Tag: dev

WordPress disable XMLRPC.php for increased security

I have recently been having a few issues with bots and malicious attacks trying to breach WordPress websites via brute force attacks. From my experience 90% of the websites, I have built or worked on never utilise the xmlrpc service, which is included with WordPress, due to this I decided to simply block any access to this service via Apache, which fixes a number of security related issues.

Code

Place this in your websites .htaccess file to take effect, then simply browser to domain.com/xmlrpc.php and you now get an access denied message.

Block XMLRPC access

# Block XMLRPC access <Files xmlrpc.php> Order allow,deny Deny from all </Files>

1
2
3
4
5

# Block XMLRPC access
<Files xmlrpc.php>
Order allow,deny
Deny from all
</Files>

What is XMLRPC?

The xmlrpc.php allows remote access to your WordPress site, it allows various tools and publishing applications to control and manage content from outside of the normal WordPress admin. For example, a publishing tool may allow you to write new blog posts using an alternative tool (instead of the WordPress admin).

Do I need it?

If you do not use any tools / services which utilise xmlrpc, then you do not need it and can apply the block in this post. For example, if you use the WordPress app to manage your website from your phone then you will need to keep XMLRPC working.

Why block XMLRPC?

Due to the nature of XMLRPC, it allows remote services to connect and perform actions on your website, this creates an additional security risk, and it is very common for malicious attacks to target XMLRPC with bruite-force attacks, trying to guess your password and / or access other services exposed by the XMLRPC protocol.

This code is provided as it and may require changes to work for your needs.

15th June 2021

WooCommerce delayed webhooks using actions scheduler

Recently been contacted by a user who needed the ability to delay the WooCommerce webhooks by x time, this would allow other processes happening on the site to finish instead of firing the webhook straight away, for example waiting for the payment process to finalise. Delaying webhooks is not common practice, however some time special case arises!

Take a look at actions scheduler if you wish to read more into the scheduler system used by WooCommerce.

Code

The following code allows you to delay several WooCommerces webhooks by a set duration (seconds) and also run in two modes.

Single Webhook, creates 1 single webhook but delayed by x seconds.
Multi Webhook, creates 2 webhooks, the normal webhook created by WooCommerce and a second repeat webhook which runs x seconds later.

function filter_woocommerce_webhook_deliver_async($true, $instance, $arg) {
    // Replace default schedule action? (single web hook fired, with delay)
    // Or schedule a seperate delayed action (default webhook fied with a second delayed web hook)
    $singleWebhook = false;
    
    // Target webhook topics
    $targetWebhookTopics = [
        ‘order.updated’,
    ];
    
    // Delay time in seconds
    $delayTime = 300;
    
    // If order.update, we want to create a seperate delayed webhook via schedule actions
    if (in_array($instance->get_topic(), $targetWebhookTopics)) {
        $payload = [‘webhook_id’ => $instance->get_id(), arg => $arg];
        $group = $singleWebhook ? ‘woocommerce-webhooks’ : ‘woocommerce-webhooks-delayed’;
        
        // Schedule a single action to run in 5 minutes, to cause the order.update to fire (delayed)
        // Make sure to run as_next_scheduled_action so multiple instances are not scheduled if one is already scheduled
        if (as_next_scheduled_action(‘woocommerce_deliver_webhook_async’, $payload, $group) === false) {
            as_schedule_single_action(time() + $delayTime, ‘woocommerce_deliver_webhook_async’, $payload, $group);
        }
    }
    
    return $true;
};
add_filter(‘woocommerce_webhook_deliver_async’, ‘filter_woocommerce_webhook_deliver_async’, 10, 3);

function filter_woocommerce_webhook_deliver_async($true, $instance, $arg) {

// Replace default schedule action? (single web hook fired, with delay)

// Or schedule a seperate delayed action (default webhook fied with a second delayed web hook)

$singleWebhook = false;

// Target webhook topics

$targetWebhookTopics = [

‘order.updated’,

];

// Delay time in seconds

$delayTime = 300;

// If order.update, we want to create a seperate delayed webhook via schedule actions

if (in_array($instance–>get_topic(), $targetWebhookTopics)) {

$payload = [‘webhook_id’ => $instance–>get_id(), arg => $arg];

$group = $singleWebhook ? ‘woocommerce-webhooks’ : ‘woocommerce-webhooks-delayed’;

// Schedule a single action to run in 5 minutes, to cause the order.update to fire (delayed)

// Make sure to run as_next_scheduled_action so multiple instances are not scheduled if one is already scheduled

if (as_next_scheduled_action(‘woocommerce_deliver_webhook_async’, $payload, $group) === false) {

as_schedule_single_action(time() + $delayTime, ‘woocommerce_deliver_webhook_async’, $payload, $group);

}

return $true;

};

add_filter(‘woocommerce_webhook_deliver_async’, ‘filter_woocommerce_webhook_deliver_async’, 10, 3);

This code is provided as it and may require changes to work for your needs.

12th November 2020

WooCommerce fix slow or delayed webhooks and achieve instant webhook firing

I’ve recently been working on a project which synced data between WooCommerce and an internal warehouse system, I was utilising the WooCommerce webhooks to achieve near real time syncing between the two systems, without having the creating API scripts to poll for data on a regular basis.

The Problem?

There was a delay ranging from couple seconds to 1 minute, WooCommerce uses a system called actions scheduler, this is an improved wordpress cron, allowing background processing to occur within WordPress for single or recurring actions. This is great and what WooCommerce utilises for its web hook system, however it is backed by the word press cron and the next load of scheduled actions will run on the next cron run (every 1 minute).

For this project, I needed the web hooks to fire as soon as the button was clicked, and a possible delay up to 1 minute was to long.

Fix

Disable async web hooks, web hooks will not fire as soon as they are created as part of the browser request.

/*
 * WooCommerce Disable async webhook delivery
 */
function custom_woocommerce_disable_async_webhook() {
	return false;
}
add_filter(‘woocommerce_webhook_deliver_async’, ‘custom_woocommerce_disable_async_webhook’);

* WooCommerce Disable async webhook delivery

function custom_woocommerce_disable_async_webhook() {

return false;

}

add_filter(‘woocommerce_webhook_deliver_async’, ‘custom_woocommerce_disable_async_webhook’);

I would recommend you test your site after doing this change, for example order webhooks will fire when a customer creates a new order, which could lead to a slow user experience.

1st October 2019

Control windows docker with Windows 10 Ubuntu Linux subsystem

Windows 10 Linux subsystems are a very powerful feature and expand the capabilities for Windows based developers greatly, without the need to use VMs or dual booting. One of these is controlling your windows based docker host via your Linux subsystem.

Why?

Linux command line is much more powerful that windows standard cmd line, you can combine a number of tools using piping to perform complex operations all via cli. Many of the tutorials, guides and normal operating commands used by docker and other tools are written using Linux based command line.

1. Setup Linux Subsystem

First you need to have your linux subsystem all setup and running. here is a guide I previous wrote to do just that.

All commands below will be via your linux subsystem.

Windows 10 Subsystem for Linux Ubuntu

2. Updates and packages

Shell

sudo apt-get update

1

sudo apt–get update

sudo apt-get install apt-transport-https ca-certificates curl software-properties-common

1

sudo apt–get install apt–transport–https ca–certificates curl software–properties–common

3. Add Docker’s official GPG key

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add –

1

curl –fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add –

4. Add repository

sudo add-apt-repository “deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable”

1

sudo add–apt–repository “deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable”

5. Install docker client

sudo apt-get install docker-ce

1

sudo apt–get install docker–ce

6. Add docker host to bash profile

This is so that you dont have to keep telling docker client how to access the docker service.

echo “export DOCKER_HOST=localhost:2375” >> ~/.bash_profile

1

echo “export DOCKER_HOST=localhost:2375” >> ~/.bash_profile

7. Enable exposed daemon with docker

We are almost done, now we just need to go back to our windows system and enabled exposed daemon via the docker settings.

Right click the docker icon within your task area and choose settings.

The general tab should have a “Expose daemon on tcp://localhost:2375 without TLS”, enable this option.

You should now be able to control your Windows docker service via your Linux subsystem.

Note

There is a more secure way to establish a connect between your subsystem and docker client, have a look at the following guide.

[Cross Post] WSL Interoperability with Docker

11th April 2019
Windows 10 Subsystem for Linux Ubuntu

I have always been more of a Windows based developer and used Linux based systems for server technologies, I have tried in the past to move to Linux but I am to fixed in my way and prefer the tools I have on windows! Is that a bad thing, I dont no? however with Windows 10 comes Subsystems which allows you to run a Linux based Ubuntu as part of a subsystem working jointly with your windows 10 operating system.

Im not talking about a VM or dual booting, I am talking about the ability to go to windows command line and type “ubuntu” and a full fledged ubuntu system from the command line starts up and allows you to run various tools, applications and services all within Ubuntu within Windows 10!

Microsoft site has a simple guide to follow to install the linux subsystem here.

1. Enabled windows subsystems for Linux

Powershell
PowerShell

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux

1

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux

2. Install Ubuntu via Windows Store

Open Microsoft Store and search for Ubuntu and click install

3. Initialise Setup

Open command line and type ubuntu to start the ubuntu instance, it will take you throught a initialisation stage

What next? have play around with Ubuntu on windows. For development purposes I am going to be using it with Docker! allowing me to control my Windows Docker environment from the Ubuntu Linux, as it allows me to use all the Linux based command structures and pipes making the experience even smoother and more powerful.

11th April 2019

Fix for WooCommerce schema data missing brand and mpn

UPDATED 25/10/2021 to comply with latest google changes.

Today I came across and issue where Google Search Console was complaning products “brand” and “mpn” where missing from the products schema / rich snippets data. You can checking using the rich snippet testing tool by Google found here.

https://search.google.com/structured-data/testing-tool

I fixed my issue by adding a WordPress filter using the “woocommerce_structured_data_product” filter option. This allows you to add new data to the already generated WooCommerce data.

This is an example. You will need to change for your implementation.

/*
 * Rich Snippet Data
 * Add missing data not handled by WooCommerce yet
 */
function custom_woocommerce_structured_data_product ($data) {
	global $product;
	
	$data[‘brand’] = $data[‘brand’] = [‘@type’ => ‘Brand’, ‘name’ => $product->get_attribute(‘pa_manufacturer’) ?? null];
	$data[‘mpn’] = $product->get_sku() ?? null;
	
	return $data;
}
add_filter( ‘woocommerce_structured_data_product’, ‘custom_woocommerce_structured_data_product’ );

* Rich Snippet Data

* Add missing data not handled by WooCommerce yet

function custom_woocommerce_structured_data_product ($data) {

global $product;

$data[‘brand’] = $data[‘brand’] = [‘@type’ => ‘Brand’, ‘name’ => $product–>get_attribute(‘pa_manufacturer’) ?? null];

$data[‘mpn’] = $product–>get_sku() ?? null;

return $data;

}

add_filter( ‘woocommerce_structured_data_product’, ‘custom_woocommerce_structured_data_product’ );

2nd April 2019

Twitter Bootstrap 3 Media Queries

Some useful bootstrap 3 media queries for both mobile first and non mobile first development styles, to make modifications to your front end simplier and follow the bootstrap 3 standard breakpoints.

Origional article can be found here.

Min-Width: Refers to everything greater than or equal to the amount given.
Max-Width: Refers to everything less than or equal to the amount given.

/*========== Mobile First Method ==========*/

/* Custom, iPhone Retina */
@media only screen and (min-width : 320px) {

}

/* Extra Small Devices, Phones */
@media only screen and (min-width : 480px) {

}

/* Small Devices, Tablets */
@media only screen and (min-width : 768px) {

}

/* Medium Devices, Desktops */
@media only screen and (min-width : 992px) {

}

/* Large Devices, Wide Screens */
@media only screen and (min-width : 1200px) {

}

/*========== Non-Mobile First Method ==========*/

/* Large Devices, Wide Screens */
@media only screen and (max-width : 1200px) {

}

/* Medium Devices, Desktops */
@media only screen and (max-width : 992px) {

}

/* Small Devices, Tablets */
@media only screen and (max-width : 768px) {

}

/* Extra Small Devices, Phones */
@media only screen and (max-width : 480px) {

}

/* Custom, iPhone Retina */
@media only screen and (max-width : 320px) {

}

/*========== Mobile First Method ==========*/

/* Custom, iPhone Retina */

@media only screen and (min–width : 320px) {

}

/* Extra Small Devices, Phones */

@media only screen and (min–width : 480px) {

}

/* Small Devices, Tablets */

@media only screen and (min–width : 768px) {

}

/* Medium Devices, Desktops */

@media only screen and (min–width : 992px) {

}

/* Large Devices, Wide Screens */

@media only screen and (min–width : 1200px) {

}

/*========== Non-Mobile First Method ==========*/

/* Large Devices, Wide Screens */

@media only screen and (max–width : 1200px) {

}

/* Medium Devices, Desktops */

@media only screen and (max–width : 992px) {

}

/* Small Devices, Tablets */

@media only screen and (max–width : 768px) {

}

/* Extra Small Devices, Phones */

@media only screen and (max–width : 480px) {

}

/* Custom, iPhone Retina */

@media only screen and (max–width : 320px) {

}

1st April 2019

Local website & services remotely accessible via secure tunnels with ngrok
Need an easy way to allow external network users to access services or websites on your local machine? ngrok allows you to easily create a secure tunnel from ngroks servers to your machine. For a web developer, this is a dream come true, this is a great way to demo a development whilst in the early stages, saves time uploading to a server.
- Allows access to your locally hosted web server from a unique domain
- Can use your own domains
- Works with vHost files
- Allows testing of website which require an external accessible point such as payment gateways or oAuth
- Can tunnel other services such as PhoneGap allowing users external to your network to test your mobile app
- Various API and IoT implementations
- Easy / quick private networking, VPN benefits
These are only a short list of what is possible using ngrok. Look at their website for a full list of its powerful features and get started.

https://ngrok.com/
6th August 2017
ESP8266 low-cost Wi-Fi full stack TCP/IP MCU (Arduino Compatible)
ESP8266 is a tiny extremity cheap MCU with third-party library making it Arduino compatible. Features all the normal connections you would expect such as GPIO, SPI, I2C, I2C and UART to name a few, the biggest selling point is its size and build in WiFi support with full stack TCP / IP communications.

Great for those IoT projects, connected devices and internet / network projects.

Features
- 32-bit RISC CPU: Tensilica Xtensa L106 running at 80 MHz*
- 64 KiB of instruction RAM, 96 KiB of data RAM
- External QSPI flash: 512 KiB to 4 MiB* (up to 16 MiB is supported)
- IEEE 802.11 b/g/n Wi-Fi
  - Integrated TR switch, balun, LNA, power amplifier and matching network
  - WEP or WPA/WPA2 authentication, or open networks
- 16 GPIO pins
- SPI
- I²C
- I²S interfaces with DMA (sharing pins with GPIO)
- UART on dedicated pins, plus a transmit-only UART can be enabled on GPIO2
- 10-bit ADC (this is a Successive Approximation ADC)
More Information

https://en.wikipedia.org/wiki/ESP8266
20th July 2017
Laravel, time zones and carbon

Laravel defaults to storing all dates in UTC format, this is highly recommended as UTC time never changes unlike other time zones which have daylight savings. It is best practice to store and read dates in UTC, and then convert UTC to your required time zone for the user interface.

Great article below of a good way to implement time zones using Carbon within your Laravel app.

https://andrew.cool/blog/49/Easy-timezones-in-Laravel-with-Carbon

26th June 2017

Tag: dev

Code

What is XMLRPC?

Code

The Problem?

Fix

1. Enabled windows subsystems for Linux

2. Install Ubuntu via Windows Store

3. Initialise Setup