Half-Elf on Tech

Thoughts From a Professional Lesbian

Category: How To

  • WordPress: EU Compliance

    WordPress: EU Compliance

    ETA: Please check out Trac #19622 – There will be a new way to do this in WP 3.4

    Before I get into this, you do not need to do anything to WordPress to comply with the EU cookie law. The legal whoo-hah is clear: Third party cookies (and cookies which track data across multiple sites) are the only ones they’re talking about. MultiSite installs are, technically, one site, all owned and managed by one person, so it’s fine. Google.com, gmail.com and anything else registered to Google would also be fine internally.

    But if you’re dead set on this…. Let me explain first.

    For WordPress, if someone comments on your blog, cookies are stored on their computer that store three things: name, email and website. Even then, they’re only put in when the user enters then. That would entail implicit agreement to having cookies put on your computer, wouldn’t it? Even if you have no idea what cookies are? That certainly is a problem. People don’t know what cookies are, why they’re on their computers, and what they can do. But is that the responsibility of website owners to educate? Certainly, you can easily add a checkbox to your comment for that says ‘save cookies,’ have it link back to an explanation about what’s going on, and make it required.

    It would be pretty easy to flip WordPress around to not save cookies for non-logged in users.

    First you change your KEYs and SALTS in the wp-config.php (you can get new ones at http://api.wordpress.org/secret-key/1.1/wpmu/salt). This will force all users to log back in.

    Next you change your registration/login page to alert people to the cookies. There are plugins for this, and on BuddyPress you can edit your theme’s template page for registration easily. By having the login/registration page say ‘hey, you’re gonna get cookies if you log in!’ you’re now in compliance with EU law!

    Finally you slap this your header (or functions or a mu-plugin file), to delete cookies on every single page you visit, which will prevent cookies from staying on people’s computer ONLY if they’re not logged in:

    <?php if ( !is_user_logged_in() ) { wp_clear_auth_cookie(); } ?>

    One could go even further, making a check-box to permit cookies or not, though that would be far more complicated to track. This very basic way of making the code you own compliant is enough to get you through the day and keep the enforcers off your back.

  • Stopping Stalkers

    Stopping Stalkers

    We’ve all been there. One day you’re out enjoying the net, and the next you have a complete and total turd making your online life hell! What do you do? There are a lot of answers to this, but really it boils down to two types of reactions. You have to change your behavior, and you have to change your online accessibility.

    Changing your behavior is pretty obvious. Once someone starts abusing you online, calling you names, or just angry-ing up your blood, walk away. This is the hardest thing in the world, but do it. Most idiots will stop once you stop feeding them, which is why we always say ‘Don’t feed the trolls.’ When people go past your garden variety gnome moron, however, and start harassing you (and you know there’s a difference), you need to do more than just change how you react. Basically you need to stop making the problem worse. If you’re angry, you log off, walk away and grow the hell up, or you deal with the shit-storm you created.

    On the technical side of things, there’s a lot you need to do. If you’re on Facebook, Twitter, MySpace or any public forum with this person, you block them. If they evade the block by making new accounts, report them. Most sites have a policy about this, and the more you have to report them, the more likely they’ll get banned. Always remember to mention ‘I blocked this guy because as he was harassing me. Now he made to do it again.’ This will take a lot of doing, and a lot of arguing, but it will get things done. Block them on IM, Skype, everything you can think of that they might have.

    Once you’ve taken care of them on sites outside your control, let’s look at your site, which is the meat of this post.

    If you have a stalker, you want them to stop being able to contact you, right? If you have a blog, block their email in the comment blacklist. Just turf ’em. You don’t need to see them. If the harassment is bleeding into real life, I would moderate them instead, since you might need the comments for later proof in a legal case, but the effectiveness of that is in doubt right now (it’s too easy to fake that stuff). Make a note of the IP address and block that as well.

    In fact, block the IP from your server via .htaccess:

    order allow,deny
deny from 123.45.6.7
deny from 012.34.5.
allow from all

    If you have a firewall on your server, toss the IP in there as well. This servers two purposes. Most importantly, you no longer have to deal with nasty comments, but also, you are no longer feeding the troll, because the troll can’t get in. Of course, this isn’t perfect, as most of us use multiple IPs because our addresses, even with high speed, will change. This will only become more and more futile as we get into IPV6. In fact, you may recall I once said Don’t block IPs. When I said that I was talking, specifically, about spammers and bots. Blocking them by IP is futile. But blocking your stalker? Actually effective in certain cases, because some stalkers aren’t very technical. Alas, it’s only some. When you have a smart stalker, who knows how to use proxy servers to their benefit, you have to start learning tricks like How to Block Proxy Servers via htaccess.

    This won’t stop everything, of course, and I generally spend a bit of time with my firewall (I use CSF), activating the Real Time Block Lists (RBLs) and adding in certain countries to my block list using CC_Deny. I don’t like doing that, but sometimes you have to. I’m a pretty big advocate of Bad Behavior which, while it runs via PHP, can be instrumental in stopping bots. That helps me sort out proxy servers, since once you understand how Bad Behavior works, you can check its logs and weed out the proxy servers. Grown up Geek’s post on How We Block Proxies, Bots, Scrapers, Trolls & Assholes is an invaluable resource here.

    This also doesn’t stop email, and I personally filter all of mine on the server level. This does mean I keep the emails on my server, but again, this is something useful to have if these things ever go to lawyers. If you use IMAP, generally it’s okay to keep the emails up on the server, but it’s also a good idea to save them as .eml files to your computer, as they store all the data needed to trace back the emails. Most of us never need this, but the CYA is worth it.

    When things start to spill over into your ‘real’ life (or at least your physical world), don’t be afraid to go get a lawyer. Yes, this will cost money, but if you’ve done all this and can use it to prove this person is escalating their behavior, a good lawyer will know how to get you a restraining order. If you’re not being stalked today, lucky you! I would strongly suggest you do a few things in advance, though! You already know not to put anything out on the net if you don’t want it found, but I would also say that if you registered a domain, consider making your registration private. That will hide your address and phone number. If they’re calling your phones, the phone company can block them, and it’s definitely worth your while to ask them to do so. Peace of mind is part of the reason, but the other is that if you ever end up in court, you can show them the phone company records.

    A word of legal advice, here. The courts recently ruled that an IP address is not a person. This means that even if you have a bunch of emails and comments and whatever from a specific IP, that alone won’t be just cause for a warrant to break the door down. That’s a good thing for most of us, and means you’ll have to do detecting the old fashioned way.

  • WordPress: Open Comments More Selectively

    WordPress: Open Comments More Selectively

    There are a whole lot of tricks you can do with SQL to enable/disable comments.

    If you want to turn them on for every single page, there’s this:

    UPDATE wp_posts SET comment_status = 'open';

    But me? I don’t like to blanket turn things on! I don’t like to have my pages allow comments, you see, so I use this instead:

    UPDATE wp_posts SET comment_status = 'open' WHERE post_type = 'post';

    I find this preferable than just opening it for everything (most people will tell you to omit the WHERE clause) since if you do that, you open comments for attachments, pages, CPTs and everything. Which I never want.

    But what if you did open comments for everything and now you realized, oh snap!, you want to turn them off on attachment pages? That’s pretty easy:

    UPDATE wp_posts SET comment_status = 'closed' WHERE post_type = 'attachment';

    For more awesome SQL queries, check out Digging into WordPress – Easy Comment Management via SQL or the incredible Andrea’s How to Close Comments Across a MultiSite Network.

  • WordPress: Sticky Posts On Static Front Page

    WordPress: Sticky Posts On Static Front Page

    I built my Dad a site, and while he still emails me the content, I still want the code to be easy to use for me and, in theory, for him one day.  The original design was (and is) a static front page with the whole company spiel.  Dad rarely changed things since 1999 anyway, so I figured I was pretty safe keeping that layout.  I did add in a ‘News’ page, which he could use to ‘blog.’  I keep trying to explain that it’s not being a nerdy blogger, it’s a way to reach out to his readers, but … well, it’s a paradigm shift for him.

    Then February happened.

    Dad lives in Japan, you see, and among other things, works on Risk Analysis for nuclear power plants.  This Fukushima disaster is his bread and butter and in his backyard.  Obviously he’s involved.  This had a round-about way to making he delve into theming more than I normally do, because my Dad wanted to put something on the front of his page.  I thought that it would be a one time thing, but last night he wanted to change it with a new thing.  Suddenly Dad needs featured posts!

    On one of my sites, I use a special category for featured posts, list five in a sort of news/image scroller that swipes across your screen.  It works.  What Dad needed was a little different:

    1. A way to flag a post as ‘featured’ or ‘forward facing’
    2. Keep his main ‘page’ stuff below
    3. Show videos (embeds don’t work in the_excerpt)
    4. Show nothing if you have no featured posts

    Thanks to Twitter, I came up with a pretty simple answer.  For a brief moment, I toyed with making this a widget, but since I already had a special front page template for the site, instead I added a special loop that runs at the top:

     <?php
	$sticky = get_option( 'sticky_posts' );
	rsort( $sticky );
	$sticky = array_slice( $sticky, 0, 1 );

if (is_numeric($sticky&#91;0&#93;)) {
	/* Query sticky posts */
	query_posts( array( 'post__in' => $sticky, 'caller_get_posts' => 1 ) );
		while ( have_posts() ) : the_post();
		the_title('<h3>', '</h3>');
		if($post->post_excerpt) :
			the_excerpt();
		else:
			the_content();
		endif;
		endwhile; // End the loop. Whew. 

	wp_reset_query();
}
?>

    From Justin Tadlock we get the very helpful Get the latest sticky posts in WordPress which I used to show the first (and only) sticky. Obviously change the 1 to the number of stickies you want.

    <?php
	$sticky = get_option( 'sticky_posts' );
	rsort( $sticky );
	$sticky = array_slice( $sticky, 0, 1 );
?>

    Once we’re in the meat of the query, I wanted to show the full post if there’s no custom excerpt, and then just the excerpt if there is one.  This works around the annoying fact that you can’t embed videos in the excerpt (images and italics, yes, but not videos). Also, I tossed in if (is_numeric($sticky[0])) {} around the whole thing. If there is no sticky post, then $sticky[0] (which is the first item in the array $sticky) isn’t a number, it’s ‘null’ (which means ‘Hey! Nothing here!). My check is simply ‘If there’s any number in here, we’re good!’

    <?php
	query_posts( array( 'post__in' => $sticky, 'caller_get_posts' => 1 ) );
		while ( have_posts() ) : the_post();
		the_title('<h3>', '</h3>');
		if($post->post_excerpt) :
			the_excerpt();
		else:
			the_content();
		endif;
		endwhile; // End the loop. Whew. 
?>

    At the end I called in wp_reset_query(); so I could reset the query and go back to the regularly scheduled post.

    There’s really not a whole lot customized on Woody.com, but what there is works and it’s simple. I try to keep everything such that if Dad every decides he can do this stuff, it will be straightforward so he can do it. Telling him ‘Mark a post as sticky and it’ll show on your home page’ is easy. He can do that.

  • Show Site ID Columns in MultiSite

    Show Site ID Columns in MultiSite

    This is totally a use at your own risk sort of thing. I really have no plans to do anything with it, and no, you cannot sort by ID due to limitations in how the columns work in WordPress.

    Installation Instructions
    Make a file called show-site-ids.php, put this code in it, and upload to your mu-plugins folder.

    <?php
/*
Plugin Name: Show Site ID
Plugin URI: https://halfelf.org/hacks/site-id-columns-multisite/
Description: Show Site ID in Sites Column for Multisite
Version: 1.0
Author: Mika 'Ipstenu' Epstein
Author URI: http://ipstenu.org/

        This plugin is free software; you can redistribute it and/or modify
        it under the terms of the GNU General Public License as published by
        the Free Software Foundation; either version 2 of the License, or
        (at your option) any later version.

        This plugin is distributed in the hope that it will be useful,
        but WITHOUT ANY WARRANTY; without even the implied warranty of
        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
        GNU General Public License for more details.

*/

function siteid_columns($column, $blog_id) {
        global $wpdb;
        if ( $column == 'site_id' ) {
                echo $blog_id;
        }
        return $value;
}

// Add in a column header
function site_id($columns) {
    $columns&#91;'site_id'&#93; = __('ID', 'site_id');
    return $columns;
}

        add_filter( 'wpmu_blogs_columns', 'site_id' );
        add_action('manage_sites_custom_column',  'siteid_columns', 10, 3);
        add_action('manage_blogs_custom_column',  'siteid_columns', 10, 3);
?>
  • WordPress Google Libraries

    WordPress Google Libraries

    A lot of people would rather use Google Hosted JavaScript Libraries. Why? Here are three good reasons. Okay, great. How do you do it in WordPress? DigWP has you covered.

    But if you want to do it for WordPress MultiSite, for all sites on your network, you can toss this into your mu-plugins folder. I named my file googlelib.php and dropped it in. Bam.

    Oh and there’s also the Use Google Libraries plugin, by Jason Penney, which works great too. Just drop the use-google-libraries.php file into your mu-plugins folder and call it a day.

    <?php
/*
Plugin Name: Google Lib
Plugin URI: http://digwp.com/2009/06/use-google-hosted-javascript-libraries-still-the-right-way/
Description: Use Google Hosted JavaScript Libraries (... Still the right way)
Version: 1.0
Author: Mika Epstein
Author URI: http://ipstenu.org/
*/

if( !is_admin()){
   wp_deregister_script('jquery');
   wp_register_script('jquery', ("http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js"), false, '1.4.4');
   wp_enqueue_script('jquery');
}

?>