Category Archives: WordPress

WP Super Cache 0.7 – the dupe content killer

WordPress.org user, “definitelynot” discovered a bug in the WordPress plugin, WP Super Cache that could expose blogs to duplicate content penalties. Unfortunately this affects every blog that uses the plugin in “ON” or full “Super Cache” mode, and has URLs that end with the “/” (forward slash) character. If the plugin is on “half on” mode, you’ll be fine.

The problem is that an anonymous user might visit a legitimate URL, ending with a slash, the plugin then creates a static file out of that page, which is then used when people visit the same URL. Unfortunately if someone links to that URL without the ending slash, a visiting browser or search engine bot won’t be redirected to the proper URL, they’ll be served the static html file.

For example:

  1. John visits the URL /2007/05/23/why-the-nurses-cant-go-on-strike/ on my site. WP Super Cache creates a html file of that page.
  2. In his enthusiasm for that post, John publishes a post about those zany doctors, but he forgets the ending “/”.
  3. Googlebot, seeing fresh content on John’s site, crawls it and sees the link, visits my site eventually and wonders why it’s seeing the exact same page at two different URLs.

To be fair, Google is pretty good at figuring out where duplicate content is supposed to go but it’s better to avoid the issue completely. It also only matters if there are links to your site without the ending slash. The most common will probably be to your homepage as it’s likely internal URLs will be copy/pasted.

How to Fix
You should update to version 0.7 of the plugin which checks if your blog is affected by this problem. It also has instructions for updating the mod_rewrite rules in your .htaccess. It’s fairly easy to fix. Thank you “andylav” for the mod rewrite magic!

  1. Edit the .htaccess in the root of your WordPress install.
  2. You’ll see two groups of rules that look like this:
    RewriteCond %{REQUEST_METHOD} !=POST
RewriteCond %{QUERY_STRING} !.*s=.*
RewriteCond %{QUERY_STRING} !.*wp-subscription-manager=.*
RewriteCond %{QUERY_STRING} !.*attachment_id=.*
RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress|wp-postpass_).*$
RewriteCond %{HTTP:Accept-Encoding} .*gzip.*
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/supercache/%{HTTP_HOST}/$1/index.html.gz -f
RewriteRule ^(.*) /wp-content/cache/supercache/%{HTTP_HOST}/$1/index.html.gz [L]

RewriteCond %{REQUEST_METHOD} !=POST
RewriteCond %{QUERY_STRING} !.*s=.*
RewriteCond %{QUERY_STRING} !.*wp-subscription-manager=.*
RewriteCond %{QUERY_STRING} !.*attachment_id=.*
RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress|wp-postpass_).*$
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/supercache/%{HTTP_HOST}/$1/index.html -f
RewriteRule ^(.*) /wp-content/cache/supercache/%{HTTP_HOST}/$1/index.html [L]
  3. You need to add the following 2 rules above each block of “RewriteCond” lines:
    RewriteCond %{REQUEST_URI} !^.*[^/]$
RewriteCond %{REQUEST_URI} !^.*//.*$
  4. The rules should eventually look like this:
    RewriteCond %{REQUEST_URI} !^.*[^/]$
RewriteCond %{REQUEST_URI} !^.*//.*$
RewriteCond %{REQUEST_METHOD} !=POST
RewriteCond %{QUERY_STRING} !.*s=.*
RewriteCond %{QUERY_STRING} !.*wp-subscription-manager=.*
RewriteCond %{QUERY_STRING} !.*attachment_id=.*
RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress|wp-postpass_).*$
RewriteCond %{HTTP:Accept-Encoding} .*gzip.*
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/supercache/%{HTTP_HOST}/$1/index.html.gz -f
RewriteRule ^(.*) /wp-content/cache/supercache/%{HTTP_HOST}/$1/index.html.gz [L]

RewriteCond %{REQUEST_URI} !^.*[^/]$
RewriteCond %{REQUEST_URI} !^.*//.*$
RewriteCond %{REQUEST_METHOD} !=POST
RewriteCond %{QUERY_STRING} !.*s=.*
RewriteCond %{QUERY_STRING} !.*wp-subscription-manager=.*
RewriteCond %{QUERY_STRING} !.*attachment_id=.*
RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress|wp-postpass_).*$
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/supercache/%{HTTP_HOST}/$1/index.html -f
RewriteRule ^(.*) /wp-content/cache/supercache/%{HTTP_HOST}/$1/index.html [L]
  5. Or you could just delete those rules and let the plugin regenerate them for you again.

PS. Thanks also to Lloyd for noticing the “enable the plugin” link was pointing at the wrong URL, and to Ryan who spotted a minor problem with the admin page and was kind enough to send me a Tweet about it.
PPS. I’ve just tagged 0.7.1 to fix some problems with the updating of the .htaccess, mainly for new users. If 0.7 of the plugin works for you, there’s no need to upgrade!

Howto: Twitter sms notification for Meteor and Vodafone

A few weeks ago Twitter annoyed a lot of European users when they stopped sending sms notifications to their users. I never really used that facility so I didn’t miss it but many Tweeters did. Outrage and blue murder were spoken of in the same sentence. People marched in the streets, there were riots.

OK, maybe not, but it annoyed a few prolific Tweeters and I wondered aloud if I could make Tweet Tweet send me sms notifications when I got replies or direct messages. After quite a bit of testing and playing around with Meteor’s website I’m glad to say I cracked it. I added hooks to my plugin for other plugins to latch on to, and wrote a small bit of code that logs in to Meteor.ie and uses their free web text to notify me of replies or direct messages.

Following on from that success, Jason Roe added code so Irish Vodafone customers could get sms notifications too!

So, if you really miss the sms notifications from Twitter, and you’re an Irish Meteor or Vodafone customer, download Tweet Tweet, install it in your WordPress blog and enjoy getting those sms notifications from Twitter again!

Developers – if your phone company isn’t covered just yet, please take a look at the existing Meteor and Vodafone plugins. The framework is there. Using curl to login and send texts can be a little daunting but it’s not impossible. Get in touch by leaving a comment here, or using the contact form on the about page.

PS. Almost forgot to mention Tweetrush went live yesterday with some very nice Twitter stats. Check out what my friend AJ has to say about the launch!
PPS. I’ll be demoing Tweet Tweet at Techludd Cork on Thursday night. If you’re there, please say hi!

WP Super Cache 0.6.7

WP Super Cache is a plugin for WordPress that creates cached copies of your blog posts and pages, making your site much faster to serve. It’s also ideal for coping with sudden surges of traffic.

I released a new version of the plugin this morning. This is a bugfix release:

  • Mike Beggs contributed a number of changes:
    1. Better support for Win32 NTFS
    2. Better use of the “Vary” header so proxy servers won’t cache the wrong page. If you see leakage of comment details on posts this will fix that problem.
    3. WP-Cron handles cleanup of expired cache files in the background now.
    4. Disable mod_deflate if it’s running as it sometimes tries to compress gzipped files. Remove wp-content/cache/.htaccess for that file to be updated.
  • Lazy and Otto both recommended using get_comment() instead of the depreciated get_commentdata()
  • A basic “uninstall” function has been added to remove some of the files the plugin creates. It’s called when you deactivate the plugin.
  • PHP running as a CGI doesn’t support apache_request_headers() so that’s been added too.
  • And I almost forgot, the admin page received a slight makeover.

Get the plugin from the download page!

Tweet Tweet 0.1 for WordPress

I’m a big fan of Twitter. It serves as a useful tool connecting people who might never meet, and also as a vital means of communication for those who work at home or in solitary conditions.

The one huge and uncomfortable problem I see with Twitter is, “What happens to the conversation if Twitter fails?” What will you do if Twitter goes out of business tomorrow? Where will all your conversations, all the links you posted, and received from your friends be? That’s why I wrote Tweet Tweet.

Tweet Tweet is a plugin for WordPress that will archive your tweets, and the tweets of everyone you follow, plus replies you receive from strangers, and direct messages too. All these tweets will be stored safely in your database.

There is a simple “review pane” where you can see the latest tweets and go back in history but it’s very basic. The primary aim of this plugin is to ensure that your conversations are safe.

Tweet Tweet

The plugin has been tested by a number of users, but it uses jQuery and AJAX techniques for the review pane so I’d love to hear if it works for you.

Please, do not hack the plugin to poll Twitter more than once every 90 seconds. Unless you follow thousands of others, 90 seconds will be fine. I have mine set to 180 seconds and it picks up every single tweet.

Update! I just tagged version 0.2 which adds a better hover for the review pane (and makes it IE6 compatible), and also adds a search form to make it easier to navigate your Tweet archive.

WordPress at No. 10

You may have heard that the official site of the British Prime Minister’s Office at number10.gov.uk launched earlier today. The great news is that it’s running WordPress, but what really excited me is the fact that the site is also using WP Super Cache.

The site was initially very slow, but once the cached static files were in place, it just zipped along! Three cheers for caching and everyone who has contributed to WP Cache and WP Super Cache! 🙂

I wonder if Gordon Brown will be looking at his Dashboard? *Wave*

WordPress MU Domain Mapping 0.1

A long sought after feature in WordPress MU is domain mapping. That’s where a blog on a WordPress MU site can be “mapped” to a new domain. WordPress.com has an advanced domain mapping feature that has proved to be very popular with users even though it’s a paid-for upgrade.

This domain mapping plugin isn’t quite as powerful and still requires plenty of testing. So, while domains and “sub domains” or hostnames can be mapped to individual blogs, there are a number of caveats:

  1. Remote login does not work. It’s possible to be logged in on the main site, logged in on the domain mapped blog as a different user or not logged in at all there!
  2. It only works if your WordPress MU site is using sub domains.
  3. It’s the 0.1 0.2 release. It’s basic.

Here’s the plugin page, and the download page. I’d like to hear how well it works for you.

I’m submitting this plugin to the WordPress MU plugin competition. There are only 2 other entries so the odds on my winning are pretty good!

I should have a Sitewide Tags update later this week, with thanks to Thomas Schneider who came on board last week to help and has done some super work!

Ron and Andrea found a bug in pre release testing that I forgot to fix in 0.1, so grab 0.2 if you were (un)lucky enough to grab the first release! Thanks Trent for testing too. Follow me on Twitter to get the inside scoop on my WordPress plugins, including a sort of super secret Twitter plugin..

WordPress MU is the multi blog version of WordPress that runs on WordPress.com and many other sites.

Gravatar enabled WordCamp Badges

Andy has the very exciting news that Gravatar icons will be printed on attendee’s WordCamp San Francisco badges this year!

gravatar badge

On supporting websites, Gravatars have become a de-facto identity for comment threads and discussions so to carry through the identity to the conference floor is just a logical conclusion.

There is one caveat. Gravatars can now be up to 512×512 pixels. The bigger they are, the better they’ll print. If your Gravatar is a measly 32×32 pixels it’s going to look like a dirty smudge next to the shiny badges of the big boys. Andy has created a handy form for checking if your image is the right size. If not, please upload a new Gravatar before August 14th!

I won’t be at WordCamp this year but after seeing the line up of speakers I’m looking forward to seeing the blog coverage afterwards.

PS. Andy has a new post showing how to create those badges with the help of a PDF library.

WordPress MU 2.6

Version 2.6 of WordPress MU is now out! WordPress MU is the multi blog version of the popular blogging software WordPress. It’s the engine behind WordPress.com and many other blogging sites.

This version of WordPress MU is based on WordPress 2.6. There’s a long and interesting WordPress.org post on the new features in 2.6 so get over there to read up on post revisions, “Press This!”, Gears, Theme Previews, and the long list of developers who helped make this release a reality.

Some of the new features in this release of MU:

  1. Version number is 2.6 rather than 1.6 because it just makes sense to synchronise the major version numbers.
  2. Signup page now has a nonce which should help in the fight against spammers, for a short while anyway.
  3. Redirecting to the signup page for 404s and for unknown blogs is not enabled by default. Check out wp-config-sample.php for instructions.
  4. “allowed_themes” filter, much like the plugins filtered added previously.
  5. New functions: get_id_from_blogname(), is_main_blog().
  6. get_blog_details() can now take a blogname as well as a blog_id.
  7. Custom first posts didn’t always work. Now they do.
  8. Blognames in the “Add blog” form in wpmu-blogs.php are now sanitized.
  9. Added “pre_site_option_*” and “site_option_*” filters like the similar option filters.
  10. Meta fields will be passed on signup again.
  11. Added an “admin_header_navigation” filter so the top right navigation in the backend can be customised.
  12. The signup page uses “blogname” instead of “blog_id” to avoid confusion with the global variable of the same name. Plugins will break if not updated!

That last change is quite a major one. If you have any plugins that interact with the signup form they will need to be updated!

This release also addresses some security issues spotted by Alexander Concha and Juan Galiana. Thank you both for alerting us and for your patience while this release was prepared!

Sitewide tags pages for WordPress MU

For WordPress MU only. My latest plugin is the sitewide tags pages plugin.

This is the initial release of a plugin that creates a set of pages like the WordPress.com Hot Topics pages. It’s a lot more simplistic, but by feeding posts into one blog it also creates a sitewide feed of all posts plus feeds of any tags and categories too.


Sitewide Tags Options

WordPress MU is a multi blog version of WordPress that runs on WordPress.com. If you use the regular version of WordPress this plugin is not for you and you can ignore this post.

PS. In other MU news. Raanan has a new post on the Publisher Blog about Nationen! blog, a new Danish blog site based on WordPress MU that looks rather nice!
The site was developed by Incsub who are also the guys behind wpmu.org where you’ll probably find all sorts of useful nuggets of MU goodness on a regular basis!

Anti spam-blog plugin for WordPress MU

The very popular WP Hashcash plugin for WordPress has been modified to work on the WordPress MU signup page.

WP Hashcash is an anti spam plugin that protects blogs from comment spam. It does this with Javascript and is quite successful. I worked on it over the last few days and the plugin now offers the same protection on the WordPress MU signup form!

This is the first release of the code so handle with care. Grab the latest version (version 4.2 as of this moment) from the download page. Unzip it and copy wp-hashcash.php into wp-content/mu-plugins/ and visit “Site Admin” -> “WordPress Hashcash” to confirm it’s working.

Now logout and create a new blog, just to make sure everything is working ok. Occasionally some users will have problems registering, and those that have Javascript turned off won’t be able to create a new blog at all. That’s the downside of using this plugin unfortunately.

Keep an eye on the stats counter on the admin page. I want to hear how well this works on your site!

Close

Ad-blocker not detected

Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Here are a few options.

  • uBlock Origin is a free, open source, ad blocker for your browser.
  • Use pi-hole if you have a spare Raspberry Pi on your network.
  • Set the private DNS settings on your phone to dns.adguard.com to block adverts and trackers.