Enabling Zend OPcache on Ubuntu and Apache

opcodeZend OPcache is the new open source opcode PHP cache that is now bundled with PHP 5.5. I had just upgraded one of my servers running Ubuntu 12.04 to use Apache 2.4.6 and PHP 5.5.4.

So how does one install it? I initially thought I had to just edit the php.ini file since there are a bunch of new settings for the opcache. I set mine similar to the recommended default and did not enable `cli` caching.

opcache.memory_consumption=128
opcache.interned_strings_buffer=6
opcache.max_accelerated_files=2000
opcache.revalidate_freq=60
opcache.fast_shutdown=1

Restarting Apache however and I saw that it was still disabled , even though I had also set

opcache.enable=1

Continue reading

WordPress exploits – A review of what’s going on

As you may or may not know I setup http://wpsecure.net/ as a hobby a few years ago to track exploits for plugins hosted on wordpress.org. The main reason I created the site was twofold, to alleviate some of the finger-pointing directed at WordPress core, and to educate users and plugin authors since most vulnerabilities are easy to correct using proper WordPress or PHP/JS coding practises.

Continue reading

How to center align auto WordPress embeds

I came across this problem the other day when using WordPress auto embed feature. When you add an embed URL, for example “http://youtu.be/M-aGPniFvS0 ..”   it will automatically be aligned to the left (this depends on the theme). This can look odd depending on your layout, there is a trick to make it centered in the post by doing the following in the text editor:

<div style="text-align: center;">  
... embed url ...  
</div>  

It’s important that the div and the embed URL are all on separate lines.

Beware: Also there is a major drawback in that if you update the post again it will auto format the markup and remove the line spaces and the auto embed will not work.

WordPress.com’s VIP sites make for an interesting future

wordpress_vip_logo[1]A few days ago I went to http://nypost.com and surprisingly saw the default WordPress admin toolbar at the top of the site with my username attached. It only took a few moments to realize this wizardry was due to the NY Post moving to WordPress’s VIP service.

It became apparent as I browsed several more VIP sites that I could post as a WordPress.com user which is obviously tied into my blog. I know this service has always been available for regular WordPress.com sites, but it certainly felt different when visiting higher profile sites like the NY Post and MSNBC. The more I thought about it this, the more I realized that WP has an opportunity to leverage the VIP service to create a powerful social media community. Comments on higher profile sites now link directly to someones blog which has much more personally and presence than an anonymous comment, or found via a 3rd party like Disqus.

Continue reading

How to use a simple nonce in WordPress

keep-calm-you-are-a-nonce[1]

Nonces are something I don’t see nearly enough in WP themes and plugins, it’s simple to implement since WP handles all the hard stuff and there are several functions and hooks ready to use.

What’s a nonce ? Nonces are used for security purposes to protect against unexpected or duplicate requests especially when using forms to submit data. Nonces basically prevent CSRF attacks (Cross-site request forgery) since each nonce is unique to the logged in user.

Continue reading