Call 1(800) 639-6442

WordPress 4.9.3 – Going into the tunnel and never coming out…

Going into the WordPress 4.9.3 version tunnel

In case you hadn’t heard, in early February 2018, WordPress did a double release of versions, from version 4.9.2 to 4.9.3, then 4.9.4 in a matter of two days.

For some WordPress websites, this led to a collision of versions, the end result being it broke the auto-update mechanism, leaving potentially millions of websites stuck on WordPress version 4.9.3; unable to auto-update to version 4.9.4.

WordPress auto-updates is an important built-in security feature.

Automated auto-updates help to protect your website against known vulnerabilities. Without a functioning auto-updates mechanism in place, a periodic visual review and update of your WordPress installations become even more important.

Below is a real-world example of the WordPress auto-update process failing on a client’s account.

As of February 9th, 2018, I found that 75% of a single client’s 150ish WordPress installations were apparently stranded on the WordPress version 4.9.3 train, with apparently no sign of ever coming out the other side (as 4.9.4).

The solution for this WordPress auto-updates problem?

Review and update your version of WordPress to 4.9.4 as soon as you are able.

How do I update WordPress?

Log into your WordPress, hover over the top left menu item, “Dashboard, click “Updates“, then “Update now.”

Alternately, for a small fee, I can help you update your version of WordPress safely.

I likewise provide a human managed WordPress service plan in case you are in need of ongoing WordPress updates and security management.

Happy Updating!

Jim

How Do I Migrate WordPress to a Different Domain Name?

Changing the domain name on an existing WordPress installation or staging a WordPress website at a different location may seem daunting at first. But it’s really quite easy to do. And I’ll show you how.

Use case #1:

You’ve purchased a number of domain names for your website. And you wish to assign another of your domain names as the main domain people see in the web browser location bar when they visit your website.

Use case #2:

Your client has asked you to update their existing theme but would prefer you not edit their live website. Staging the website in a subdirectory within the current hosting account will allow you to work with the existing theme in a safe environment.

Use case #3:

You would like to move your website to another web host, but test your website at the new host before pointing the domain name to the new hosting account.

The process for making a backup of a WordPress website in preparation for a move to another hosting account or for staging purposes is rather straightforward.

Start by making a backup of your existing website files and database.

Backing up files and databases within cPanel is as simple as clicking Backup, then clicking two links:

Download a Home Directory Backup
then Download a MySQL Database Backup

Once you have a solid backup of files and database:

Set up a staging subdomain within your web hosting account like staging.at-your-domain.com, or use a different domain name entirely.
1. If you are installing your WordPress site within a subdirectory on a cPanel server, click the Addon Domains button.
2. If you are installing your WordPress site into the main directory on a cPanel server, click the Aliases button, and you’ll be all set in two clicks.
Then install WordPress into the new account or directory.
Rename the wp-config.php file for now.
We are doing this so that when you recover your site files you do not inadvertently overwrite the newly set up wp-config.php file.
Upload and extract your backup of files within to your staging directory.
Delete the wp-config.php file you just copied over from the live site and rename the wp-config.php file renamed in (3) above back to wp-config.php
The how to import a database part of the process can be a bit tricky the first time around.
1. Since you already have a working wp-config.php in place and a working database in place, use your FTP or your web host’s file editor to view the contents of your wp-config.php in order to obtain the database name.
2. Log into your PHPMyAdmin. Click on the database name at left. This will display a list of tables. Check all tables, choose the Drop option, then Go to drop all the tables.*
  *All you are doing here is removing the existing database tables in preparation for import.
3. And finally, click the Import option at the top, Choose File, select that database you downloaded to your computer earlier, then click Go.
If all goes well with the import you will have completed the initial staging setup process.

If you are setting up a development site using a domain name different than the original, just add these two lines in gray to the top of your wp-config.php.file (below the line “<?php”), example:*

<?php

define('WP_HOME',"http://{$_SERVER['SERVER_NAME']}/");
define('WP_SITEURL',"http://{$_SERVER['SERVER_NAME']}/");

* The WordPress.org website covers editing wp-config.php fairly nicely, in case you are interested in reviewing the technical bits.

Then visit your migrated website.
99% of the time the two lines of text above are all you need to do!

“So what’s this magic going on behind the scenes” you may ask?

Ok, I’ll let the rabbit out of the hat. The guts of your WordPress settings are maintained in the wp_options table. All this magical bit of gray text in #2 above does is override your siteurl settings in your database.
Presto magico!

Below is an example of the above how to migrate your WordPress website to a different domain name.

The original website with website address:
pharm.tvsecure.net

I copied the same website into a subdirectory of the same account for staging purposes, at:
/pharm-staging.tvsecure.net

and set the domain name pharm-staging.tvsecure.net to point to that subdirectory.

However, we had one obvious problem. Because the staging website was copied from pharm.tvsecure.net any attempt to visit pharm-staging.tvsecure.net resulted in an immediate redirect back to the original pharm.tvsecure.net domain.

Well, that’s annoying.
So, following step #2 above, I simply copy/pasted the two lines shown above into the top of my /pharm-staging.tvsecure.net/wp-config.php file, like this:

The result? When I go to pharm-staging.tvsecure.net the new website address pharm-staging.tvsecure.net I had staged earlier within the directory:
/pharm-staging.tvsecure.net appears nicely like this:

Well, that about covers the basics of migrating a WordPress website to a different domain name by copy/pasting two lines of text.

If you have suggestions or additions to this WordPress staging or migration related article please be sure to email me anytime, jim at HackRepair.com

Enjoy!

Community Blogging: A Short Guide

Yesterday a client asked me this question about WordPress guest editing and publishing (a.k.a. community blogging):

+++++

Hi, Jim. Wondering if you had any knowledge or ideas on the following.

I’m interested to find out whether there exists some sort of WordPress plug-in that would allow our readers to input a story and art directly into our site, and submit it to be published on our site. Once we got an email notification, we could edit it and publish it.

My thinking is that our readers could do some of the work for us, thus improving our coverage AND making our news more timely and relevant. My cursory Google search didn’t really turn up anything.

Any thoughts or direction on that?

+++++

So today I put my thinking cap on. And wrote this article to better answer his question on how to handle guest or community publishing:

WordPress is nicely suited to allowing readers the ability to post new content and media. And like any publishing platform, your prospective writer must first have an account on your website in order to post or edit articles respectively.

First, let’s add an “Author” to WordPress

Out of the box, WordPress allows you to add potential authors to your website. See the “Add New User” area within your WordPress Dashboard. Once you set your writer up with the role of “Author” that person will be able to add or edit his or her media and articles.

Maybe you have an article written and like to have a guest “Author” take over the editing of an article?
That’s easy! Within your list of “Posts”, use the Quick Edit option to assign the new “Author” to your article (picture at right).

About the “Author” role

An assigned “Author” will only be able to edit his or her articles and media.

The good.
An “Author” may only add or edit his or her article.
The not so good.
An “Author” may publish articles as he or she see’s fit, without restriction or editorial review.

In the example at right, I’ve set my “Author”, as username “archereditor1” to a single article. While the “Author” “archereditor1” may be able to view all posts or pages, he cannot edit any articles but his own.

But what if you would like to have finer control of the editorial process or simply prevent an “Author” from publishing?

There are a number of plugins available to do just that. Edit Flow, User Access Manager or Capability Manager Enhanced are solid options.

These WordPress plugins will help to ensure “Authors” are limited in regard to what they can do within your WordPress Dashboard.

* If you have some ambitious editor article writing goals, then I recommend checking out the Edit Flow plugin.

* If you wish to set up groups of writers and limit access to specific articles then User Access Manager should do the trick.

* If your goal is to allow a single “Author” the ability to write articles as he or she wishes, while retaining control of publishing, then Capability Manager Enhanced may work just fine.

With Capability Manager Enhanced, first set up your “Author” as described above (#1).

After installing the plugin, click the “Users” link within your WordPress dashboard, and you’ll see below that a new link option, “Capabilities“.

At first, you may be overwhelmed by all of the boxes; reminiscent of the days when Mom forced you to go to Bingo! with her and your baby brother on Friday nights (such simpler times…). But I digress. It’s a lot less complicated than it looks at first glance.

Just follow the numbers:

In #1 above, be sure to select “Author” then the Load button to start. Set other editing options as needed, then scroll down and click the Save button near the bottom of the page.

Once saved, your budding “Author” may write to his or hers heart’s content but will not be able to publish!

Oh, and the bonus feature:
Recall the note above on using Quick Edit to assign a given “Author” to an article?

Well, once Capability Manager Enhanced is installed, you may likewise assign your post or page “Author” via an option drop-down menu near the bottom of the page or post. The option setting appears like the picture at right.

All done!

I do hope you’ve found this article describing how to limit WordPress “Author” article writing and publishing helpful.

If you have suggestions or additions to this WordPress publishing related article please be sure to email me anytime, jim at HackRepair.com

Enjoy!

Pro tip.
Like to further reduce your guess Author’s dashboard options, check out the Remove Dashboard Access plugin.

___
Editorial reviewers – Thank you! Elizabeth Pampalone, Christina Hills, Joyce Walker

Is My Web Host Secure? Maybe not…

After running into a situation where a client’s web host was running years outdated software, I realized some of you might be operating under a false sense of security–about your security!

Many people believe that just because they set up their hosting account with a well-known shared hosting company that stuff magically updates on its own. This is far from the truth.

Same goes for folks who have their websites “self-installed” with cloud hosting providers. Suffice it to say, once “the installer” leaves the scene, the server software will not self-repair or auto-update itself…

Server management is much more involved, and requires greater expertise than just clicking a button to install Linux and WordPress. Server management is not generally automated, and if someone doesn’t handle it, you may find your “server” is years behind in updates–and then it’s already too late. – Mike D., TVCNet Server Admin.

IMHO, A quality shared host presents “security” as their core feature. And security requires constant vigilance (using both human eyes and hands, 24/7). Web servers are not self-managed devices. And for this reason, many websites are hacked due to the above lack of hands-on management. Seriously, web hosting is a complex business.

Bottomline, if you don’t have a salaried server administrator on staff, it’s your responsibility to periodically check what’s been installed by your host both PHP and web server software wise. And it’s your responsibility to keep your host on their toes and demand currency of software, updates, and service responsiveness.

If your web host can’t handle the responsibility of maintaining regular updates, it’s a rather easy process nowadays to just move on to one that “gets it”. The top three hosting companies, with whom I’ve worked extensively, make customer website security an absolute top priority. These companies are TVC.Net, SimpleHelix, or AceNet

So complain with your wallet – it’s the secure thing to do.

How do I check the server software versions running at my web host?

The easiest method is to upload a one line PHP script to your hosting account and then view the script through your web browser. For this article, we’ll focus on the PHP version number.

How to create a PHP info script:*

Create a blank text file on your computer.
Name it something like serverinfo-x.php
*Try not to name your script to something easily guessed at, like “phpinfo.php”
Add line of text and save:
```
<?php phpinfo(); ?>
```
Upload the file to the same directory as your home page.
Then view your PHP information at:
https://your-domain.com/serverinfo-x.php

Need help setting your site up for an SSL certificate (httpS://)?
I can help you with that today for a small one time fee.

Once you have the file open in your browser, look for the PHP version line, top of page.

You should be running PHP version 5.6 or above.

On a cPanel server, once you log in, look for a section on right or left named Server Information. An example below, with the two most important bits highlighted:

Note the Apache version shown above (click to enlarge).

You should be running Apache version 2.0 or above.

If you are running WordPress, the WP System Information plugin may provide the same web server software installed information as well.

So that about covers the basics in regard to what you should check server software versions wise. A web host running outdated software can be as great a security risk as running a years old version of WordPress, Joomla or other content management system.

If you need help or further explanation please feel free to call or chat with me anytime.

How to remove the subdirectory name from your WordPress website address

In this example of subdirectory redirection, we’ll be using .htaccess to properly redirect a website address such that both the website and WordPress dashboard load without the subdirectory name.

Our domain for this example will be “your-domain-name.com”

Within the public directory, often named public_html or html, you should see the following settings for a standard WordPress permalinks setup:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

The above works perfectly fine when your main domain name is located at the top of your public directory–not so well if your site is located in a subdirectory like “blog”

To enable your website to function properly within your blog subdirectory, but without showing the blog subdirectory name, we actually need to change three different files, shown in the picture at right:

The first file we’ll edit is the .htaccess file (contents shown above), to:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?your-domain-name.com$
RewriteCond %{REQUEST_URI} !^/blog/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /blog/$1
RewriteCond %{HTTP_HOST} ^(www.)?your-domain-name.com$
RewriteRule ^(/)?$ /blog/index.php [L] 
</IfModule>

The second will be the index.php file, from:

/** Loads the WordPress Environment and Template */
require( dirname( __FILE__ ) . '/wp-blog-header.php' );

to:

/** Loads the WordPress Environment and Template */
require( dirname( __FILE__ ) . '/blog/wp-blog-header.php' );

And lastly, open the blog directory, then edit the .htaccess file within to:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /blog/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /blog/index.php [L]
</IfModule>

# END WordPress

Updating these three files, as shown above, will accomplish two goals:

Display your website in the web browser location bar as the domain name only and not show the trailing subdirectory /blog

And allow you to access your WordPress dashboard as simply www.your-domain-name.com/wp-admin/ instead of www.your-domain-name.com/blog/wp-admin/

I hope you’ve found this short tutorial on how to set up a WordPress site within a subdirectory without displaying the subdirectory within Google search or the WordPress dashboard helpful.

If you have further questions please feel free to leave your comments or questions below.

Enjoy!

A Guide to Running WordPress with PHP7 on a cPanel Server

If you are running cPanel servers, you may have heard that cPanel now offers PHP7 support.

PHP7 has become quite the popular discussion within the WordPress, website optimization Facebook groups and hosting company blogs. And now that WordPress is finally mostly PHP7 compatible, and there’s even a plugin developed to help WordPress authors check their websites for PHP7 compatibility, I felt it was time to build and test my own cPanel with PHP7 setup.

Below is what I learned in setting up PHP7 on a cPanel server for WordPress.

For the cPanel server administrator:

The actual release of PHP7 to cPanel started in early 2016. A quick search in the cPanel forums will return a good number of rather frantic support requests relating to EasyApache version 4 upgrade issues.

EasyApache 4 is a requirement for PHP7 on cPanel servers.

Suffice it to say, the EasyApache 4 upgrade in 2016 was not for the faint of heart.

Until most recently, the process for upgrading cPanel servers to allow for PHP7 has been rather problematic. On a more positive note, the situation has greatly improved since the initial release.

1. Upgrade cPanel to EasyApache4.

This video from 2015 may help:

2. Ensure all sites on server are running the latest PHP7 ready php.ini file. This can be a challenge.

php.ini cPanel hint:
The default php.ini file location for cPanel is usually located at: /usr/local/lib/php.ini

3. Educate your website clients on how to edit their php.ini file (notes below).

For the cPanel website manager:

PHP7 – Hooray!

Ok, so before you log into your cPanel and clicky-clicky on the MultiPHP Manager Apply button, there are few things to consider.

Have you installed and ran the PHP Compatibility Checker plugin?

While not a perfect test–as the plugin will likely return a number of false positives, if your update to PHP7 does generate errors, the PHP Compatibility Checker plugin may help to identify plugin incompatibilities for further testing and troubleshooting.

Website Backups?

While a backup of your website is not fully necessary, since you may revert the PHP version back to an earlier version with a click of the Apply button, this may be a good opportunity for you to download a full backup of your website in case of future failure (better safe, right…).

Some plugins and themes may recommend custom PHP settings.

Luckily, the EasyApache 4 upgrade provides a couple of new cPanel features. The first mentioned above, MultiPHP Manager, and the second is named the MultiPHP INI Editor.

The editor mode, shown in the picture at right, gives you direct access to view or edit the settings within your php.ini file.

The php.ini file is the default configuration file for PHP. It is used to control variables such as upload sizes, timeouts, memory & resource limits, and the like.

Some WordPress themes, like Envision, may present an “Input Vars Limit” warning after upgrading to PHP7.

If this is the case, use the MultiPHP INI Editor to edit your php.ini settings to the recommended settings. But there’s a catch… I’ll explain.

Unlike .htaccess files, php.ini settings, installed within your public_html directory, are not recursive through all subdirectories. When a web server is set up, default PHP settings are set for all websites. And, in the case of WordPress 4.7 and prior versions, some themes and plugins may require custom PHP settings, which can only be read from the php.ini file located within the /wp-admin directory (don’t ask me why…).

MultiPHP INI Editor warning label:
Before editing your php.ini file I recommend making a backup before making changes.

WordPress php.ini tip of the day:

If after updating your php.ini settings within cPanel, you find your plugin or theme continues to report the wrong PHP settings, try copying the php.ini file found within your public_html directory into your /wp-admin directory, then check once again.

Well, that covers some EasyApache 4 Upgrade, PHP7 and WordPress Related Tips for cPanel web server admins and clients. If you have further questions, please feel free to contact me using the comments section below.

Enjoy!

I’ve posted a few related article links below. If you have questions just pick up the phone and call me anytime, Jim Walker, The Hack Repair Guy, (619) 479-6637