You do not have sufficient permissions to access this page

Posted by Nessa | Posted in uncategorized | Posted on 16-05-2010

0

This was a particularly annoying error message that was occurring for one of my legacy plugins that I refuse to get rid of. There are a lot of sites that indicate the problem is with a failed upgrade or misnamed database tables,but for me it was simply an issue with an old plugin and wasn’t happening anywhere else.

My fix was to edit the plugin file and change instances of admin_head to admin_menu . It’s apparently just a compatibility issue with newer WP versions.

WordPress Thinks Network Solutions is Stupid

Posted by Nessa | Posted in uncategorized | Posted on 22-04-2010

6

Quick quiz: What does a hosting provider do when they know they’ve messed up and don’t want to deal with the fallout?

You apparently blame WordPress.

Don’t get me wrong here – being behind the scenes of server management for a webhosting company makes you the target of a lot of accusations.  And yes, most of the time when a user’s site gets hacked it’s their own damn fault. But in this case, Network Solutions is apparently trying to push their issues off on WordPress because they don’t want to admit they f***cked up.

Well, WordPress is pissed.  I logged into my dashboard today and the first thing I see in my news feed is:

A web host had a crappy server configuration that allowed people on the same box to read each others’ configuration files, and some members of the “security” press have tried to turn this into a “WordPress vulnerability” story.

To highlight the best part:

I’m not even going to link any of the articles because they have so many inaccuracies you become stupider by reading them.

P.S. Network Solutions, it’s “WordPress” not “Word Press.”

Burned.

In short, Network Solutions acknowledged that most of the problem was due to users’ public_html and wp-config.php files being readable by other users on the server – something which could have easily been caused by the users setting the permissions of those files insecurely. But they took a shot in the dark and said that the problem was caused by WordPress putting cleartext database credentials in the wp-config.php file – something that just about every software developer does, as WordPress states:

WordPress, like all other web applications, must store database connection info in clear text. Encrypting credentials doesn’t matter because the keys have to be stored where the web server can read them in order to decrypt the data. If a malicious user has access to the file system — like they appeared to have in this case — it is trivial to obtain the keys and decrypt the information. When you leave the keys to the door in the lock, does it help to lock the door?

Good point. They also went on to say that a properly configured web server will not allow users to access the files of another user, regardless of file permissions. This is why most hosts have switched to using suPHP or phpsuexec, a technology which Network Solutions was apparently left in the dark on. At least now they seem to be taking responsibility for the problem and are attempting to handle it.

I’m also going to state, based on comments in popular blogs from users that don’t know what the hell they’re talking about, that unless someone has access to view the source of a PHP file, they can’t see the database credentials. PHP files are executed server-side, and only their output is sent to the browser. Since the username and password are stored as variables and are not echoed out anywhere, someone simply calling wp-config.php from a browser can’t access your login data.

You’re probably going to find all kinds of fixes on various sites that this story is covered on, but I’m going to give the same advice I do for all my customers that have had sites hacked:

  • Change your FTP and MySQL user passwords
  • Replace all files on your site from a ‘clean’ backup
  • Make sure the software on your site is up to date
  • Scan your PC for viruses
  • Choose a secure host

Remember that your site can get hacked regardless of who your host is or how secure they are, though your host has to take some level of responsibly for hacks that are caused by their own bad configuration, such as in the case with Network Solutions.

Massive Upgrade Time

Posted by Nessa | Posted in uncategorized | Posted on 01-12-2007

0

I decided to stop being lazy and get around to those upgrades I needed for my site and server:

- Upgrade PHP to 5.2.5 and Apache 2.2.6

- Upgrade Gallery2 and the WPG2 plugin for WordPress

- Upgrade WordPress to 2.3.1

First, I should admit that I do use the EasyApache installer from WHM, as it has vastly improved to the point where I don’t have to troubleshoot its builds afterwards, nor do I have to go back and reinstall eAccelerator and Suhosin – The current release of cPanel now includes those options and I must say that they have become rather flawless. In other words, it saves me the time of compiling shit by hand when all I have to do is click a few buttons and it’s all done.

Second, I was avoiding the Gallery2/WPG2 upgrade because I remember that the first time I set it up it was hell, and since it was so long ago I didn’t want to go through that again.

Third, since my last WordPress upgrade I had numerous problems with plugins and as a result I had to tweak most of them because their developers hadn’t released an upgrade yet. I finally decided to just suck it in and upgrade, though it wasn’t as bad as I thought it would be. There are a few things to point out:

- Ultimate Tag Warrior has been discontinued due to WordPress 2.3.1′s native support for tagging. If you’re a UTW user like me, you can still keep your sexy tag cloud by follow these steps:

  1. In your admin section, go to Manager > Import and use the UTW import tool to convert your UTW tags to WordPress tags. Then go to Manage > Categories and convert your categories to tags too, if they were linked to UTW before.
  2. In your theme code where you normally would display your categories, change the code to <?php the_tags(”); ?> instead of <?php the_categories(”); ?> or whatever it was before.
  3. Since your tag cloud is now gone, remove the UTW code and replace it with <?php wp_tag_cloud(”); ?>. You can read more about configuring the tag cloud here.

Since removing UTW and upgrading my plugins and WP, I noticed that my site loads a ton faster though, so I’m overall glad that I finally got around to doing this stuff. If you’re lazy like me and still haven’t upgraded to WP 2.3.1, below is a helpful guide on how to do so:

http://polymathprogrammer.com/2007/10/29/upgrade-wordpress-2pt2-to-2pt3/

Increase Your Blog Traffic

Posted by Nessa | Posted in uncategorized | Posted on 15-06-2007

4

.!.

Yes, it’s another one of those. It seems that every blog has its own tips for increasing traffic, so I decided to add my own tips that seem to have worked for my site

WordPress 2.2 “Released”

Posted by Nessa | Posted in Uncategorized | Posted on 15-05-2007

1

And I use the word “released” very loosely. Yes, I just upgraded my blog to use WordPress 2.2 after this guy made it sound delicious. No, I don’t regret it, but I do think it would be best to wait for a bugfix. I shall start with the positives:

- It’s optimized a bit more to help your site load faster. This may or may not be noticeable to you, but it probably is to your webhost

- It’s harder to break your site by enabling a botched plugin. I tried to enable Staticized-Reloaded and I got what I interpret as the “WordPress Screen of Death”:

Wordpress Plugin Error

This is also a shame because this happens to be one bad-ass plugin.

Now for the bad, which outweighs the good:

- Don’t be surprised if your plugin database disappears. From some odd reason, WordPress could only find it after I created a new plugins folder and copied over my plugin files again….and yes, I had to re-enable all 30 of them.

- WP-Cache no longer works (at the time of this writing), and you’ll find that enabling it will cause some strange behavior on your blog. Oddly enough it also caused my plugin database to be erased yet again

- TinyMCE (the WYSIWYG editor) malfunctions, esp. in Firefox when trying to use certain functions.

- You may need to tweak your theme a bit. I had to make several code modifications to my sidebar and header files.

- Your boobs might shrink in size. Oops, wait…that’s what happens when you stop taking birth control.

Anywho, those of you who are thinking on upgrading, be prepared to spend a few minutes messing with your site and testing your plugins and such. It may be a good idea to wait for a bugfix, which by WordPress history will probably be out within the next few days.

WordPress Plugins That You *Might* Want to Avoid

Posted by Nessa | Posted in Uncategorized | Posted on 07-05-2007

2

If you haven’t noticed that my site’s been down for the last hour, it’s because I activated this mailing plugin that completely messed up my whole site to the point where I couldn’t even log in to deactivate it. It eventually came to me that if I move the plugin file it would de-activate automatically and poof, my website came right up. I guess my boss was right when he said I tend to be over-technical and miss the easy things.

Anywho, I’ve messed around with a lot of plugins and I’ve composed a tiny list of ones that you would probably be better off not installing. Some of these result in what Dan would call “the Internet version of ‘the clap’”

On the reverse, if you want to see the plugins that I recommend, you can view my post on the 13 Sexiest WordPress Plugins.

13 Sexiest WordPress Plugins

Posted by Nessa | Posted in Uncategorized | Posted on 13-04-2007

13

I decided to post a list of the WordPress plugins that I’ve found to be the most useful, a majority of which I use on my own site.
To see a list of plugins to avoid, see my other post.

How to Make a Sexy Tag Cloud with PHP and MySQL

Posted by Nessa | Posted in Uncategorized | Posted on 12-02-2007

33

Tag CloudWell it seems that everyone has one, and I’d have to admit that a tag cloud is a good way to spice up your site a little bit. I first thought of this when setting up a friend’s site… he wasn’t using a CMS like WordPress or anything that I could find a quick tag cloud plugin for, so I figured I could probably just make my own. Well, I did and now I shall share it.

This tutorial will show you how to set up a simple tag cloud using PHP and MySQL, with a little bit of Ajax effects
Before we get started, take a quick look at the sample cloud.