Category: WordPress

  • How to hide a WordPress Plugin

    How to hide a WordPress Plugin

    When you develop a WordPress website, you may need to hide a plugin, so customers won’t access it or change its settings.

    In this blog post, I will show how to hide the WPGraphQL plugin from the plugins page. Edit functions.php inside your themes folder, add the following code

    add_filter('all_plugins', function ($plugins) {
    unset($plugins['wp-graphql/wp-graphql.php1']);
    return $plugins;
});

    Now the plugin will not be listed on the Plugins page inside the WordPress Admin area.

    Hide Menus

    The plugin still displays the Menu on the sidebar and top bar. To hide the menu, add the following code in the functions.php file inside the theme folder.

    add_action('admin_print_scripts', function () {
    echo '<style>';
    echo '#toplevel_page_graphiql-ide { display: none; }';
    echo '#wp-admin-bar-graphiql-ide { display: none; }';
    echo '</style>';
});

    To only do this for admin users, use the following code

    if (current_user_can('administrator') && !array_key_exists('show_all', $_GET)) {
    add_filter('all_plugins', function ($plugins) {
        unset($plugins['wp-graphql/wp-graphql.php1']);
        return $plugins;
    });
    
    add_action('admin_print_scripts', function () {
        echo '<style>';
        echo '#toplevel_page_graphiql-ide { display: none; }';
        echo '#wp-admin-bar-graphiql-ide { display: none; }';
        echo '</style>';
    });
}

    To show the hidden menu items and plugin, add ?show_all to the end of the URL, for example

    https://serverok.in/wp-admin/plugins.php?show_all

    Back to WordPress

  • WPScan WordPress Security Scanner

    WPScan WordPress Security Scanner

    WPScan is a free, open-source WordPress security scanner developed by a team of security professionals. It is designed to help website owners and security experts assess the security of their WordPress-powered websites

    The tool is written in Ruby and can be used to detect a wide range of vulnerabilities, including outdated WordPress core, plugin, and theme versions, as well as common security misconfigurations. WPScan can also be used to enumerate WordPress users and identify potential attack vectors. 

    You can find more information at

    https://github.com/wpscanteam/wpscan

    The easiest way to use is is using docker. First, you need to install docker, you can find instructions at https://serverok.in/docker

    Once you have docker installed, you can run it with the command:

    docker run -it --rm wpscanteam/wpscan --url URL_OF_SITE_TO_SCAN

    Back to WordPress

  • Wordfence CLI

    Wordfence CLI

    Wordfence CLI is an open-source, high-performance malware and vulnerability scanner designed for the Linux command line environment. This tool is built to provide site owners, security administrators, operations teams, and security-focused organizations with a powerful and flexible solution for detecting malware and WordPress vulnerabilities at scale.

    Wordfense CLI require Python 3.8 or newer installed on your server. To install Wordfence CLI, run the command

    pip3 install wordfence

    To scan all files in /home directory, run

    wordfence malware-scan --output-format csv --output-path /root/wordfence-cli-scan.csv /home/

    To get the list of infected files, use

    cat wordfence-cli-scan.csv  | grep "/home/" |  awk -F ',' '{print $1}'

    In the above command, replace grep “/home/” with the folder where the files are, this will remove non-file lines from the result.

    Back to WordPress

  • WordPress Redirect Visitor On 404 Error

    WordPress Redirect Visitor On 404 Error

    WordPress shows a 404 page when visitor navigate to a non existent page. To redirect visitor to a specific page, say home page when visiting non existent page, edit functions.php file in your themes folder, then add following code to it.

    function redirect_404_to_page() {
    if( is_404() ) {
        header( "Location: https://your-domain.tld/page/" , true, 404);
        exit;
    }
}
add_action( 'template_redirect', 'redirect_404_to_page' );

    Back to WordPress

  • How to reset WordPress Password using wpcli

    How to reset WordPress Password using wpcli

    If you lost your WordPress user password, you can use forget password link on the WordPress login screen to reset the password. For any reason, if you were unable to receive the password reset email, you have to reset your password by editing the wp_users table in MySQL Database or by using the WordPress command line tool (wpcli).

    If you don’t have wp-cli installed, you can install it with

    For root users

    cd && wget https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
mv wp-cli.phar /usr/local/bin/wp
chmod 755 /usr/local/bin/wp

    If you are logged in as a normal user, run the following command

    mkdir ~/bin
wget https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O ~/bin/wp-cli.phar
alias wp="php -d memory_limit=-1 ~/bin/wp-cli.phar"

    To make wp command available when using as normal user, you need to run

    alias wp="php -d memory_limit=-1 ~/bin/wp-cli.phar"

    To make it permanent, you can edit the file ~/.bashrc and add the above line to the end of the file, so it gets executed whenever you log in to the server.

    To list all users, you can run

    wp user list

    To list all users with administrator role, run

    wp user list --role=administrator

    To reset the password for a user, run

    wp user update USERNAME --user_pass='NEW_PW_HERE'

    Reset the WordPress user password by editing the wp_users table using phpMyAdmin

    Back to WordPress

  • How to Speed Up Your WordPress Site

    How to Speed Up Your WordPress Site

    Getting your site to load faster is very important. Bounce rate (visitors leaving your website) on your website increases as load time increases. Many WordPress themes, and plugins add extra javascript/css resources to your page, so each page has to load these resources, making the site slow. It is better to use minimum plugins required. More plugins make the site slower.

    To check the speed of your website, you can use speed testing sites like

    https://gtmetrix.com

    Once you scan your website with gtmetrix, you will get some useful report, that shows how much time it takes to load your website and what you can do to improve your site speed.

    Here are some things you can do to improve your site speed.

    1) Opimize Images

    Make sure all images used in your web site is of proper size. If you want to show a 500 px width image on your web page, don’t use a bigger picture. Just use an image with proper size. This can avoid browser based scaling.

    2) Disable loading of unwanted JavaScript/Fonts

    WP Asset Clean Up plugin can help disable loading of unwanted resoucres.

    https://wordpress.org/plugins/wp-asset-clean-up/

    3) Datbase Cleanup

    Every time you save a page, WordPress keeps a copy of the page, over time, your database can grow bigger. Using a plugin to clean up the database can speed up your website.

    https://wordpress.org/plugins/wps-cleaner/

    4) Analyze Database Query

    Use Query Monitor Plugin to find out which SQL query is slowing up your website. This plugin shows how much time it takes to load a page.

    5) Disable Unused Plugins

    Using plugins can slow down your website as it adds more code to execute every time someone visits your website. Remove any unused, not essential plugins. Many features can be implemented without using a plugin by editing theme files or PHP code. Plugins are usually created by third-party developers, they may not be secure or bug free like core WordPress files.

    6) Cache Pages

    You can use a caching Plugin like W3 Total Cache to speed to WordPress load time.

  • Find WordPress Version from command line

    Find WordPress Version from command line

    To find the version of WordPress, you can check the file

    wp-includes/version.php

    Inside the file look for variable $wp_version

    You can do this with the grep command

    grep wp_version wp-includes/version.php

    Find WordPress version

    Using WP CLI

    You can use WordPress CLI to find the version of WordPress with the command

    wp core version

    find WordPress version using wpcli

    Back to WordPress

  • How to fix WordPress 404 Error htaccess

    How to fix WordPress 404 Error htaccess

    If your WordPress sites shows 404 page when accessing URLs, this is because .htaccess file is missing. WordPress uses .htaccess file to generate SEO-friendly URLs when using Apache or LiteSpeed webserver.

    To fix the 404 error on WordPress, create a file with the name .htaccess and copy the following content.

    If WordPress is installed on the root of your website, use the following .htaccess file

    # BEGIN WordPress

RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

    For WordPress installed on a subfolder, use

    <IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /FOLDER/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /FOLDER/index.php [L]
</IfModule>

    Back to WordPress

  • CURL ERROR 7 could not establish a secure connection to WordPress.org

    CURL ERROR 7 could not establish a secure connection to WordPress.org

    On a WordPress website hosted on a CentOS server, I got the following error on the header of the website.

    Warning: An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums. (WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.) in /var/www/html/wp-admin/includes/translation-install.php on line 68

    On debugging the code, I found the code returned “CURL ERROR 7”. This happens when the curl connection is blocked. I was able to curl to the URL from the command line.

    curl https://api.wordpress.org/translations/core/1.0/

    To error is due to SELinux. To fix the error, run the command

    setsebool -P httpd_can_network_connect on

    Or disable SELinux.

    See SELinux, WordPress.

  • How to Add Expires Headers in WordPress

    How to Add Expires Headers in WordPress

    What is Expires Headers

    Expires headers are a type of HTTP header that indicates how long until cached copies of site resources expire. Expires headers tell the browsers what resource can be stored and fetched from the browser’s cache or the source itself. Using the expires headers, you maximize the speed of your site by reducing the HTTP requests between your device and the Service and also help you load the site more easily.

    Caching

    Browser caching enables the browser to cache to locally store resources improving site speed. This tells the web browser how long it should store your website resources before they are deleted.

    How to enable Expires header in wordpress using .htaccess

    Find your .htaccess file. Download a backup copy of the .htaccess file to your local computer. Add the following code snippet in the file

    ExpiresActive On
ExpiresByType image/jpg "access 1 year"
ExpiresByType image/jpeg "access 1 year"
ExpiresByType image/gif "access 1 year"
ExpiresByType image/png "access 1 year"
ExpiresByType image/svg "access 1 year"
ExpiresByType text/css "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType application/javascript "access 1 month"
ExpiresByType application/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 2 days"

    How to enable Expires header in Nginx

    Nginx works in a different way to Apache in that it does not make use of a specific file like Apache does with the .htaccess file. Instead, you need to edit the server configuration file then copy and paste the following line of code to your server block.

    location ~* \.(jpeg|jpg|png|svg|gif)$ {
expires 365d;
}

location ~* \.(html|css|js)$ {
expires 30d;
}

    You can adjust the expiration times for different types of files as needed.

  • How to install LetsEncrypt SSL on Bitnami WordPress Server

    How to install LetsEncrypt SSL on Bitnami WordPress Server

    To install a free LetsEncrypt SSL certificate on bitnami WordPress installation, do the following

    log in to the server as user “bitnami” using SSH/putty.

    Run command

    sudo /opt/bitnami/bncert-tool

    It will ask for the domain name. Enter domain names separated by space. After that you will be asked if you need to redirect the domain name to www, select the one you prefer for your website. Then it show a summary of tasks, once you confirm it, SSL will be installed.

    Before you do this, make sure the domain name is pointed to server IP and DNS is propagated.

    For more information, check bitnami documentation.

    See bitnami

  • WordPress Plugins

    Backup and Restore

    CDN

    Debug

    Malware Cleaning

    Back to WordPress