefer using that. Check out the previous link to Jetpack’s Offline Mode to learn more.
Stop emails from sending: Stop Emails
I’ve only recently discovered Stop Emails and haven’t put it through it’s paces yet but this plugin will (you guessed it) stop emails from sending. Note that the plugin only stops emails sent using WordPress’s wp_mail() function. Any emails sent through PHP’s mail() function will still go through.
True story: I was once testing a custom function which just so happened to send emails to a couple accounts I have with Yahoo! Mail and Mail.com. I must have sent well over 3 dozen emails within the span of an hour to test things out causing Yahoo! to think I was trying to spam the account. To this day all, emails sent from that development website domain is blocked by Yahoo.
Now this was a head-scratcher: the BackupBuddy settings on 5 of my client websites simply reset for no apparent reason. And that means the websites were not being automatically backed up. Not good.
After chatting with iThemes Support (the people who make BackupBuddy), I learned that connectivity issues between the website and database can fool BackupBuddy into thinking there are no settings causing the plugin to revert to defaults. Connectivity issues could be due to DDoS attacks or a problem with the hardware. iThemes said they are aware of this issue and have built in more checks but as is life they can’t account for every single scenario.
Fortunately I caught the problem during a routine maintenance check on a client’s website. BackupBuddy now comes with a way to export the plugin settings so it’s a good idea to save a copy just in case.
You’ve probably heard the news already that WordPress websites are facing an XML-RPC Brute Force Amplification Attacks. But did you also know that Sucuri, iThemes and Wordfence already have you protected?
If you use Sucuri’s Website Application Firewall (WAF), the company has you covered:
Note that users of our WAF are already protected against this attack, so if you are on CloudProxy you are safe.
Similarly, the Wordfence Security Plugin has login protection that takes into account XML-RPC. Just remember to enable Login Security in the Wordfence Options.
Yes we do protect against brute force via XML-RPC and we have for some time now. We also protect against multiple attempts via a single XML-RPC call
Finally, the iThemes Security Plugin protects against XML-RPC Brute Force attacks (even the free version):
Brute Force Protection in iThemes Security just got more robust. Now when you enable Brute Force Protection this feature includes protection from XML-RPC attacks
Make sure your websites are protected!
Edit (16th October 2015): iThemes Security v5.1.0 and iThemes Security Pro v2.0.0 protect against the XML-RPC Brute Force Amplification Attacks.
New Feature: Added “Multiple Authentication Attempts per XML-RPC Request” setting to the WordPress Tweaks section. When this setting is set to “Block”, iThemes Security will block brute force login attacks against XML-RPC
Edit (15th October 2015): If you have Jetpack installed, the Protect Module also stops XML-RPC attacks.
I’ve been using BlockBadQueries on all my WordPress websites for quite some time now. And I just realized BlockBadQueries Pro was released in June. The Pro version offers more minute customization options than the free version though if you just want to set-and-forget I suggest sticking with the free version.
BlockBadQueries is based on the 5G Blacklist 2013 and the 6G Beta. So you could certainly copy the rules into your .htaccess file if (assuming you’re comfortable with Apache commands & regular expressions) you want to customize the rules for free.
According to iThemes, version 4.8.0 of iThemes Security WordPress plugin removed the malware scanning feature that relied on VirusTotal. It’s not iThemes fault; VirusTotal discontinued the service to all WordPress plugins. Well, darn.
iThemes suggests using VirusTotal’s URL scanner or Sucuri’s SiteCheck, both of which require you to scan each website manually. Sucuri also offers automated server-side scanning as part of their paid plans.
One other option that wasn’t mentioned by iThemes is the Sucuri Security WordPress Plugin which allows you to initiate a scan from your WordPress admin. The scan needs to be initiated manually though.
Over the past few months I’ve been using a lot of what I call Page Builders, WordPress plugins that come with a set of modules which you drag-and-drop into a grid-based layout. I haven’t used, nor could I possibly use, all the available Page Builder plugins but here is what I have played around with:
- Themify Builder (as part of one of their themes.)
- Elegant Themes Page Builder plugin.
- Elegant Themes Divi Theme (note that the page builder included in Divi is different from their Page Builder plugin. Elegant Themes is investing development into the Divi builder.)
Of course, there are a lot more Page Builders than these. You also have Visual Composer., Startup Framework, Qards… the list goes on.
I am not going to be reviewing the Page Builders I have used. Rather I want to share my thoughts on them after having gained some experience using them.
After the recent security hole in Yoast SEO we now find an SQL Injection vulnerability in the popular WooCommerce plugin. Update now.
It goes without saying but if you are using the ever popular WordPress SEO by Yoast (and why wouldn’t you be? It’s an amazing SEO plugin for WordPress) then you need to update to version 1.7.4 immediately. A security vulnerability was discovered in the plugin which would allow bad things to happen.
Source: iThemes.
I’m not sure if this is a brand-spanking new feature or if I just missed it but using JetPack you can now update WordPress Plugins across all your websites through your WordPress.com My Sites Dashboard. What’s even more interesting is that you can set plugins to auto-update.
Right now this feature is limited only to Plugins — no updating Themes or the base WordPress installation.WordPress already auto-update (unless disabled) so I doubt this will ever be offered. I wonder if we’ll eventually see the option of updating Themes through WordPress.com.
There are already a few services out there that’ll help you manage all your WordPress websites. Here are a few that I know of in alphabetical order:
More information can be found on the Site Management support page. And be sure to turn on the JSON API.
I can’t change anything when I try to manage my sites on WordPress.com.
You need to enable site management on your Jetpack-connected site from the dashboard by either opting in as mentioned above, or by enabling it under the JSON API settings in Jetpack → Settings → JSON API → Configure and checking the box for the “Allow remote management of themes, plugins, and WordPress via the JSON API” option and saving your changes.
Social Media Links