Resources on WordPress - Repair, restore, rebuild, return and repeat

Generating a new administrator user in WordPress through SQL

If you need access to a website, built on WordPress, but you have SSH access only, you could still cope with the situation with a few line in the command line.

Here are the steps you need to follow:

Find the database credentials. They are usually in wp-config.php file under the web-root directory of your WordPress based website.
Connect to the database, using the credentials from the configuration file, using the following command

mysql -u <username> -h <hostname> -p

1

mysql -u <username> -h <hostname> -p
Switch to your database:

use <databasename>;

1

use <databasename>;

Create your user:

INSERT INTO `users` (`user_login`, `user_pass`, `user_nicename`, `user_email`, `user_registered`, `user_activation_key`, `user_status`, `display_name`) VALUES ( 'your-username', MD5('your-password'), 'Your Name', 'your@email.com', '2018-07-18 14:10:00', '', '0', 'Your Name');

1	INSERT INTO `users` (`user_login`, `user_pass`, `user_nicename`, `user_email`, `user_registered`, `user_activation_key`, `user_status`, `display_name`) VALUES ( 'your-username', MD5('your-password'), 'Your Name', 'your@email.com', '2018-07-18 14:10:00', '', '0', 'Your Name');

Check the id of the newly created user. Try to guess the right SELECT, and if you can’t, go standing face to the wall and repeat a hundred times “I should not mess with the database if I don’t understand basic SQL.”. Seriously.
Make your user an administator with this:

INSERT INTO `usermeta` (`user_id`, `meta_key`, `meta_value`) VALUES ( '<user_id>', 'capabilities', 'a:1:{s:13:"administrator";s:1:"1";}');

1

INSERT INTO `usermeta` (`user_id`, `meta_key`, `meta_value`) VALUES ( '<user_id>', 'capabilities', 'a:1:{s:13:"administrator";s:1:"1";}');

Now you should be able to login with your username and password.

Recovering missing Facebook comments (and like counts) after switching to SSL

You might notice that you are missing your Facebook comments once you switch to HTTPS from serving your site initially on HTTP. The problem is with Facebook not linking the old URLs with the new ones, which is why you might have to do some additional work in order to have your comments back.

It’s important to notice that you’ll still have your Facebook comments form and you might even have some new comments there from after you switched to using SSL, but the old ones from before that would be gone. Not irreversibly, though.

Here is the solution I found in a couple of WordPress.org Forum threads. It worked great for me:

Install and activate Really Simple SSL plugin (https://wordpress.org/plugins/really-simple-ssl/);
See if your dashboard breaks. It did on one of my sites due to some weird environment edge case.
Add a custom replacement for HTML attributes that would contain the address of the website with HTTPS, instead of HTTP:

add_action('rsssl_fixer_output', 'rsssl_exclude_http_url');

function rsssl_exclude_http_url($html) {
  $html = str_replace('data-href="https://pod-rb.eu', 'data-href="http://pod-rb.eu', $html);
  return $html;
}

add_action('rsssl_fixer_output', 'rsssl_exclude_http_url');

function rsssl_exclude_http_url($html) {

$html = str_replace('data-href="https://pod-rb.eu', 'data-href="http://pod-rb.eu', $html);

return $html;

}

Oh, it’s usually the same problem with Facebook likes, so don’t worry that much if all of a sudden you lost all your Facebook like stats on your like buttons in the site. Same solution should fix this too.

Some good sources for starting your knowledge path in SEO

A friend of mine sent a list of resources to a client of mine and CC’ed me in the conversation. I do find these resources really helpful, which is why I decided to put them here. We are not affiliated to any of the sources.

SEO 101:

Google’s SEO Starter Guide https://static.googleusercontent.com/media/www.google.com/en//webmasters/docs/search-engine-optimization-starter-guide.pdf

MOZ: https://moz.com/beginners-guide-to-seo

WordPress SEO hints by the authors of the most popular WordPress SEO plugin: https://yoast.com/wordpress-seo/

Search Engine Land: https://searchengineland.com/guide/seo

SEO Blogs:

Backlinko: https://backlinko.com/blog

Neil Patel: https://neilpatel.com/blog/

SEMRush: https://www.semrush.com/blog/

“Sorry, you are not allowed to access this page.” on News Cherry theme options page

The problem

It happened to a client of mine just recently – they tried to change something in the theme options, but they couldn’t, as reaching out to http://their-site.com/wp-admin/admin.php?page=options.php produced

“Sorry, you are not allowed to access this page.”

message. The theme is News Cherry by Bdaia, found on ThemeForest.

The solution

Turns out the theme is using the native WordPress file editor, which is used for editing themes and plugins through the admin panel. So once we’ve disabled this through iThemes Security -> WordPress Tweaks, it stopped working for accessing the theme options. If iThemes Security is not present or the option there is disabled, it would be a good idea to check your wp-config.php file for

define('DISALLOW_FILE_EDIT', true);

1	define('DISALLOW_FILE_EDIT', true);

and set it to false. It’s a good setting to be enabled, so News Cherry is to be blamed for forcing you to lower your guard.

A proper plugin for flipping pages of a book or booklet (list of 8 tested and reviewed plugins)

Here is the list of the plugins that I tested:

Those booklet plugins that actually are useful

WP Booklet – super-simple and easy to work with, has a post type and a shortcode, a short list of options and that’s it. Oh, and it loads images upon opening the page from the booklet, instead of loading all of the at the beginning. It could work with PDF, if pdfinfo was present on my server.

This is the best free plugin from wordpress.org/plugins that I could find and test, creating a decent responsive booklet “slider”. Or do some call it flipbook?

Here are some others that could do the trick:

Digital Publications by Supsystic – looks pretty good, has loads of options and is close to being responsive as a final result. Admin interface is rather messy, but once you get the hang of it, it’s easy to setup a booklet from a set of pictures or pages (custom HTML and CSS are also useful here, but not required).

Photo Book Gallery – loads the booklet pretty slowly, probably because it loads all images prior to displaying anything from it. Apart from this it has tons of options and a Pro version. Out of the box, the booklet, represented by a set of photos and a set of display options, doesn’t seem to be responsive, but is still better than most of the other plugins out there and can definitely be used in a production environment after some fiddling with the settings. Most probably could be used by people ignorant of the power of CSS.

WP jQuery Pager – a very basic solution that allows you to flip images, listed by ID in a shortcode. Navigation buttons are present, but nothing more. Some styling would be needed, as this thing is definitely not responsive, but hey, for a 5 year-old plugin it’s cool that it works at all!

Worthless, useless or bad booklet plugins

Interactive 3D FlipBook – a demo plugin undercover. Already reported to the Plugin team in WordPress.org for distributing a crippled version of a premium plugin (sold in CodeCanyon). While working with the UI of the plugin is pretty easy, it limits your booklet to 10 pages only, and if you leave it open for some time, it will hog your CPU heavily. Well done, Ivan, for being an douche by abusing at least two rules for publishing a plugin in the Directory and giving 5-star reviews to your plugin from at least 3 accounts.

[livebooklet] and [simplebooklet] -both of these do not work, if they ever did. Using the shortcode leads to forced PDF download. In the markup you could see an iframe of the PDF, so they never actually did anything more than just embedding a PDF in the page.

Easy Page Flip – has some basic options for the booklet which is presented as a custom post type, which requires a gallery to be embedded in it. Not responsive and rather ugly, so you’ll need to fix all that with (tons of) extra CSS.

MainWP WordFence extension overview

What is the MainWP WordFence extension

The MainWP WordFence extension allows you to scan your child sites for security issues, monitor live traffic and to manage Wordfence settings across your network and all from your Dashboard!

Price: $39

Overview

It is created to scan easily all child sites for malware, security issues and monitor live traffic. You can scan all sites with one button, see results in the MainWP Dashboard, block or unblock users or set scheduled scans. MainWP WordFence is intuitive and very easy to use. It requires the WordFence plugin being installed on the child site.

In combination with MainWP Sucuri and MainWP Vulnerability Checker extensions it provides you enough information to keep you sites secure and protect them from low level (script kiddie) attackers.

MainWP Vulnerability Checker Extension overview

What is MainWP Vulnerability Checker Extension

MainWP Vulnerability Checker extension uses WPScan Vulnerability Database API to bring you information about vulnerable plugins and themes on your Child Sites so you can act accordingly.

Price: Free

What is WPScan

WPScan is a black box WordPress vulnerability scanner.

It is a linux script, created by Sucuri to check WordPress for vulnerabilities. It has it’s own database with known security issues. The script is very powerful and allows you to:

Enumerate all users
Enumerate all themes
Enumerate all plugins
Check all themes against the database of vulnerabilities
Check all plugins against the database of vulnerabilities

Overview

MainWP Vulnerability Checker extension works the same way. It checks all installed themes and plugins (and their versions) and compares them to the entries in wpvulndb. If it finds one, it will notify you in the dashboard. You can check a single site or perform bulk scan.

You can avoid the security issues that this extension is looking for by keeping everything up to date, but if manage a large amount of sites, this task becomes easier said than done.

Anyone can check any plugin or theme for known vulnerabilities because the wpvulndb database is open. Researchers are disclosing these issues after the vulnerabilities have been patched. It is a good place for research if you check whether a plugin had many vulnerabilities in the past and how quickly they have been patched. Unfortunately the database has been used by attackers who have found outdated plugin or theme and are looking for known way to compromise the site.

Resources on WordPress MainWP Vulnerability Checker Extension overview MainWP Vulnerability Checker — Security issue in one of the plugins

MainWP Vulnerability Checker gives you another point of view of your sites. In combination with MainWP Sucuri extension and MainWP WordFence it provides you enough information to keep you sites secure and protect them from low level (script kiddie) attackers.

MainWP Sucuri extension overview

What is MainWP Sucuri extension

The MainWP Sucuri Extension uses Sucuri’s proprietary SiteCheck Tool to scan your sites. SiteCheck provides web-based malware scanning of your web sites using the latest in fingerprinting technology. It gives you a quick way to determine if your web applications are out of date, exploited with malware, or even blacklisted by popular search engines all directly from your MainWP Dashboard!

MainWp Sucuri is really easy to use. It adds SECURITY SCAN tab to each site’s Dashboard.

Price: Free

What it can do

MainWp Sucuri helps you scan your sites for security issues and offers you a quick way to fix them. According to it’s creators, it can:

Scan For:

Malware
Malicious javascript
Malicious iframes
Drive-By Downloads
Anomaly detection
IE-only attacks
Suspicious redirections
Blackhat SEO Spam
Spam

Also Check For

Web Server Details
List of Scanned URLs
List of Javascripts Included
List of iFrames Included
List of External Javascripts Included

The scan results tells you also if there are some other issues like directory browsing, accessible readme.html etc. It scans for things, attackers check in the fingerprinting stage of an attack and helps you hide them.

In combination with MainWP Vulnerability Checker and MainWP WordFence it provides you enough information to keep you sites secure and protect them from low level (script kiddie) attackers.

Issues

This extension is really good, but it has some problems that need to be fixed. One of the is the false positives. If the scan find readme.html file in the root directory, Sucuri flags it as an issue even if the file is not accessibe (returns 403 Forbidden). Similar thing is happening with the directory browsing results.

MainWP branding extension overview

What is MainWP Branding

MainWP Branding extensions allows you to brand your child plugin. You can modify the way MainWp Child plugin and make it look like your company’s.

Price: $69

Overview

This extension is easy to setup and use, but it offers a nice way to brand your support business. Here is what you can do with it:

Change the name, author, description etc of the MianWP Child plugin so it looks like your own.
Hide some of the settings, so the inexperienced customers want be able to brake something
WordPress branding – Customize login, favicon, dasboard widgets etc
Add a quick contact support button in top admin bar or admin menu

MainWP advanced uptime monitor extension overview

What is Advanced Uptime Monitor?

MainWP Advanced Uptime Monitor is an extension that works with the Uptime Robot service that checks your websites sites every 5 minutes, 24 hours a day, 7 days a week. In the case your site is not loading, it makes few more checks in next 3 minutes to make sure that site is down. If the site is still down, it will notify you immediately.

Price: free

Prerequisits

In order to use this extension, you will need a couple of things:

Uptime robot account (free)
Uptime robot API key

Overview

This extension is simple to setup and use and is really helpful for monitoring large amount of sites uptime. It displays data in the MainWP dashboard and notifies you by email for any changes in a site’s status as well as the code it returns. This gives you the ability to react quickly and fix any issues causing downtime.

Limitations

The only limitations come from Uptime robot. Their Free Plan allows you to monitor 50 sites. If you need to watch more, you have to upgrade to Pro Plan which gives you the flexibility to pay according to the amount of sites you have. The maximum is 500 and it costs $29.90. The Pro Plans include sms notifications