I checked my Nginx log files and saw a lot of errors as below:
*11047 FastCGI sent in stderr: “PHP message: PHP Warning: Parameter 1 to W3_Plugin_TotalCache::ob_callback() expected to be a reference, value given in /home/users/yinfor.com/wp-includes/functions.php on line 3597” while reading response header from upstream,
I googled it and found the answer.
The reason why it happened is PHP 7 and W3 Total Cache.
Since I can not change PHP 7, I have to change something in W3 Total Cache plugin.
- Find the file /wp-content/plugins/w3-total-cache/lib/W3/Plugin/TotalCache.php
- Go to line 512, and replace following
- Save it.
It is a security update. Some of my Blogs do not have auto-update. So, manually update it by sign in.
Continue reading “Upgrade WordPress to 4.2.2”
It is time to upgrade my WordPress installation to 4.4.
There are very few guide on web about migrate blog from MovableType 5.27 to WordPress 3.7.
Here is my own experience to do it.
Step 1: Prepare the data on MovableType 5.27
Using MovableType export function is not enough, because the exported file has entries, tags and comments, but no keywords.
When WordPress import plugin working on this type of export file, it will not import tags. It only import MovableType keywords as WordPress tags.
So that, I found an solution to export MovableType with keywords, which are actually tags in MovableType.
Add a new template file. Add following into it and publish it.
AUTHOR: <$MTEntryAuthor strip_linefeeds="1"$>
TITLE: <$MTEntryTitle strip_linefeeds="1"$>
STATUS: <$MTEntryStatus strip_linefeeds="1"$>
ALLOW COMMENTS: <$MTEntryFlag flag="allow_comments"$>
CONVERT BREAKS: <$MTEntryFlag flag="convert_breaks"$>
ALLOW PINGS: <$MTEntryFlag flag="allow_pings"$>
PRIMARY CATEGORY: <$MTEntryCategory$>
DATE: <$MTEntryDate format="%m/%d/%Y %I:%M:%S %p"$>
TAGS: <$MTTagName quote="1"$>
<$MTEntryExcerpt no_generate="1" convert_breaks="0"$>
AUTHOR: <$MTCommentAuthor strip_linefeeds="1"$>
EMAIL: <$MTCommentEmail strip_linefeeds="1"$>
IP: <$MTCommentIP strip_linefeeds="1"$>
URL: <$MTCommentURL strip_linefeeds="1"$>
DATE: <$MTCommentDate format="%m/%d/%Y %I:%M:%S %p"$>
TITLE: <$MTPingTitle strip_linefeeds="1"$>
URL: <$MTPingURL strip_linefeeds="1"$>
IP: <$MTPingIP strip_linefeeds="1"$>
BLOG NAME: <$MTPingBlogName strip_linefeeds="1"$>
DATE: <$MTPingDate format="%m/%d/%Y %I:%M:%S %p"$>
Continue reading “How to move blog from MovableType 5.27 to WordPress 3.7”
It is a hard decision. When you saw this post, this blog is moved to new VPS. It is changed from MovableType to WordPress.
First of all. I like changes. Changes make us better.
It took me about two days to test and merge the site to new place. Let me put the list of all the changes.
- Moved from Dreamhost to ServerMania VPS ( It is in Dreamhost more than five years)
- Server location is moved from Los Angeles, USA to Niagara Falls, Canada
- Replaced MovableType by WordPress ( I use MovableType from 2004)
- Blog is moved to the top level and re-structure the blog
Continue reading “Huge changes of David Yin’s Blog”
It is time to upgrade WordPress to the latest 3.5.1. It is a maintenance and security update.
From the announcement post, this maintenance release addresses 37 bugs with version 3.5, including:
- Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases.
- Media: Fix a collection of minor workflow and compatibility issues in the new media manager.
- Networks: Suggest proper rewrite rules when creating a new network.
- Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published.
- Suppress some warnings that could occur when a plugin misused the database or user APIs.
Additionally: Version 3.5.1 fixes a few security issues:
- Server-side request forgery (SSRF) and remote port scanning via pingbacks. Fixed by the WordPress security team.
- Cross-site scripting (XSS) via shortcodes and post content. Discovered by Jon Cave of the WordPress security team.
- Cross-site scripting (XSS) in the external library Plupload. Plupload 1.5.5 was released to address this issue.
Continue reading “WordPress maintenance and security updates 3.5.1”
WordPress 3.4.2 released today. I did a quick upgrade on my WordPress installations.
It is a security update, so, do not wait.
Fix some issues with older browsers in the administration area.
Fix an issue where a theme may not preview correctly, or its screenshot may not be displayed.
Improve plugin compatibility with the visual editor.
Address pagination problems with some category permalink structures.
Avoid errors with both oEmbed providers and trackbacks.
Prevent improperly sized header images from being uploaded.
Continue reading “Upgrade to WordPress 3.4.2”
I upgraded almost eight blogs powered by WordPress yesterday when I got the release news of WordPress 3.3.1.
WordPress 3.3.1 is now available. This maintenance release fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that affected version 3.3. Thanks to Joshua H., Hoang T., Stefan Zimmerman, Chris K., and the Go Daddy security team for responsibly disclosing the bug to our security team.
The good part is that update procedures are pretty simple.
visit Dashboard → Updates in your site admin.
Actually, I update themes and plugins first. Then update WordPress.
During past week, I saw two shell accounts are hacked. Both are on Dreamhost.
One of it is reported by Google Webmaster Tools. It said there are some malicious code found.
The other one is found, because that the memory usage is increased too fast, but no increase on PV.
I checked the account and be noticed some wired issues.
One of the important files, .htaccess is changed by a hacker.
It send web spiders, such as Google bots, Bing, ASK, to a third party site, which has a malicious code. The code may affect the user computers.
When user enter a wrong URL, user should see a 404 error page from the site. The hacker also send these users to the remote site, which has malicious codes.
SO, if you land the website on the right page URL, you will not see it.
It looks normal and no problems.
The hacker steal the traffic from the sites. And also has potential risk to the users of the site.
How to fix hacked WordPress blog?
The way I did to clean it is that simply.
1) Export the data
2) Make a new shell account on Dreamhost
3) Point the site to new account
4) Install the fresh, updated version software
5) Import the data
Then last step to delete the old shell account.
Continue reading “A type of Hacker on WordPress”
Just few days after the release of WordPress 3.2, wordpress 3.2.1 released.
It is said that it fixes a JSON-related server incompatibility problem that affected some users. Fixes for the new dashboard design and the Twenty Eleven theme, based on the popular Duster theme, are also included.
There is no problem for me. I would like to keep my installation of WordPress update as usual.