Tag Archives: wordpress

Codeception Testing – Part 2

I’m still setting up for BDD testing. All the basics are already there (see previous post).

I spoke quickly about setting up WPBrowser: WordPress specific set of extensions for Codeception. Here’s what to do (from the Readme):

  1. Require the package in the composer.json, then run “composer update” (details)
  2. Add the WPBrowser or WPWebDriver module in tests/acceptance.suite.yml (details)

The added bonus, if you’re using PhpStorm is that you will also get the related auto-complete package. And there’s plenty of functions that really speed things up.

Next for me was setting up MailCatcher

MailCatcher runs a super simple SMTP server which catches any message sent to it to display in a web interface

You need mailcatcher if you’re testing sending email out from the site. Here’s what I used:
\curl -sSL https://get.rvm.io | bash
source /etc/profile.d/rvm.sh
rvm install 2.2.2
rvm default@mailcatcher --create do gem install mailcatcher
rvm wrapper default@mailcatcher --no-prefix mailcatcher catchmail

You also need to add the following in /etc/php5/apache2/php.ini:

sendmail_path =  /usr/local/rvm/wrappers/default/catchmail -f some@from.address #

(and restart apache after that)

Next you need to install the codeception mailcatcher module using composer

"captbaritone/mailcatcher-codeception-module": "1.*"

And set the configuration inacceptance.suite.yml

You might get by with only that, but I had trouble with mail being routed through special plugins we use at work, so I had to install the ‘mailcatcher’ plugin

After that it was smooth testing …


Similar Posts:

Tagged , , , , ,

Codeception Testing – Part 1

I started working on automating testing ( BDD style ) a few weeks ago, and it took me a while to go over the available tools and options. The obvious starting point was cucumber. Which then led me to Behat, which then took me to Codeception.

When someone tells you it works out of the box, you should always take that with a pinch of salt. Of course, if you follow the quickstart page, it will take you through the different steps that you would take to unwrap the shrink around the box, open it up, take the protective foam bar out, … You get my drift.

Turns out you would need a few more ingredients before you could start testing. Here’s what I needed:

  1. Download and run selenium
  2. Download and install chromedriver
  3. Setup PhpStorm with Codeception

Of course if you’re using the PhpBrowser for testing (no Javascript with that sorry),  you could get started faster. So no nagging please.

And, if you’re like me, going to test WordPress sites themes and plugins, you might find the WPBrowser very useful.

Here’s a list of the steps I took locally on an Ubuntu 15.10 machine (that already had Google Chrome installed)

If you didn’t have Chrome (or installing on a server):

wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
dpkg -i google-chrome-stable_current_amd64.deb
apt-get install -f # dirty shortcut to get apt to install dependencies for you!

wget http://goo.gl/rQhaxb -O /opt/selenium-server-standalone.jar
sudo apt-get install xvfb
alias run_selenium="DISPLAY=:1 xvfb-run java -jar /opt/selenium-server-standalone.jar"

wget -N http://chromedriver.storage.googleapis.com/2.20/chromedriver_linux64.zip
unzip chromedriver_linux64.zip
chmod +x chromedriver

sudo mv -f chromedriver /usr/local/share/chromedriver
sudo ln -s /usr/local/share/chromedriver /usr/local/bin/chromedriver
sudo ln -s /usr/local/share/chromedriver /usr/bin/chromedriver

A couple of parting notes:

  1. WebDriver and PhpBrowser do not work together, one of them must be commented out when you’re testing. Pretty obvious when you think about it!
  2. When  you change browser to ‘chrome’, you should also add ‘http_proxy: direct’ in the acceptance.suite.yml

Similar Posts:

Tagged , , , , ,

WPMorris Plugin First Test





Similar Posts:

Tagged , , , ,

Protecting Against WordPress Brute-Force Attacks

One of our customers was experiencing very high load today. Checking his logs showed too many IPs trying to hack at the wp-admin.php login page. Here’s a snapshot of what I saw:
# tail -f /var/www/vhosts/*/statistics/logs/*_log
==> /var/www/vhosts/example.com/statistics/logs/access_log <== - - [03/Oct/2013:05:50:17 -0500] "POST /wp-login.php HTTP/1.0" 200 4479 "example.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0" - - [03/Oct/2013:05:50:21 -0500] "POST /wp-login.php HTTP/1.0" 200 4479 "example.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0" - - [03/Oct/2013:05:50:23 -0500] "POST /wp-login.php HTTP/1.0" 200 4479 "example.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0" - - [03/Oct/2013:05:50:24 -0500] "POST /wp-login.php HTTP/1.0" 200 4479 "example.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0"

That went on forever!

The first thing I did was use the fail2ban filter I found here.

Unfortunately this did not work as the attack was widely distributed. Fail2ban is ineffective against such attacks. So the next thing I tried was password protect that page. I added a few lines in the apache configuration for that VirtualHost for basic authentication. That worked and the load instantly dropped to normal.

In case the files got lost or misplaced here's the gist:

Similar Posts:

Tagged , , , ,

Testing WP Social Plugins

There are so many of them!
Latest plugin installed is WPGPlus. Let’s see if it actually posts the new blog…
not working so far!

I installed the official Facebook Plugin and set up the app per https://developers.facebook.com/apps. Not sure if it’s working yet. the comments and like buttons are working

Similar Posts:

Tagged , , , , , ,

CLI Blogging code

Bookmark this category
How it’s done. I started out with a bash function as described earlier. The function code is below:
function blog() { echo "$2" | mail -s "$1" address@example.com; }

Then I noticed I would need more freedom to write longer text, without leaving the shell. So here goes the “blog” bash script. I’m using the postie wordpress plugin on the server side, so things are a bit more manageable. I may add more to this later if I get time.

if [ -n "$2" ]; then
vi tmpfile; BODY=`cat tmpfile`; rm tmpfile
if [ -n "$1" ]; then
echo -n "Subject:"; read SUBJECT
echo "$BODY" | mail -s "$SUBJECT" address@example.com

Similar Posts:


WordPress + SVN + Auto-update

I’ve been using the latest cutting edge wordpress from svn for a while now and it’s been good. At the time of the writing

You are using WordPress 3.0-alpha.

Basically, even the latest code is safe(ish) and things don’t break easily.

I’m not using it for “production” per se, as the only other person who ever reads this blog is probably me!

So, here’s how I do it:

svn up

If you expected more, there’s really not much there. As everything is pretty simple to setup as per the notes in http://codex.wordpress.org/Installing/Updating_WordPress_with_Subversion

Some would only want to update to “stable” version. Others, like me will follow the absolute latest.

Now, how about the permissions for the directory where wordpress is setup. Here’s what I use:

my username: wpuser

apache user: nobody

wordpress installation directory: /home/wpuser/public_html/

cd /home/wpuser/public_html

chown -R wpuser:nobody

find . -type d -exec chmod 755 {} \;

find . -type f -exec chmod 644 {} \;

With the above, it’s easy to upgrade simply by going:

su wpuser

svn up

Now, the automatic upgrade/setup for plugins should work perfectly from within wordpress’ admin interface. If it doesn’t you might want to add the following in wp-config.php:

// Additional variables to allow auto update



define('FS_METHOD', 'direct');

I hope this helps someone out there. Give me a shout if it does 😉

Similar Posts:

Tagged , , , ,