Allow your root user to use SFTP with one simple change

In most of modern Sever providers such as DigitalOcean, Hetzner root users are not able to login to the server using SFTP.

Yes, adding MATCH USER vlock can solve the problem, but for an auth with password, not with public key.

To enable our root user to login to our server with public key, we just need to add this single line to our ssd_config.

Continue reading “Allow your root user to use SFTP with one simple change”

Slow WP-Admin? Boost WP_Admin performance by disabling update checker.

In modern WordPress era things about theme and plugin repositories are far from ideal.

We don’t have centralized “app store” in WordPress world (similar to Apple Store and Google Play Store of mobile platforms) – that’s why we can list at least 3 different branches as defragmented segments:

  1. WordPress.org – where only free plugins are allowed.
  2. ThemeForest+Codecanyon – which doesn’t have own repository, but by using some 3rd party tools it is possible to have repository like channel.
  3. Premium self-hosted plugin/theme markets – Each of them has their own repositories.

Alongside with defragmantation this issue has another negative side – WP-Admin checks updates at background, with some transient-expire logic. When you have just one repository(official one – wordpress.org) – that’s not a problem. But when you are using different 3rd party plugins, it causes nightmare.

Few months ago one of my clients asked me to check why his wp-admin works so slowly.

First as a quick check i made quick monitoring with Query Monitor plugin – and discovered that connecting to external hosts takes 4-10 seconds (!) each time – Some of repositories had a problem with response time – and that was affecting whole wp-admin performance.

So i decided to disable Update Checking in wp-admin, excluding Plugins.php page itself.

I wrote such small snippet and put it to functions.php of the theme:

if(is_admin() and strpos($_SERVER["REQUEST_URI"],'plugins.php')===false){
    remove_all_filters('pre_set_site_transient_update_plugins');
    remove_all_filters('site_transient_update_plugins');
    remove_all_actions('pre_set_site_transient_update_plugins');
    remove_all_actions('site_transient_update_plugins');
}

And that did the JOB. Update checking occurs when the client enters to plugins.php to see of there is an update. And that’s exactly what we needed.

Removing added Class Methods from Action/Filters in WordPress

To remove independent function from WP actions/filters is easy thing, we know. We just set remove_action(‘action_name’, ‘function_name’, PRIORITY); and that’s all.

But this simple way doesn’t work for Class Methods. That’s why there is another approach for classes.

remove_action('action_name', array($class_object_variable,'method_name'), PRIORITY);

Well, in some cases this method doesn’t help us either. f.e. When we shouldn’t re-construct that class. (if we declare some $obj=new CLASSNAME(), its construct method re-triggers, and some cases it may cause some problems)

So, what personally i use is guaranteed way – To list already added actions, detect the one we are looking for, get its temporary name generated by WP, and remove it.

In my case i will remove “woocommerce_proceed_to_checkout” action added by third party plugin’s class method “display_form” (priority=9 in my case). Here is how it looks:

add_action('init',function(){
  global $wp_filter;
  if(!empty($wp_filter["woocommerce_proceed_to_checkout"][9])){
    foreach($wp_filter["woocommerce_proceed_to_checkout"][9] as $key=>$removed){
      if(strpos($key,'display_form')!==false){
        remove_action( 'woocommerce_proceed_to_checkout', $key, 9 );
      }
    }
  }
},100);

Quick fix for Cloudflare and PHP REMOTE_ADDR IP Detection

Some CMS-s, Frameworks, Custom Codes have built-in functions on collecting user logs (registrations, updates, submits, payments etc.) where they are using PHP’s $_SERVER[“REMOTE_ADDR”] variable to get the visitor’s IP address.

But as you know very popular Cloudflare Cloud Service passes all your traffic through its own servers – and that’s why all log function which i mentioned above writes Cloudflare’s IP address to the DataBase, not visitor’s actual IP address.

What to do for that.

Continue reading “Quick fix for Cloudflare and PHP REMOTE_ADDR IP Detection”

Integrate Cloudflare SSL and WordPress Website

As we know Cloudflare is a very popular CDN and web security service with millions users. It has both free and paid features. But free features of Cloudflare are just great, not just for trial purpose. Its free features are really great and useful.

Some of free features are DNS, Firewall, Caching, Network Control, Analytics, Crypto(SSL).

In this blog post i will write about Crypto-SSL option.
To install SSL(https) certificate in our website we need to buy SSL certificate first then install/configure the needed files in our Apache server.

But when we connect our website to Cloudflare DNS (it is so simple, just change domain’s nameservers to Cloudflare’s ones) it automatically gives our website SSL tunnel. Yes, without certificate installation, with just single toggle.

free wordpress ssl certificate with cloudflare

So, after changing nameservers to Cloudflare DNS-es and toggling Crypto->SSL feature to FLEXIBLE it is done, SSL for our website now works.

Now the only thing we should do is to prepare WordPress for HTTPS. Without this it just can’t work. Because it is configured to work with HTTP requests and its webserver Apache doesn’t have any configuration for 443 port, doesn’t have any certificate file in server filesystem. So there is no any information about SSL in serverside. Everything has been done in CloudFlare side.

Let’s simply solve it. After DNS changes are active (it usually takes up to 1 day) do these steps:

1. Go to wp-config.php, add these lines there before define(‘wp-debug’,’false’); line:

define('FORCE_SSL_ADMIN', true);
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) $_SERVER['HTTPS']='on';

This is for redirecting wp-admin requests to https and telling webserver to consider that the website works with https, not with http.

2. Go to wp-admin->settings and edit website addresses (change http:// to https:// ) You will be asked to login again.

3. Open .htaccess file and add this simple code there:

RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This is for redirecting all http requests to https.

That’s all. Now your WordPress website will work only with HTTPS prefix (and it will show green bar in browsers’ address bars). And this has been done without installing SSL certificates at server side.

Use external Mail Server in WordPress Website – even several servers in one

If we want to use external mail servers for sending mails via our website, we can do it without any plugin.
And also we can build simple function which can use several mail servers for each case.
For example, it may use different mail server when it sends something via cron jobs, another mail server when it send something via contact form etc..
It is not about to change email headers like “email from”, “sender name” – to do it is much easier.
I mean real external mail server with different mail server hostname, port, user and password.
wordpress and external email servers 1. In first one it gives a code to use single external mail server.
2. In second one it gives ability using randomly chosen multiple mail servers. (could be helpful when mailservers have some sending limits)
3. In third one it gives ability chosing mail servers for specified cases.