Showing an Author only their comments in WordPress

Recently at Helpful Technology I was working on the new Foreign Office Blogs website – collapsing their massive WordPress multisite instance down into a standard single site install. When I say massive… it was 161 sites with 448 users spread across ~4500(!) database tables and nearly 5GB of files. Oh, and it’s multilingual too.

One of the big, and somewhat unexpected, challenges to workflow once it was merged was comments. As WordPress presents the number of comments in the admin bar as well as the admin menu, authors were getting confused about whether they had any comments to respond to / manage, or if they were for other authors. While on the Posts screen you do at least get a Mine filter so that you can view just your own posts (along with the standard All, Published, Draft and Bin/Trash), there is nothing similar for Comments.
Also, WordPress helpfully puts a big notification bubble next to Comments in the menu as well as in the admin bar that shows the total number of Pending comments – again, not Author specific.

Part 1 – the list of comments

This first issue is actually the easiest to deal with – there is a helpful hook pre_get_comments that allows you to modify the wp_query arguments used to generate the Comments list.
All that’s needed is a simple finction that does a couple of sanity checks to make sure you are on edit-comments.php and the user is an Author (Editors and above have the rights to view and manage others posts so affecting them doesn’t really make sense*) and then $query->query_vars['post_author'] = $user_ID; does the magic.

Part 2 – comment counts

Changing the comment counts is actually a lot harder as there is no hook you can use to manipulate it as simply. Internally WordPress uses wp_count_comments which takes a single (optional) argument, a Post ID. It’s all or nothing, so to speak – it either returns the comment counts for the whole blog, or for a single blog post. There is a filter which lets you inject replacement values into the function however, so we have a way in. We can create a duplicate of this function, and then use the duplicate as a filter for the core function to inject the comment counts for just the logged in user.
But how do you get the count for a single user? Comments are associated with posts not users… Here caching is going to be your friend. We first have to do a standard query for all posts by the user WP_Query( array('author' => $user_ID,'posts_per_page' => -1) );, and then loop over each post, get the comments, and add up the number. This is comparably intensive so we can store the results in a transient for a length of time that makes sense for your blog. One thing to watch out for is that wp_count_comments expects a stdClass Object so remember to cast the array just before returning it.

*You could take this further and read some custom meta from the current user that specifies which other users they manage to determine which to show, but that’s for another day…

Putting it all together

Either build this into a simple plugin or put it into your theme’s functions.php depending on your needs:

Bulk updating Cloudflare’s firewall rules

I’ve been using Cloudflare recently and overall it’s extremely straightforward, but there was one small fly in the ointment – the firewall settings.

Currently you can only enter single IPv4 addresses at once (ranges like x.x.x.x-x aren’t valid either). Luckily they have a very easy to use API so I put together a quick form that does a bulk update of your rules.

You can only do one “action” at once (whitelisting / blacklisting / removing), but if you need anything more complicated I’m surprised you’re here… The API is also smart enough that it doesn’t moan if you ask it to, e.g., whitelist an IP that is already whitelisted.

You can download it on GitHub, and as always pull requests are welcome.

RegEx to match / link Twitter usernames and hashtags

One of the things we do at Helpful Technology is provide digital skills training. As part of that we have a sandboxed Twitter style social network platform that allows users to get used to the medium and practice in a safe environment.

I’ve been re-building this system recently, and one feature we wanted to add was the automatic linking of usernames and hashtags. This is fairly simple to do with a bit of RegEx in PHP – and on WordPress you can just attach it to the filter called the_content to process all text before it is output and insert links as needed. The code could be put in a plugin, but here it’s written so you can just drop it in to your functions.php.

If you’re wondering about the ‘weird’ \p{X} statements – that’s using PHP’s unicode character properties to ensure all languages are matched.

Bash script to configure MySQL database and install WordPress

Updated 4/6/15 – now with added key/salt generation

When deploying a new WordPress site, there are two (potentially) needlessly time-consuming steps – logging in to MySQL to setup a new database and user, and then copying the WordPress files to the directory. The script below lets you do this in one step, pass in your database and basic WordPress settings, and it will configure MySQL and directly download WordPress to the server. A key benefit of this over a phpMyAdmin + FTP approach is that it will work over even ropey internet connections as the work is all done on the server itself.

A more advanced approach is to build a setup script based on WP-CLI, which allows the most customisation, but also needs more setup work and control over the server. If you always install the same plugins and themes – definitely look in to this.

How to use the script:

  1. SSH in to your server and navigate to the desired install directory (e.g. /var/www/domain/)
  2. Paste all of the following in to terminal and hit Return:
    curl -L -o '' && bash
  3. Enter your details when prompted
  4. (Exit / close the SSH connection, your done here)
  5. Navigate to your new site in a web browser to complete the normal WordPress installation steps

Here’s the raw script so you can see what it’s doing – feel free to Fork it or suggest improvements:

Colour schemes, plugins, expandrive

Very short post to share a few useful links from the weekend, all related to Sublime Text:

Panic apps “ssh key is not in a supported format” error

I recently started using Panic’s Coda as an alternative to Sublime Text, and it looks really slick – the inbuilt SFTP particularly could make a big difference to my workflow.

But I hit a snag pretty early – Coda wouldn’t accept my SSH key – neither would Transmit (a straight FTP app from Panic) – throwing a “ssh key is not in a supported format” error. Now they key definitely works – Terminal and Cyberduck were both fine with it.
There was nothing unusual about how the key was generated – it was under Yosemite in accordance with GitHub’s guidelines, and using a passphrase.

A quick search threw up quite a lot of similar problems, and plenty of different solutions – however none worked for me…

Luckily Panic give prompt support on Twitter and after a couple of suggestions found a solution that worked for me:

In fact I didn’t even need to use a ssh config file – but I have quite a simple setup at the moment. The important, and counterintuitive, part was to NOT select the key file, but enter the passphrase.
If that doesn’t work for you, and you’re getting SSH key errors in Coda or Transmit, there are a selection of other solutions in this thread.

UK GovCamp 2015

6am Saturday the 24th I headed down to London for UK GovCamp 2015 – an unconference centered on the public sector.

As usual the was a huge variety of topics pitched, and personally I really appreciated the lack of an “introductions” session – it got things moving much faster.

My day went sonething like this:

  • The other half of open source: wordpress, local GDS, github, APIs selfishness. Hosted by @simond and @danmaby
  • Content strategy at scale. Hosted by @tomhewitson
  • Stop me before I hack your website! and “How to do wordpress securely”. Hosted by @edent and @harrym
  • Security screw-ups. Hosted by @glynwintle
  • Corridor session catching up and drinking tea

Now this isn’t a full write up of the event, or even my day, but there’s a few things to highlight:

  • GDS hasn’t filtered down to Local level. One was to tackle this, since Local Gov. is focussed around transactions, is to build a new middleware framework to integrate font- and back-end systems. Another tack would be a build an extensible platform, along the lines of WordPress, that could deal with creating and managing the front-end and integrate with any necesary back-end system.
  • You must pentration test your site – reapeat 10 times. Particularly authoritative domains, which are high value for spammers in particular – watch for comment and hidden link spam. Think of it like an annual gas check – not a one off.
  • A domain is for life, not just for… Orphaned domains can be re-registered by people with nefarious intents. This is especially dangerous if your domain is widely linked to, made even worse if they are authoratative themselves – there were some really nasty examples like the re-purposing of the Bloody Sunday and Hutton Inquirey sites.
  • People are always a security weak spot – but that doesn’t mean you shouldn’t batten down the technical side. Don’t let the “script-kiddies” in.
  • Password complexity requirements tend to weaken security – most people put a capital as the first letter, and punctuation (!) / number (0 or 1) as the last.
  • Please(!) leave the water out all day. It’s not only at lunch time that people are thirsty – this is a speaking orientated event after all…

There’s a very interesting blogpost by @jonathanflowers that puts some thought’s I’ve had much more eloquently. I recommend you read the original but in essence – the session pitching format could do with some work. This would really increase the value of the conference to me, being able to ensure I’m in sessions that I really care about, or not – an informed decision at least.

There’s a Flickr pool of photos from the day, the tweets were all under #ukgc15, and all the liveblogs can be found by looking at the session list.

Adding gallery transitions to Nivo Lightbox

Nivo Lightbox isn’t the most widely known of Dev7studios products, but it’s a solid and simple image slider.

However one feature it doesn’t currently have is transition effects when navigating left/right through a gallery. It turns out though that a couple of small modifications were all that was needed to provide the required hooks. You can see my pull request on Github here. This gives you two more functions you can configure on the front-end to trigger whichever Javascript or CSS library you prefer.
Continue reading “Adding gallery transitions to Nivo Lightbox”

Running the API on their PAAS

I recently setup a small server monitoring script using the APIs from Gandi and – both services I would recommend – to use as a module within Status Board.

There was one small quirk – I decided to run it from a Gandi PAAS instance and discovered that the PEAR install they provide doesn’t include two PEAR modules required to run their own API… Luckily it is easy to fix.

  1. Download HTTP_Request2 and Net_URL2 from PEAR and extract them locally.
  2. Navigate inside the extract folders and upload the HTTP and Net folders respectively to /lamp0/web/includes
  3. That’s it!

A strange oversight perhaps but at least Gandi provide the ready configured includes path/folder.