Fix for WordPress Jetpack Not Activated: Site Inaccessible

I’ve noticed on some website hosts including my own old one that there are issues enabling the WordPress Jetpack plugin. Some hosts basically block access to the WordPress xmlrpc.php file in the root of all WordPress sites for security and performance reasons. The same file is a target for hackers so I guess you can’t blame hosts too much. However, Jetpack is a pretty cool plugin from WordPress themselves that allows all kinds of functionality on your website including Image CDN, Email Subscriptions, Security, Share icons and my personal favorite, Auto-posting to Facebook, Twitter, Linkedin etc.. so I’d really prefer if it wasn’t blocked!

The WordPress Android and iOS apps both use the xmlrpc.php files to work too so that in addition to all the great functionality the Jetpack plugin offers makes it worth the risk for me to allow access to it.

When you add the plugin and activate it, you will be asked to connect to your WordPress.com account but while doing this you may see the error “Your website needs to be publicly accessible to use Jetpack: site_inaccessible” or “Jetpack not activated: site inaccessible”. After talking with my host they reluctantly suggested I add the following code to my site’s .htaccess file:

<files xmlrpc.php>
Order allow,deny
Allow from all
</files>

Adding this to a few of my client’s sites worked perfectly.

You can make this a little more secure by changing the “Allow from all” line above to allow from a specific IP address but the server IP Jetpack tries to connect to seems to change frequently and just adding WordPress.com wont work either.

 

WordPress Database Privileges for Extra Security

I believe I’m well practiced in website security these days, especially having had to manage hundreds of client WordPress sites for years now! So I’m familiar with the standard security precautions of having everything kept up to date (WordPress core, plugins and themes), deleting any unused plugins or themes, having the correct file permissions on the site etc.. But one thing I normally discount is “Database Privileges” which is basically the allowances you give the database user to interact with the database that WordPress needs to run on.

Having done some research on the matter it appears that WordPress itself only requires the following privileges to run properly:

  • DELETE
  • SELECT
  • INSERT
  • UPDATE

And possibly the following if you plan on using the auto updater or installing plugins etc:

  • ALTER
  • CREATE

Some plugins or themes might require more privileges but you’ll quickly find that out on install and you can change privileges to suit.

Here’s the privileges I’ve settled on anyway. You can set these up while creating a new database and adding a user to it in Cpanel or go back and re-add the user to the database to change privileges if everything is already setup:

WordPress Database Privileges

Here’s a fairly comprehensive article on WordPress security from WordPress themselves:

codex.wordpress.org/Hardening_WordPress

How To Change Currency Format in Gravity Forms

As great as the number one WordPress forms plugin is, Gravity Forms has one glaring omission – no front end settings for currency formatting. The default you’re stuck with it this:

100,00 € which is supposed to denote one hundred euros or €100. This can confuse some people who mistake it for one hundred thousand!

The only way to change it is by adding the following code to your themes “functions.php” file. This example is what you need to show currency in Euros with the € symbol on the left, a comma thousand separator and 2 decimal places:

add_filter("gform_currencies", "update_currency");
function update_currency($currencies) {
    $currencies['EUR'] = array(
        "name" =--> __("Euro", "gravityforms"), 
        "symbol_left" => '€', 
        "symbol_right" => "", 
        "symbol_padding" => " ", 
        "thousand_separator" => ',', 
        "decimal_separator" => '.', 
        "decimals" => 2);
        
    return $currencies; 
}

NB: making this change will change any existing prices you have on your form to thousands so you’ll need to go into each price and fix.

Fix Passthru System & Exec errors with WordPress Database Manager

I’ve been using WP Database Manager for years now. I reckon it’s the best WordPress Database management plugin. As well as backing up your database it handles automatic optimisation and repair of your database and you can set both that and the backup to run automatically on a schedule. Occasionally though it throws a wobbly. For example it was working fine for me for ages then all of a sudden started giving the following error on the “Backup DB” screen. Admittedly, it might have been due to me updating something on my VPS:

"Checking PHP Functions (passthru(), system() and exec()) ...
passthru() disabled.
system() disabled.
exec() disabled.

I'm sorry, your server administrator has disabled passthru(), system() and exec(), thus you cannot use this backup script. You may consider using the default WordPress database backup script instead."

The above error meant that database backups couldn’t run which rendered the plugin useless.

Here’s a quick fix:

Create a file called “php.ini” and upload it to your wordpress/website root folder. Add the following code to your existing .htaccess file and re-upload:

suPHP_ConfigPath /home/YOUR-ACCOUNT/public_html

order allow,deny
deny from all

Swap “YOUR-ACCOUNT for the username on your hosting account.

PS – The above fix might be considered a security risk for some shared hosting providers.

Leon

Add a Newsletter System to Your WordPress Website

Online marketing is getting a bit harder these days as traditional and even newer methods of selling yourself online are becoming saturated and over used. It’s getting more and more unpredictable whether people will find your blog posts or see your Facebook & Twitter stuff as more and more businesses and competitors clamor to be heard online among a pile of junk and ads..

I’ve always liked Newsletters. They have been around for longer than social media marketing but may have taken a back seat in recent times but they remain an effective marketing tool. For example, top companies with massive mailing lists know they’ll make millions just by sending out a Newsletter with latest products etc..

Here are some of the advantages of using a Newsletter system that we shouldn’t forget:

  • Users can sign up to your list automatically,
  • Marketing material is sent directly to a persons inbox,
  • People can chose to read at a time that suits without having to bookmark,
  • People can unsubscribe (requirement),
  • Minimum marketing effort, maximum reach,
  • Full control over design and action links,
  • Open/Read analytics.

I’ve been using an excellent WordPress Newsletter plugin on this website for a few years now with some success. It can take subscribers automatically from the front end and I can write a nicely formatted and designed newsletter with all the required “view in browser” and “unsubscribe” links to send out to them all from within the WordPress admin. I can also generate offsite code to show the subscription form across the rest of my personal websites and places like my Facebook Page.

Get in touch if you’d like help setting up a Newsletter on your website.

Here’s an example of how a typical Newsletter looks. NB – don’t make them too long!:

Reverb Newsletter

 

WordPress HTTPS Plugin Breaking RSS Feeds

My RSS feed (and all variations of it, ie – atom, red, rss, rss2, etc..) had been giving problems for quite some time, showing up as “not a valid feed” at validator.w3.org/feed and inaccessible through my feed delivery service Dlvr.it which I use to automatically share my posts to Facebook, Twitter etc.. I tried re-uploading all the WordPress core files manually in case any of them had become corrupt. I also tried editing out white/blank space in important theme files like functions.php and wp-config.php but the problem persisted.

Eventually, a deactivation of all of my plugins fixed it but rather than turn on each one of the 50 or so plugins I use one by one to find the culprit, I tried a quick google search for something like “wordpress plugin break rss” and landed on this support thread for the WordPress HTTPS plugin which I’d been using for a while:

http://wordpress.org/support/topic/this-plugin-breaks-the-site-rss-feed

Sure enough, disabling that plugin sorted the issue but I thought I needed it. As it happened, I’d already converted my whole site over to HTTPS so didn’t really need the plugin’s functionality any more so I could safely leave it off. The plugin automatically parsed all non HTTPS url’s in the WordPress content which was handy and the only thing I was missing with it turned off but with a little tweak of my .htaccess file I was able to redirect all HTTP urls to HTTPS anyway.

The fix at the above thread might work for some temporarily but it’s not ideal considering plugin updates will overwrite the changes. I’ve submitted a report request to the developer and will update this post if he/she replies!

Leon

 

Switch Your Whole WordPress Website to Secure HTTPS SSL

I had cause recently to purchase and install a Secure Cert for this website so I could accept credit card payments securely but since then I’ve seen a few people mention the benefits of fully securing your whole site, not just payment sections. There are benefits for Forms pages and communications with other sites too. Here are some of the steps necessary to switch a whole WordPress site to SSL  as I’ve just done successfully with this one.

Purchase an SSL Cert

These have always been expensive but I found an affordable “Domain Validated” RapidSSL one at €7.85 per year that should work for most small to medium sites at NameCheap.com. There’s a bit to purchasing it and installing it on your server but tutorials are available online and it can be done in a matter of minutes if you’re familiar with the process.

Dedicated IP Address

If you are on a shared hosting server you may need a Dedicated IP address for your site. Mine was on a private VPS so I’d nothing to do. Dedicated IPs should be pretty cheap from your hosting company.

HTTPS Plugin

There’s a great plugin for WordPress that allows you to make certain posts or pages use HTTPS or turn the whole site HTTPS including the admin section. It’s called WordPress HTTPS. It does a pretty good job of converting any urls it finds, including those in your content, to HTTPS automatically.

WordPress Settings

A quick way of switching all the internal urls to HTTPS once you have your secure cert installed is to add https:// to the WordPress URLs in Settings – General.

Theme/Template Tweaks

You may need to go into your theme’s code and convert any absolute http:// url references to relative urls. Especially if it’s old or custom made like mine. I found the following WordPress functions very handy here as it kinda future proofs your site if you ever switch urls again:

bloginfo( 'wpurl' );
bloginfo( 'template_url' );
bloginfo( 'stylesheet_url' );

301 Redirects

Technically search engines may view your HTTP and HTTPS site as 2 separate sites and cry duplicate content. You could sort this by using a 301 redirect in your .htaccess file and using a “Canonical” tag.

Speed Issues

One barrier to switching to HTTPS was that it can slow your site considerably as the encryption processes involved take time and cpu power but I havn’t noticed too much of a slow down. Bigger, busier sites may notice more. Here’s a Response report from Site24x7 for the changeover period (around May 7th). It looks bad but is only a slowdown of about 500ms on the previous weeks report:

HTTPS Speed Report

You may be required to update your website url with other services providers like Google Analytics and Webmaster Tools but that’s a bit beyond the scope of this article!

Leon