Category Archives: PHP

10 things to to after installing WordPress blog

This guide provides a list of 7 things that you should do after installing a new WordPress site. Some of the steps are optional, but many others are essential if you want to comply with GDPR and Google AdSense policy, to have at least basic on-site SEO and manage the updates easier.

This guide provides links to other articles which will aid in your learning of WordPress content management system. Many of the steps refer to 3rd party sites where you can find more information on a particular topic.

After you have finished this guide, you will have easy to maintain SEO optimized website that complies to GDPR and Google AdSense policy.

1. Setup domain

In order to avoid Google penalty for content duplication, you should setup your domain properly. According to Matt Cutts blog, it is necessary to redirect non-www to www or vice versa. it is a good idea to check which domain has more links indexed: if the www has more links – redirect the non-www to the www, otherwise, I suggest the opposite (www to the non-www). Check your web server documentation for more information on how to do it.

Do not forget to redirect non-https version to https, too!

2. Hardening admin panel to prevent Brute-force attack

If you check your server access logs, you will notice an enormous amount of requests to /wp-login.php. Most of these requests are performed by bots, trying to Brute-force the login form. There is a pretty easy and elegant solution to harden these attacks. Just add basic HTTP authentication for /wp-login.php URL. The bots should brute force two logins instead of one, but most probably they will fail on the first one – most of the bots are not programmed to expect basic HTTP authentication. You can add optionally IP restriction, too.

3. Install plugins

This step is not absolutely necessary, but my experience is that you most likely will need if not all the most of plugins I recommend bellow because almost nobody use vanilla WordPress. Nowadays, the SEO is essential to be properly indexed on Google and the social media are a most used channel to drive targeted traffic to your site and so you need plugins for them.

  • Classic Editor – enables the WordPress classic editor and the old-style Edit Post screen with TinyMCE, Meta Boxes, etc. If you have troubles running Guttenberg, this plugin is a life saver.
  • Code Snippets – An easy, clean and simple way to add code snippets to your site. The best thing is that you do not need to edit to your theme’s functions.php file again and your changes are persisted even if you change the theme you use.
  • Conditional CAPTCHAplugin that serves a CAPTCHA to new commenters, or if Akismet thinks their comment is spam. All other commenters never see a CAPTCHA. You need to obtain reCAPTCHA v2 API keys in order to use it. It is really easy – you need to log in with your Google credentials here.
  • Cookie Notice – allows you to elegantly inform users that your site uses cookies and to comply with the EU cookie law GDPR regulations.
  • Google XML Sitemapsthis plugin improves SEO using sitemaps for best indexation by search engines like Google, Bing, Yahoo, and others.
  • Share Buttons by AddThis – the official AddThis plugin that allows you to easily configure and place different social media buttons and widgets. It is free and provides nice usage stats.
  • SyntaxHighlighter Evolved – one of the first plugins of its kind to add Gutenberg support via its own block. SyntaxHighlighter Evolved allows you to easily post syntax-highlighted code to your site without losing its formatting or making any manual changes. It uses the SyntaxHighlighter JavaScript package by Alex Gorbatchev.
  • WP Post Signature – this plugin allows you to append a signature after every post. Some variables can be used, such as %post_title%, %post_link%, %bloginfo_name%, %bloginfo_url%, and so on. It supports multiuser.
  • WP Updates Notifier – easiest way to be notified by email when a plugin, a theme or WordPress core gets a new version. It will help you to maintain an up-to-date site and so reduce the chance to be hacked.

4. Disable cron jobs

Long story short: WordPress does not use Linux crontab, but its own pseudo cron system implementation that works right after installation and does not need server configuration. It sends an HTTP request on every page request of your website to wp-cron.php and executes scheduled events of the core and plugins. This way planned posts are published, system updates are received and pingbacks are triggered for example. The huge problem is that this is a pseudo cron system that relies on visitors – you need somebody to hit the site at a particular time in order to execute the scheduled tasks for that particular moment. There is even a website dedicated to this problem – https://wp-cron.org/. Check it out for more detailed information on how to migrate to a real, reliable cron job system.

5. SEO

Search Engine Optimization (SEO) is something so essential for a successful blog, so you just can’t skip it. There is plenty of articles on the topic, so I will not go into details here. I will only mention the most important (and easy to do) steps to ensure basic on-site optimization.

  • robots.txt – ensure that Settings -> Reading -> Search Engine Visibility checkbox is unticked. Otherwise, WordPress will generate a robots.txt record that discourages the search engines of indexing the blog.
  • Register the site in Google Webmaster Tools (a.k.a. Google Search Console) in order to receive updates related to SEO, indexing, and security. You can even submit your sitemap and check for errors.
  • Use a plugin to generate sitemap – it will speed up the process of discovering new or changed pages by search engines.
  • Signup for Google Analytics, really. Yeah, there are some cool FOSS alternatives to it such as Piwiki (Matomo) and Open Web Analytics, but they have one big issue – do not provide search keywords statistics.

6. Legal

In order to run Google AdSense, comply with GDPR and avoid legal problems, it is recommended to have Privacy Policy page and Cookie consent badge (notification). Version 5 of WordPress ships with template of Privacy Policy page you can customize and publish. For cockie consent badge, you can use third party plugin such as Cookie Notice or just include the js code of this.

7. WP-CLI

WP-CLI is the command-line interface for WordPress. You can update plugins, configure multisite installs and much more, without using a web browser, right from the terminal. You can use it to auto-update the core, plugins, and themes, automate the deployment process or perform repetitive tasks to multiple WP installations. Try it and you will love it!

How to install PHP Data Structures (DS) extension on Ubuntu 16.04

First, you will need to install PEAR via apt-get to get the necessary package and distribution system that both PEAR and PECL use. From a shell prompt enter:

sudo apt-get install php-pear

You will be prompted to confirm the install. Just press “y” and enter. If all goes well you should see it download and install the php-pear package.

Now you will need to install the php-dev package to get the necessary PHP7 source files to compile additional modules. Enter the following from a shell prompt:

sudo apt-get install php-dev

If you do not install the php-dev package and try to install a PECL extension using “pear install”, you will get the following error:

sh: phpize: not found
ERROR: `phpize’ failed

The PECL_HTTP extension requires an additional dependency package to be installed. You can probably skip this for other extensions:

sudo apt-get install libcurl4-openssl-dev

Now we are finally ready to actually install the extension. From a shell prompt enter following:

sudo pecl install ds

The installer may ask you about some specific options for the extension you are installing.  Just accept the defaults and go ahead.

Once the install is complete, it’s time to enable the extension.
First, edit the following file (create it if it does not exist already):

sudo vi /etc/php/7.0/mods-available/ds.ini

and change it’s contents to:


; configuration for php ds module
; priority=30
extension=ds.so


Than check and remove any symbolic links to 20-ds.ini file, such as:

sudo rm /etc/php/7.0/fpm/conf.d/20-ds.ini
sudo rm /etc/php7.0/apache2/conf.d/20-ds.ini
sudo rm /etc/php7.0/cli/conf.d/20-ds.ini

You need to remove above listed symlinks because of bug: there is hard dependency on the json extension. DS extension shouldn’t try to implement JsonSerializable if the json extension is not loaded, but actually do it and it will complain with exception if it is not found:


PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/lib/php/20151012/ds.so'
 - /usr/lib/php/20151012/ds.so: undefined symbol: php_json_serializable_ce in Unknown on line 0

That’s why we removed 20-ds.ini symlinks and specified ds.so to load after json is already enabled.

Now, disable and then re-enable the extension:

sudo phpdismod ds
sudo phpenmod ds

You may need to restart your HTTP server:

# If you are on apache
sudo service apache2 restart
# if you are on nginx
sudo service nginx restart

How to parse a csv file in php when the delimiter is unknown

There are plenty of MS Excel alternatives out there – OpenOffice, LibreOffice, Kingsoft, Google Spreadsheets and many more. The problem is that CSV files created by different softwares may vary (, or ; to name a few options). If you need to process CSV files exported from different systems and software and handle the delimiter automatically, you can benefit from using SplFileObject::getCsvControl method.

Example usage:

<?php $csvFileObject = new SplFileObject($_FILES["csv"]["tmp_name"]); list($delimiter, $enclosure) = $csvFileObject->getCsvControl();

$lines = fopen($_FILES["csv"]["tmp_name"], 'r');
if($lines) {
while (($line = fgetcsv($lines, 4096, $delimiter, $enclosure)) !== false) {
//do something
}
}

Reference: http://php.net/manual/en/splfileobject.getcsvcontrol.php

How to install mailcatcher on CentOS 7 and configure it for PHP

The problem

Handling outgoing emails in a web application can be hard, because it’s very easy things to get wrong and send unwanted test mails to real world customers while testing some functionality.
Ensuring sent emails are designed, parsed and formatted correctly is a painstaking problem, too.

… and the solution

Mailcatcher is a program you can use to test sending email. It gives you the ability to inspect sent emails and their headers. It is a simple SMTP server that can receive emails. It also gives you a nice web interface to preview the sent emails.

We’ll cover installing the dependencies for Mailcatcher. Then we’ll install and set it up for easy use in our development environment. This includes use with PHP. Finally, we will setup password protect subdomain for easier access using Nginx.

Continue reading

Mock Yii2 components

The well written code is also testable code – it is loosely coupled to the other components, it follows the single responsibility principle, there are no explicit dependencies and so on. We all know the rules, but there is always an exception.

It’s pretty common situation to unit test component or controller that depends on another core Yii component – for example using \yii\web\Request to get query string or $_GET variable.

Rewriting your library in order to remove the explicit dependencies is not always option, because it may lead to massive refactoring and actually break more things than benefits.

In such as case a what I really want to do is to assign temporarily \Yii::$app->request PHPUnit Mock Class, so I can override the return values e.g.

$request = $this->getMock('\yii\web\Request', ['getUserIP', 'getUserAgent', 'getBodyParams']);

$request->expects($this->any())
 ->method('getUserIP')
 ->will($this->returnValue('127.0.0.1'));

$request->expects($this->any())
 ->method('getUserAgent')
 ->will($this->returnValue('Dummy User Agent'));

$request->expects($this->any())
 ->method('getBodyParams')
 ->will($this->returnValue([]));


\Yii::$app->set('request', $request);

Enjoy!

Symfony 2 : Redirect to Referer

There are few methods of redirecting to referer.
Inside your controller action you can use:

return $this->redirect(
              $this->getRequest()
                   ->headers
                   ->get('referer')
           );

Alternatively you can write it like this:

 $request = $this->getRequest();
 return $this->redirect($request->server->get('HTTP_REFERER'));

Generate huge JSON files with custom PHP >5.3 class

Lately, I’ve been working on transitioning XML feeds to JSON format on big video site.  We generate these feeds in order to feed external search service with results. It’s similar to sitemap, but it provides more detailed information about the pages.

This task is challenging because of the following problems that need to be resolved:

  1. The feed need to represent over 500 000 database entries i.e. videos. It’s just not possible to generate huge PHP multidimensional array with more than 500 000 elements and pass it to json_encode(). Obviously, you need to generate small JSON objects (chunks) concatenated with hand-coded strings and so build the full feed.
  2. The development and production servers we use are equipped with outdated PHP version 5.3.27. That means:
    – No meaningful error messages because json_last_error_msg() function it’s not available prior PHP 5.5
    – No JSON_PRETTY_PRINT, JSON_UNESCAPED_SLASHES, and JSON_UNESCAPED_UNICODE
  3. The code should be easy to test and maintain, so it should provide meaningful debug information and error handling.

Continue reading

Format microtime() to provide better feedback on the time elapsed

As a PHP developer you know that it’s common task to check how long a particular class, function or procedure performs. Usually this involves measuring of the time particular code snippet takes to execute. There are lots of PHP code benchmark scripts out there, but the simplest method remains to check the difference between the start and end time. Continue reading