Tag: code

wp-config file

WordPress Debugging

It is inevitable. At some point when running a WordPress site you will have a conflict, an error, or worst case – a PHP Fatal leading to a WSOD (White Screen of Death).

My goal is to provide the means with which you should be able to view and hopefully understand, to some degree, the errors so that the most appropriate person can provide a solution.

Why is it Inevitable?

By virtue of the shear number of different WordPress plugins, themes, and PHP versions, there are bound to be interactions that cause issues. Hopefully these issues don’t bring down your site. But some will.

Types of Errors

There are a few basic types of errors common to WordPress sites. Primarily all are PHP errors. There are 3 primary types of PHP errors: PHP Fatal, PHP Warning, and PHP Notice.

Under most circumstances you might not even be aware of either the PHP Warning or PHP Notice errors as they commonly only display in your PHP error log. A PHP Fatal error is the most common cause of the WSOD, but again you won’t see the actual error outside of an error log.

By default WordPress doesn’t display these errors to the user. You can adjust certain settings within wp-config.php to bring these errors to display and/or log them to a WordPress specific debug.log.

For many, modifying the wp-config.php file is a daunting task that in and of itself, can bring your site down. I’ve tried to simplify this with the creation of my WP Debugging plugin.

My plugin will add settings to wp-config.php. More specifically setting WP_DEBUG to true and setting WP_DEBUG_LOG to true. There are a number of additional settings that can also set to assist in debugging.

xDebug Isn’t the Only Way

Tom McFarlin has written extensively about coding and debugging.

In this member’s only post, Tom explains many of the individual settings that can assist in debugging a WordPress site using only native WordPress functions.

Automate All the Things

WP Debugging is a plugin I wrote to automatically add many of WordPress’ built-in settings on plugin activation and remove them on plugin deactivation.

Additionally, the plugin automatically installs and activates 2 additional plugins, Query Monitor by John Billion and Debug Quick Look by Andrew Norcross. These plugins are required, though that can be modified by the user, only because I made that decision.

Query Monitor is an established development plugin that provides a wealth of information for debugging. Debug Quick Look is a wonderful plugin whose sole function is to display the debug.log that WordPress writes debugging errors to when WP_DEBUG_LOG is set to true.

There are also two optional plugin dependencies that request to be installed, Debug Bar and GitHub Updater. The purpose of installing GitHub Updater is to keep the WP Debugging plugin updated.

Looking in the Logs

Viewing the debug.log will allow you to gain insight into the cause of the error. Often these errors will provide a stack trace pointing to exactly the file, function, or line of the error. They will definitely aid the developer.

Debugging is a art. One that you will only gain proficiency in through practice. It is my goal to help bring this information closer to you as simply as possible via the WP Debugging plugin.

You can read more about the specifics of what the WP Debugging plugin does on GitHub and, as always, PRs are happily considered on the develop branch.

Filed under: code, WordPressTagged with: , ,

The Events Calendar Category Colors Plugin

It’s been a wild couple of days figuring this one out. Special thanks to Jonah West for all the help and encouragement. This plugin seeks to greatly simplify the ability to create background colors for your categories in the month view when using The Events Calendar plugin. It requires The Events Calendar v2.0.5 or greater.
TEC Category Colors uses the Tribe Setting API to integrate its settings into TEC’s settings page.
You can grab it from the WordPress Repository.

Filed under: codeTagged with: , ,

Add Alarm to Events Calendar PRO

Thanks to Joey Kudish and Jonah at Modern Tribe, Inc., I’ve converted my original hacked together code to add an alarm to a calendar event created using the Events Calendar PRO WordPress plugin into a plugin of my own. You can see/follow the original discussion on the Modern Tribe forum.
This plugin requires the Events Calendar PRO plugin. You will have to create an Additional Field from The Events Calendar Settings page.

You can then download, install and activate the The Events Calendar PRO Alarm plugin. If/when this functionality ever becomes part of Events Calendar PRO simply deactivate the plugin.

Filed under: codeTagged with: , ,

chroot'd SFTP on Mac OS X server

So here you are finding that you need to grant someone else SFTP access to your server. There are lots of reasons to do this, in my case it’s because I needed to grant access to someone’s web designer. We initially worked it out by him emailing me files and me SFTP’ing them up to the server in the correct location. Now he needs direct access to fix some things and I want to give him only what he needs without compromising security. Enter the chroot jail. After lots of googling and some encouragement from the Mac OS X Server email list, I’ve got it working. Here’s how it works.
First, you should create the new user in Workgroup Admin and either assign them access privileges for SSH via Server Admin or assign them to a group that has SSH access privileges. Further discussion is below.
From the Terminal, start off right.

sudo cp /etc/sshd\_config /etc/sshd_config.bkup
sudo chown root /
sudo chmod 755 /
sudo mkdir -p /chroot/user/scratchpad
sudo chown -R root /chroot
sudo chown user /chroot/user/scratchpad
sudo chmod -R 755 /chroot

Every additional new user added will then be something along the lines of the following.

sudo mkdir -p /chroot/user2/scratchpad
sudo chown root /chroot/user2
sudo chown user2 /chroot/user2/scratchpad
sudo chmod -R 755 /chroot/user2

Every folder in the path to the chroot jail must be owned by root. I don’t think it matters what group the folder is in. What I did above was to

  1. backup /etc/sshd_config
  2. change ownership of the root directory to root
  3. change permissions of the root directory to 755
  4. create a chroot folder
  5. create a user folder inside the chroot folder
  6. create a folder inside the user folder that user can modify
  7. set ownership and permissions

Now to edit /etc/sshd_config to the following.

#Subsystem  sftp    /usr/libexec/sftp-server
Subsystem   sftp    internal-sftp
Match User user
  X11Forwarding no
  AllowTcpForwarding no
  ForceCommand internal-sftp
  ChrootDirectory /chroot/user

This creates a chroot jail. When the user logs in will drop them into the folder /chroot/user, in that folder is a folder they can add things to /chroot/user/scratchpad.
If you want to create a Group in Workgroup Admin for ‘Chroot Users’ then add the new users that you created in Workgroup Admin to the Group; you won’t have to keep editing the /etc/sshd_config file. Instead of the above, add the following. Make sure you add the ‘Chroot Users’ group to the SSH access ACL in Server Admin.

#Subsystem  sftp    /usr/libexec/sftp-server
Subsystem   sftp    internal-sftp
Match Group chrootusers
  X11Forwarding no
  AllowTcpForwarding no
  ForceCommand internal-sftp
  ChrootDirectory /chroot/%u

If you have more than one chroot group just repeat the Match Group setup again.
To test whether the above is working, issue the following from the terminal.

$ sftp user@domain.com
Password:
sftp>

Getting in is one thing. Now you have to mount the folder you want to use. Unfortunately you can’t use a symlink inside of a chroot jail. This is where Homebrew is your best friend. I don’t know why I’ve never seen fit to install this before. After installation just issue the following commands.

brew install bindfs

You might have to restart. Now with an empty folder created in /chroot/user you can mount --bind to a folder outside of the chroot jail. For example

sudo /usr/local/bin/bindfs -u user /Library/Server/Web/Sites/Server/Documents/mysite/yourfolder /chroot/user/scratchpad

So far this seems to work here.
Update for Mountain Lion Server
As I’ve updated my server from Snow Leopard to Mountain Lion, there’s one extra step.
From Workgroup Manager, you will need to create a home folder. Nothing really has to go into it, but it needs to be present. My settings are as follows.
Mac OS X Server/Share Point URL: afp://myserver.example.com/Users
Path to Home Folder username
Full Path /Network/Servers/myserver.example.com/Users/username
After setting this up the first time it seems to auto-populate for every other user. You’ll have to go to the Home tab, select it and Save.

Filed under: code, osx-serverTagged with: ,

Fail2ban Problems and Solutions

If you use Fail2ban then you are probably aware of the fact that you must add a rule number to the ipfw deny rule for actionban in ipfw.conf. If you don’t add a rule number then there is no way for fail2ban to delete the rule after it expires. The problem lies in that you can easily set a different rule number for each filter but if the filter adds many rules within it’s ban time then when that first actionunban gets triggered all rules with the same number are removed, even if there full ban time has not transpired.
I was looking for an elegant solution to this and finally figured out how to do it myself. What I’ve done is in the ipfw.conf file I’ve added a variable that will create a random number between 10000 and 12000 to use as the rule number.
The code is pretty simple.

echo $((RANDOM%2000+10000))

There needs to be an extra % in there for it to work. I think it has something to do with python. So far it seems to be working pretty good here. While it is possible that I could get a duplicate rule number, it’s unlikely.
I’ve modified my installation of Fail2ban significantly; but only by adding filters, jails, etc. Here’s a bundled version of all of my modifications. Here are instructions for using my modifications. So far everything seems to be working great. I’ve had to add a few items to ignoreregex so I don’t ban people using their iPhones on 3G or at home from certain dynamic IP cable providers.
What I’ve done is a host lookup on the IP that’s banned and if I find it’s a local ISP, like Verizon or Time Warner Cable, I add part of their host lookup to the ignoreregex list. So far it seems to be doing the trick.

Filed under: code, osx-serverTagged with: , ,