Category: WordPress

Create WordPress Settings Page With Meta Boxes

In this tutorial I want to explain Step by Step How To Create WordPress Settings/Options Page With Meta Box, like what you see in this screenshot:

WordPress Settings With Meta Box
WordPress Settings With Meta Box

WordPress have a decent Settings API and it offer a lot flexibility in design. Several plugins do “wild” things in their Settings Page, However for better user experience it’s best to use seamless design (blended) with other admin UI design.

One of my favorite admin UI element is Meta Box. Not only because meta box have an easy to use Meta Box API (so we can easily create meta boxes), but it also have user preference options where user can reorder (drag-and-drop) the position, toggle open/close meta boxes. and even changing Screen Layout to 1 or 2 column using “Screen Options”.

Benefit in using Meta Box in Settings Page:

  1. Nice UI : Neatly Group Complex Settings.
  2. Minimum Design Time : WordPress already have the design.
  3. Easy to use : because user already familiar with how the panel works.
  4. Extend-Ability : Other developer can easily extend our plugins and add options with familiar API.

So Let’s Start ! Read More Create WordPress Settings Page With Meta Boxes

Fighting Brute Force Attack in WordPress

wordpress--brute-force-protection

Brute Force Attack is a daily problem for WordPress sites. What’s interesting is that you cannot prevent it from happening. It’s unavoidable. You can only make harder for the attacker to attack your sites.

If we use CMS with login feature to manage our content, we cannot remove/disable the login functionality because we need it to get access to manage the site.

You can use the strongest password, two factor authentication, etc. But it will not stop the attack to your site.

Every single login attempt will cost you server resource. You cannot cache this page to reduce the impact because WordPress need to validate each login attempt.

They can try to get access to your site, and fail. But they still can make your server collapse.
( or make you pay a lot of money if you use hosting that calculate price by pageviews )

But, we can try to discourage attacker by blocking IP addresses they use. If you use relatively good hosting, you probably have firewall system installed in your server to log and block attacker. But you can also install security plugin to add another layer of security. Several plugin for WordPress brute force protection:

  • Limit Login Attempts : un-maintained plugin, if I’m not mistaken WP Engine auto-activate this plugin for sites hosted there.
  • BruteProtect : Use their server to log IP addresses, kinda like Akismet for brute force attack. You need to register to their site to get API key for each of your site. Currently owned by Automattic.
  • Login Security Solution : similar with limit login attempt, maintained. And have multi-site support. This is the plugin I’m using.
  • And a lot more alternative…

It will reduce their attack, but because they seem to have unlimited number of IP Address, it’s actually (kinda) useless method to try to discourage them.

never give up

Quoting from Matt Mullenweg:

Supposedly this botnet has over 90,000 IP addresses, so an IP limiting or login throttling plugin isn’t going to be great (they could try from a different IP a second for 24 hours).

You can also read other sources to understand the scale of the attack:

Every single day in each sites I got hundreds of failed login attempt. Probably tens of thousands if it’s not protected by firewall and security plugins. It happen in every single site. Not even one site is free from brute force attack.

Several days ago, I ask for advice at Theme Hyrid Forum (private forum replies). I got several response. And from their response I create a custom solution for my sites and my clients sites.

I tested it in 10 different sites for 24 hours, the result is amazing. I got almost zero login attempt.

Even though it’s still premature to say that this solution is working. In this post I would like to share the custom solution I build to solve this problem. Read More Fighting Brute Force Attack in WordPress

My WordPress Journey

I started my online life just as a hobby. The idea to make money online is interesting to explore. Almost no reason, just ’cause.

I created my first blog on blogger and purchased my first domain from Google Apps. Register to Google Adsense and think that I’ll start making $$$. I was wrong. It’s tough, need a lot of dedication. I need to learn SEO, content research, etc. Read More My WordPress Journey

Transfer Files Server to Server Using Simple PHP

server-to-server-php-zip

Sometimes you need to move/migrate files to another server/hosting, and you/your client only have FTP access to the server. And to download these files and re-upload to another server can take a lot of time using FTP client such as Filezilla. FTP do not have zip – unzip functionality, so you need to upload it one by one. And server to server transfer is a lot faster than downloading and uploading the files.

You can use this simple PHP script to move files from one server to another server. Read More Transfer Files Server to Server Using Simple PHP

jp

Jetpack Complex is a term used to describe a piece of software, a plugin or a theme in WordPress universe, that attempts to do too much and becomes painful to use for the user. An example of Jetpack Complex would be a plugin to display video that also tries to be your spelling and grammar checker program, sharing tool, and even contact form, resulting too much hard drive usage, server memory, and user time for maintenance by updating the part of the software they don’t actually use. 0

Simple Mobile Browser Detection using Javascript

In earlier post about wp_is_mobile() I explain that we can use wp_is_mobile() WordPress function to design theme by adding wp-is-mobile body class and use it in CSS and Javascript/jQuery.

But @samikeijonen mention that similar method was removed from twenty fourteen theme because if we use page cache/html cache the result will also be cached.

 

 

responsive

So I think the best way to use wp_is_mobile() is to also detect mobile browser via javascript/jQuery using this simple code: Read More Simple Mobile Browser Detection using Javascript

WordPress Editor (TinyMCE) how to create line break <br> and not paragraph <p>.

wp-editor-br-vs-p

This is a very simple tips/snippet. One of the biggest annoyance for first time WordPress user is that WordPress Editor/TinyMCE will produce paragraph tag instead of just simply add a line break. This makes it really hard for newbie switching from other blogging platform/social media to write a new content.

This mostly happen to my client (and my self) when first switching from blogger (google) to WordPress or use social media like facebook, twitter, or forum (vBulletin, etc) which do not do this/have this behavior.

What is <br /> and what is <p>?

In WordPress when we write content and hit “Enter”, we will add new paragraph, and there will be a margin in between text, some people try to hit “backspace” to remove the extra margin, but instead it will go to the previous line. It’s probably easier to explain using picture:

why-like-this-wp-editor-br-p

The first (with no margin in every line) is using line break / <br/> tag, and the second one with margin at the bottom is using paragraph / <p> tag.

There’s nothing wrong with WordPress, this is actually a feature in WordPress called auto-p (auto paragraph)

I’ll explain that it’s easy to enable line break on “Enter” in WordPress editor. Read More WordPress Editor (TinyMCE) how to create line break <br> and not paragraph <p>.

How to Host WordPress in Digital Ocean VPS (Step by Step Tutorial)

A simple walk-through in how we can host our WordPress site(s) in Digital Ocean (un-manage VPS) Cloud Server. Using Ubuntu and LAMP.

Introduction

digital-oceanThere’s a lot of WordPress hosting out there, and the price is affordable. But recently several developer friend at Theme Hybrid community shared that they move to Digital Ocean because of several reasons:

  • Better server (response time, ssd storage, bandwidth) than shared hosting
  • Dedicated IP for each droplet
  • Simple interface/easy to use (for a unmanaged vps)
  • Simple backup and we can create snapshot of our server
  • Easier to scale when we need
  • Amazing price, start at $5/month
  • Charged per hour usage, so we can easily create a test site (for clients) and destroy it when we no longer need it.

Read More How to Host WordPress in Digital Ocean VPS (Step by Step Tutorial)