Month: October 2012

Upgraded to 3.4.2, finally!

Helge on

Finally we have upgraded our WP multisite to 3.4.2!

In this upgrade we also upgraded around 30 plugins and 8 themes. Also we installed a new theme: TwentyTwelve. Hopefully some of the admin-users will like it.

The greatest challenge we had was to be able to do real testing on plugins, themes and blogs on our system, before upgrading the main system. We wanted to test everything 100% so that none of our users would notice any problem.

We solved this by establishing another server, with a setup exactly like the production server. (We are running our systems on Linux Redhat Enterprise).

On this Test server we installed the software/middleware similar to the main production system like: MySQL, Apache with PHP and more.

Second we imported all the MySQL data from the production system to this new Test system, and also all the “blogs.dir” data.

Because of DNS names, which are also clogged into the database, we had to edit both the Test server “hosts” file and client “hosts” file with all the blog-domain names:

Example:
192.168.127.145 blogname1.ourblog.uib.no
192.168.127.145 blogname2.ourblog.uib.no
192.168.127.145 blogname3.ourblog.uib.no

And so on, for 194 of them.

Now, when we tested the different sites, one by one, we could see how the core, plugin and theme upgrade affected the individual sites one by one. This testing was done manually by my colleague.

We also used a bash script that went through the list of 194 blog domain names, downloading the html code for each of them, calculating the number of bytes downloaded. All the sites with a 0 bytes download were sites that we could look deeper into to, to see what went wrong.

There were no big problems; some plugins could not be upgraded, because they locked the system after being upgraded. These plugins we just kept on their current release.

Also in our upgrade we installed a new plugin called: WP Better Security.
Which we really recommend.

Today I got attempts from 5 different people trying to guess the admin password. With the 5 failed password-login attempt, they were successfully locked out. The plugin looks promising and we are stilling digging into this security enhancement to our multisite WP site.

We also closed the self-registration. From now on, only administrators of each Blog can add users. We had too many spam-users, actually on present date; we had 1800 spam users, and 800 real users.

The way to lock the users created by spammers, we only set the ‘spam’ field in the wpusers table to ‘1’ in the Mysql database.

Final word 1: In order to make the sites none-writeable. We used a plugin called code-freeze to close everything, in order for us to work, take backup of the Mysql database and more, being assured that it was not possible for users to add and change the system. This was done before we stopped the HTTPD deamon, mentioned above.

Final word 2: before doing any of the core, plugin and theme upgrade on the main production site, we did a full Mysql dump of the database while Apache HTTPD server was stopped. (This to make sure that no UPDATE,INSERT,DELETE or other SQL statements were performed during backup.)
The Mysql backup/snapshot was done with the: automysqlbackup. See my links where to find it.

 

bbPress

Helge on

bbPress is a WordPress plugin that enable you as an WordPress administrator to add a full Forum server to your site.

I am testing it out now, and will install it soon on our Multisite WordPress solution.

bbPress is promising, and because it can be used in a WordPress context, you can benefit regarding spam issues if you have Akismet spam control enabled.
Also, if you already are an WordPress administrator, creating Forums and Topics is like making Pages and Posts.

I had a problem to get the bbPress Forum to work. I only got: “Can’t find the page 404” and “Sorry, this is embarrising”.
The solution was to go to:
Setting – Permalinks

That was it 🙂 Nothing more to it. Just the visit fixed the problem.

You can check the usage Forum here:

http://helge.w.uib.no/forums/
Or click on one of the Forums on the right sidebar

Alert Blog Admin php script

Helge on

I had to send emails to all the Blog admins in our WordPress Multisite installation. This is how I did it:

[code lang=”php”]
<?php
# Alert Blog Admin php script
# connect to blog db, select from, find all blog admin email adresses
# get subject, body from pre-created local files, send the email

# how to run the script
# php alertblogadmin.php -s subjecttext.txt -b bodytext.txt

$mysqlserver="localhost";
$mysqluser="dbuser";
$mysqlpassword="XXXXXXX";
$database="blog";

$ERROR=0;

# This script require arguments
$arguments = getopt("s:b:f:dr");

# Test if array $arguments as at least s,b and r
# maybe to make sure that $arguments array contains at least 3 items?
if ( count($arguments) < 3 ){
echo "Missing arguments…\n";
echo "Usage: php alertblogadmin.php -s subjecttext.txt -b bodytext.txt\n";
die;
}

# 2 text files need to exist
if ( !file_exists($arguments["s"])) {
echo "File $arguments[s] does not exist?\n";
$ERROR=1;
}
if ( !file_exists($arguments["b"])) {
echo "File $arguments[b] does not exist?\n";
$ERROR=1;
}

if ($ERROR == "1"){
die;
}

$link = mysql_connect($mysqlserver, $mysqluser, $mysqlpassword);
if (!$link) {
die(‘Could not connect: ‘ . mysql_error());
}
mysql_select_db ($database,$link);

# collect blogs
$sql="SELECT blog_id from wp_blogs where deleted not like ‘1’";
$result=mysql_query($sql,$link);
if (!$result) {
die(‘Invalid query: ‘ . mysql_error());
}

$i = "0";
$emailarray = array();

while ($row = mysql_fetch_array($result, MYSQL_NUM)) {
$blog_id = $row[0];
$table = "wp_" . $blog_id . "_options";

# Find email adresses to admins in each blog in the system
$sql2="SELECT option_value FROM $table WHERE option_name = ‘admin_email’";
$result2=mysql_query($sql2,$link);
while ($row2 = mysql_fetch_array($result2, MYSQL_NUM)) {
$emailarray[$i] = $row2[0];
}
$i++;
}

# sort the email array and find unique emails
asort($emailarray);
$emailarray = array_unique($emailarray);

$emails = "";
foreach ($emailarray as $email) {
$emails .= $email.",";
}

$emails = substr($emails,0,-1);

# Could be smart to see who you will be sending your email to
echo $emails;

# open subject and body text files
$subject = file_get_contents($arguments["s"]);
$body = file_get_contents($arguments["b"]);
$from = $arguments["r"];

# Use this one to test before you actuelly send to $emails, which is a variabel that might contain hundreds of emails.
# You really would like to test first
$bcc = "user1@something.com,user2@something.net";
//$bcc = $emails; # uncomment this one, when you are ready to go

$headers = "From: noreply@something.com" . "\r\n" .
"Reply-To: noreply@something.com" . "\r\n" .
"Bcc: $bcc" . "\r\n" .
"X-Mailer: PHP/" . phpversion();
$header_ = ‘MIME-Version: 1.0’ . "\r\n" . ‘Content-type: text/plain; charset=UTF-8’ . "\r\n";

mail(”, ‘=?UTF-8?B?’.base64_encode($subject).’?=’, $body, $header_ . $headers);
mysql_close($link);
?>

[/code]

Find your files

Helge on

In Linux you can use the command ‘find’ to find files and folders and then also do something with them on your system.

Find all files that ends with the .php extension in the folder /var/www/:
find /var/www/ -type f -name '*.php'

This will give you a list with a lot of files.
So, what? What is next?

Well, you can search for words in those files:
find /var/www/ -type f -name '*.php' | xargs grep 'foobar'

that will give files with file extension .php that has the word ‘foobar’ in it.

 

find /var/www/ -type f -iname '*.php' | xargs grep 'foobar'
Does the same right? Almost, only that it also search for also files with .PHP (iname means none-case-sensitive)

 

find /var/www/ -type d -name 'tmp' -exec ls -ald {} \;
will find all the folders under /var/www/ with the name “tmp” and list the information out about these folder.
Here is my output from my server:
find / -type d -name 'tmp' -exec ls -ald {} \;

drwxrwxrwt. 11 root root 4096 Oct 22 21:54 /tmp
drwxrwxrwt. 2 root root 4096 Oct 22 16:33 /var/tmp
drwxrwx–T. 2 root lp 4096 Sep 5 10:28 /var/spool/cups/tmp
drwxr-xr-x 2 root root 4096 May 9 10:30 /backup/db/tmp

Let us get to something more interesting:

Find all files that has the string rocket or ROCKET in their filename, and move them to the folder /tmp:
find / -type f -iname '*rocket*' -exec mv {} /tmp/ \;