Category Archives: Coding

All about coding

[SOLVED] Allow WordPress to accept plus (+) sign in usernames

It was revealed to me recently that a wordpress system which programatically creates user accounts via an external api, where we only allow email addresses as the username, anyone submitting a + sign in the username, the plus sign (+) was being stripped out.

For Example: was becoming (wordpress was stripping out the + sign).

So after a bit of sifting around the interwebs, I came across a plugin which allows foreign characters like Arabic and Cyrillic. So not exactly what I was looking for but I figured I could use some of the code.

Drop the following into your functions.php so that it overrides the filtering of the usernames when sanitize_user is called from WordPress core and edit the $allowed_symbols to permit the characters you would like in the new username when its created.

[SOLVED] Add a Custom Column in Custom Post Types Admin Screen Displaying Relational Data From Another Custom Post Type

I had a situation recently with WordPress where I had to display the Company Name against the Attendee profile when viewing a list of Attendees inside the WordPress admin.

Basically there was two custom post types (CPT’s), one was called “attendee” and the other “companies”. When editing an Attendee record we would assign it to a company so that we knew which Company the Attendee was assigned to.

After some ideas from the Advanced WordPress forum on Facebook, this is what I ended up with and code is included below.


Here is the code which I inserted into the themes functions.php to display the company name against the attendee record.

[Solved] Turn off 2FA on WHM with SSH Command Line

This morning I tried logging into one of my WHM servers with 2FA and it was not working.

(BTW: If you don’t have 2FA setup on your WHM login page then you are missing a great security feature on your Cpanel server).

I checked the Cpanel forums and found a page here showing how to turn off 2FA on WHM for a user using the API through command line, BUT IT DID NOT WORK.


After a quick chat with Cpanel Support Team they told me that running the command below through SSH will disable 2FA on the WHM server.

After running the command above I was able to log back into WHM without being prompted for 2FA credentials, then set up 2FA again and was back in business.

Phew! Panic Over.

[SOLVED] Using mysql_query in WordPress After PHP 5.5

Okay, I am a bit old skool and still use mysql_* and yes I can hear some of you sighing, face palming yourselves and rolling your eyes but I have built thousands of sites over the years, many of you were in diapers when I started and I guess I have been a little slow on the uptake as my code has always been secure and solid, however, yes I realise I need to stop using it because as of PHP 7 it will be removed completely (apparently).

My hope is that this post will help some poor soul, who like me has wasted hours of precious family or personal time trying to resolve the issue.

Annnnnnyway, so, last night I upgraded the PHP version on one of my sites from 5.1 to 5.5 and visited one of the WordPress sites on the server and could see anywhere we have used mysql_query, it was showing the following error:

Warning: mysql_query(): Access denied for user ”@’localhost’ (using password: NO) in/home/website/public_html/wordpress/wp-content/themes/ourtheme/custom/programmes/template1.php on line 4

Warning: mysql_query(): A link to the server could not be established in/home/website/public_html/wordpress/wp-content/themes/ourtheme/custom/programmes/template1.php on line 4
Access denied for user ”@’localhost’ (using password: NO)

I literally spent hours last night trying to find the root cause, I even got the official Cpanel Support team involved thinking it was an issue with PHP on Cpanel or maybe permissions on mysql were fuddled. After a few goes, even the cpanel guy gave up and said it had to be wordpress.

This morning I have come back with a fresh head and searched the google for about 45 minutes and stumbled upon a post (by 1and1 nonetheless…who would have guessed eh?) which suggested to add the following line to your wp-config.php file if you are still using mysql_query() on PHP 5.5

So I added that line to the wp-config.php and all the errors cleared up and the site is rocking on as usual.

You see, WordPress has stopped supporting mysql_* with PHP 5.5, even though PHP 5.5 still supports it, so in essence this was WordPress putting its foot down saying “hey you old dog! stop using non standard ways to connect to the wordpress database”.

Lesson learned and now off to start adapting code to more modern standards such as PDO and MYSQLi.

UPDATED 8/2/2017 – For some of the bigger sites, I will need to use MYSQL SHIM becaseu in some cases its simply not practical to recode everything..

[Solved] CTRL + C between Mac and Remote Windows Machine

I use a mac as my main machine, but very often I need to login to remote windows machines using Windows Remote Desktop for Mac to either work on native windows applications or do server tasks.

Making the mental switch though between CMD + C and CTRL + C quite often results in errors.

So, I have found the solution in the form of a piece of free mac software called “KARABINER” which allows you to switch the keys when you are connected through the RDP application.

Here is a link to Karabiner:


  1. Install the application Karabiner
  2. Once installed, open Karabiner:
  3. From the ‘Change Key’ tab, expand the ‘For Applications’ section
  4. Expand ‘Enable at only Remote Desktop Connection Client’ sub-section
  5. Check ‘Change command key to control key in RDC’

Now when you use the RDP app, you can continue to use Cmd instead of Ctrl.


[SOLVED] Force SSL and WWW on Sub Domain with .htaccess

I had someone today who was having some issues with their financial site and the SSL cert so I solved the main issue but noticed that visitors could navigate to https://www.{subdomain}.{domain}.com (with www).

Ideally, to keep things clean, they need to go to https://{subdomain}.{domain}.com (without www).

So after scrambling around for a bit trying various methods I settled on the solution below which you can place in your root .htaccess file and this will detect requests trying to access www on the subdomain and redirect them to the sub domain without www but maintaining/forcing SSL.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{ENV:HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301,NE]

Basically with this script, all roads lead to SSL on subdomain.

[SOLVED] – Simple WordPress xmlrpc.php Attack Prevention

Unless you have a decent WAF checking hack attempts on your server, then you are going to succumb to some serious overloading.

One of the favourites of hackers and comment spammers is attacking the xmlrpc.php file which comes as standard on your WordPress install.

If you are running a server with hundreds of sites, then its not practical to block on each account so you need to do it above the /home directory.

Here is a screenshot explaining what happens during an xmlrpc attack and how to prevent it.

Here how to stop the attack and get back control of your server load

1. Create an empty .htaccess file in /home
2. Add the following code to the .htacess file.

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
allow from

Now when you check your access log, you will see anyone trying to access the file anyhere on any of the sites in /home will be denied access.

[SOLVED] – merge tags issue with gravity forms + blank emails

I came across an issue recently where the merge tags from the admin notifications in Gravity Forms were coming out blank when the email notification arrived to the inbox.

Also, the email was not being inserted into the entries section of Gravity Forms.

This situation can happen for two reasons:

  1. There are some gravity forms table missing in your database
  2. Some of the tables in your database are corrupted.

If there is table corruption, just whip open phpmyadmin and repair the tables.

How to Install MEMCACHE on Cpanel Server and WordPress

I have read some good things about memcache and apparently facebook uses it, so thought it must be fairly decent.

I wanted to test it out on one of my WordPress sites which is hosted on one of my dedicated servers running WHM/Cpanel.

Lets Go!

1. Install MemCache onto your Cpanel server
# yum install memcached
# service memcached start
# pecl install memcache
# service httpd restart

2. Make memcache run even after reboots
# chkconfig --levels 235 memcached on

3. Check to see if memcache is running
# php -m | grep memcache


4. Integrate memcache into your WordPress site

a. Grab the wordpress plugin from here:

c. Upload object-cache.php file to your /wp-content folder
d. Add the following lines to the bottom of your wp-config.php file

global $memcached_servers;
$memcached_servers = array('default' => array(''));

THATS IT! memcache should now be working with your WordPress site!

If you want to confirm that memcache is working and see live stats, you will need to install memcache-top to your server, read the instructions below.

1. Download memcache-top source files

a. Grab the source files from:
b. In the downloaded file you will find memcache-top-v0.6 (without extension)
c. Rename it to memcache-top
d. Upload memcache-top to your server, like in /root

2. Run SSH command to monitor memcache

To run update every second run the following command (assuming you installed it to /root)

/root/memcache-top --sleep 1


Just change the numeric value to 5 for 5 second interval, 10 for 10 second interval etc.

Additional memcache commands

Restart memcache: # service memcached restart
Edit memcache config file: # pico /etc/init.d/memcached

Send Email When Windows VPS Starts Up with Batch File

I have some windows vps servers and when they are restarted I want to receive an email when they do, just so that I know what’s going on.

After some searching I found a great, free little utility called mailsend.exe

mailsend is not fancy and can only be run through the command line, but what it does allow is configuration of smtp servers, so in the case your vps has port 25 blocked, then just use gmail as your external mail server.

Here is an example of how an email can be sent from the command line using mailsend:

mailsend.exe -t -f -ssl -port 465 -auth -smtp -sub subject -M message -user -pass YourGmailPassword

Of course if you wanted to make this automated when the server starts up, just follow the directions below.

1. Download mailsend from mailsend

2. Install mailsend.exe into your C:\ drive (or anywhere you want)

3. Open the command line (Start > cmd)

4. Create a batch file in the startup folder of your machine by pasting the command below into your terminal window (of course, replace your details first).

set command=C:\mailsend.exe -t -f -ssl -port 465 -auth -smtp -sub "server 1 restarted" -M "server 1 was restarted" -user -pass YourGmailPassword exit
echo %command% > "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\email_on_restart.bat"

If you then check in your startup folder you will see a new bat file in there so when the windows vps is restated it will pump an email out to you letting you know that the machine just restarted.