vincentkong.com

Since version 2.7 I’ve noticed that stylesheets in WordPress have been referenced with https regardless if the request was made through http or https.  After waiting for through several version upgrades (until 2.8.4) to address this, I decided to see if I can resolve it myself.

Problem:

Stylesheets are always returning https since 2.7 as shown in the source code:

<link rel="stylesheet" href="https://www.vincentkong.com/wp-content/themes/glossyblue-1-4/style.css" type="text/css" media="all" />

Cause:

The cause of the problem is due to the following code found in the  wp-includes/link-template.php.  More specifically with the line if ( is_ssl() ) since it seems to always return true if you have SSL enabled for the website.

/**
 * Retrieve the url to the content directory.
 *
 * @package WordPress
 * @since 2.6.0
 *
 * @param string $path Optional. Path relative to the content url.
 * @return string Content url link with optional path appended.
*/
function content_url($path = '') {
 $scheme = ( is_ssl() ? 'https' : 'http' );
 $url = WP_CONTENT_URL;
 if ( 0 === strpos($url, 'http') ) {
 if ( is_ssl() )
 $url = str_replace( 'http://', "{$scheme}://", $url );
 }

 if ( !empty($path) && is_string($path) && strpos($path, '..') === false )
 $url .= '/' . ltrim($path, '/');

 return apply_filters('content_url', $url, $path);
}

Solution:

As a quick solution I commented the portion of code which was causing the issue.  I don’t know what is the side effect of this, but I haven’t ran into any issues yet.

 if ( 0 === strpos($url, 'http') ) {
 if ( is_ssl() )
 $url = str_replace( 'http://', "{$scheme}://", $url );
 }

Update:

As of version 2.8.5 a new JavaScript in WordPress is also always referencing https

<script type=’text/javascript’ src=’https://www.vincentkong.com/wp-includes/js/jquery/jquery.js?ver=1.3.2′></script>

To resolve this open wp-includes/script-loader.php and comment out the line indicated below:

function wp_default_scripts( &$scripts ) {

        //if ( !$guessurl = site_url() )
                $guessurl = wp_guess_url();

As of version 3.0 another custom change needed to be made to fix the https referencing.

Open wp-includes/functions.phpand comment out the line:

function wp_guess_url() {
...
//$schema = is_ssl() ? 'https://' : 'http://';

Spam has always been a nuisance and affects many web applications on the internet. It didn’t take long for my blogs to receive some spam comments when I migrated to WordPress. Fortunately, WordPress and its community make several plugins available to counter these spam attacks.

By default WordPress comes with the Akismet plugin which checks your comments against the Akismet web service to see if they look like spam or not. However, to activate this plugin you need a WordPress API key which can be obtained by registering to WordPress.com.

Not wanting to register with WordPress.com, I went to see what the WordPress community had to offer. I decided to use Wp-SpamFree, which was one of the more popular and higher rated plugin. The plugin blocks spam without using CAPTCHA or challenge questions, and once activated the plugin will display the number of blocked spams on the dashboard.

Other plugins which I use are mention in my previous blog: WordPress Plugins.

By default WordPress uses web URLs which have question marks and lots of numbers in them that looks ugly. e.g. http://example.com/?p=123

WordPress offers you the ability to create custom URL structure for your permalinks and archives, which improves the readability, and forward-compatibility of your links e.g. http://example.com/category/post-name or http://example.com/year/month/day/post-name. To enable permalinks you first need to enable mod_rewrite for Apache. In Ubuntu execute the following:

$ sudo a2enmod rewrite

In the Apache configuration file, the FollowSymLinks option needs to be enabled and the FileInfo needs to be allowed for the WordPress’s home directory.

<Directory /var/www/wordpress>
    Options FollowSymLinks
    AllowOverride FileInfo
    allow from all
</Directory>

Create a .htaccess file inside the WordPress’s home directory and set read/write permission to it.

$ cd /var/www/wordpress
$ touch .htaccess
$ chmod 666 .htaccess

In the WordPress Dashboard navigate to “Settings” > “Permalinks”

Specific the URL structure which you desire, and click on the “Save Changes” button.

For security purposes remove the write permisson on the .htaccess file

$ chmod 644 .htaccess

Currently the WordPress community provides 2200+ plugins for WordPress users to install. Most plugins are easy to install while some require you to do some simple PHP coding afterwards.

To install a typical plugin, download the plugin and extract it into the wp-content/plugins folder of the WordPress root folder. In the Dashboard, click on the “Plugins” link and the “Activate” link to activate your plugin.

Plugins which I installed

Broken Link Checker: This plugin is will monitor your blog looking for broken links and let you know if any are found.

This requires the CURL library to be installed for PHP, otherwise an error will occur: Fatal error: Call to undefined function curl_init().

To install CURL library for Ubuntu:
$ sudo apt-get install php5-curl

Link Summarizer: This plugin produces a list of all the links you referred to in a posting. You can exclude links from the summary by specifying regular expressions for links that shouldn’t show up. For example, the regular expression I used to ignore links to the images of my blogs:

^http:\/\/.*\.vincentkong\.com\/.*\.(gif|png|jpg)$

Wordbook: This plugin allows you to cross-post your blogs to your Facebook Mini-Feed. Your Facebook profile will also show your most recent blog posts. This works similar to importing your blog’s RSS feed with Facebook Notes, but with some advantages as described in the Wordbook FAQ.

WP-ShortStat: WP-ShortStat is a litte statistics plugin for WordPress.

WP-Table: This plugin creates and manages tables for WordPress.

WordPress is an open source blog publishing system written in PHP with a MySQL database.

Installing WordPress

Download and the latest release of WordPress.

$ wget http://wordpress.org/latest.tar.gz

Extracting the file will create a new directory wordpress, move all the files into the a web server’s public HTML directory.

$ tar -zxvf latest.tar.gz
$ mv wordpress/* /var/www/wordpress

Create a MySQL database and user for WordPress

mysql> CREATE DATABASE databasename;
mysql> GRANT ALL PRIVILEGES ON databasename.* TO 'username'@'localhost' IDENTIFIED BY 'password';

Create a wp-config.php file and modify it to specific your WordPress settings.

$ cp wp-config-sample.php wp-config.php
$ nano wp-config.php

define('DB_NAME', 'putyourdbnamehere');
define('DB_USER', 'usernamehere');
define('DB_PASSWORD', 'yourpasswordhere');
define('DB_HOST', 'localhost');

The database character set, normally should not be changed.
define('DB_CHARSET', 'utf8');

The database collation should normally be left blank.
define('DB_COLLATE', '');

In version 2.5 WordPress introduced a new optional entry called SECRET_KEY, which enables better encryption of information stored in the user’s cookies.

define('SECRET_KEY', 'put your unique phrase here');

It’s recommend to change the value of the SECRET_KEY to a unique phrase. To help generate a unique phrase visit the WordPress secret key generation site. For more information on the SECRET_KEY refer to the Editing wp-config.php page.

Run the install script by pointing your browser to the URL of your website (e.g http://www.vincentkong.com).

After the installation has been successful, it’s recommend that you immediately login and change the randomly generated password.