Curbing the script kids

On my main photography site, I’m using a Redirection plugin to track 404 errors and create redirects within WordPress. I do that because my site went through some re-structuring over the years, and in order to keep search engines happy and to find and fix my own screw-ups and typos. 🙂

Most recently, I noticed a dramatic increase in errors that obviously come from scripts that are scanning sites for leftover backup archives, installation archives, database dumps, stuff like that. Normally, I have a single page of 404 error log entries in a day. That’s 100 log entries, which is quite easily manageable, even though there’s a lot of crap in there from similar vulnerability scans. Today though, I had 35 pages or 3500 log entries – not that manageable anymore…

So it was time to do something about it, and send the most obvious offenders away via .htaccess before they reach WordPress. That way, the 404 logs I see in the WordPress plugin are “clean enough” again for me to scan them for stuff that needs fixing.More

The mystery of the stripped HTML in WordPress

I’ve been struggling with a problem with WordPress on my main photography website for a while. The editor would strip certain HTML, fields like <input> for example. With an “administrator” user role, this shouldn’t happen! I needed this embedded form to let people subscribe to my blog posts via email (using FeedPress) – and I already had it in place, and it was working!

Only when I wanted to edit that form I noticed the problem: as soon as I hit “Update” in the editor, crucial parts of the HTML code would simply vanish. Interestingly, I did find some conversations online where people had the same problem – but none had a solution (hence this post). I temporarily worked my way around it with a plugin called “HTML snippets” (I consider this a “dangerous” plugin since it comes with it’s own editor, and this way circumvents WordPress’s editor security features entirely).

So I tried everything I could think of, and even went as far as manually re-installing WordPress via FTP. Nothing worked. Eventually, I remembered that I had tried a security plugin (SecuPress) months ago, but then uninstalled it.

Turns out that the plugin didn’t clean up after itself when I uninstalled it – and left some of its configuration changes to harden the site in place. There is a WordPress setting DISALLOW_UNFILTERED_HTML and SecuPress had set that to TRUE. This setting overrides all user roles and capabilities. No one is allowed to use “dangerous” HTML in the editor. Once I removed that line from wp_config.php everything was working again and I could edit and use my subscription form again.

Interestingly, when I re-installed SecuPress to see if there would be anything in there to explain my problem, SecuPress did not recognize its own configuration changes to wp_config.php and blocked access to these settings altogether with a message like “something else has done this already, we’re not touching it”. But it lead me to the solution.

The only question now is how I overlooked the settings block that SecuPress had added to wp_config.php when I looked at it first… 😛

Own your content

OK – Dennis Cooper is perhaps a bit confused* about things but well, he’s an artist. 😀 Anyway, this is a perfect example to illustrate what I’m very passionate about: getting your own domain, your own web hosting, and putting your valuable content online in an open system, like WordPress.

Why WordPress? It’s described in this article, quote:

“Mortgaging your site to a closed-standards vendor gives them, not you, the economic power.”

So here, Google shut down Dennis Cooper’s Blogger site, and his Google account along with it apparently. Awesome! Not, of course. There’s probably a reason for this and Google is well within their rights, defined by their terms of service, to do what they did.

And that illustrates nicely why you should really, really have your own domain and web hosting, and use an open system like WordPress if you want to make your creations available to the public “on the interwebz.” It doesn’t matter whether it’s writings, drawings, photos, or whatever else. Own your content.

Needless to say, you’ll also help making the internet the diverse and open space it should be. Because walled & fenced gardens a la Facebook, Ello, Google(+/Blogger/Photos), Instagram, etc. etc. do not help with that…

*) making a Blogger site (or any place online for that matter) the only place where you store your creations, not even keeping local backups, is completely reckless. Unless you really don’t care about what you create.

Two WordPress Media Organization Insights

I guess it’s no secret that the WordPress Media Library is one of the quirkiest and headache inducing components of the system. I’m in the process of cleaning up the Media Library on my main photography website, and while doing so, I’ve stumbled across two things that appeared to be annoying and/or weird. They’re interesting enough to share them, so here we go…More

Under Attack

The new year began not so pleasant: I woke up to multiple emails from Jetpack’s “Monitor” feature telling me that all of the sites in my hosting account were down (followed by the “still down” messages one hour later), and two emails from Siteground (my web hoster), the first warning me that I’m nearing the CPU limit for the hosting account, and not much later, telling me that my account was limited because of resource overage. Not funny.More


I know it’s been relatively quiet here for a while, except for the more or less regular Hiking reports from the Friday outings with my friend Fred. The reason for this is that I’m quite busy adding older photos to my photography website. I’m trying to add at least two posts per day for a while now, and I re-evaluate or even re-process the images for that. The image counter on the main website is at ~1600 now. A very good thing!More