plugins

I wrote in WYSIWYG hides WordPress hacking that my client was mysteriously unable to save edits or new Posts or Pages. Whatever save type button we clicked, the edits would silently disappear, and a completely blank admin page would be the response. It was my job to fix this odd behaviour.

First, update

The first real step I took was to note that his copy of WordPress was out of date. I was pretty sure that updating WordPress and the half dozen plugins he uses would see him right.

I loaded up v2.3.3, the current release version, ran the upgrade script, checked and updated his plugins, then confidently created a test post. No joy. The problem remained.

Next, check for correct permissions and content

Using FTP, I compared his WordPress install with one of my own. I confirmed that all permissions seemed to be correct. Since we also suspected he’d been hacked, I opened his wp-config file and his theme files — the only files that weren’t replaced in the upgrade — and looked for anything that didn’t belong. They were clean and in order.

This WordPress install should be working correctly.

Disable a suspect plugin

Googling led me to believe that one particular anti-spam plugin he was using may be the problem. I disabled it. No change.

No help in the forums

Checking the WordPress forums led me to several threads from people with the same ‘blank admin page’ problem. There were no answers that helped me.

I did pick up on a fix for the spam injection though, involving the xml-rpc file. But that needs a separate post.

Alternate access to the database

Next up I used MarsEdit to create a new post on my client’s blog. Ah, now there was progress: that was successful.

I also used PHPMyAdmin to access the database directly. This allowed me to remove the unwanted spam from his post. So again, there was success.

Maria and I explain in our book WordPress 2 Visual Quickstart Guide how to access the WordPress database directly.

So now I knew that direct access to the database was successful, while editing posts through the web interface was the problem. There was something wrong with the WordPress files themselves.

The files were all fresh and up-to-date, permissions were correct, and there were no signs I could see of malicious scripts or whatever on the server. I had ruled out the suspect plugin. Or had I?

Another look at the plugins

I decided to look at the plugins again. They were all up-to-date. Several of them, such as Bad Behavior, I use myself, so I believed they were not the problem. But when something doesn’t work there is a problem somewhere.

I decided to disable all the plugins simultaneously and then enable them one by one until the problem showed itself. Thank goodness for the Deactivate All Plugins link on the Plugins page.

OK, all plugins deactivated, and the blog worked correctly again. Hooray!

I reactivated Akismet. The blog worked.

Reactivate Bad Behavior. OK.

One by one I reactivated each plugin, and then tested editing a post. Each time it worked.

Until there was just one plugin left … ah, I’d found the culprit, and it was the one I’d suspected in the first place.

Reactivate. Test. Editing a Post worked fine. Wait a minute! This was supposed to be the problem. I shouldn’t have been able to edit a post successfully.

Situation report

OK: in the first place, with all plugins active, we could neither edit a post nor create a new post.

Nevertheless, after deactivating and then reactivating all plugins the problem was fixed.

The end result was the same — all plugins active — but the effect was different: now editing or creating a post worked correctly. Strange but true.

I’m guessing that one of the plugins was the problem, before I updated it, but that somehow the update didn’t ‘register’. I suspect that deactivating and reactivating the plugins forced something else in WordPress to register the change and correct the problem.

The p*rn in the post

So now the ’save’ part of my client’s blog was working correctly, but let me tell you about the porn in the post … in another article to come.

Popularity: 19% [?]

When you visit a web site you aren’t powerless or at the mercy of the web designer, but can take some control of the site’s appearance and functionality. This article considers the powers available to users of Safari, the browser that comes installed on every Mac. It was written for Safari under Tiger and some things may have changed since then.

When you visit a web site you aren’t powerless or at the mercy of the web designer, but can take some control of the site’s appearance and functionality.

One of the most common actions is to block unwanted pop-ups — most browsers now have a setting to do that. It’s also common and easy to make text larger or smaller, and to affect a web page’s appearance in other ways.

This article considers the powers available to users of Safari, the browser that comes installed on every Mac. There are others, such as Firefox, Opera, Netscape, Camino, OmniWeb, Flock, and others, but future articles will look at them.

Safari

Safari is included with all new Macs. It has been developed so rapidly that there are many different versions around. This article refers to Version 2.0.4 (419.3), which was current at time of writing.

The first step in taking control with Safari is actually to enable a couple of features that are disabled by default: the Status Bar and Tabbed Browsing.

Status Bar

The Status Bar is a gray strip at the bottom of the browser window. It displays information relating to the page you’re viewing. To enable it, choose View > Show Status Bar. Watch the Status Bar as you work with web pages as it gives you more information and therefore more control as you browse the web.

For example, call up a Bookmark or enter an address manually, and the Status Bar should carry messages such as “Contacting www.example.com” or “Loading www.example.com“.

Hover over a link and the Status Bar should display where that link will take you. Sometimes a web page is created in such a way that it is able to override the useful information with text the web designer thinks is more important, but mostly the information in the Status Bar is useful.

Similarly, you can usually spot email addresses. Be careful if the URL you see in the Status Bar ends with a file extension such as .pdf, .doc. .xls as that means the link goes to a file of that type, which may download to your computer.

Screenshot 01: As I hover over the link to ATPM Issue 13.03 the Status Bar shows that if I click I will visit http://atpm.com/13.03/index.shtml. In this screenshot there also happens to be a tooltip visible (the text on the yellow background), but many websites don’t offer that.

Block pop-up windows

Some sites cause extra windows to pop-up without your asking for them. These may be perfectly legitimate, but more often they are advertising, or even spam or ridden with viruses.

All modern browsers, including Safari, allow you to block malign pop-ups, while allowing the harmless ones to appear. Choose Safari > Block Pop-Up Windows.

Text Size

Some sites use text that’s just too small to read comfortably. Of course, “too small” is very subjective, and can depend on the time of day, how tired you are, and other factors.

Increase the size of text on a page by pressing Command +. Press Command - to reduce it again. These commands are also available under the View menu as Make Text Bigger and Make Text Smaller.

You can press the key combinations repeatedly until you either find a comfortable size or Safari refuses to make any further changes. My tests suggested about eight or nine steps were available.

While you can enlarge or reduce text, the images remain the same size.

Minimum Text Size

But wait! Look in the Preferences, under the Advanced tab. Here you’ll see that you can set a minimum font size. This is great if you consistently find yourself enlarging the text. To really see the difference try the extremes: 9 and 24.

·

Screenshot 02: With a minimum text size of 9, the text on the page is tiny. Screenshot 03: I’ve set the minimum text size to 24, so the text on the page is huge.

Choose your own style sheet

In modern web design the HTML coding should be plain and simple: a set of tags to mark out headings, paragraphs, lists and so on. All the layout is controlled (or rather, suggested) by a style sheet.

A style sheet may contain rules to say that all headings should be bold, centred and maroon, while paragraph text should be left-aligned, black, with margins of a certain width, and so on.

The style sheet sets up how the web designer thinks the page would best communicate its message, but such styles are not hard and fast.

For example, the designer may create different style sheets for print, for handheld devices, or even for how a page should sound when read aloud, though this last isn’t yet very popular or even very reliable.

For a visitor to a web page though, style sheets make possible a degree of control. Safari allows a visitor to choose their own style sheet and use it to override the designer’s suggestions.

Screenshot 04: Choose your own style sheet in the Advanced tab of Safari’s Preferences.

Try downloading my-styles.css (1Kb text file) and then choose it as a custom stylesheet. Now go to the Safari menu and choose Empty Cache … to clear out what Safari thinks it already knows about web pages.

Note: Safari is truly terrible at refreshing web pages; if you simply reload / refresh the web page with your new stylesheet loaded you may not see any change. Emptying the cache usually forces Safari to really refresh.

Now visit some websites and see what happens. You should find that web pages now use large, white text on a black background. Hover over some links and you should find that a red outline appears around the link text.

Screenshot 05: My custom style sheet causes the web page to display large, white text on a black background.

This isn’t a carefully crafted style sheet: it was simply cobbled together with a few rules pulled from information about accessibility. It should demonstrate, though, that the user has quite some power when visiting web pages.

Disable scripts and plug-ins

Another area where you have power over a website is with scripts and plug-ins. Safari’s Security tab allows you to enable and disable Java, Javascript, Cookies and Plug-ins.

Screenshot 06: Safari’s Security tab allows you to enable and disable Java, Javascript, Cookies and Plug-ins.

There is enormous power here: as with most technologies, each can be used for good or evil. I have accidentally visited porn sites that pop open a million windows — every time you try to close the window to get away from the site half a dozen new ones open. That kind of trick is done with scripts.

On the other hand, your bank may use scripts to log you out if you don’t use a page for a while. This can help ensure your privacy and keep your financial information safer.

Cookies are commonly used on shopping websites to keep track of items you’ve added to a shopping basket, or to greet you by name when you next visit the site.

If you disable items in this Security section you may find that sites you want to use don’t work correctly.

But still, it’s up to you; you can take control.

This article was first published in About This Particular Macintosh in April 2007 and may have been modified from the original.

Popularity: 22% [?]

After showing my new MacTips Archive layout to a friend and fellow WordPress user, I was asked which plugins I use on that site. Here’s the list. Descriptions and links are taken straight from the Plugins page in the Dashboard, edited to remove non-essential content.

Bad Behavior

Deny automated spambots access to your PHP-based Web site.

Democracy

This poll plugin is easy to use, install, and manage. It uses AJAX to load data, making it quick and fun to use.

Democracy Widget

Adds a sidebar widget for use with Andrew Sutherland’s Democracy Poll widget.

Popularity Contest

This will enable ranking of your posts by popularity; using the behavior of your visitors to determine each post’s popularity.

Related Posts

Returns a list of the related entries based on active / passive keyword matches.

Secure and Accessible PHP Contact Form

This powerful yet easy-to-install contact form features exceptional accessibility and usability while still providing extensive anti-spam and anti-exploit security features.

Social Bookmarks

Adds a list of XHTML compliant graphic links at the end of your posts that allow your visitors to easily submit them to a number of social bookmarking sites.

Spam Karma 2

Ultimate Spam Killer for WordPress.

Subscribe To Comments

Allows readers to receive notifications of new comments that are posted to an entry.

WordPress.com Stats

Tracks views, post / page views, referrers, and clicks. Requires a WordPress.com API key.

WP-EMail

Allows people to recommend / send your WordPress blog’s post / page to a friend.

Popularity: 17% [?]