Writing a lightweight related content function for WordPress using tags to match content

Strangely, WordPress doesn’t ship with it’s own related content feature so there are a number available to download and use from the plugin directory. However, in my experience, most of these are quite resource-hungry, largely due to the fact that they build up the list of related content by string matching. This is a very expensive process and depending on the number of posts the script has to match against can lead to a slowdown in the database.

I’ve opted to write my own related content plugin using WordPress tags. Generally, a post should not have more than 5 tags attached to it. This makes the matching process much faster and less intensive on the database as tags are only ever matched against other tags attached to posts and never against the content of the posts themselves which could be lengthy.

Now this has the potential to get out of hand as tags can be easily entered by post authors leading to duplicates and unnecessary tagging which can then lead to poor relative matching. However, any professional organisation will have a publishing process and part of that should be for authors to avoid adding tags before checking if a suitable one already exists in the system.

View in Instagram ⇒

Super yachts in Greece and Gordon Welchman, codebreaker

The blue water of the Mediterranean never fails to impress. Something else of note around the Greek islands on this cruise was the sheer number of yachts and super-yachts; these two super yachts were berthed at an island we sailed past after leaving Mykonos.

The second picture today is of some MEAN (MongoDB, Express.js, AngulasJS, Node.js) programming I was doing whilst watching a fascinating BBC documentary on Gordon Welchman, who along with Alan Turing, broke the Nazi Enigma cypher code, shortening the war by two years and saving hundreds of thousands, if not millions, of lives in the process. If you’ve never heard of him don’t worry, not many have. After his stint at Bletchley Park Welchman went on to the US to help the NSA set up their operations and was therefore bound not only by the British Official Secrets Act but by the US Espionage Act.

Find me on Instagram here

Is your WordPress site slow? XML-RPC could be under attack!

Recently, a WordPress site I manage was having serious downtime issues. Calling the site from a browser resulted in a lag time of many minutes!

Upon looking at the running processes on the server, the list contained multiple Apache processes, around 20, all running at around 20MB each. The maths comes in at 400MB of RAM being used for the the Apache processes and that was resulting in all the allocated server RAM, as well as 100% of the CPU, being consumed. This meant no new client connections were served.

Multiple hard reboots of the server did not solve the problem. The Apache processes were back almost as soon as the server came back up. This was fishy as that meant the connections were sustained in some manner.

On further inspection it appeared that 18 of the Apache processes were connections from a single IP address and they were all requesting a single file – xmlrpc.php

As it happens this is quite a popular way to attack a website and crash it. Although I’m still looking for a long-term solution, in the short term I’ve blocked that IP. Another way to safeguard your site is to control access to xmlrpc.php via your .htaccess file. However take care with this file as it can prove to be quite useful. More here – https://wordpress.org/support/topic/what-is-xml-rpc-good-for

I’ll post more when I have a real solution.

Update: The WordFence site has some more information on XML-RPC as a security risk and how to disable it.

jQuery for responsive image maps and time in the new garden fort

Spent some time working with the rwdImageMaps jQuery plugin for implementing responsive image maps as well as the qTip2 jQuery plugin for rich tool tips for responsive image maps. Coding is always so much fun!

Spent some time with my son in the new garden fort – a lovely summer day not to be wasted!

Find me on Instagram here

Javascript query string manipulation & a direwolf Game of Thrones t-shirt!

Some front-end development today using Javascript to manipulate query strings for a WordPress template. Good fun all round!

A lovely Father’s Day gift from my sons – a t-shirt depicting the sigil of my favourite family in Game of Thrones: The direwolf head of the Stark family.

Find me on Instagram here

Using an inline CSS style to create a new page in a PDF generator

I’ve recently been working with the TCPDF PDF generator class in PHP to generate PDFs on the fly as part of one of our newer business processes.

The class takes a lump of formatted HTML and creates a PDF document however generation being on the fly, there is no opportunity to use the inbuilt addpage() method of the class when the document needs to be broken up into multiple pages. A good example would be when generating an invoice and attaching a second page containing terms or a new chapter in a book.

Ideally, some marker within the HTML would inform the PDF generator when there is a page break, and thankfully there is.

Enter CSS

Set style="page-break-after:always;"

in the html e.g. for an empty div or p element, wherever you require a page break and TCPDF, and I warrant any good PDF generator function or class, will do the needful.

It’s handy to keep in mind that the same CSS style will also cause a printer to begin printing a new page when encountered.

Many thanks to Peter Young for this useful nugget.

Joomla : Fixing the User Password Reset Feature

Recently on one of my Joomla projects a user complained that they used the Password Reset feature but they encountered an error in the final steps of the process.

How does Joomla’s Password Reset feature work?

Joomla’s Password Reset feature asks for the user’s email address which it checks for in the user account table against that user’s record.

If found a unique token (a long series of numbers & characters) is generated and this is sent to the email address with a link back to the correct page on the website where the token needs to be entered to complete the process and allow the user to reset their password.

What went wrong?

Unfortunately, the email sent to the user displays the token in this manner :

The token is 408ebfa6c89glda0d267543e07a4cdeb4 .

Notice the space before the period? Well, understandably, the user was copying everything upto the preiod, including the space and pasting it into the field provided on the website for the final step. Unfortunately, that extra space counts as a character and so the token did not match and the user received an error and was unable to complete the reset. Not good.

The fixes

There are two fixes for this issue:

  1. Format the email properly so there is less of a chance of user error;
  2. Run the submitted token through PHP’s trim() function to strip out empty characters on either side of the token.

Making these two fixes should prevent this error occurring again and keep users who need to reset their passwords from becoming frustrated.

How to?

Format the email to remove the space

The first step requires us to amend the email that is sent out to the user. Joomla uses language files so it’s quite easy to amend this message. The reset password function is a part of the User Component in Joomla (com_user) so look up the correct file in the ‘language’ folder/directory :

/WEBROOT/language/en-GB/en-GB.com_user.ini

Search for this text “PASSWORD_RESET_CONFIRMATION_EMAIL_TEXT”  and edit the value of this setting by removing the space and period. I added newlines (n) before and after the token (%s) so that the token displays on a line by itself.

This has two advantages:

  1. Makes it clearer to the user if the token is on a line by itself
  2. Reduces the chance of user error when copying/pasting

Use trim() to remove whitespace

The second fix is the better one as it tackles the actual issue of readying the submitted token for comparison and matching.

In order to do this go to the following file :

/WEBROOT/components/com_user/models/reset.php

Search for the text “function confirmReset($token)” and inside this function add the trim function like so:

function confirmReset($token)
{
global $mainframe;

$token = trim($token);

……….. function continues ………..

}

This will now remove all extra whitespace on either side of the token submitted by the user so that the ‘clean’ token is used for comparison.

And that’s it – you will now have a sturdier Reset Password feature in Joomla.

Use hooks to customize your WordPress site

WordPress is a powerful publishing platform (this site uses itwp-logo-blue-150x150) and it seems to be going from strength to strength. This is partly due to the fact that WordPress is easy to hack i.e. it’s easy to re-write code to make the platform do what you want it to.

Hacking core files, however, is problematic as the hacks are overwritten whenever you upgrade to a newer version, something that you need to do fairly often due to security holes being found and plugged and new features being introduced.

To overcome this problem, read this Smashing Magazine article on ‘hooks’ and how they can be used to provide you with powerful tools to customize your WordPress site.

Cheat Sheets for PHP, Ruby on Rails, MySQL, CSS and SEO

I went on a bit of a Cheat Sheet binge this month. Working on a couple of projects using various technologies means I keep bouncing around looking for stuff so I thought I’d better get some cheat sheets up on my wall to save me time.

Most of these are from one site, the brilliantly named “ILoveJackDaniels” by UK web developer Dave Child:

  1. Ruby on Rails Cheat Sheet
  2. PHP Cheat Sheet
  3. MySQL Cheat Sheet
  4. CSS Cheat Sheet and more from the same site
  5. The Web Developers SEO Cheat Sheet by Danny Dover of SEOmoz.org 
  6. Conversion table for em, px, pt & % in CSS by Suresh Jain

Ruby and PHP are the Leading Web Development Languages according to Sun’s Tim Bray

Tim Bray, director of Web Technologies at Sun Microsystems, said in April’s Ruby Conference that Ruby and PHP are the languages of choice for new web applications.

Both Ruby and PHP are open source and therefore it comes as no surprise that both these languages are being taken up far more quickly than established languages like Java.

There are other factors too; One of the main ones is that many new web applications need to reach their market as quickly as possible. Applications developed in compiled languages like Java cannot be rolled out iteratively as compared to those developed using interpreted scripting languages like Ruby or PHP making them far less desirable.

There are also quite a few web development frameworks built on these two languages around now, Rails based on Ruby and Symfony based on PHP are two that I know of. This makes it even faster, and easier, to develop and deploy a new web application.

Find out more about:

BuildingWebApps.com – A great resource for Ruby on Rails Developers

I know this has nothing, well almost nothing, to do with Internet-related business but I’m so impressed with this site and its founders that I just had to write about it.

For those of you who may not know of it, Rails is a web development framework built using the programming language Ruby. The framework is popularly known as Ruby on Rails.

I’ve finally found some time, after almost a year of trying, to get into learning Rails. As a web developer and programmer it’s important for me to:

  1. Keep up with the latest technology in web development to build my own projects and projects for clients;
  2. And to keep up with the technology so I know what’s possible when I’m thinking of, or developing, a new Internet-based business.

Anyway, in my quest to learn Rails, I found the site www.buildingwebapps.com, created by Mike Slater and Christopher Haupt the founders of Collective Knowledge Works, Inc. a web development agency in the US.

If you’re learning Rails or are interested in learning Rails I highly recommend this site.