We currently use the excellent WordFence plugin on almost all of the WordPress installations we host. Once a week or so, WordFence will email a list of IP addresses it’s detected that are attacking a given site — i.e. they’re trying to brute-force something on the server, guess passwords, take advantage of possible software vulnerabilities. Rather than block each of these individually using csf (not hard to do, but a chore with many IPs), I finally created this simple bash script that allows me to copy and paste the list of offending IPs into the command line, hit enter twice to initiate processing, and then it automatically bans every valid IP address it finds.

Feel free to use this yourself if it seems helpful! 🙂

ban_ips.sh

#!/bin/bash
# Script to bulk ban bad IPs that are copy/pasted

printf "Give me some IPs to ban using CSF!  Use ctrl-d to cancel, or new line to process.  \n"

ip_list=$(sed '/^$/q')

echo "Processing..."

echo "$ip_list" | while read -r line;
do
  ip="$(grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' < << "$line")"
  if [[ ! -z $ip ]]
    then
      geoip=`geoiplookup $ip`
      echo "Found IP $ip"
      echo "$geoip"
      echo "Banning IP..."
      csf -d $ip "Bulk banning IPs found by WordFence ($(tr '\n' ' ' <<< $geoip))"
  fi
done

echo "Done!"

You can checkout this script and the others I've written / shared here: https://github.com/gserafini/useful-server-scripts/tree/master/scripts

If you use the neat Moves app (it tracks walks, runs, bicycle rides, transportation, all automatically) this is a very cool visualization tool to see your history: Move-o-Scope

Here’s my accumulated data so far:

If you need to convert a lot of addresses to latitude / longitude, this is an excellent resource:’

http://stevemorse.org/jcal/latlonbatch.html

When you need to know where the php.ini configuration file is on your server, here is a handy way to find it:

php -i | grep php.ini

Give it a try.

If you find a directory such as /tmp/ filling up with old and uneeded files, here’s a quick tip for finding and removing what you don’t need anymore. Note that the delete function WILL remove everything it finds, so please understand exactly what it is you are doing here before running that command.

Command to find all files older than 5 days:
find . -mtime +5 -type f;

Command to delete all files older than 5 days (USE WITH CARE!):
find . -mtime +5 -type f -exec rm {} \;

From the man page for find:

-mtime n
     File’s data was last modified n*24 hours ago. See the comments
     for -atime to understand how rounding affects the interpretation
     of file modification times.

Hope that helps! Thanks for the pointers from this page.

We’ll be upgrading most of our clients to the latest version of WordPress 2.9.1 now that they’ve resolved a number of the issues we were seeing with the 2.9 release.  Good job guys on getting a quick fix out!

The current import script (as of WordPress 2.8.6) is broken when it comes to successfully importing images from WordPress.com. The error you see is something like

Remote file error: Remote file returned error response 301 Moved Permanently

Fixing this involves adding a couple of lines to a core WordPress file. Hopefully a future version of WordPress will include the working version.

Note that these instructions are for WordPress 2.8.6. Your version may be different, and you may need to play with this to get it to work for you. This worked for me, YMMV.

1. Open wp-includes/functions.php
2. Around line 1208 or so, you’ll find the wp_get_http function.
3. Right below where it says $headers['response'] = $response['response']['code'];, add the following code (around line 1227):

   
   // added to fix 301 redirects for blog import code from WordPress.com
   if ((string)$response['response']['code'] == '301') {
   	$response = wp_remote_request($headers['location'], $options);
   	$headers = wp_remote_retrieve_headers($response);
   	$headers['response'] = $response['response']['code'];
   }
   

4. Save the functions.php file and copy it back to the server.
5. Re-run the import function (Tools > Import > WordPress). Don’t worry, it won’t make copies of the posts you’ve already imported, it will just download the images to your new blog.

To fix the references to the images so they’re being served off your new blog, you can either go through every post and manually correct them all, (not very fun), or better yet, download the Search and Replace plugin, activate it and do a search for all instances of the WordPress.com image server URL in all your posts (something like http://BLOGNAME.files.wordpress.com/ with your own new URL — http://BLOGNAME.com/wp-content/uploads/). Don’t forget to test the new URL structure before you do the search and replace, otherwise you’ll have to go back and fix it.

Hat-tip to Bill Zitomer for pointing out the link to this WordPress support forum page that had a good clue to the solution.

I’m proud to announce the immediate availability of our Vogon Poetry application for iPhone and iPod Touch. You can get it in the App Store for $2.99.

Click here to check it out!

I was just working on making some updates to the backend WordPress code for the Principia Pilot website (http://principiapilot.org/) and noticed widows in some of the stories.

Widows are the typographic term for a single word on a line at the end of a paragraph. I thought about the solution to this problem (basically add a non-breaking space before the last word of a paragraph) and then realized probably someone had written a plugin to do exactly this.

I tried two different plugins and like this one the best because it doesn’t overwrite the rest of the excellent WordPress typographic niceties like converting straight quotes to curly quotes:

Widon’t Download latest version here

One of the neat things about WordPress is how easy it is to add custom metadata to a given page or post that you can then use in a template to display structured information. I’ve been using this technique for a while now to extend the basic WordPress elements of title, body, excerpt, etc and allow the creation of easily editable information-rich content.

Before now I’ve used the built-in WordPress Custom Field functionality in the Add New screen where you select previously created custom fields from a drop-down list that is limited to only showing 30 items. This is quite cumbersome as you have select each field you want to add to the entry and enter the value, click the Add Custom Field button, then repeat for however many custom fields you want to use. Needless to say, this can be frustrating to have to remember to do every time, especially for non-technical clients.

The Old Way:

During a recent site conversion to WordPress that involves 4-6 custom fields for each post, we finally decided that there must be a better way, and ended up finding a WordPress plugin that is so good that it should probably be added to WordPress core, it is so highly useful. The plugin is called Custom Field Template and is developed by Hiroaki Miyashita.

The New Way:

Using a simple set of options to define the template you want to use is easy. After downloading and activating the plugin, go to Settings > Custom Field Template to define your template. One is provided for you to show you the possible template values. You can set up two separate custom field template designs.

This is the code used to generate the Custom Field Template form shown in the screenshot above:

Template Instruction

<strong>Story Template Metadata Instructions <em>(All fields are optional)</em></strong><br /><br />
1. Use this form to enter metadata about this story.<br />
2. Each item will get assigned to the correct Custom Field for use in the display template.<br />
3. Click the <strong>Save</strong> button to save the values.<br />
<br />

Template Content

[summary_deck]
type = textarea
rows = 3
cols = 50
label = Summary Deck:

[byline_writer_name]
type = text
size = 35
label = Byline Writer Name:

[byline_writer_title]
type = text
size = 35
label = Byline Writer Title:

[byline_writer_picture_url]
type = text
size = 54
label = Byline Writer Picture URL:

[lead_photo_caption]
type = textarea
rows = 3
cols = 50
label = Lead Photo Caption:

[lead_photo_credit]
type = text
size = 35
label = Lead Photo Credit:

[lead_photo_url]
type = text
size = 54
label = Lead Photo URL:

Then set this setting to true by checking the box to make the form look prettier:

Next, I tweaked the Admin CSS settings to right-justify the labels:

#cft dl { clear:both; margin:0; padding:0; width:100%; }
#cft dt { float:left; font-weight:bold; margin:0; padding: 0 8px 0 0; text-align:right; width: 20%; }
#cft dt .hideKey { visibility:hidden; }
#cft dd { float:left; margin:0; text-align:left; width:70%; }
#cft dd p.label { font-weight:bold; margin:0; }
#cft_instruction { margin:10px; }


Click Update Options to save the settings and then go to Posts > Add New to see the form in action. You may need to go back and forth a couple of times to get your text field sizes just right and to put them in the right order you want them in.

Using the Custom Fields in a template

So how do these values get displayed on your page?

Simply edit your template PHP file to look for custom field values and then display them where you want them if they’re present.

This is how I do it for the Principia Pilot site. This code goes at the top of the template for single.php

<?php
// Retrieve custom meta values from post if they're present
$byline_writer_name = htmlspecialchars(get_post_meta($post->ID, "byline_writer_name", true));
$byline_writer_title = htmlspecialchars(get_post_meta($post->ID, "byline_writer_title", true));
$byline_writer_picture_url = htmlspecialchars(get_post_meta($post->ID, "byline_writer_picture_url", true));
$lead_photo_url = htmlspecialchars(get_post_meta($post->ID, "lead_photo_url", true));
$lead_photo_credit = htmlspecialchars(get_post_meta($post->ID, "lead_photo_credit", true));
$lead_photo_caption = htmlspecialchars(get_post_meta($post->ID, "lead_photo_caption", true));
$summary_deck = wptexturize(get_post_meta($post->ID, "summary_deck", true));
?>


Now each of the possible Custom Fields are available as PHP variables that can be checked for content.

This code example shows the “summary deck” being displayed on the page if it has been entered on the create content screen:

<?php
// Show summary deck if we have one
if ($summary_deck != "") {
    echo '<h3 class="summary-deck">' . $summary_deck . '</h3>';
}
?>


Using this excellent plugin, you can set up select lists, radio buttons, check boxes and more to help you populate your Custom Fields more easily if you prefer that to using simple text fields. You can also specify default values to use for the custom fields so you don’t have to type them in every time.

Plugin Default Template Options

These are the default options included by the plugin:
[Plan]
type = text
size = 35
label = Where are you going to go?

[Plan]
type = textfield
size = 35
hideKey = true

[Favorite Fruits]
type = checkbox
value = apple # orange # banana # grape
default = orange # grape

[Miles Walked]
type = radio
value = 0-9 # 10-19 # 20+
default = 10-19
clearButton = true

[Temper Level]
type = select
value = High # Medium # Low
default = Low

[Hidden Thought]
type = textarea
rows = 4
cols = 40
tinyMCE = true
mediaButton = true

Which displays a form that looks like this:

Summary

This plugin addresses a key need when using Custom Meta Fields in a WordPress custom template design — making it as easy as possible to enter values time after time on multiple pages or posts. There are a bunch of other neat options this plugin offers to make the authoring experience even easier. This is now on my “must install” list of essential WordPress plugins.

Please support Open Source by donating to the plugin author

If you use this and like it, I highly recommend sending a nice donation to the plugin author to help support ongoing development and to say thanks. This plugin will save you and your clients a lot of time and frustration. Thanks Hiroaki!

Requirements

Requires WordPress 2.1 or higher.

Click here to download Custom Field Template plugin from WordPress.org