Tag: wordpress

  • Human Avatar for Robohash WordPress plugin

    I was tired of the similar looking avatars offered for comments. When changing them in Settings>Discussion>Default Avatar I noticed there was a new one, Robohash.

    Robohash has further customisation options but unfortunately they were not available to select in the avatar configuration options of WordPress.

    Specifically I liked their “human” set which I think Robohash keep pretty low key as it was only referenced briefly in a single paragraph at the very end.

    No point it customising the WordPress core directly because of updates, so instead I created a plugin for others to enjoy:

    Human Avatar for Robohash

  • Post comment notification email woes

    After having done an upgrade of a very old WordPress install, notification emails were not arriving properly.

    Since this installation was originally set up almost two decades ago, back when emails were sent directly from the same hosting server to the MTA. Due to the level of spam this caused, emails nowadays have to be submitted through a proper mail system, not forgetting the fact that port 25 is now blocked at nearly all providers.

    I do run some mail servers myself, however I wanted something quick to move on so I decided to use Mailgun which I had an account with already. They actually provide their own Mailgun WordPress plugin so I was up and running as soon as the new DNS records had propagated. Emails started arriving immediately when I updated the Administration Email Address under Settings>General with the new email address. Great stuff!

    However I realised that a new comment would no longer trigger the comment notification email. Nothing in the logs of nginx revealed what could be happening. I needed to figure out if the emails were even generated, and if so, where did they get stuck.

    Luckily there is another plugin which logs each email sent by WordPress. Once I tested another comment and checked the plugin’s log page in WordPress, I immediately realised what the issue was. It was still being sent to the old administrator email address!

    Later I did spot that Mailgun’s own logs actually revealed the same data, but at the time in question I was under the impression that the emails never left WordPress.

    Now the mystery… why the heck was WordPress still using the previous email address from Administration Email Address? This field was updated and other admin notification emails were being received just fine.

    The issue when dealing with a self-hosted WordPress for oneself is that in the vast majority of cases, one is both the site administrator as well as the only user posting. Apparently the new comment notifications emails are only sent to the post author and not the site administrator. I had simply forgotten about the old email address under the posting user’s profile (Users>Profile)!

    Comment moderation emails on the contrary do go to both site administrator and post author.

    Do not forget to add or update your Gravatar profile with the new email address.

  • Failing to update a very old WordPress version

    Download failed.: cURL error 60: SSL certificate problem: unable to get local issuer certificate

    Installation Failed

    If you receive the above error when updating a stale installation of WordPress read on.

    Every installation of WordPress comes with its own Certificate Authority (CA) file which gets refreshed automatically upon each version update. If you have not updated your installation of WordPress for a few years the certificates within have expired and therefore cURL will not be able to verify the integrity of the server you are connecting to and fail the download and update process.

    Verifying the chain of trust is important to avoid pulling WordPress from the wrong source in the event that you may be exposed e.g. to a man in the middle (MITM), DNS hijacking, etc. scenario.

    To resolve the issue we need to break out of this catch 22 situation where we need the latest version of WordPress to update to the latest version of WordPress… d’oh!

    Some would simply download a fresh WordPress installation directly on the server, however it can be error prone risking your old installation’s data, plus the fact that the included updater runs its checks and updates both core files and database. So the quickest way is to simply overwrite the old certificates file at wp-includes/certificates/ca-bundle.crt with the latest one from WordPress’ development repository:

    https://raw.githubusercontent.com/WordPress/WordPress/refs/heads/master/wp-includes/certificates/ca-bundle.crt

    Once replaced cURL will no longer have any issues connecting to WordPress, retrieving the latest version and completing the update.

  • Google+ integration

    I wanted a tighter integration with my blog and my Google+ stream to avoid having to visit two places.

    I have added a little widget which will display the latest posts.