Tiny WordPress Insights
On WordPress core, plugins, themes, etc.Fri, 11 Aug 2023 12:31:17 +0000en-US
1 https://wordpress.org/?v=6.2.2ssh-import-id-gh – Import your public SSH key from GitHub
https://www.tinywp.in/ssh-import-id-gh/#respondFri, 11 Aug 2023 12:29:21 +0000https://www.tinywp.in/?p=2682Continue reading "ssh-import-id-gh – Import your public SSH key from GitHub"]]>The (WordPress) developers often use to troubleshoot sites hosted in remote servers. While I don’t recommend working with a production site directly, these days most hosted WP companies offer staging sites with SSH access, with wp-cli pre-installed. In order to log into those, most of us use password authentication that can lead to a number of security issues. For example...
]]>https://www.tinywp.in/ssh-import-id-gh/feed/0Bootstrapping DigitalOcean Servers
https://www.tinywp.in/digitalocean-bootstrap/#respondThu, 26 Jan 2023 15:23:05 +0000https://www.tinywp.in/?p=2675Continue reading "Bootstrapping DigitalOcean Servers"]]>I manage multiple DigitalOcean servers. There are a number of configurations to be done in order to bring a secure DO droplet. For example, firewall, alerts, etc. I missed a step years ago that caused a low priority security alert lately. So, I automated most of the steps while configuring any DigitalOcean server (new or old). Like most other things, I open-sourced the project in Github.
]]>https://www.tinywp.in/digitalocean-bootstrap/feed/0What did I do in 2022 and my WishList for 2023
https://www.tinywp.in/2022-review/#respondFri, 16 Dec 2022 03:28:10 +0000https://www.tinywp.in/?p=2660Continue reading "What did I do in 2022 and my WishList for 2023"]]>It’s the year of MikroTik and network engineering. So, there is hardly any WordPress stuff in this post. I bought MikroTik hAP AX2 this year, just after its launch. I’d been waiting for it for years. This is my fourth MikroTik product for my R&D. Earlier, I owned two numbers of hAP ac2 and SXT LTE Kit. One hAP AC2 runs on Router OS v6. The other one is on the latest version. Using them to test...
https://www.tinywp.in/infrastructure/#respondThu, 10 Nov 2022 15:02:22 +0000https://www.tinywp.in/?p=2630Back in 2011, I already wrote a colophon post. Nothing much changed in it in terms of underlying technologies used such as Nginx web server. However, a few things aren’t mentioned in it, but will have a mention here. Basically, I am running most of the services using Google services for this domain (tinywp.in). Even though, I’ve been trying to de-google myself for years, I still use Google...
]]>https://www.tinywp.in/infrastructure/feed/0Rate limiting xmlrpc requests on WordPress using Nginx
https://www.tinywp.in/xmlrpc-rate-limit-nginx/#respondThu, 02 Dec 2021 02:02:30 +0000https://www.tinywp.in/?p=2609WordPress based sites are target for most automated bots. Those bots look for various vulnerability in WordPress core, the themes, and the plugins. Then, there are some kids (and their kid bots) that target specific resources in a WP site. “xmlrpc.php” is one such resource. It uses XML-RPC protocol that does many things in WordPress. For example, it helps with remote sites to notify their mentions...
]]>https://www.tinywp.in/xmlrpc-rate-limit-nginx/feed/0Disable PHP warnings when running wp-cli
https://www.tinywp.in/disable-php-warnings-on-wp-cli/#commentsTue, 18 May 2021 14:46:00 +0000https://www.tinywp.in/?p=2577Continue reading "Disable PHP warnings when running wp-cli"]]>It is not uncommon to test sites on a development environment (locally or in a staging environment where others can see the work-in-progress). On a development environment, usually we have configured to be . Here’s the sample of file in a development / test / staging environment… While the above code is perfectly okay, if the site creates PHP warnings, it is a nuisance to see them repeatedly when...
]]>https://www.tinywp.in/disable-php-warnings-on-wp-cli/feed/1Nginx compatibility for “Cookies for Comments” plugin
https://www.tinywp.in/nginx-config-cookies-for-comments/#respondThu, 29 Apr 2021 06:07:57 +0000https://www.tinywp.in/?p=1438Continue reading "Nginx compatibility for “Cookies for Comments” plugin"]]>Whether you are aware or not, spammers are more interested in your site than anyone else. You’ll understand this more vividly, when your blog starts to become famous and brings more and more visitors week after week, month after month, year after year. The most annoying thing about spam comments is the amount of time that you need to waste in dealing with it. There are some bright minds in...
]]>https://www.tinywp.in/nginx-config-cookies-for-comments/feed/0Buypass CA – SSL with 180 Days Validity
https://www.tinywp.in/buypass-ssl-certificate/#commentsTue, 21 Apr 2020 14:45:00 +0000https://www.tinywp.in/?p=2494Continue reading "Buypass CA – SSL with 180 Days Validity"]]>Buypass is a Certificate Authority (CA) based on Europe. It offers free SSL certificates with a validity of 180 days. Unlike LetsEncrypt, Buypass CA also offers paid SSL too. So, it is neither a competitor to LetsEncrypt, nor it is a nonprofit. It is a for-profit company that also offers free SSL certificates. There are other CAs that offer free SSL certificates too. However...
https://www.tinywp.in/version-control/#respondWed, 10 Jul 2019 12:31:37 +0000https://www.tinywp.in/?p=2439Continue reading "Version Control"]]>WordPress uses SVN internally such as for plugins repository. So, a plugin author must use SVN tools to upload a plugin and update the existing plugin/s in wp.org plugins repository. If you are new to SVN, WordPress docs team has a nice guide to get started with SVN and plugins repository. The best practices section is a gem. It is possible to update WP core using SVN. However...
]]>https://www.tinywp.in/version-control/feed/0Handling WordPress Cron failures using wp-cli
https://www.tinywp.in/fixing-wp-cron-failures-with-wp-cli/#respondTue, 18 Jun 2019 04:34:51 +0000https://www.tinywp.in/?p=2425Continue reading "Handling WordPress Cron failures using wp-cli"]]>To understand WP cron, let me quote the following text from Cavalcade documentation… As you can see, even if a site has moderate traffic, if the site uses aggressive caching techniques, it is possible for real traffic to never hit PHP or WordPress to process a request. When wp-cron fails, a number of things can fail… a scheduled may not get published on time, a newsletter may not be sent as...