How to develop your own WordPress CRON job properly and ensure it actually runs

Hello! In this post we will be walking through how to interact with the WordPress Cron system. We will delve into how to establish your scheduled jobs properly using the built-in WordPress cron system, with no other external interactions such as the OS cronjob system. This will be useful for WordPress plugin developers as in order to develop a plugin that utilizes reliable scheduled tasks, you need to accommodate many different types of web hosting environments. What is CRON? In linux, this would be a command line utility that allows the end user to schedule jobs to run at specific days and times on a repeating basis. You can write your own script and have the operating system run it on a nightly basis. Systems Administrators use this often for things like backups, integrity checks and a wide array of use cases. What is WordPress CRON? Taking the same concept […]

How to make Woocommerce more enterprise friendly

Hello! After Working with WordPress and Woocommerce for a while, watching it grow and evolve over time, there are some constraints that we have been encountered over the years in particular with larger enterprise projects. WordPress appeals to a massive audience (43% market share to be exact). In this massive appeal, the WordPress development community has to make careful decisions in order to balance the needs of the majority of users with the unique demands that enterprise implementations may have. The most common requirements for enterprise WordPress sites would be : Redundancy, Deployment, Testing/QA and Security. All of these requirements are closely tied together in one way or another but they are all limited or hindered by the way WordPress is fundamentally designed. This can usually be accommodated with standard static WordPress sites. The moment you delve into the e-commerce world with Automattic’s Woocommerce, you run into problems. Why Woocommerce […]

How to push your single post or page content with this new WordPress plugin

Hello! There is quite a bit of documentation with how to scale your WordPress site for enterprise. Additionally there are quite a few enterprise WordPress hosting solutions that allow you to “stage” your content on staging sites with automated methods to push or clone the staging site (once an internal approved process gives the thumbs up perhaps) to the live / production website. These systems are great and not only sanitize and streamline the publication process of your website, but also increases the security and containment of any issues that may come up with your website. The live site can be further locked down and restricted as a result of this type of process because people (administrators, contributors) no longer need to be logging in and interacting with the live production website. All of it can be done on a more private staging site. For many people this type of […]

How to scale your WordPress site for enterprise level redundancy

Hello! It often becomes a requirement for certain levels of clients to ensure service level agreements for uptime and redundancy are kept. What does this mean? Well we want to ensure that a particular site can withstand a single point of failure, which usually means we would need to expand the services across multiple endpoints. This is not a new requirement and usually is not something one would consider for small or even medium sized businesses because the costs essentially skyrocket because at this level of redundancy you need someone to design the infrastructure, roll it out, manage it, monitor it and then you need infrastructure resources such as multiple servers , load balancers and similar services to ensure this type of redundancy is kept. The purpose of this post is to walk you through, in technical terms, how to roll out a WordPress site using industry standard best practices, […]

How to bulk update all WordPress pages or posts

Hello! Sometimes its necessary to perform mass or automated actions against your WordPress content. Reasons for this can vary, but in our scenario there was a bug in a plugin relating to translated content via WPML where afte a fix / plugin update was applied, resolving the content errors was as simple as re-saving an existing post (with no changes). Normally this wouldn’t be a problem but what if your site has over 1,000 pages or posts? Doing those one at a time , or even via the “Quick edit” method can be tedious and resource-taxing (both in-person and server resources!). Alternatively, what if you needed to update a byline in the post content, or standardize a title format for your posts? The reasons can vary again ,but I thought it might be helpful to include an automated process using a method called “bootstrapping” WordPress. What this really means is […]

How to create self-populating “smart” forms in Drupal 8 with Form API

Hello! Many years ago (2015 to be exact), we published an article on how to create self-populating dropdown forms using the Drupal 7 Webform API. Now that the year is 2019 and Drupal 8 has been “Released” for quite some time now, with 8.7.1 as of May 2019, we thought it might be a good idea to update the strategy to do the same or similar action in Drupal 8. What are we trying to do anyways? Well we want a way for people to interact with a Webform in an interactive way. This means we want subsequent dropdown selections to be populated by previous choices. This logic doesn’t have to be restricted to dropdowns, it can be input  boxes, checkboxes or radio buttons. Anything, really. In the example above, you can see “Beverage” is chosen for “Industries”. The “Products” dropdown underneath has the options that you see  populated based […]

How to block your WordPress site from being scanned by WPScan with Nginx

Hello! First and foremost, why would you want to block WPScan from probing your site? Well we all know that security through obscurity is a bad practice. That said the risks of malicious activity on your site is undoubtedly heightened through many points of information disclosure that is freely available to parse and organize to make an accurate security risk assessment of your WordPress site. This type of information is easily attainable through automated scanners like WPScan. Tools like this scan for version tags in readme files, file size fingerprints and meta tags to determine not only the version of WordPress you are running but the version of each of the plugins you have installed. Why is information disclosure bad? Some would argue its not bad. Others would also point out that a 0-day WordPress core or plugin vulnerability could mean that minutes and hours of circumvention or lowered risk […]

How to cache queries to admin-ajax.php in WordPress to improve performance

Hello! Working with wordpress for a while now, we noticed that many actions, whether administrative in nature or building a WordPress query on the front end, are dependent on the built-in admin-ajax.php or WordPress AJAX API. Since many 3rd party plugins depend on this Ajax API to dynamically push and pull data, it is unfortunately a common occurrence to have the performance of a site impacted when many AJAX API calls are happening. One of the tell tale signs of admin-ajax.php performance issues can be seen when inspecting the network connections of rendering a particular page on your WordPress site. If you filter “admin-ajax.php” in your network tab of the developer console in your browser, you should see clearly the admin-ajax.php POST that may be taking too long. In our experience, some post grid plugins that make it easy to render a grid of posts on your page heavily rely […]

How to protect WordPress media files and only allow the users who uploaded them to view

Hello! In the past we have written about how to protect your WordPress media files. In the past exercises we utilized a strategy to set a session cookie with encrypted details that can be read and validated at the http service (i.e. nginx) as well as application (php/wordpress) level. Since then we have refined this process to be much more secure, flexible and efficient. We have abandoned the cookie validation process for verifying the request before serving it and replaced it with a slightly more complicated but much more secure method. First before getting into the details, why would we want to protect WordPress media files? Well the answer depends on what sort of site you have and what you are trying to do, obviously. In our scenario, which isn’t necessarily unique, we have end-users that register for an account in order to check out of a Woocommerce store. We […]

How to implement a government ID verification system with Woocommerce and WordPress

  Need this implemented on your site? Click here and fill out our quote form!   Hello! There are many reasons why your Woocommerce store may need a system to accommodate verifying the identity of your customers. Depending on what your selling and the local or federal laws that are in place, having the identity of your consumer verified may be needed for liability or compliance reasons. Additionally under certain conditions within your Woocommerce store (such as orders over a certain amount of money), validating the identity can dramatically reduce the risk of fraud and fraudulent transactions on your site. I’m going to go into details with how to implement a system into your Woocommerce store that will accommodate the following : Provide a section within the Woocommerce “my account” area for end-users to upload a digital image of their ID Add a new field for the user details to […]