Create temporary WordPress nonce

May be the title sounds a little contradictious, as WordPress nonces are not storable data, so they don’t need to be expired. They are just hashed functions which are used for anti-CSRF purposes.
But for some special cases we may need to make nonce “to be expired”.

I mean, at first request it should work, after second request it should return false. Or it should work this day, since tomorrow it should return invalid.

This operation smells anti-bruteforce attempt, rather than anti-CSRF. Because anti-CSRF technology doesn’t have any relation with time and expiration.

So, our aim is to create a form which works only one time or temporary. This solution may be useful when we do ajax requests which should run only at once via setTimeout. So after
Let’s do that. (i write sample for ajax nonces. But same method can be used with input, url nonces too.)

Make any search form to take a visitor to WooCommerce Search Results page instead of default WP Search Results page

Usually WooCommerce themes have their own search forms, from simple “input-submit” to advanced “input-filter1-filter2-…-checkbox1-submit” ones.

But sometimes shop owners meet a such problem: Their search form takes the visitor to WP search results page instead of WooCommerce rich search result one.

What is the difference between these two results page?

WP Search results page is simple – it shows all results (in most cases its UI has simple bloggy style, and yeah, bloggy view in WooCommerce search is not suitable UI)

WooCommerce Search Results page is more complitated – Usually it has a product category, parameter filter at sidebar, and its UI is not bloggy, it has normal grid which is important for product view.

woocommerce search results bloggy view

Why does it happen? It happens only when there is missing post_type parameter in url.

When search form submit takes you to  it will show you default WP search view. When search form submit takes you to it will show you correct UI. Normal shop search results page.

So we just need to add missing parameter to search forms, and everything will be ok.

To add this we need very simple script at the footer.

P.S. You may also want to have smart search suggestion box to the WooCommerce with this plugin.

Integrate Cloudflare SSL and WordPress Website

As we know Cloudflare is a very popular CDN and web security service with millions users. It has both free and paid features. But free features of Cloudflare are just great, not just for trial purpose. Its free features are really great and useful.

Some of free features are DNS, Firewall, Caching, Network Control, Analytics, Crypto(SSL).

In this blog post i will write about Crypto-SSL option.
To install SSL(https) certificate in our website we need to buy SSL certificate first then install/configure the needed files in our Apache server.

But when we connect our website to Cloudflare DNS (it is so simple, just change domain’s nameservers to Cloudflare’s ones) it automatically gives our website SSL tunnel. Yes, without certificate installation, with just single toggle.

free wordpress ssl certificate with cloudflare

So, after changing nameservers to Cloudflare DNS-es and toggling Crypto->SSL feature to FLEXIBLE it is done, SSL for our website now works.

Now the only thing we should do is to prepare WordPress for HTTPS. Without this it just can’t work. Because it is configured to work with HTTP requests and its webserver Apache doesn’t have any configuration for 443 port, doesn’t have any certificate file in server filesystem. So there is no any information about SSL in serverside. Everything has been done in CloudFlare side.

Let’s simply solve it. After DNS changes are active (it usually takes up to 1 day) do these steps:

1. Go to wp-config.php, add these lines there before define(‘wp-debug’,’false’); line:

define('FORCE_SSL_ADMIN', true);
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) $_SERVER['HTTPS']='on';

This is for redirecting wp-admin requests to https and telling webserver to consider that the website works with https, not with http.

2. Go to wp-admin->settings and edit website addresses (change http:// to https:// ) You will be asked to login again.

3. Open .htaccess file and add this simple code there:

RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

This is for redirecting all http requests to https.

That’s all. Now your WordPress website will work only with HTTPS prefix (and it will show green bar in browsers’ address bars). And this has been done without installing SSL certificates at server side.

Scheduled Banners and Template Parts in WordPress

It is normal when we meet requirement to show/hide any section by time change. I mean when we meet a plugin or theme, it is possible to create a section which displays Content A for T1 time interval, and which diplays Content B for T2 time interval.

I give 3 common examples for such cases.

1. To switch banner image when day ends and night begins and vice-versa.
2. Weekend section – to show weekend special section. It appear when Saturday arrives, and disappears when Monday arrives.
3. Time interval specific section or Campaign section – It appears when the given campaign is active. (for example between 28-31th days of the month)

scheduled banner for wordpress

And all of these should be automatized. I mean, we should not to edit any code by arriving/ending of the given dates. All of these can be scheduled and automatized.

So let’s write sample codes for these 3 cases: (This codes don’t contain any part about managing datetime parameters via administrative interface. The codes are simple and do exactly the needed things)

1. Day-Night Banner Switching:

Weekend Banner Section:

Campaign Section for the given datetimes:

Of course, when we have global targeted project, these codes may not be enough, we may need additional Client-Time zone argument to set. To get it is not problem, we can get it through AJAX. We have related article about this topic, passing cookie via AJAX.

Getting the list of slow MySQL queries in WordPress

Saving MySQL queries is the part of WordPress Debug processes.
If the website works slowly, probably there are some problematic MySQL queries which can be from some plugin or your current theme. Without debugging we can’t know what happens under the hood.

If to define SAVEQUERIES constant in wp-config.php,  we can monitor all running queries in single process. To see that we can add simple code to our themes footer.php.  Here is how it looks like

wordpress mysql debug

But it might not be enough helpful if we can’t catch the problem in our testing process. We may not detect the problem in action, but the visitors still complain about it.  So what to do? Let’s keep SAVEQUERIES ON mode for some time and gather all slow queries for that period. At the end of this period we will be able to see all problematic queries and may be we will be able to solve them.

  1. Add this string to our wp-config.php : define( ‘SAVEQUERIES’, true );
  2. Add the code below to your theme’s footer.php. It will gather slow queries and save it to as WP Option data.
  3. After some time passed, check get_option(‘custom_mysql_debug’); value, it will show all slow MySQL queries in one string, one per line. Here is what it will look like.