Fixing WordPress permissions

In your WordPress directory, run the following:

This should fix all your WordPress woes relating to permissions

Cleaning up my blog

The blog’s really been quite a mess. I haven’t changed the layout for five years and I’m surprised it still is working each time I upgrade.

All is great until I found that WordPress’s basic install has so much that I can take advantage of that I am not. It became weighing between having access to these features or coding my theme to as such it allows for these features. I decided it really is writing I want to do here and the theme can take a secondary position for the time being. I would love to be working on it when time permits.

It’s really back to basics this time. Enjoy reading.

How to let PHP send emails

PHP not sending emails? You need a mail transfer agent (MTA). If you’re in the Ubuntu platform, you can use postfix for this:

[code lang=”bash”]sudo apt-get install postfix[/code]

You can read on more information here.

Previously my Contact Form 7 WordPress plugin didn’t work, it works fine after I install and configured postfix. I can’t go through the specifics of the configuration with you since yours would probably differ. I selected “Internet Site” and press the return key (Enter) all the way selecting the default options. On doing so, Contact Form 7 starts to work already.

Should you need to configure postfix again, you can reconfigure too:

[code lang=”bash”]sudo dpkg-reconfigure postfix[/code]

Contact Form 7 uses WP_Mail which uses PHP’s mail() function. If you do need to troubleshoot, try sending emails with mail().

If you need additional configuration, you may need to update the following:

  • Settings SMTP and smtp_port need to be set in your php.ini
  • Also, either set the sendmail_from setting in php.ini, or pass it as an additional header.

I did not have to configure anything more than postfix. I am using Ubuntu server, on nginx web server.

WordPress cannot resize uploaded images?

Just encountered an issue where WordPress cannot resize my uploaded photograph to thumbnail, small or medium. All the radio buttons are grayed out but the full size option.

This is due to a certain module not installed. If you are using Ubuntu:

[code lang=”bash”]sudo apt-get install php5-gd[/code]

If you don’t have access, you might have to advise your web host to do so.

GD library is a simple image processing library used by WordPress to perform resizing and cropping.

WordPress to end support for PHP 4 and MySQL 4

Probably about time:

PHP 4 and MySQL 4 End of Life Announcement

First up, the announcement that developers really care about. WordPress 3.1, due in late 2010, will be the last version of WordPress to support PHP 4.

For WordPress 3.2, due in the first half of 2011, we will be raising the minimum required PHP version to 5.2. Why 5.2? Because that’s what the vast majority of WordPress users are using, and it offers substantial improvements over earlier PHP 5 releases. It is also the minimum PHP version that the Drupal and Joomla projects will be supporting in their next versions, both due out this year.

Finally!

Round up on WordPress and opensource vulnerability

Not long ago, word’s been going around to upgrade WordPress to its latest version 2.8.4. Robert Scoble suffered some loss, some hackers broke in and deleted some of his blog posts. In addition to that, the hackers also placed malicious code in his archive pages and Google sent him an email stating it has removed his blog from its indexes.

I would be terribly upset if such things happened to me. I keep updating WordPress just in case. But what happens when it did get hacked? Are the WordPress developers to be blamed? One of things brought up is custom plugins being incompatible with the new WordPress. I hate to say this but when it comes to security, it’s still more important to temporarily disable the plugin and fix it ASAP instead of not upgrading. The risk is just too much.

And backups. Do them frequently. If it’s hard to do backups, just pay your host to do so. I just pay them to settle those stuff for me. I’m not too clever with all the backup utilities. I never had the time to explore them.

One of the comments in Scoble’s Friendfeed caught my attention:

This recent wave of WordPress incidents shows the negative side of using open source software. Matt says that there are many people looking into WordPress’ source code, but the problem is that probably half of those people have malicious reasons for doing so. – Nikolay Kolev

To which Matt of WordPress fame replied:

Nikolay, it’s always better to have more people looking at the code, because a bug that’s been found is better than a bug that hasn’t. WordPress used to get almost no security problems and people thought it was because it was coded differently, when in fact it was coded far worse than it is today it just didn’t have enough users to make it worthwhile to target. Also where many commercial or proprietary companies try to minimize information about their problems or sit on a fix for months so they can package a bunch into one update, we put everything out there doing a new release as soon as possible after a problem has been reported. – Matt Mullenweg

Here’s another response from another user, Tim:

Nikolay: I would also push back against your assumption that using Open Source software equals less security. Microsoft Windows and OS X are both closed source and both have security holes – there is a competition each year to help MS and Apple find them and fix them. Both Apple and Microsoft came away with security holes to fix this year. So just because it’s open source doesn’t automatically make it more open to security holes. I agree with Matt and believe that have the source open to all makes fixing the holes much quicker. – Tim

I think I can relate to this…

Anyway, Matt also wrote an article on How to keep WordPress secure.

Bye Apache, Hi Lighty

As planned, Apache is no more. Say hi to Lighty

Lighttpd logo fly light

Made a few silly mistakes along the way and almost accidentally deleted my folder of pictures even. Things got a little more responsive. I haven’t used any caching solutions for WordPress. Caching is going to be tough work.

I just let PHP CGI spawn happily:

[code lang=”bash”]
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
2655 www-data 16 0 99816 31m 3804 S 0 12.4 0:22.67 php-cgi
2651 www-data 16 0 96060 29m 3308 S 0 11.6 0:04.91 php-cgi
2656 www-data 16 0 93976 26m 3968 S 0 10.2 0:24.59 php-cgi
2654 www-data 16 0 94008 26m 3856 S 0 10.2 0:24.88 php-cgi
2653 www-data 16 0 91612 25m 3200 S 0 9.8 0:03.52 php-cgi
2657 www-data 16 0 89840 22m 3784 S 0 8.7 0:24.06 php-cgi
2652 www-data 16 0 89580 22m 3980 S 0 8.6 0:04.27 php-cgi
2650 www-data 16 0 86716 20m 3196 S 0 8.0 0:03.94 php-cgi
2313 mysql 15 0 139m 17m 4368 S 0 6.7 0:19.83 mysqld
2649 www-data 23 0 71676 6232 3708 S 0 2.4 0:00.01 php-cgi
2647 www-data 23 0 71676 6224 3708 S 0 2.4 0:00.02 php-cgi
2672 root 15 0 53468 2696 2136 S 0 1.0 0:00.00 sshd
2645 www-data 15 0 55084 2628 892 S 0 1.0 0:00.22 lighttpd
2433 root 15 0 36676 2124 1676 S 0 0.8 0:00.00 master[/code]

Lighttpd don’t exactly take up a lot of resources too.

Tonight I’ll fix the server

It’s been requiring almost a daily restart. I think it’s probably MySQL or Apache’s fault. Or perhaps it’s just my fault for being a miser not wanting to pay for more. Either way, I’m going to fix it. So far, I’m done with the virtual hosts. Lighttpd isn’t as hard as I thought. PHP is working fine already. I’m still in the midst of testing if WordPress works. Once I’m done with that, it’s “sudo apt-get remove apache2”.

How to get automatic update working in WordPress

WordPress 2.7 introduced a feature to perform automatic updating of plugins and WordPress itself. It annoys me endlessly that the automatic update refuses to work and require me to input a FTP username and password which I don’t have. This blog runs on a server that does not have FTP installed. I use SSH for that. The method is to change ownership of your WordPress directory to www-data (for Apache).

Run the following command in your WordPress directory (sudo required):

[code lang=”bash”]sudo chown -Rf www-data *[/code]

That did the trick for me by changing the ownership every folder and it’s files recursively to ‘www-data’. It is slightly risky and you may not like the idea of giving so much privileges to the WordPress directory. But before I can think of any way to attack the server, I guess this method is more or less safe. Unless there is a malicious plugin that you install. Always install proven plugins. That said, use it at your own risk.

Changing the ownership give Apache access to your WordPress directory allowing WordPress to overwrite its own files and automatic update works. Well not really automatic actually. Semi-automatic since you actually have to trigger something to continue the update.

Thanks jer for the hint. 😉