Category Archives: WordPress

WP Super Cache 1.3.2

WP Super Cache is a full page caching plugin for WordPress that will speed up your website.

This is a security release and any users of the plugin should update as soon as possible. This release and the last 2 (1.3 and 1.3.1) address the following issues:

  • A visitor to a website using WP Super Cache can remotely execute code by way of a specially crafted comment left on the blog. The comment may even be moderated and it will still cause a problem. If you allow untrusted user content on your site through other means it should also be filtered in a similar way. See the function no_mfunc_in_comments for the existing filter. This will be mitigated in the next release by using a security keyword in the mfunc/mclude/dynamic-cached-content tag.
  • An XSS vulnerability was found in the plugins settings page of the plugin. This has been fixed as well.

The dynamic cached content features are now disabled by default as they should really have been a long time ago. This was announced in the Upgrade Notice of the previous release so hopefully site owners will be prepared for it. If you depend on this feature you can enable it again on the Advanced Settings page. I would encourage you to use Javascript instead for any dynamic features or use a short cache expiration time.

Support for the mobile theme in Jetpack has been added in this release by way of a helper plugin. If you enable this feature in Jetpack you should visit the Plugins tab of WP Super Cache and enable the Jetpack plugin there. Caching will be changed to PHP mode, and mobile device support enabled but you may have to manually remove the WP Super Cache mod_rewrite rules in the .htaccess at the root of your site.

I would like to thank WordPress.org user kisscsaby for finding the mfunc problem in WP Super Cache and W3 Total Cache and Frank Goossens for his help fixing it.

Edit: I should have stated this above. I did not know about the issue with mfunc until 3 weeks after kisscsaby posted it to a public forum. I don’t read every post on the support forum unfortunately and the user did not email me. I released version 1.3 within a day of hearing about the problem. Unfortunately the XSS vulnerability became known 24 hours after that requiring another release within 36 hours of the previous one. When it became clear that mfunc could be exploited still I released version 1.3.2

I’m leaning towards removing the mfunc/mclude/dynamic-cached-content feature completely. It’s only used by a tiny minority of users (who will be inconvenienced, sorry) but it’s dangerous code to have in the plugin.

WP Super Cache 1.2

UPDATE! I have just updated the plugin version number to 1.2. Thanks to everyone who tested it!

A new version of WP Super Cache is almost out and here are the changes in this full page caching plugin for WordPress.

OH! Hang on. Almost out? Yeah. I’m going to release it tomorrow but I would love a couple of hardy folks to try it first. People on the forums have been using the development version for several weeks without incident but I would really appreciate it if a few more tried it before the general public gets it. You know what to do, I don’t need to explain. Here’s wp-super-cache.zip. This is the version running on this very site right now and it’s very stable. Go at it! I’ll update this post in the morning, UTC. Thanks.

So, those changes eh?

  • Garbage collection of old cache files is significantly improved. I added a scheduled job that keeps an eye on things and restarts the job if necessary. Also, if you enable caching from the Easy page garbage collection will be enabled too.
  • Editors can delete single cached files from the admin bar now. (thread)
  • Fixed the cached page counter on the settings page (thread)
  • Some sites that updated to 1.0 experienced too much garbage collection. There are still stragglers out there who haven’t upgraded but that’s fixed now! (thread)
  • Supercached mobile files are now used as there was a tiny little typo that needed fixing. (thread)
  • If your site is in a directory and you saw problems updating a page then that should be fixed now. (thread)
  • The deactivate hook has been changed so your configuration isn’t hosed when you upgrade. Unfortunately this will only happen after you do this upgrade.
  • Some sites use custom cookies with the LOGGED_IN_COOKIE constant. Added support for that.
  • Added support for WPTouch Pro, but it appears to be flaky still. Anyone have time to work on that? I don’t.
  • Some sites had problems with scheduled posts. For some reason the plugin thought the post was in draft mode and then because it only checked the same post once, when the post magically became published the cache wasn’t cleared. That’s fixed, thanks to the debug logging of several patient users.
  • And more bug fixes and translation updates.

If you have problems the first place to look should be the forums (or try here too where things lived for a long time). Chances are someone else had the same issue before you and maybe they fixed it.

C64 fans will like this theme

If you’re a fan of that strikingly handsome and powerful computer, the Commodore 64, you will no doubt be itching to try this Commodore theme for WordPress. It turns your blog into what every C64 owner saw when they powered on the computer. I’m disappointed it doesn’t retain the 40 character line but I guess some exceptions had to be made “in the name of progress”. We didn’t have Youtube back then either but if we did you can be sure it would be full of dodgy VHS copies of Glenroe and Cheers.

Of much more interest to a certain demographic would be a WordPress theme that embeds blog posts in an Amiga intro or C64 intro using HTML5? Someone will read a DYCP version of this post, right?

(Thanks Ian for the link!)

Search more Twitter with Tweet Tweet

My Tweet Tweet plugin hasn’t been updated in a while. It stores Twitter conversations in your local database. Not just your own tweets but also the tweets of those you follow.

Storage can be a problem once the plugin has been running for a few months however. The log table gets quite big so last year I added code to the plugin that broke up those tables once they reached a predetermined size. In my case I go with 100,000 rows. I have over 20 of those tables now (some in an old database I haven’t copied over yet) and until today the search function in the plugin only searched the most recently created table.

All that’s changed now. It’ll search back through the other tables and compile a list of up to 10,000 tweets. It’s still a little rough but if you’ve been running the plugin for some time give the development version on the developers page a go. Here’s a search for Aurora. The original image was 21793 pixels high, so this is the latest and earlier tweets in that search:

aurora search on twitter

aurora search on twitter

WP Super cache 1.1

This is a bugfix release of the full page caching plugin WP Super Cache for WordPress.

Not much has changed in the week or so since I asked for testers but in case you missed that post here are the changes since 1.0:

  • Use $_SERVER[ ‘SERVER_NAME’ ] to create cache directories. No more non existant blogs appearing in your cache supercache and blogs folders.
  • Only create blogs cached directories if valid requests and blogs exist.
  • Only clear current blog’s cache files if navigation menu is modified
  • Added clean_post_cache action to clear cache on post actions
  • Removed garbage collection details on Contents tab
  • Added wp_cache_check_mobile cacheaction filter to shortcircuit mobile device check.
  • Don’t delete cache files for draft posts
  • Added action on wp_trash_post to clear the cache when trashed posts are deleted
  • Show a warning when 304 browser caching is disabled (because mod_rewrite caching is on)
  • New check for safe mode if using less that PHP 5.3.0
  • Added wp_supercache_remove_cookies filter to disable anonymous browsing mode.
  • Fixed garbage collection schedule dropdown
  • Fixed preload problem clearing site’s cache on “page on front” sites.
  • Fix for PHP variable not defined warnings
  • Fixed problem refreshing cache when comments made as siteurl() sometimes didn’t work
  • Preloading of taxonomies is now optional
  • Domain mapping fixes.
  • Better support for https sites. Remove https:// to get cache paths.
  • Added AddDefaultCharset .htaccess rule back in and added an option to remove it if required.
  • Added multisite plugin that adds a “Cached” column to Network->Sites to disable caching on a per site basis.
  • Added WPTouch plugin to modify browser and prefix list in mobile detection code. Added support for that plugin’s exclude list.
  • Fixed cache tester
  • Filter the tags that are used to detect end-of-page using the wp_cache_eof_tags filter.
  • Removed debug level from logging as it wasn’t helpful.
  • Removed mention of wp-minify.

As ever, the support forum is the best place to go for help as I monitor it all the time. Before you post there use Google to search for any error strings and use the debug system in the plugin as it will probably tell you what’s going on.

Fatal error: Allowed memory size of 67108864 bytes exhausted

WordPress uses memory. Plugins and themes use memory. New versions of software may use more memory than before. When that happens and PHP on your server doesn’t have enough memory then PHP will stop with a fatal error like this:

Fatal error: Allowed memory size of 67108864 bytes exhausted (tried to allocate 1203208 bytes) in /home/*****/public_html/wp-admin/includes/class-pclzip.php on line 4215

This happens quite a bit but it’s not a bug in WordPress or your new plugin or theme, you simply need to let PHP use more memory on your server. Thankfully WordPress makes it easy to do this. You must define a constant, WP_MEMORY_LIMIT in your server’s wp-config.php like this:

define(‘WP_MEMORY_LIMIT’, ‘128M’);

The error message will give you an idea of how much memory is required. The error message says it tried to allocate 1203208 bytes or just over 1MB of memory. The limit here is 67108864 bytes, or 65536KB which is 64MB so here I’d need a WP_MEMORY_LIMIT of more than 66M. The error message will go away once PHP has enough memory but be sure to test it.

If you allocate too much memory your server could start eating into disk swap space. Also be aware that each Apache child process is allowed to use that much memory so if you had ten processes it could use ten times the memory limit in a worst case scenario. If that happens you’ll need more RAM or you’ll have to figure out what’s using so much memory.

There’s also a WP_MAX_MEMORY_LIMIT constant. By default it’s 256M and it’s currently only used when uploading images.

On the off chance that you don’t have WordPress installed and you came here from a search engine, then you’ll want to use ini_set() somewhere early in the PHP process to increase the memory limit:

ini_set(‘memory_limit’, ‘128M’);

Finally, I love that the wp-config.php codex page is the first result of a search for WP_MEMORY_LIMIT.

Super Cache for the Weekend

WP Super Cache 1.0 came out several months ago and while it worked fine for most people there’s always room for improvement and bug fixes. Here are some of the bug fixes and improvements coming in the next version which I plan on releasing next week.

There are a lot of changes there so if you have a self hosted blog I would really appreciate if you download the development version, wp-super-cache.zip and install it in your plugins folder.

  • Use $_SERVER[ ‘SERVER_NAME’ ] to create cache directories.
  • Only create blogs cached directories if valid requests and blogs exist.
  • Only clear current blog’s cache files if navigation menu is modified
  • Added clean_post_cache action to clear cache on post actions
  • Removed garbage collection details on Contents tab
  • Added wp_cache_check_mobile cacheaction filter to shortcircuit mobile device check.
  • Don’t delete cache files for draft posts
  • Added action on wp_trash_post to clear the cache when trashed posts are deleted
  • Show a warning when 304 browser caching is disabled (because mod_rewrite caching is on)
  • New check for safe mode if using less that PHP 5.3.0
  • Added wp_supercache_remove_cookies filter to disable anonymous browsing mode.
  • Fixed garbage collection schedule dropdown
  • Fixed preload problem clearing site’s cache on “page on front” sites.
  • Fix for PHP variable not defined warnings
  • Fixed problem refreshing cache when comments made as siteurl() sometimes didn’t work
  • Preloading of taxonomies is now optional
  • Domain mapping fixes.
  • Better support for https sites. Remove https:// to get cache paths.
  • Added AddDefaultCharset .htaccess rule back in and added an option to remove it if required.
  • Added multisite plugin that adds a “Cached” column to Network->Sites to disable caching on a per site basis.
  • Added WPTouch plugin to modify browser and prefix list in mobile detection code. Added support for that plugin’s exclude list.
  • Fixed cache tester
  • Filter the tags that are used to detect end-of-page using the wp_cache_eof_tags filter.

And my first WordPress.org post was …

My post on this forum thread was my first one on WordPress.org apparently.

It was 8 years ago and WordPress didn’t have a plugin system and wouldn’t have until later. I had integrated Smarty into the b2++ project, with a nifty versioned template editor and even looked at doing the same with WordPress. Smarty had a plugin system that could be used in theory but nothing came of it.

What was your first post on the WordPress.org forum? Look in your profile to find out!

Close

Ad-blocker not detected

Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Here are a few options.

  • uBlock Origin is a free, open source, ad blocker for your browser.
  • Use pi-hole if you have a spare Raspberry Pi on your network.
  • Set the private DNS settings on your phone to dns.adguard.com to block adverts and trackers.