Advertisements

Posts Tagged WordPress

Drupal and Yourls

Actually, this should work with any CMS supporting PHP code blocks: Drupal, Joomla, WordPress (with a  plug-in), phpBB, etc. Has been tested working with Drupal 6, Joomla 1.5.

You’ll want to replace YOUR-YOURLS-DOMAIN-HERE below with the actual YOURLS domain, and API-SIGNATURE-HERE with the API key found at your YOURLSDOMAIN/admin/tools.php.

<?php
if ( isset($_REQUEST['url']) ) {
$url = $_REQUEST['url'];
$keyword = isset( $_REQUEST['keyword'] ) ? $_REQUEST['keyword'] : '' ;
if ($keyword) { $keyword = '&amp;keyword='.$keyword; }
$return = file_get_contents('YOUR-YOURLS-DOMAIN-HERE/yourls-api.php?signature=API-SIGNATURE-HERE&amp;action=shorturl&amp;format=simple&amp;url='.urlencode($url).$keyword);
echo <<<RESULT
<h2>URL has been shortened</h2>
<p>Original URL: <code><a href="$url">$url</a></code></p>
<p>Short URL: <code><a href="$return">$return</a></code></p>
RESULT;
} else {
echo <<<HTML
<h2>Enter a new URL to shorten</h2>
<form method="post" action="">
<p><label>URL: <input type="text" name="url" value="http://" size="50" /></label></p>
<p><label>Optional custom keyword: <input type="text" name="keyword" size="5" /></label></p>
<p><input type="submit" value="Shorten" /></p>
</form>
HTML;
}
?>

The idea was based off this post, which I could never get to work for me. It always had a PHP error, and it depended on having Drupal and Yourls installed on the same site. The above code will work even if the installation is remote (on a different server). It only requires that you’re able to get an API key.

Feedback is welcome.

Advertisements

, , , , , ,

Leave a comment

Optimizing WordPress

So after my little fiasco with plug-ins and CPU throttling, I’ve been looking for ways to make WordPress at least a little lighter and faster. I’m not going to cover disabling plug-ins, I’m going to go over a few other ways, starting with …

Disabling revisions:

Every time a post is edited and/or published, a new revision is created. These stick around in the database (never deleted) and can not only grow the database, but can also lengthen query times for information. So, per MyDigitalLife and the WordPress codex, here’s the quick-and-dirty:

…simply add the following line of code to wp-config.php file located in the root or home directory of WordPress blog.

define('WP_POST_REVISIONS', false);

If you would rather limit the number of revisions to something small, say 2 for example, just use the number instead of FALSE:

define('WP_POST_REVISIONS', 2);

It should be added somewhere before the require_once(ABSPATH . 'wp-settings.php'); line. That’s it. Revisions will no longer be created. If you want to delete previously created revisions, read on…

Deleting revisions:

So now that you’ve disabled revisions, how do you delete all the old cruft laying around? MyDigitalLife has the answer on this one too.

…and then issue the following [SQL] command (it’s also recommended to backup the database before performing the deletion SQL statements):

DELETE FROM wp_posts WHERE post_type = "revision";

All revisions should now be deleted from the database.

Caching:

Caching is a hot button for sites that could potentially see high amounts of traffic (and since we would all like to be in that category…) The caching plug-in that I use and recommend is WP Super Cache. The UI is easy enough to work around, though it does require editing of the .htaccess file.

Database queries:

Shared hosting providers get real upset when applications and scripts perform excessive and unoptimized database queries. Heavy themes, excessive numbers of widgets, and badly-written plug-ins all contribute to this. Fortunately, a post on CravingTech points to an easy method to check the number of queries happening on a single page load.

You can insert this snippet of code on your Footer.php file (or anywhere) to make it display the number of queries:

<?php echo $wpdb->num_queries; ?> <?php _e(‘queries’); ?>

After looking at the number of queries occurring on a page load, try changing themes, disabling plug-ins, and/or reducing the number of widgets on a page to reduce the number of queries. SQL Monitor looks like a useful plug-in for further examining SQL queries, but I haven’t used it, so I can’t comment on it’s usefulness (or lack thereof).

Also…

I’ve stumbled on some additional information while researching, and apparently the “WordPress should correct invalidly nested XHTML automatically” setting (under Settings > Writing) can not only increase the load when a post is saved, but can also break some plug-ins. If you’re familiar enough with (X)HTML to handle correctly closing tags, you might actually be better turning this off.

You can also find other settings for wp-config.php on the WordPress Codex page.

Are you a WordPress user? Do you have any experience optimizing your WordPress installation? Have you tried any of the methods listed above? Did they work for you? Have any methods other than the above that you’ve tried?

, , , , ,

Leave a comment

Beware of poorly-written CMS plugins.

CMS systems like WordPress, Drupal, Joomla, etc are rife with plug-ins and modules you can add for extra functionality, but it’s really hard to tell the load that some of those add-ons place on your system and database. When you want to have a website that won’t collapse under load (or take the server down with it) it’s important to have well-written plug-ins. Many times we install things assuming without knowing the impact they can have. Especially in the case of shared hosting where everyone shares a server, it’s important to play nice — or face the possibility of having your hosting account suspended because you put too heavy of a load on the system.

I got to experience both sides of this first hand. Some time back I had my Drupal site hosted on my own machine. In searching for a decent chat room, I found the Drupal chat room module. It was easy to install and set up, and I had a few friends joining in to give me feedback on it. After 3 or 4 people joined, it started to get really laggy. I took a look at the server and saw that it was literally drilling a hole in the SQL server. The amount of queries and load that it was producing was just unbelievable. So I disabled it. Lesson learned.

Last night while I was making some changes here, I noticed a lot of issues with pages taking forever to load, lost connections to the MySQL server, etc. Since I’m on shared hosting, the first thing I thought of was “maybe the server is having an issue?”

So I checked server status: Nothing.

I let it go and kept making edits to my pages, but noticed the problem was getting worse instead of better. I checked server status again; nothing. I thought: There has to be a problem somewhere. So I looked through my cPanel and found an icon that I thought might give me a clue: CPU Throttling.

What you see below on the left side of the red line is what I saw (I took the screenshot 15 hours after I started working the issue so I would have a clear before-and-after).

BlueHost uses a unique CPU throttling approach, not primarily to control CPU/RAM usage, but to control scripts which pound on the SQL database and make time-consuming queries. If the database gets pounded too hard, it becomes a major issue for everyone on the server. So they throttle access to the database for load spikes, and that keeps everyone happy. They say that a throttle of 500 sec/hour is acceptable, and you shouldn’t see any slowdown from it. Obviously my problem was way beyond that.

I was obviously having an issue with some script, and it needed to be fixed immediately. Since they make log files available to you for “Slow SQL queries”, I took a read through them. I saw here and there 1.3, 1.5, 1.8 seconds… not terrible. Then I saw the issues. I had SQL queries that were running 3, 4, 5, 6, even up to 8 seconds each. You know what? It wasn’t even this site. It was the feeds module I had added to another site.

So I weighed the benefit I was seeing to the site (which was zero) and went ahead and started purging the data and disabled the modules. This took a few hours (because of the already throttled connection state), and when I was done I let it idle for an hour and made sure I was no worse off than before I had started. It was nearly 3am, so off to bed I went.

I woke up this morning and immediately checked the CPU throttling chart. Not only was I under the 500sec/hr target, I was less than half of it.

screenshot-1

The worse part of this is that I was almost never aware of the issue. It wasn’t until I stated making bulk edits that I noticed there was a problem.

This does happen to be a system that only BlueHost offers. My only request might be that I could have gotten alerted via email when the load spike shot up so I could have been aware of the issue rather than having to find it out myself. But in any case, I saw it, I took care of it, and all is well.

Have an experience with a script that negatively impacted your CMS or server platform? Please share it below…

, , , ,

Leave a comment

Captchas, Anti-spam services, and Bad Behavior

I run this WordPress blog as well as a Drupal-powered forum site and one of the biggest challenges that any webmaster can have is controlling spam — both in comments and user sign-ups.

I used to rely heavily on captchas, and I’ve gone through several captcha and non-captcha systems to try to find the “ideal” solution: One that cut the spam down to nearly nothing as well as not putting too much of a burden on the legitimate users (as to possibly deter them from participating on the site).

Here’s what I’ve tried, and what I’ve learned in the process:

reCAPTCHA (WordPress, Drupal): This service aims to stop bots and spammers by presenting two words.

Pros: As a side effort, the service also aims to help digitize books by using the legitimate users to correctly identify one of the mangled words provided. Also has a feature called “reCAPTCHA Mail Hide” to hide email addresses behind a captcha to keep them from being harvested by web bots.

Cons: reCAPTCHA has one distinct weakness: Only ONE word needs to be correctly entered to pass the captcha. Additionally, at least one implementation has a weakness making the captcha worthless.

Mollom (WordPress, Drupal, Joomla) : Mollom is a text analysis service with a captcha fallback.

Pros: Aims to be unobtrusive. Does not present the user a captcha unless textual analysis cannot be performed or appears to the service to be a spam submission. Captchas are “cleaner” looking than other services (less visual distortion). Audio captchas.

Cons: Limitations on the free service, and does not scale well. Free service only allows 1,000 legitimate posts per day, then it’s 30 EUR/mo/site. (Around $50 USD). No service uptime guarantee with the free service.

Akismet (WordPress, Drupal) : Akismet is a non-captcha anti-spam service that does textual analysis (similar to Mollom) except completely without the aid of captchas.

Pros: Comes installed on all WordPress.COM blogs by default and needs no configuration. Powered by, and maintained by Automattic, the same team behind WordPress and Gravatar. Suspicious submissions are placed in a moderation queue for the administrator to manually approve, with the option to automatically expire (delete) them after 30 days or so. Easy setup via an API key.

Cons: Akismet weighs input the same across all Akismet-protected sites. This means that someone who submits a comment on an Akismet-protected blog that gets flagged as spam would get the same treatment on an Akismet-protected forum (and every other Akismet-protected site for that matter) until enough comments get marked as false positive for the system to re-learn the user is not a spammer. I had a user that got hit by this false-positive treatment the first day I implemented Akismet on another site and it became a hassle. When I enabled Akismet on this WordPress site, his comments were still getting flagged as spam. That’s a serious issue for me. (Akismet FAQ)

Defensio (WordPress, Drupal, Facebook) : Similiar to Akismet, weighs each source seperately, and offers Facebook protection as well.

Pros: Defensio is a service similar to Akismet, but weighs content from each website (blog, forum, etc) separately to avoid mistakes. You register each web property you want protected and obtain an API key for each. Slow to learn at first, but avoids false-positive/negative and cross-property disasters like I mentioned above with Akismet. This service is a favorite of mine. Additionally offers profanity / file link protections, as well as customizable filters. (Link)

Cons: Slow to learn at first. Might require you to manually flag content until it learns. Currently free, though they mention possibly charging for the service in the future for commercial users.

Bad Behavior (WordPress, Drupal, Joomla) : Not a captcha or textual analysis service at all, takes a completely different approach

Pros: Filters access at the http level, by blocking proxies, historically abusive IP addresses, suspicious user-agents, and malformed requests. Cuts down on bandwidth, spammers, users who are accessing site content through known proxies, etc. Conserves server bandwidth and resources, as pages are not served up at all when a block is performed. No training required.

Cons: It’s possible that a number of users whose ISPs force proxies may be blocked, but I have not seen evidence that this is happening on my sites.

So there you have it. Personally, I use a combination of Bad Behavior and Defensio on my sites, and I’ve seen a big drop in the amount of spam.

Have experience with one or more of the above? Please share it!

, , , , ,

Leave a comment

WordPress

I started with Drupal for a CMS, and didn’t pick up WordPress until just a few days ago, though I have seen mentions of it everywhere.

Initially I used Drupal for a blog, then expanded it to forums. For the blog portion, Drupal was good, but WordPress is so much better. WordPress is easier to use and upgrades and plugins can be done from the web interface (rather than needing SSH access). Much smoother.

I’m a happy wordpress user now :)

I am still keeping my Drupal site for forums. It serves its purpose.

,

Leave a comment

Web Analytics Reviews

I wrote this piece after going through several analytics packages in search of the best fit for my sites and needs. Here’s what I came up with…

What I’m looking for in an analytics tool:

Ability to track:

  • Page views / Visits and visitor counts (the usual)
  • Referrers / Searched terms from search engines
  • IP addresses (for access spam control)
  • Logged in user names (What my users are looking at)
  • Near-realtime stats (as close to realtime as possible, not having to wait until the next day)
  • Integration with Drupal/WordPress as a maintained module (less important)

The tools:


Google Analytics

What it does

  • Tracks page views / visitor data / search terms

What it doesn’t do:

  • IP addresses
  • Logged-in user name
  • Near-realtime stats

Cost: FREE

Traffic limit: 1 million page views per day.

Other thoughts: Some think that stats collected are used by Google to adjust search results.


Woopra

What it does:

  • IP addresses
  • Logged-in user names++
  • Page views / visits and visitor counts
  • Chat with your users##
  • Real-time stats
  • Referrers / search terms
  • Integration with Drupal

What it doesn’t do:

  • Clicking on the ‘chat’ function would crash the app.
  • Clicking on the ‘analytics’ once crashed my app for several hours

Cost: Free to Expensive$$

Traffic Limit: Depends on pricing tier

Other thoughts: Requires desktop app install (Windows / Mac / Linux [Java-based]). At 3,000 monthly page views for the free package and 10,000 for the $5/mo package, this is the pricey end of analyics packages. Considering all the bugs I had with it, I would consider something else. Unlimited sites, pricing plan is per-site.


Clicky

What it does:

  • IP addresses
  • Page views / visits and visitor counts
  • Real-time stats**
  • Referrers / search terms
  • Integration with Drupal

What it doesn’t do:

  • Logged-in user names

Cost: Free to expensive$$

Traffic Limit: Depends on pricing tier

Other thoughts:

Stats are near-realtime as they are displayed on a webpage. A refresh takes care of loading the newest stats. Free plan is good for 3,000 page views a day. $5/mo plan is good for a lot more. Pricing plan is tied to your account. Limit to the number of websites you can track.


Piwik

What it does:

  • IP addresses
  • Page views / visits and visitor counts
  • Real-time stats (via the Live! plugin)
  • Referrers / search terms
  • Integration with Drupal

What it doesn’t do:

  • Logged-in user names

Cost: FREE

Traffic Limit: As much as your webserver/database server can stand.

Other thoughts: This is a self-hosted software, which means you have to install it on your webserver or hosting account. Free / Open source. Though the usability and feature-set is impressive, there are a number of serious bugs which can be show-stoppers for the non-technical or easily-frustrated user. Database grows over time and requires manual purging. Can put a serious load on DB servers on high-traffic sites. No limit to the number of sites you can track. Set  up login/password access for others to view stats.


Mint

What it does:

  • IP addresses
  • Page views / visits and visitor counts
  • Real-time stats**
  • Referrers / search terms
  • Integration with Drupal
  • Logged-in user names++

What it doesn’t do:

Come free.

Cost: $30/site

Traffic Limit: As much as your webserver/database server can stand.

Other Thoughts: At $30/site this can be expensive in multi-site operations, but this is a very well polished software package. Database growth is kept in check as detailed stats are only held for 6 weeks. Totals are kept forever. This happens to be my software package of choice.


** There’s a catch.

$$ Cost varies according to traffic / number of monitored websites

++ Requires Drupal module

## Though this is a feature, I never got it to work correctly.

, , , , ,

Leave a comment