|
snagger posted:Sounds like you need to add custom meta fields to your posts. Google that and you'll find some plugins that at least get you started. So I managed using the insert php plugin to get it all in wordpress working. The subscription thing is not the main stumbling block.... All it needs is take a monthly fee and then allow access to the site. I don't really want to pay for a fully featured plugin. I love Woo for online retail but its going to be too expensive. Cheap or free is required as this probably wont take off anyway :/
|
# ? Nov 27, 2014 00:34 |
|
|
# ? May 8, 2024 14:09 |
|
snagger posted:This isn't a fully-informed perspective, but it looks like Events can be called up using a set of Attributes. This will be conceptually familiar to any dev who's worked on the standard Wordpress Loop: Hey, thanks for your time on this. I'd read through their website, looking for something exactly like that, and had somehow missed it. Now I just need to find where the last dev has actually called and configured the plugin!
|
# ? Nov 27, 2014 12:39 |
|
I've been doing quite a lot of small theme modifications for people recently and usually they give me their wordpress login but no ftp access, so I have to do all the changes on the theme editor page. Is there any way to backup the whole theme from the dashboard before I start changing things?
|
# ? Nov 27, 2014 13:48 |
|
fuf posted:I've been doing quite a lot of small theme modifications for people recently and usually they give me their wordpress login but no ftp access, so I have to do all the changes on the theme editor page. Is there any way to backup the whole theme from the dashboard before I start changing things? There may be a better way, but I just run the Duplicator plugin - that creates a full backup of all files, so if you need to you can just unzip and have access to all the WP folders before your modifications. There are other plugins designed to just produce a backup without the installer file that duplicator produces anyway. If you had LOADS to do, making big changes in the theme editor is a pain, so I'd duplicate the site then re-install locally (doing that only takes about 2-3 minutes total depending on the size of the site and if you've already got XAMPP or similar installed), make any changes locally, then paste any amendments back into WP.
|
# ? Nov 27, 2014 20:24 |
|
yeah that's a good idea. I never thought of just opening up a duplicator archive and getting the files from there. Thanks
|
# ? Nov 27, 2014 21:04 |
|
darkgray posted:I'm considering making a tag widget that would allow a visitor to click a tag to add it to the currently displayed list of posts, and click an active tag to remove it, etc, allowing for filtering freely on multiple tags. The magic syntax you are looking for is foo.com/category/shoes/tag/red+green/ I only have experience of getting it to work on foo.wordpress.com/tag/red+green/ but I imagine it generalises.
|
# ? Nov 30, 2014 12:05 |
|
samglover posted:For sliders, I really like Theia Post Slider. You can see it in action here and here. You just use the regular <!--nextpage--> tag in the editor to switch between slides, and you can set different header and footer content. It's also quite smooth, as you can see. Thanks for this. I was able to use Theia slider along with WP Table of Paginated Contents to create a drop down list of pages and do exactly what I wanted to do.
|
# ? Nov 30, 2014 17:17 |
|
So I want to make a plugin... I manahged to get my database tool working but it loads an external webpage to display results and this isnt a good look. So I have created a basic plugin file. Now I need to add my functionality (searching a database) to the file, copying and pasting the whole php file put the result at the top of every admin panel this si the code in the php file code:
|
# ? Nov 30, 2014 23:47 |
|
Is there an ad plugin that let's you show ads on a per-post and per-category basis? And which also has reporting? Alternatively what are the best ad plugins?
|
# ? Dec 4, 2014 12:10 |
|
Who are you using for ads? Adrotate is my poo poo: https://wordpress.org/plugins/adrotate/ Has a free/premium version as well.
|
# ? Dec 4, 2014 15:34 |
|
Turns out they're already using OIO Ad Manager and want to stick with that. I did consider adrotate though. OIO has an option for "Ad Category" which is supposed to only show ads on certain categories, but it doesn't work! So annoying.
|
# ? Dec 4, 2014 15:56 |
|
Maybe something with a custom theme you might have to add to the loop
|
# ? Dec 4, 2014 16:15 |
|
Fixed it by using the PHP embed code instead of the JS one. Weird but whatever.
|
# ? Dec 4, 2014 16:30 |
|
Anyone familiar with WP Engine for hosting Wordpress sites? A (UK based) company I work with is thinking of switching to them. They'll need to move their existing portfolio of a few hundred WP sites, some of which get a fair amount of traffic. Moving from current host due to downtimes becoming more frequent and support times becoming slower. Anyone have anything much to say about them?
|
# ? Dec 9, 2014 16:51 |
|
e: sorry hang on I think I'm being dumb
|
# ? Dec 10, 2014 16:50 |
|
hey gang what's your favourite portfolio plugin? I need one that can do horizontal scroll reels
|
# ? Dec 12, 2014 11:46 |
|
Chris! posted:Anyone familiar with WP Engine for hosting Wordpress sites? A (UK based) company I work with is thinking of switching to them. They'll need to move their existing portfolio of a few hundred WP sites, some of which get a fair amount of traffic. Moving from current host due to downtimes becoming more frequent and support times becoming slower. Your sites probably won't go down.
|
# ? Dec 13, 2014 00:27 |
|
snagger posted:Your sites probably won't go down. Thanks for your reply! Have you any experience of their tech support?
|
# ? Dec 13, 2014 09:23 |
|
I need to fix some wordpress sites that got hacked. I have all the files and backups of the DB in .sql format. I want to scan and fix the files before restoring the databases. But all the "wordpress security scan" solutions I can find are plugins that assume you have a working wordpress installation. Is there anything other than http://wpscan.org/ that will scan the files directly from the command line? wpscan isn't picking up any of the infected files so I'm grepping for stuff like "eval(base64" like a chump. There must be a better way fuf fucked around with this message at 14:25 on Dec 14, 2014 |
# ? Dec 14, 2014 13:35 |
|
fuf posted:I need to fix some wordpress sites that got hacked. I have all the files and backups of the DB in .sql format. I want to scan and fix the files before restoring the databases. But all the "wordpress security scan" solutions I can find are plugins that assume you have a working wordpress installation. Is there anything other than http://wpscan.org/ that will scan the files directly from the command line? Wordfence
|
# ? Dec 15, 2014 04:27 |
|
Wordfence is a plugin though?
|
# ? Dec 15, 2014 11:32 |
|
Just replace all the WordPress core files with a fresh download from wordpress.org. (Basically, overwrite everything except the wp-content directory. Nothing should ever touch any of that stuff anyway.) Then, for your plugins and themes in wp-content, try to replace them with fresh versions from wherever they came from. This should limit the scope of the files you have to investigate (if you're very lucky, just a custom theme and the stuff in the uploads directory). I'm not sure how worried you need to be about the contents of the database. In theory, nothing in there should be interpreted and executed as code, but I'm far from expert in WordPress security; hopefully someone wiser than I can chime in there.
|
# ? Dec 15, 2014 15:49 |
Weird Uncle Dave posted:I'm not sure how worried you need to be about the contents of the database. In theory, nothing in there should be interpreted and executed as code, but I'm far from expert in WordPress security; hopefully someone wiser than I can chime in there. You can embed just about anything into content in the database. http://codex.wordpress.org/FAQ_My_site_was_hacked As long as you're storing backups of the DB/Site in some sort of version control system you should be fine. If not, I'd recommend building the site back fresh (don't forget a VCS this time) as long as the content isn't too bad. If the site has too much content to do that reasonably you're kind of screwed in the sense it's going to be a lot of hours to ensure nothing in the DB is compromised. Hopefully your client understands where they hosed up previously (not setting up VCS), that it wasn't your fault (hopefully), and that prevention is a lot less expensive than fixing attacks after they occur.
|
|
# ? Dec 15, 2014 19:49 |
|
Wordpress devs--I have a friend doing some wordpress work for one of my other clients and they want a alphabetical search function built in similar to this: http://www.sterlinghealthcaresvcs.com/testcatalog Are there any out of the box plugins for something of this nature? If not, what would be the best solution? Thanks for any input!
|
# ? Dec 16, 2014 03:58 |
|
Chris! posted:Thanks for your reply! Have you any experience of their tech support? I only briefly used WP Engine before trying Heroku and landing with Flywheel (a WP Engine competitor), but in my brief experience the support was as good as one could hope for. My impression is that they're getting paid like it's a serious business, and they treat customers accordingly. Again, a very brief impression.
|
# ? Dec 16, 2014 04:58 |
|
What's the best way to get share counts for a post? I want to be able to display share counts on the front page a la Mashable or something. I know Jetpack (which we use) tracks share counts for each network you show. Can I hook into the API and add those up, or something? Or is there an easier way to do it (I'm not afraid of functions.php or just building my own plugin)?
|
# ? Dec 16, 2014 19:56 |
|
samglover posted:What's the best way to get share counts for a post? I want to be able to display share counts on the front page a la Mashable or something. I know Jetpack (which we use) tracks share counts for each network you show. Can I hook into the API and add those up, or something? Or is there an easier way to do it (I'm not afraid of functions.php or just building my own plugin)? If you're just looking for counts by network there's almost certainly a plugin out there for that. If you need to do math on the fly like adding up across various networks you might need to roll your own - you'd need to hook into each API, grab the number, and add it to the total; on each pageview. Or maybe that already exists out there; I dunno. But it feels like something you'd need to write.
|
# ? Dec 17, 2014 03:44 |
|
Weird Uncle Dave posted:Just replace all the WordPress core files with a fresh download from wordpress.org. (Basically, overwrite everything except the wp-content directory. Nothing should ever touch any of that stuff anyway.) Then, for your plugins and themes in wp-content, try to replace them with fresh versions from wherever they came from. This should limit the scope of the files you have to investigate (if you're very lucky, just a custom theme and the stuff in the uploads directory). down with slavery posted:You can embed just about anything into content in the database. alright so I did the following: * moved the site onto its own secure server * wpscan found nothing * grepped for "$GLOBALS" which seemed to find all the files with malicious code - but I have no way of knowing for sure because I can't find a list anywhere of well-known malicious code snippets * wp-cli core update and wp-cli plugin update --all * deleted all admin accounts except one and gave it a new password * installed wordfence (scan found no problems) * put the whole thing in a git repo so I can monitor changes I thought I must be safe after this, but then this morning I ran git status and two plugin files had been modified with code added! I guess it must be the database which is compromised? I searched it for obvious stuff but couldn't find anything...The client doesn't have a db backup (of course). Any other ideas?
|
# ? Dec 18, 2014 15:29 |
|
Maybe try regenerating your salts, changing SQL passwords, and all passwords you can find?
|
# ? Dec 18, 2014 15:44 |
|
yup sorry it's a new db name, user and pass. Should have put that on the list. I didn't change the salts though, thanks for that.
|
# ? Dec 18, 2014 15:57 |
fuf posted:Any other ideas? Maybe check mysql's logs to see what exact queries are being run.
|
|
# ? Dec 18, 2014 16:21 |
|
hmmm only three active plugins: revslider woosidebars wordfence It was in /woosidebars that the code was injected... I deleted the inactive plugins just in case (is there any risk that an inactive plugin could still be up to something? I've always wondered this)
|
# ? Dec 18, 2014 17:17 |
|
Probably not, but are they legit Woothemes plugins/themes? I'd also look to update them if you can (usually requires a purchase key in the Wordpress backend)
|
# ? Dec 18, 2014 17:23 |
|
oh snap, I bet the problem is Revolution Slider. It's still version 3.0.5 and their homepage says "VERSION 4.1.4 OR OLDER MUST BE UPDATED IMMEDIATELY TO AVOID CRITICAL VULNERABILITY" oops I didn't realise it was a premium plugin and naively assumed it had updated to the current version when I updated the other plugins. Thanks for that tip Gyshall. ugh I guarantee the client doesn't have their purchase key or whatever credentials I'll need to update revolution slider...
|
# ? Dec 18, 2014 17:42 |
|
yup found the culprit:code:
Searching through my access logs it's pretty terrifying how many attempts there are to grab wp-config using various methods: code:
fuf fucked around with this message at 18:12 on Dec 18, 2014 |
# ? Dec 18, 2014 18:07 |
|
Are those plugins actually on your install? Looks like someone found the vulnerability and just threw it up to a botnet or something. It's certainly trying to exploit a vulnerability, I'd make sure all the themes and components are updated, especially if they haven't been in a while. Be sure to back up current themes first though.
|
# ? Dec 18, 2014 18:20 |
|
Yeah they are obviously just systematically checking for known vulnerabilities. Just wondered if everyone got that many or if this domain might have been listed somewhere as particularly vulnerable.
|
# ? Dec 18, 2014 18:29 |
|
fuf posted:I deleted the inactive plugins just in case (is there any risk that an inactive plugin could still be up to something? I've always wondered this) Yes. The plugin class itself may not be loaded, but the webserver still honors requests to the files in those directories. It's a huge problem and, to my mind, a good indication against ever starting a new project with Wordpress.
|
# ? Dec 18, 2014 19:12 |
|
fuf posted:oh snap, I bet the problem is Revolution Slider. It will be, check this out http://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html
|
# ? Dec 18, 2014 23:49 |
|
|
# ? May 8, 2024 14:09 |
|
Ugh there's still a hole somewhere. I don't have a lot of faith in wordfence: the scan didn't find anything even when a big chunk of code had been added to wp-config.php
|
# ? Dec 19, 2014 13:25 |