WordPress – erick t. hitter

Plugin updates and translation lessons

I can think of many excuses to explain why I’d, until recently, neglected my WordPress plugins. For some time now, I’ve only set aside time to bump their WordPress-version compatibility and respond to the occasional support thread. As my plugins’ users may have recently noticed, this has changed. I added block-editor (Gutenberg) support to both External Permalinks Redux and WP Revisions Control. I also fixed all of my actively-maintained plugins so that they can be translated through translate.wordpress.org. Today I’m revisiting a plugin, Automatically Paginate Posts, that I have ignored for more than two years; it requires some serious revisions to make it compatible with the block editor, and now feels like the right time to undertake that effort.

One interesting discovery that came from fixing my plugins’ support for translations was the realization that, while I thought I’d done everything correctly, I’d actually overlooked several key details. I was diligent about wrapping all user-facing strings in appropriate translation functions, and I’d followed best practices for building strings in ways that made them translatable as a whole (rather than concatenating translated chunks), but I hadn’t chosen proper text domains nor had I called all of the functions required to apply available translations.

Lessons Learned

Error message shown when a plugin is not properly prepared for translation

If your plugin supports WordPress versions older than 4.0, both the Text Domain plugin header and a call to load_plugin_textdomain() are required.
If your plugin includes a block-editor component that contains translatable strings, a call to wp_set_script_translations() is required.
The plugin’s text domain must match its slug on WordPress.org if you wish to allow the community to submit translations that aren’t bundled with the plugin itself.

There’s a lengthy documentation page that covers all of the above and more: https://developer.wordpress.org/plugins/internationalization/how-to-internationalize-your-plugin/. I should’ve paid closer attention to it.

Supporting My Plugins

If you find any of my plugins beneficial and would like to support my development efforts, please visit my donation page for links to various ways to provide financial support.

Recent Plugin Updates

Over the last few weeks, in anticipation of the release of WordPress 5.2 and to test my GitLab-CI-based plugin deployments, I’ve made minor updates to several of my plugins.

Rate limiting: another way I guard against brute-force logins

For the last few weeks, the VPS powering this site received an increase in nefarious traffic arriving via IPv6. Perhaps unsurprisingly, much of this traffic came as brute-force login attempts against my WordPress site, and its arrival over IPv6 was key.

As I noted in my post on login monitoring, I already employ fail2ban, in conjunction with Konstantin Kovshenin’s technique for blocking failed WP logins. Unfortunately, fail2ban only supports IPv4, which is the only reason I even noticed this uptick in login attempts or needed to address it.

Continue reading Rate limiting: another way I guard against brute-force logins

Solr search for Dovecot and WordPress

Perhaps the most-significant effect of leaving Gmail behind was the loss of its search capabilities. While I miss labels, I’ve found that filing an email into a single folder has forced me to be more deliberate, more organized. Search, however, was a feature I had to replicate.

When considering search solutions, any potential choice, at a minimum, needed to support Dovecot 2.2¹. Ideally, WordPress would also be indexed by whatever solution I chose.

Continue reading Solr search for Dovecot and WordPress

Full-text search options changed in version 2.2, hence my emphasis on that particular point release. Dovecot Pro, which I don’t pay for, includes a new full-text search tool, which supersedes the option Dovecot provided previously. ↩

Simple WordPress shortlinks

I recently decided to abandon YOURLS as my shortlink solution, opting instead to handle short URLs entirely within WordPress. This choice is not a reflection on YOURLS–it’s still a great product–but rather was borne from my use case for shortlinks; I concluded that, since I only used them in conjunction with WordPress, an external shortlink service was excessive.

While WordPress has provided a native shortlinks feature since the 3.0 release, it uses query strings rather than pretty permalinks. This means that the shortlink for this post would be http://ethitter.com/?p=6360. It’s not the prettiest URL, nor will many systems cache that request; as a result, each shortlink that’s followed would load all of WordPress just to perform a redirect to the post’s full URL. Unsatisfied with Core’s handling but also unwilling to retain YOURLS, I wrote a small WordPress plugin to address my needs.

Continue reading Simple WordPress shortlinks

Dropping IPv6 traffic during a brute-force attempt

ip6tables -A INPUT -s 2002:5bc8:d05::5bc8:d05 -j DROP

2002:5bc8:d05::5bc8:d05 recently attempted a brute-force login against this network’s wp-login.php. The above abated that effort. 😂

Planning for the post that Matt links to

For most of the time that I’ve had my multisite network and the underlying infrastructure that I’ve written about lately, I’ve been overly focused on performance and scalability.

I say “overly focused” because I average about 50 views a day here on ethitter.com, on a good day. I write about exceedingly technical–or exceedingly uninteresting–topics, so that’s no surprise.

It’s also no surprise that my two most-popular posts are both about Automattic: the first announcing my hiring, the second declaring that Matt will have to fire me to be free of me. Interest in our hiring process and company culture far exceeds that which exists for my blathering.

When Matt retweeted the latter post back in January, my heart paused, then skipped into overdrive. Beyond the excitement of Matt recognizing my post, I immediately feared the embarrassment of my site crashing.

As it turns out, I had nothing to worry about. The pageviews were, while meaningful for this humble site, insignificant as far as the infrastructure was concerned. No resource-usage alerts were triggered, nor did my provider inform me that I’d exceeded my plan’s allotments. Between Redis-based object and page caching, nginx microcaching, and a robust CDN, there was really no cause for concern.
Continue reading Planning for the post that Matt links to

Building My Network

Over the past three years, I’ve spent more time than I care to admit on a single project. It started off innocently. Since then it’s grown to occupy a significant place in my daily thoughts.

As you read this, you’re experiencing the product of these efforts. Perhaps you clicked on an eth.pw short URL to get here. If not, your browser still had to figure out how to get to ethitter.com. Now that you’re here, maybe you need to contact me via email. To make any of these endeavors possible, I’ve built a personal “network” of servers and had endless fun doing so.
Continue reading Building My Network

I’m a GSoc Mentor!

Yesterday, Jen Mylo announced the WordPress-related projects that were accepted into this year’s Google Summer of Code program. I’m very excited to participate as a mentor this year, working with Nick Halsey (aka celloexpressions) as he adds menu management to the Customizer.

The Customizer gained widget and header controls in 3.9, leaving menus as one of the last major appearance features without an accompanying Customizer control. Hopefully that won’t be the case much longer.

Redis Object Cache plugin available for download

The Redis Object Cache plugin I wrote about a few weeks ago is now available for download from WordPress.org: http://wordpress.org/plugins/redis-object-cache/. Eric Mann, with whom I worked on the plugin, explained in his release post his initial motivations for creating the plugin.