Via @worldofprogrammers with Technical life 😂 CLICK THE LINK ON OUR BIO TO JOIN OUR FACEBOOK COMMUNITY Follow Me: @andrewtmays

View in Instagram ⇒

Is your WordPress site slow? XML-RPC could be under attack!

Recently, a WordPress site I manage was having serious downtime issues. Calling the site from a browser resulted in a lag time of many minutes!

Upon looking at the running processes on the server, the list contained multiple Apache processes, around 20, all running at around 20MB each. The maths comes in at 400MB of RAM being used for the the Apache processes and that was resulting in all the allocated server RAM, as well as 100% of the CPU, being consumed. This meant no new client connections were served.

Multiple hard reboots of the server did not solve the problem. The Apache processes were back almost as soon as the server came back up. This was fishy as that meant the connections were sustained in some manner.

On further inspection it appeared that 18 of the Apache processes were connections from a single IP address and they were all requesting a single file – xmlrpc.php

As it happens this is quite a popular way to attack a website and crash it. Although I’m still looking for a long-term solution, in the short term I’ve blocked that IP. Another way to safeguard your site is to control access to xmlrpc.php via your .htaccess file. However take care with this file as it can prove to be quite useful. More here –

I’ll post more when I have a real solution.

Update: The WordFence site has some more information on XML-RPC as a security risk and how to disable it.

jQuery for responsive image maps and time in the new garden fort

Spent some time working with the rwdImageMaps jQuery plugin for implementing responsive image maps as well as the qTip2 jQuery plugin for rich tool tips for responsive image maps. Coding is always so much fun!

Spent some time with my son in the new garden fort – a lovely summer day not to be wasted!

Find me on Instagram here

Javascript query string manipulation & a direwolf Game of Thrones t-shirt!

Some front-end development today using Javascript to manipulate query strings for a WordPress template. Good fun all round!

A lovely Father’s Day gift from my sons – a t-shirt depicting the sigil of my favourite family in Game of Thrones: The direwolf head of the Stark family.

Find me on Instagram here

Using an inline CSS style to create a new page in a PDF generator

I’ve recently been working with the TCPDF PDF generator class in PHP to generate PDFs on the fly as part of one of our newer business processes.

The class takes a lump of formatted HTML and creates a PDF document however generation being on the fly, there is no opportunity to use the inbuilt addpage() method of the class when the document needs to be broken up into multiple pages. A good example would be when generating an invoice and attaching a second page containing terms or a new chapter in a book.

Ideally, some marker within the HTML would inform the PDF generator when there is a page break, and thankfully there is.

Enter CSS

Set style="page-break-after:always;"

in the html e.g. for an empty div or p element, wherever you require a page break and TCPDF, and I warrant any good PDF generator function or class, will do the needful.

It’s handy to keep in mind that the same CSS style will also cause a printer to begin printing a new page when encountered.

Many thanks to Peter Young for this useful nugget.

Joomla : Fixing the User Password Reset Feature

Recently on one of my Joomla projects a user complained that they used the Password Reset feature but they encountered an error in the final steps of the process.

How does Joomla’s Password Reset feature work?

Joomla’s Password Reset feature asks for the user’s email address which it checks for in the user account table against that user’s record.

If found a unique token (a long series of numbers & characters) is generated and this is sent to the email address with a link back to the correct page on the website where the token needs to be entered to complete the process and allow the user to reset their password.

What went wrong?

Unfortunately, the email sent to the user displays the token in this manner :

The token is 408ebfa6c89glda0d267543e07a4cdeb4 .

Notice the space before the period? Well, understandably, the user was copying everything upto the preiod, including the space and pasting it into the field provided on the website for the final step. Unfortunately, that extra space counts as a character and so the token did not match and the user received an error and was unable to complete the reset. Not good.

The fixes

There are two fixes for this issue:

  1. Format the email properly so there is less of a chance of user error;
  2. Run the submitted token through PHP’s trim() function to strip out empty characters on either side of the token.

Making these two fixes should prevent this error occurring again and keep users who need to reset their passwords from becoming frustrated.

How to?

Format the email to remove the space

The first step requires us to amend the email that is sent out to the user. Joomla uses language files so it’s quite easy to amend this message. The reset password function is a part of the User Component in Joomla (com_user) so look up the correct file in the ‘language’ folder/directory :


Search for this text “PASSWORD_RESET_CONFIRMATION_EMAIL_TEXT”  and edit the value of this setting by removing the space and period. I added newlines (n) before and after the token (%s) so that the token displays on a line by itself.

This has two advantages:

  1. Makes it clearer to the user if the token is on a line by itself
  2. Reduces the chance of user error when copying/pasting

Use trim() to remove whitespace

The second fix is the better one as it tackles the actual issue of readying the submitted token for comparison and matching.

In order to do this go to the following file :


Search for the text “function confirmReset($token)” and inside this function add the trim function like so:

function confirmReset($token)
global $mainframe;

$token = trim($token);

……….. function continues ………..


This will now remove all extra whitespace on either side of the token submitted by the user so that the ‘clean’ token is used for comparison.

And that’s it – you will now have a sturdier Reset Password feature in Joomla.