Access Forbidden! – XAMPP on macOS Sierra

I just installed a fresh installation of Sierra on my Hackintosh and couldn’t for the life of me get XAMPP to run properly! I got “Access Forbidden” on my localhost and vhosts.I figured I’d write a few notes for people that run into this issue running XAMPP on your Mac. Please comment below if you don’t agree with or see a flaw in my notes and I can test and update your feedback. This guide assumes you already know basics behind XAMPP/WAMP stacks and are stuck getting it running on OSX.

Are they rebranding OSX to macOS? I digress…

Setting Up httpd.conf & httpd-vhosts.conf

1.) Open up XAMPP and click the tab Manage Servers. Highlight Apache and click Configure. Click Open Conf File. This will open your httpd.conf file.

2.) In httpd.conf find the follow line of code and change it daemon to your OS X username.
User daemon

3.) In httpd.conf find the following line and uncomment it (by removing the #)
#Include etc/extra/httpd-vhosts.conf

Save the file, don’t close TextEditor

4.) In TextEditor, goto File -> Open. You should start out in xamppfiles/etc. Click into the extra directory and then open httpd-vhosts.conf

5.) Remove the example code -or- comment all of it out.

6.) Use the following code to base your vhosts on, keep in mind I kept the default localhost example just to access the default htdocs location.

7.) Restart Apache services in XAMPP’s Manage Servers tab.

Solving Access Forbidden in XAMPP

This part is the one thing many would disagree with and I’m not 100% a way around this in macOS Sierra. Previously I’ve simply chmod 644 -R my working folders but I couldn’t for the life of me get around the forbidden error. If you know a better way around this please comment below.

1.) Open Terminal (Applications/Utilities/Terminal)

2.) cd to your directory and give execute read write permissions, example below
$ sudo chmod -R +xrw wordpress/

If you’re new to this, the $ is just signifying the command line beginning and we’re not su. This should set execute/read/write permissions reclusively to all files and folders within our working directory. I haven’t tried it but you can also try chown but these directories are already owned by my user…

Setting Up Hosts File in OSX Sierra

If you’re not familiar with vhosts on a local XAMPP stack, the hosts file allows you to overwrite local DNS routing on your machine. In our scenario, we will one for our local wordpress environment.

1.) In terminal, simply use this command to open up the hosts file:
$ sudo nano /private/etc/hosts

2.) At the bottom of the file add this to your hosts file:
127.0.0.1 wordpress.dev

This will now route traffic from http://wordpress.dev to your localhost. If your httpd.conf and httpd-vhosts.conf files are setup correctly, you can now access your local WordPress developer environment. Try to refresh http://localhost -or- for example http://wordpress.dev

Read More

goawayxmlrpc.php

Found a plugin that might be useful for people needing to block xml-rpc.php pingbacks. It disables to methods in the xmlrpc api that allow attackers to send pingback data to your WordPress site. I am currently seeing a flood of pingback spam, which is being written into wpdb. I really don’t care for pingbacks especially when this vulnerability is being used as a denial of service.

Read More

Bash Script TimThumb Update [cPanel/WHM]

If your dealing with a large WordPress instance, I hope you have shell. Using plugins like Timthumb Vulnerability Scanner on small installations is great, however, on large installations the server might 503.

I had previously used bash scripts to detect outdated TimThumb using simple grep command and outputting the finding to a .txt file which I could cross reference during the update process. It’s become cumbersome to do this, I wanted to grab the updated timthumb version from the Google Code repository and update the files. With a quick Google search, I fould this simple script for cPanel users that can be modified to your distro. Props to DropDeadDick.com for sharing his script. <3 [bash] #! /bin/bash # Detects and updates timthumb.php to latest version for all cPanel users. # dropdeaddick.com latest=`lynx -source http://timthumb.googlecode.com/svn/trunk/timthumb.php |grep "define ('VERSION'" $file |cut -f4 -d"'"` if [ -z "$latest" ]; then echo "could not get latest timthumb release, aborting!" exit 1 fi for user in `awk -F':' '{ if ($3 > 499) print $0 }' /etc/passwd | grep home | cut -d':' -f1`; do for file in `find /home*/$user/public_html/ -type f ( -name 'thumb.php' -o -name 'timthumb.php' ) 2>/dev/null | tr ' ' '%'`; do file=`echo $file | tr '%' ' '` check=`grep -c "code.google.com/p/timthumb" "$file"` if [ -z "$check" ]; then break fi if [ "$check" -gt "0" ]; then version=`grep "define ('VERSION'" "$file" |cut -f4 -d"'"` if [ "$version" != "$latest" ]; then echo -e "e[1;31mWARNING version $versione[0m updating $file!" # rm -f $file #delete current file before replacing. wget -nv -t3 -T3 http://timthumb.googlecode.com/svn/trunk/timthumb.php -O "$file" chown $user: "$file" else echo -e "e[1;32mOK version $versione[0m skipping $file" fi fi done done[/bash] I'd recommend creating an alias so that you can use it periodically. :]

Read More

WP Multisite: Images not displaying?

Last night I began investigating this strange issue. Images on the network either worked, or they were borked. Looking at APC and Varnish behaviors and configuration and found no evidence of an issue with caching. With that ruled out, I began looking at other causes of the issue. WordPress 3.2.4 recently released this month, I was thinking it could have been related to core changes in how uploads and the media library handled blogs.dir. After ruling out server side and client side cache, I began to tinker around to see what was working and what wasn’t.

The first thing is images /wp-content/blogs.dir/[id]/files/image.jpg not displaying properly.

On mapped domains most images display the src attribute with http://domain.com/wp-content/blogs.dir/3/files/2012/03/image.jpg – 404 error (for whatever reason these images are now not showing up.)

However, if I change the URL to:
http://domain.com/files/2012/03/image.jpg
The image will appear. Is this something recent in 3.4.2? Am I going to have to go through and fix all these img src attributes?

I double checked the .htaccess, below is the standard WP .htaccess I have. Note, excluded is mod_expires block of code.

--------------
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]

# uploaded files
RewriteRule ^files/(.+) wp-includes/ms-files.php?file=$1 [L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule . index.php [L]
# END WordPress
--------------

Nothing out of the ordinary in here, however I did find an interesting .htaccess file in the blogs.dir directory, which contained the following code:

-----------------
Order deny,allow
Deny from all
<Files ~ "^[0-9A-Za-z]+.(jpeg|gif|png)$">
Allow from all
</Files>
-----------------

The issue is the regex. It only allows 0-1, A-Z, a-z, and does not include dashes and underscores. The appropriate .htaccess file should read as:

-----------------
Order deny,allow
Deny from all
<Files ~ "^[0-9a-zA-Z.-_]+.(jpg|jpeg|gif|png)$">
Allow from all
</Files>
-----------------

Example; if using the first .htaccess, logo-300×300.jpg would be denied, however if you use the second .htaccess example logo.jpg would work fine.

The new .htaccess file in /blogs.dir/ may have been written by core for security purposes. This piece of code restricts access to any file types that are not defined in the regular expression. It’s a good way to thwart any hacker that may have obtained a user login and is attempting to upload and execute malicious code via Media Library.

[my original thread on wordpress.org as I scratched my head]

Read More

WordCamp Seattle 2012 – May 19th @ Seattle Art Museum

Seattle, the city of coffee and technology.

This year’s WordCamp Seattle will be held at the Seattle Art Museum in downtown Seattle. I am looking forward to this years WordCamp Seattle since last year we didn’t have one. 🙁 In 2011, I went down to San Francisco to get my fix! I plan on attending a few WordCamps on the west coast in 2012!

If your looking to jump in on the WordPress action, get your tickets today! We’re almost sold out! SOLD OUT!

Who: WordPress Nerdballers
What: WordCamp Seattle 2012
Where:
Seattle Art Museum
1300 1st Avenue, Seattle, WA
(206) 654-3100
How: [Get your tickets here! SOLD OUT!] – If you missed out on a ticket, WordCamp Seattle still needs volunteers! Help out, sign up here: http://2012.seattle.wordcamp.org/volunteer/
Why: Because, CMS.

The WordCamp Seattle 2012 Widget

Spread the word! I just quickly made this widget since WC Seattle hasn’t made one yet!

I am attending WordCamp Seattle 2012

[html]<a href="http://2012.seattle.wordcamp.org" target="_blank"><img title="I am attending WordCamp Seattle 2012" src="http://codesleepshred.com/wp-content/blogs.dir/1/2012/03/wordcamp-seattle-2012.gif" alt="I am attending WordCamp Seattle 2012" /></a>[/html]

Photo credit goes to Doug Mahugh

Read More

Inspiration: WordPress Multisite Running On Amazon Web Services

I honestly don’t know why, but I have always feared the day that I would dive head first into Amazon Web Services. In the last two weeks, I have been researching the in’s and out’s of AWS, how people are using it to deploy applications, security, it’s architecture and reading AWS terminology… It is very overwhelming, but I think it’s time I embarked on this adventure.

A few inspirations, Earmilk.com’s Blake Shoji. Although I have never met IRL, nor interacted with him online; the Earmilk network boggles my mind. They definitely sparked my curiosity! If your a music lover, I’d recommend checking them out!

While I was reading up on AWS, I happen to find David Jensen’s blog post on how to install WordPress on Amazon AWS EC2. I am going to use this documentation as a basis for my study, although I do want to branch off to NGINX. We’ll see where the path takes me!

If you need further inspiration that will help motivate you to jump into the cloud, I highly recommend watching “The Known Universe” with The XX Intro Extended dubbed over it. Seriously, the possibilities are endless!

Read More

Stepping Into eCommerce With WordPress

It’s time that I take a step into the eCommerce world with a platform that I am most familiar with… WordPress! In the past I’ve helped and tinkered with shopping carts like Magento and have scared away a few small time clients with it’s complexity.

Now, I will be helping clients with the simplicity of WordPress coupled with WooCommerce + WooThemes. I intend on building custom themes based on WooTheme frameworks. Today, I have 2 clients needing website solutions. It’s time to dive into the code!

If you’d like to know more about WooThemes and want a demonstration of WooCommerce, feel free to reach out to me!

Read More

How To Add Options To User Profiles Using personal_options

I wanted to add additional fields / options to the WordPress User Profiles, this would enable users to add their Twitter, Facebook, and Phone Number. Below is a snippet of code you can either add to functions.php or integrate into your WordPress plugin!

Adding A Drop Down Menu To personal_options

If your curious how to add a select drop down menu, below is an example on how to do this. I hope you find this useful!

How To Remove Default personal_options in User Profiles

Below is a snippet of code that allows you to remove personal_options in the WordPress User Profile.

Now How Do I Echo This Onto A Page!?

I am assuming you know a little bit about PHP, WordPress Theme development and the API. Below is a function you can use. If you need more info on the_author_meta() and get_the_author_meta() functions please visit the codex. Please feel free to ask a question in comments.

Read More

How To Setup LAMP on uBuntu 11.04 – Also, WordPress

In this article, we will work on setting up a LAMP environment for uBuntu 11.04. As an added bonus, I will setup WordPress 3.2 in the environment for you nerds. As you may notice in previous posts, I have a nice little lappy which allows me to dev on the run.

Installing LAMP onto uBuntu 11.04

First thing is first, we need to install tasksel then run it via terminal.

[code lang=”bash”]
sudo apt-get install tasksel
sudo tasksel[/code]

Select LAMP Server and proceed to install it!

While you are installing LAMP, you will be prompted to set a password for MySQL root.

First of all, /var/www/ directory is set for root user only. We want to allow our IDE’s, such as Netbeans or Vi/Vim/Nano have permissions to write to this directory. So let’s sudo su and chown /var/www/

[code lang=”bash”]
sudo su
chown yourusername:yourusername /var/www/
exit
[/code]

At this point, let’s test to see if LAMP is running.

[code lang=”bash”]sudo vi /var/www/index.php[/code]

Within index.php just enter phpinfo(); to check if the PHP core fires an output!

[code lang=”php”]<?php phpinfo(); ?>[/code]

Save index.php and exit.

When you visit http://localhost/index.php you should get an output. If you do not, you can try restarting apache2 with the following command:

[code lang=”bash”]sudo /etc/init.d/apache2 restart[/code]

Installing phpMyAdmin To Manage Your MySQL Databases on uBuntu 11.04

[code lang=”bash”]sudo apt-get install phpmyadmin[/code]

WordPress: World Famous 5 Minute Installation

Head over to WordPress.org and grab the latest version of WordPress. Extract the zip file to /var/www/wordpress

Visit http://localhost/phpmyadmin and create a database.

Under the Privileges tab, goto Add New User. Make sure under Global Privileges click Check All and hit Go.

Visit http://localhost/wordpress and setup your WordPress install! Bam! Your done!

Read More