I recently created this program to help me deploy and update clients’ sites using Github.
If you’re looking for a free, lightweight, self-hosted, Github based deployment solution, please give it a try!
You can find the repo here.
Author: mikey
Automated WordPress vulnerability checking with Wordshell and WPVulnDB
The WPScan Vulnerability Database (https://wpvulndb.com/) provides an excellent service for checking your WordPress core, themes and plugins for known vulnerabilities.
It is a little tedious to use manually (i.e. enter your core version and the names and versions of your themes and plugins one at a time), but an API is provided which can make this an automated process IF you can get the core, theme and plugin details automatically as well.
Anant Shrivastava wrote a tool which makes use of WP-CLI and the WPVulnDB to check your WordPress installation for vulnerabilities. It’s here on GitHub. It uses WP-CLI to extract the WordPress core, theme and plugin versions from your site, and then checks them against the VPVulnDB database. It uses version 1 of the WPVulnDB API so it’s a little out of date now but I think it still works. So if you’re using WP-CLI this is probably worth a look.
Unfortunately for me, it seems most of my clients’ websites don’t allow SSH access so I’m stuck with FTP. This is mostly why I purchased Wordshell, which is an excellent piece of software for managing multiple instances of WordPress. It doesn’t require SSH or a plugin to be installed, which is awesome.
Another Wordshell customer requested some sort of tool which would do for Wordshell what Anant’s commandline vulnerability reporter does for WP-CLI. I thought that was a great idea, so made it myself. You can find my wsvulndb_commandline tool here.
If you use Wordshell, please give this a go and provide feedback!
Getting BrowserSync working with Vagrant
I just recently started using the Sage starter theme for WordPress theme development, after positive recommendations from many theme developers. I had been using Bones theme, which was (and still is) excellent, but Sage is (in my opinion so far) even better.
One of the cool features of Sage is BrowserSync, which automatically keeps a linked browser updated with changes as you make them. The problem is, I do my local development using Vagrant/Virtualbox, and BrowserSync doesn’t work inside Vagrant without a little bit of tweaking.
I like to run gulp etc inside the VM, in order to keep my host machine as clean as possible. This is much slower and BrowserSync doesn’t work out of the box this way, but that’s just too bad. As long as I can get the Sage dev tools to work at a reasonable speed, I am reasonably happy with that. Anyway..
If you want to run browsersync inside Vagrant, the fix is really simple. What you need to do is forward the (3000 & 3001) ports using Vagrant.
Simply add the following lines to your Vagrantfile:
config.vm.network :forwarded_port, guest: 3000, host: 3000, auto_correct: true
config.vm.network :forwarded_port, guest: 3001, host: 3001, auto_correct: true
That should do it! Thanks to KahunaCoder for providing this solution on StackOverflow here.
How to fix /bin/bash^M: bad interpreter: No such file or directory error
Ever get the error /bin/bash^M: bad interpreter: No such file or directory ?
This frequently occurs when moving files between Windows and OSX/Linux environments and the files haven’t been saved with the correct encoding.
There are a few ways to fix it, including using dos2unix or saving the offending file with the correct encoding, but here’s my favourite:
https://gist.github.com/mikeybeck/4c2bb518b088ca319a246b80beed3703
Simply run the above bash script on the broken file and the error should be fixed, just like that!
I’m jumping ship back to WordPress
Yep, I’m one of those people.
Couldn’t stick it out with a real hacker’s CMS, so I’m returning to my former flame, good old WordPress.
I’m sure I will miss the speed and security of having a database-less static site, but I just love WP too much. I thought Jekyll would be easier to administer (and it is really), but adding content was a bit of a pain – I don’t need a WYSIWYG editor, but I never really got the hang of Markdown. I’m almost as fast at writing HTML, plus I feel like I have a lot more control over the output.
I really missed being able to do anything server side. While javascript can do a huge amount, I found it a pain to have to use JS for everything dynamic, and having to use weird workarounds for all kinds of things that a database-driven CMS can do in its sleep.
Also, I really really really don’t like Ruby. Somehow I just don’t ‘get it’. I wanted to like Ruby but I try to do basic things and they just don’t work. I don’t have any examples off the top of my head, as I’ve purged them from memory, but I’m sure if I have to do any Ruby in future they’ll come flooding back.
Another reason is I mostly do WordPress sites for my clients. So not using WordPress on my own website is just a bit silly really.
For more ship-jumping reasons, you can read the blog of any other person who’s done the same thing. Funny thing is, many of those blog posts probably existed before I even started with Jekyll and I probably read them too, but I was sure I’d be different. I ignored the nagging doubt in the back of my mind and went for it anyway. And I’ve come crawling back.
So here’s to insecurity, constant site-breaking plugin updates and slow database queries! (I’m half kidding – these things are totally worth it for the awesomeness of WordPress).