Server admins love WP-CLI

I’m more of a Network Monkey, but whenever I can provision something just using an ssh session I smile. Many hosts use WP-CLI already and I’ve installed it on my VPS too.

This morning I wrote up a small script to go to my test vhost directory and did the following.

  • Install a blank WordPress site
  • Update some settings
  • Fix my user display name
  • Make sure the plugins and themes are up to date (Akismet needed an update)
  • Delete the default post and page
  • Install, activate and configure the Wapuuvatar plugin
  • Install and activate the Baskerville theme
  • Imported the Theme Unit Test data
  • Cleaned up after the import
  • Used search and replace to make all my http URLs into https

All this was performed without using a mouse or web GUI. (Okay, I checked the avatar setting via /options.php, but I didn’t have to.)

Here’s the script with sensitive details changed.

#!/bin/bash
cd /my/notsecret/www/vhosts/bang.dn7.me

# Setup a new WordPress installation

wp core download

wp core config --dbname=tothemoon \
--dbuser=testuser \
--dbpass=3c962761afbf9ab40a2e75346809c8cf

wp core install --admin_user=jan \
--admin_password=Rea11y*ot7y^assWiRd \
--admin_email=example@example.com \
--url=bang.dn7.me \
--title="Bang! Boom! Pow!"

# Update some options and my account info

wp option update blogdescription \
"What could possibly go wrong?"
wp option update comment_moderation 1
wp option update comments_notify 0
wp option update moderation_notify 0
wp option update comment_whitelist 0
wp user update 1 --first_name="Jan" \
--last_name="Dembowski" \
--display_name="Jan Dembowski"

# Make sure plugins and themes are all up to date

wp plugin update --all
wp theme update --all

# Clean up the default post and page

wp post delete 1 --force
wp post delete 2 --force

# Wapuuvatar is cool. Install, activate
# and set to the default avatar

wp plugin install wapuuvatar --activate
wp option update avatar_default dwapuuvatar

# Let's play with the Baskerville theme

wp theme install baskerville --activate

# Now to import the theme unit test data

wp plugin install wordpress-importer --activate

curl -O https://wpcom-themes.svn.automattic.com/demo/theme-unit-test-data.xml

wp import theme-unit-test-data.xml --authors=create

# Clean up in aisle seven

wp plugin deactivate wordpress-importer
wp plugin delete wordpress-importer
rm theme-unit-test-data.xml

# My test site is also TLS so I'll fix 
# all the things to point to the encrypted URL

wp search-replace http://bang.dn7.me https://bang.dn7.me

# All done

I previously dropped the test installation’s database and created a new empty one. A quick “rm -rf *” (which wise people never do) in the right vhost directory and I ran “bash install-bang.sh”.

It works like a charm. Smart web hosts can and do tie WP-CLI into their provisioning setup. I happened to setup my vhost with TLS and mysql in advance but with a little backend work this can be easily automated.

If you have a test server to play with then give WP-CLI a try. You’ll get a better understanding of both WordPress and the command line.

Tomorrow the WordPress Community Summit!

Last year I was fortunate to be invited to the 2014 WordPress Community Summit and this year in Philadelphia I’m going again. Tomorrow morning Lily and I will wake up around 4 AM. She’ll drive me to the train station where I’ll take a 5 AM train to Penn Station. From there it’s an Amtrak ride to Philadelphia.

I’ll be a little late to the event. 😉 It can’t be avoided, I had too much going on at work to be there the night before. The 4 AM is rough on Lily but I’m often awake at that time waiting for 5:30 to get up. She’s much more sensible than I am and I wouldn’t be going but for her support and tolerating my hobbies.

I’m excited and it’s interesting to me that I explain why.

Everyday I go to work and with a great team of people and I deal with conflict. Projects that are in-flight, new commitments are made, deadlines are met or extended or flat-out missed (which is not good). Sometimes work is a disappointment and there’s always someone that’s upset or really pissed off. Sometimes I unintentionally let people down.

“Work sucks” or so the saying goes. It’s a challenge and it’s a constant test and conflict. How will I deal with this problem? Will someone or something piss me off and what drama will happen today?

I don’t think it sucks at all.

I’m one of the people in the middle of that organized chaos. When the alarm bell rings and it’s on me to figure it out and make it all work, I am one of the best firefighters there is. I’ll find the problem, I’ll get to the solution, I’ll have a dozen eyes on me all talking at the same time. I’ll have the support of my boss and co-workers. I won’t have any fear or hesitation. I’ll stand there on the call and get the job done. And I’ll do it with my characteristic and occasionally inappropriate sense of humor.

It’s not really different from a lot of jobs. My participation in the WordPress community is nothing like this at all.

Tomorrow I’ll be surrounded by developers, support people, designers and people I respect and admire and, most importantly, a number of friends. This will be my fourth WordCamp. I’ll be having great fun.

I will, once again, be intimidated. That’s not a bad thing.

You see, for me providing support for WordPress started out as therapy. Answering a topic in the forums and helping someone is fun and addictive. I occasionally help people out of a hole and that’s always cool.

Later on getting more involved meant helping people as well going behind the bar and moderating the forums. Cleaning out the spam queue, closing an occasional run away topic, stuff like that. I’m big on routines and I’m used to looking at the forums before the coffee set in.

My WordPress involvement went from being a form of therapy to using that involvement to becoming better at my job.

Collaborating with people in person and online improves me as a professional. The reason I’m intimidated is that, while I don’t think that my involvement is bad, I’m sure that I can improve. Or perhaps someone else can do it better than I do.

I’m comfortable with my intimidation. I don’t always have to be the one putting out the fires and I can learn more when I don’t have all the answers.

I’ll have a great time. I can’t wait to see the gang in person.

Fixing broken post_author IDs

In the long history of my of my blog (over 900 posts), I’ve done many things that were… ill-advised. I’m still recovering from messing up my media library somehow. All the images load but a couple of galleries disappeared.

While playing with the Wapuuvatar plugin I noticed that my recent 60 or so posts were showing my Gravatar photo but the older posts where showing a Wapuu. I thought I ran into some weird bug in the plugin. Ha! The plugin is fine. My old posts were set to post_author ID=0.

There is no such author ID but fixing it was straight forward. Here’s what I did.

WP-CLI is your friend

To get an idea of how bad the problem was I ssh’ed to my server, cd’ed to my installation and ran this command.

wp post list --fields=ID,post_title,post_name,post_date,post_author --url=blog.dembowski.net

This command outputs a neat table and the fields on the CLI include the post_author ID.

I wanted to see those fields and since I’m running on multisite I had to specify the URL. Yep, the recent posts were set correctly but almost all of the old ones were set to post_author=0. I probably could use wp-cli to fix it but I ended up using mysql commands.

wp db export ~/author-munging-save-me.sql

Backup your database, backup your database, backup your database. Don’t rely on your existing backup, just make a new one.

From my wp-config.php file I copied the mysql database name, user ID, password and table prefix. I then ran this command.

$ mysql -D mydbsitedbname -u mydbuser -p

Which put me on the mysql command line. The idea was to fix each post where the post_author=0. Easy!

And I promptly ran an update on the wrong table in my database.

A quick check showed me that nothing changed for what I was trying to fix. I’m not sure what I broke but I am sure I would be sorry if I didn’t fix it pronto.

Backups are good but do you know how to use them?

I wasn’t worried because I had that backup and ran this command.

$ mysql -D mydbsitedbname -u mydbuser -p < ~/author-munging-save-me.sql

You see, I like to poke at my site and while I don’t always break it I have done horrible things in the past. Everyday I make a full automated backup and once a week backup all of my files and I know how to restore the full database. I could rely on last night’s file but why bother? I just made a new one before working on the database.

I forgot that I was running multisite and that this blog is the second one in my site. The wrong post_author ID was 0, the correct ID is 1. I re-ran mysql on the command line and used this:

UPDATE myprefix_2_posts SET post_author=1 WHERE post_author=0;

A quick check and I’m good. The only thing that was updated was the post_author where I wanted it to be. I’m sure I would have caught this eventually but using the Wapuuvatar plugin pointed it out to me sooner.

Update: That broke things. The Gravatars on the front page went away. I rolled back the database and will look at being a little more selective on how I update the post_author.

Update for the update: When Twenty Sixteen only sees published posts from one author then the Gravatar isn’t displayed on the main list of posts. Nothing broke and I assigned Lily’s 3 posts to her account. 😉

Featured image photo by masatsu

Internet Explorer. Oh, the pain. Make it stop.

I like CSS. It’s clean, (mostly) standards based and while not all browsers will agree on goofy features, some basics should just work. CSS3 Flexbox support should be on that list for current versions of browsers.

Guess which browser doesn’t support “flex-direction: column”? Internet Explorer will not be updated by Microsoft for anything except security patches. The CSS works fine in the Edge browser.

In my last post I described how to get CSS to visually crop and center featured images. With Internet Explorer 11 the cropping worked but the image wasn’t vertically centered. The “overflow: hidden” did it’s job but the image displayed from the top and the rest was hidden.

Centering images using javascript

This is not a new problem and I found this article on how to use a little jQuery to make a browser do it’s thing. When it’s one image then you can use the class assigned to it.

I ended up adding this class to each featured image.

mh-thumbnail-<?php the_ID(); ?>;

Then I outputted this script where any featured image was.

<script type="text/javascript">
jQuery(document).ready(function() {

	var imageHeight_<?php the_ID(); ?>,
	wrapperHeight_<?php the_ID(); ?>,
	overlap_<?php the_ID(); ?>,
	container_<?php the_ID(); ?> = jQuery('.mh-thumbnail-<?php the_ID(); ?>');

	function centerImage() {
		imageHeight_<?php the_ID(); ?> = container_<?php the_ID(); ?>.find('img').height();
		wrapperHeight_<?php the_ID(); ?> = container_<?php the_ID(); ?>.height();
		overlap_<?php the_ID(); ?> = (wrapperHeight_<?php the_ID(); ?> - imageHeight_<?php the_ID(); ?>) / 2;
			container_<?php the_ID(); ?>.find('img').css('margin-top', overlap_<?php the_ID(); ?>);
	}

	if( BrowserDetect.browser == 'Explorer' ){
		jQuery(window).on("load resize", centerImage);
	}
});
</script>

That sucks. It’s doable, but I needed to use “the_ID()” because each featured image needed it’s own calculation to center correctly.

I did not want that “jQuery(window).on” to fire for anything except but Internet Explorer. jQuery removed the ability to easily detect the browser and for good reason: you should write scripts based on the browser’s capabilities and not the version or software vendor. My javascript skills are worse than my CSS.

I ended up using this script and I can detect “Explorer” now. Adding a line to my child theme’s functions.php file took care of that.

wp_enqueue_script( 'mh-browserdetect', get_stylesheet_directory_uri() . '/browserdetect.js' );

The end result is that for any current browser the CSS does it’s job. For Internet Explorer the javascript gives it that little push to get it to play nicely. I haven’t tried Internet Explorer 8 but I’m not sure I care to.

Working with version 11 already made me feel like I need a bath.

Center cropping featured images in CSS

I’m lazy and I like to try and figure out how to get the results I want without a lot of work. In the recent past I’ve uploaded featured images that were 1200 pixels wide and varying heights. I’m playing with a child theme of  Twenty Sixteen and wanted to center crop the existing featured images.

I could have re-sampled the cropped images one at a time in Photoshop Elements or ImageMagick (for some CLI bash shell fun). Or I could have used the Regenerate Thumbnails plugin and let that go. Instead I messed with CSS until it worked the way I liked. Continue reading “Center cropping featured images in CSS”

Disabling select features in WordPress

One of the new features arriving in WordPress 4.4 will be the ability to embed posts from a self-hosted WordPress blog  into oEmbed consumers such as another WordPress blog. Like this.

Feature Plugin Merge Proposal: oEmbed

Neat huh? I like it, though I haven’t been able to do the same with my own posts yet. This feature will be on by default in 4.4 though it could be disabled via a plugin.

What if you want to disable all the new features?

When a new feature is rolled out, it is enabled by default. That makes sense as no one adopts a feature that is disabled. But new features are not for everyone and you can control that via a plugin.

Why a plugin? Because it’s supportable. It doesn’t need to be a plugin, it could be a simple line of code in your child theme’s functions.php file.

Going in no particular order:

Disable oEmbed provider

This only applies to WordPress 4.4 (not released yet) but install and activate Pascal Birchler’s Disbable oEmbeds plugin. That will eliminate the capability for your site to be an oEmbed provider.

Disable XML-RPC

You could use a plugin but it’s one line of code. Edit your child theme’s functions.php file and add this one line.

add_filter( 'xmlrpc_enabled', '__return_false' );

Done.

Disable emoji support

Install and activate Otto’s Classic Smilies plugin. Otto doesn’t appreciate emojis either and as an added benefit you get back the classic smilies from previous WordPress versions.

Disable Ping-o-matic and other notifications

Install and activate Scott Reilly’s Silent Publish plugin.

From the plugin page:

This plugin gives you the ability to publish a post without triggering pingbacks, trackbacks, or notifying update services.

To make this the default behavior (Silent Publish is off by default) add this one line to your child theme’s functions.php file.

add_filter( 'c2c_silent_publish_default', '__return_true' );

Now when you go to the post editor page, you will see the “Silent publish?” checked on by default.

Disable Google fonts

Some people do not like anything related to Google and that’s fine. While I personally think this makes my WordPress site look awkward, here’s a plugin that does that.

Install and activate Remove Google Fonts References plugin.

Limit login attempts

I use Jetpack for a lot of things and Brute Protect prevents known attack IPs from reaching your site. If you want to limit your login attempts without using that plugin then try this one from BestWebSoft.

I selected that plugin because it’s actively supported by the author and has many options.

Disable Gravatars

Update: I forgot about Gravatars. 😉

There are a couple of ways to do that and the absolute simplest way is use the admin >> Settings >> Discussion and scroll down to the Avatars and uncheck that box. WP beginner has a post with a video on how to do that.

Use the Disabler plugin

Some more settings (including XML-RPC) can be toggled with the Disabler plugin. You can disable the following with a check box.

  • Disable Texturization
  • Disable auto-correction of WordPress capitalization
  • Disable paragraphs (i.e. <p> tags) from being automatically inserted in your posts.
  • Disable self pings (i.e. trackbacks/pings from your own domain).
  • Disable all RSS feeds.
  • Disable XML-RPC.
  • Disable auto-saving of posts.
  • Disable post revisions.
  • Disable WordPress from printing it’s version in your headers (only seen via View Source).
  • Disable WordPress from sending your URL information when checking for updates.

I use this plugin to disable self-pings.

Plugins are not that difficult to maintain

One of the common complaints about WordPress is “Why can’t there be a check box in the admin GUI to disable these features?” A quick count above shows that would be 16 boxes to work with.

Aaron Jorbin had a good reply on the make/core blog but it may not be clear to everyone: giving users too many options makes their site more difficult to support.

Ideally, there would be one plugin for all of this (hint to Mika and the other Disabler authors) but for anyone rolling out WordPress installations, these disabled settings can hard coded into a custom plugin.

Why do it that way? Just like disabling the XML-RPC feature, it’s often just a few lines of code. A custom plugin can accomplish what you want while limiting options in the administration backend.

 

Call now! You can be “licensed” too! While supplies last!

I like the WP Tavern and the people who run it. Recently they did something very cool and implemented a comment policy. I had gotten into a small debate there and do not want to use those comments as my own personal soapbox.

No one should abuse the comments on someone else’s site to take over a post like that. That’s just rude and more than a little inappropriate.

*Pulls out and gets on top of my own personal soapbox*

The following words are defined by me as terms of endearment like so:

  1. Boneheaded – adjective: describing an action that is not smart, possibly foolish.
  2. Boneheadee – noun: someone who does something boneheaded.

I’m writing these things on the off chance someone claims I am besmirching their character. I’m not, I think they went about something in a foolish way.

What is this post about?

Over at The WP Tavern there was a couple of posts about this “thing” where someone did something (really boneheaded) and the expected outcome of settling out of court (remarkably, not so boneheaded) was arrived at.

But one of the points from the boneheadee was that he now has a “license” from the WordPress Foundation to use the word “WordPress” in a subdomain. Yes, I am cherry picking here as I don’t really want to link to a bonehead site. 😉

I now have a license from WordPress to use, even after they stop allowing the use of w-o-r-d-p-r-e-s-s in subdomains .

I get his “I did something amazingly foolish and I now want to save some face” but that statement is just incorrect. The section of that posted online agreement says the following.

c. Consistent with the WPF policy regarding doman names and notwithstanding any other provision in this Agreement, WPF shall not object to Yablon’s use of the WordPress Marks as part of any subdomains or subdirectories associated with any second level domain name registered to and controlled exclusively by Yablon, including for example, wordrpess.answerguy.com or answerguy.com/wordpress, in connection with services that involve use of the WordPress platform and support the WordPress brand services that do not otherwise violate the rights of WPF.

This isn’t new and has been published for years on the WordPress Foundation’s page about trademarks. Anyone can do that without getting sued. Besides, the verbiage above has some conditions. It’s not a statement for that person to do as he sees fit.

Words matter and to say a paragraph that just reaffirms their existing policy isn’t a license. It says that the boneheadee can do what the policy has said for years.

Now IANAL but that doesn’t look like a license to me as much as a statement of “Hey, if you play nice and do as we’ve been saying for a while now, then we’re cool.” The point is that this person feels that the trademark policy will have to be changed in the future.

I don’t think he’s a lawyer either or if he is not a very good one. If a trademark holder can permit use of by someone, why couldn’t they do so to a community? You know, via some policy statement?

The Footer Statement!

When you visit the supposed “licensed” site you’ll see this around the bottom.

We use “wordpress” as a subdomain of Answer Guy Central under license from The WordPress Foundation.

Hey, it’s his site and he can put whatever he likes, even if it’s loose with the facts.

The Plugin!

But this did get me thinking.

Why not come up with a plugin that will check your host name in your site URL settings contains “wordpress” and if so, is it as a subdomain or directory?

If your site was using WordPress (case insensitive) in your home_url() then add to the loop_end() action a nice statement about that.

Yes, using wp_footer() is safer. But when I use that and tested on many themes, including the Twenty Ten through Twenty Sixteen themes, the output was either obscured by a (stage) left sidebar or it put the HTML in places I didn’t really want.

By using this simple code I can put the notice at the end of the main loop.

add_action( 'loop_end' , 'mh_licensed' );
function mh_licensed( $query ) {
   if( $query->is_main_query() ) {
      // Stuff is echo'ed here
   }
}

This introduces HTML where the theme designer didn’t intend but for most themes it works out. It puts right after the end of the loop the text I want.

If you use “WordPress” (it’s case insensitive) in your sub-domain then you’ll get this text and link at the end.

We use “wordpress” in our subdomain in compliance with The WordPress Foundation Trademark Policy.

If your site is using /wordpress/ or some combination in the URL settings then add these words.

We use “wordpress” in our subdirectory name in compliance with The WordPress Foundation Trademark Policy.

But if your site contains WordPress in the domain name such as wordpressneedsme.com or themisguidedwordpresspeople.com then the output this.

We use WordPress as part of out second level domain in direct violation of The WordPress Foundation Trademark Policy. We are horrible people and you only hate us because you do not understand that we are trying to save WordPress. From itself. And people like YOU. We are smarter than you and you do not understand the intricacies of business and trademarks. It is not your fault and we do not want to reveal the details of our Grand and Glorious Scheme™.

*Drinks more coffee*

I may change that last text. I think it comes off as being too humble.

If you’re not using Those Nine Letters™ in your home_url() then nothing will be outputted.

I’ve posted a gist of my plugin code and if you want, download a copy of that code using the “Download ZIP” button.

download-gist-zip

The ZIP name and directory will be goofy but you can install that plugin using your WordPress dashboard.

The code is ugly but it should work for you. And with this plugin you’ll be telling all of your visitors that you’re a good WordPress community member. 😉

Note: The soapbox featured image is by Mark Longair and is being used courtesy of the Attribution-ShareAlike 2.0 Generic (CC BY-SA 2.0) license. Why not visit Mark’s Flickr page and admire his images?

I should write this down

I did write this down, but I buried it in another blog post.

Sometimes you don’t want to display the featured image but you don’t want to remove the option from your theme.

This snippet in a plugin or child theme’s functions.php file will accomplish that.

add_filter( 'post_thumbnail_html', 'mh_post_image_html', 10, 3 );

function mh_post_image_html( $html, $post_id, $post_image_id ) {
if( is_single() ) {
     $html = '<!-- The featured image would be here if I chose to display it. 😉 -->';
     }
return $html;
}

It doesn’t disable support for post thumbnails but replaces the code with an HTML comment if the post is_single() using the post_thumbnail_html filter. You can use other conditionals as well and even edit the HTML before returning it.

The new Press This in WordPress 4.2 beta 2 is slick

Try this: update to WordPress 4.2 beta 2 and drag the “Press This” to your bookmark bar. Visit a URL that you like and poof.

I just did that on a Flickr photo and I was able to select the image from the options and below is the result.

Explore Alvin Bernardo’s photos on Flickr!

Source: Custom Built HG 1/144 Acguy ( R2D2 Color Ver) | Flickr – Photo Sharing!

The post is complete with a source link for attribution. I added some categories and saved as a draft. The whole update to Press This really is well done. It’s more attractive and easier than ever.

Fixing my SSL based shortlinks

If you look at the HTML source for this NGINX post I wrote you’ll find this code.

<link rel='shortlink' href='http://wp.me/pLamj-2Lz' />

Which was inserted when I published the post via Jetpack. Shortlinks are cool.

But if you use curl -LI on that wp.me URL you see that it goes http -> http -> https which irks me.

$ curl -LI http://wp.me/pLamj-2Lz
HTTP/1.1 301 Moved Permanently
Location: http://blog.dembowski.net/?p=10637

HTTP/1.1 301 Moved Permanently
Location: https://blog.dembowski.net/?p=10637

HTTP/1.1 301 Moved Permanently
Location: https://blog.dembowski.net/2014/i-am-nginx-and-so-can-you/

$

I like https based URLs because I want the communication between my web server and your web browser to be encrypted.

My web server does 301 redirect the browser to the https version but I don’t want any plain text http in the mix. It’s not Jetpack’s fault, I’m passing the non-SSL URL to it to get the shortlink.

Having the shortlink point to a plain http URL doesn’t fit well with my tin foil hat. Since my web sites are SSL enabled there is no reason to use unencrypted http anymore.

YOURLS to the rescue

I am pretty sure that Jetpack’s URL shortner will handle SSL based URLs in a friendly encrypted way but I’d rather use YOURLS.

YOURLS stands for Your Own URL Shortner and I’ve been using my own installation for years. In December I blew up my multisite and disabled my YOURLS plugin (and several other things). Today I made a subtle change to my shortlink installation’s config.php file.

This line

define( 'YOURLS_SITE', 'http://dn7.me' );

was changed to this with https.

define( 'YOURLS_SITE', 'https://dn7.me' );

And just like that my short URLs are now SSL based. The old http shortlinks continue to work fine.

I previously used Ozh’s plugin but the plugin Andrew Norcross created is recommended by many and I  switched to that one. It’s really easy to use, you  just fill in 2 fields and click the check boxes.

WP-CLI  should be used in all the things

I could not find where the heck my URLs were being generated as non-SSL. If I asked in the forums or looked at the wp_get_shortlink() source code I am sure I could figure it out. But I’m lazy and instead I just used wp-cli like so.

cd /to/my/multisite/directory
wp db export ~/save-me.sql
wp search-replace 'http://blog.dembowski.net' 'https://blog.dembowski.net' --network

The export command was my safety net incase my backups aren’t as good as I think they are. If this hurt anything then I could put the database back right before I munged it up.

Today I published a post and it has this code and shortlink.

<link rel='shortlink' href='https://dn7.me/2ou' />

Looking at that with curl reveals this.

$ curl -LI https://dn7.me/2ou
HTTP/1.1 301 Moved Permanently
Location: https://blog.dembowski.net/2015/good-product-integration-is-important/

$

The https URL sends a 301 to the destination https URL with nothing else to see. My tin foil hat is now even a little tighter.

You do know that you use Jetpack, right Jan?

I’m not really concerned about data leakage and this really is just an excercise for me. I like Jetpack and understand the implications of continuing to use it.

When you setup a  web server the default port is 80 without any encryption. SSL on port 443 needs to be configured and turned on manually with x509 certs. Wouldn’t it be great if you could do away with HTTP and just use HTTPS? That’s part of what Let’s Encrypt is trying to accomplish.

As a service it’s supposed to be available mid-2015 and I can’t wait to see how that goes. Encryption everywhere is a great idea  and in the 21st century there’s no excuse not to use it.