Laravel | WordPress | VueJs

Have you thought about using WordPress in combination with VueJs and Laravel?

A small example of VueJs and Laravel build with a simple API used to
read and write to the users table. Same principle can be used to build API endpoints
that will serve content to the VueJs front-end.


On top of that there’s an example of using WordPress in combination with Advanced Custom fields
as an API serving content to the same VueJs front-end.

A nifty way you can utilise WordPress as CMS and content delivery system.

What’s the first step?

A good stepping stone to start with would be following one the tutorials found on this page:
Laravel Vue Router

– Usage of Vue-Router
– Utilise Laravel’s API to deliver content to VueJs front-end.
– Utilise Laravel’s api to Create, Read, Update and Delete records.
– Create a simple VueJs front-end
– List records and handle errors
– Handle events and use the Laravel’s endpoints in the Vue front-end.


You can explore the other sections and steps of that tutorial to get a more comprehensive understanding of the implementation.

What’s next?

The second bit of know-how I’ve used to get things running can be located here
wordpress-vue-headless

– Add custom fields group to a post/page
– Create key for the custom fields group
– Create a custom API endpoints
– Simple VueJS front-end driven by content from WP’s custom endpoints created.


Here you can find an implementation that gives you a way of creating custom endpoints using WordPress’ in-built API functionality.
The content in the newly created endpoints is driven with the help of the Advanced Custom fields plugin, which gives you a custom key in the endpoint you can use to call all the different bits of content.

How to disable automatic updates in WordPress

Has your site ever crashed or suffered because of unexpected Plugin or WordPress core update. If you want to have complete control over the autoupdate feature for plugins, core and themes you would want to use the following two code snippets.


	Goes in -> wp-config.php
	define( 'WP_AUTO_UPDATE_CORE', false );
	define( 'automatic_updater_disabled', true );
	define( 'wp_auto_update_core', false );
	Goes in -> functions.php
	add_filter( 'auto_update_plugin', '__return_false' );
	add_filter( 'auto_update_theme', '__return_false' );
  

This two snippets will effectively freeze the state of your WP install – no more unexpected updates.

Cheers,
Sam

Standalone Newsletter Popup for Shopify

For those of you using Shopify on occasion here’s an easy and standalone snippet that will give you a a popup with the default for Shopify newsletter form. There’s a 10 second delay on the popup as well as it creates a cookie to prevent the popup from displaying again for 7 days after initial display.

<!– Newsletter Popup START –>
<link rel=”stylesheet” href=”https://cdnjs.cloudflare.com/ajax/libs/fancybox/3.5.7/jquery.fancybox.min.css” media=”screen”>
<script src=”https://cdnjs.cloudflare.com/ajax/libs/fancybox/3.5.7/jquery.fancybox.min.js”></script>
<script src=”https://cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.js”></script>
<style>#popupbutton:hover{background: black; color:#eddb5d; border: 0; padding: 5px 15px;} #popupbutton{background: #eddb5d; border: 0; padding: 5px 15px;}#newsletterEmail{margin-top: 15px; margin-bottom: 15px;}#targetpop{text-align: center;}</style>

<a style=”display:none;” id=”various1″ href=”#targetpop”></a>
<div style=”display: none;”>
<div id=”targetpop” class=”newsletter outer relative pv1 ts1″>
<div class=”absolute fit-x”>
<div class=”gradient-background absolute fit-x bg-c1″></div>
</div>

<div class=”container–s mha relative tsx mv1″>
<div class=”newsletter__inner mha w1 flex flex-items-center flex-wrap”>

<div class=”newsletter__title mb1 pb05 w1 w12_m cw align-c”>
<h3 class=”mv0″>LA BREWERY NEWSLETTER</h3>
<p class=”mv0″>News, Stockists, Mocktails & More…</p>
</div>

<div class=”w1 w12_m” data-component=”newsletter-form”>
<div id=”newsletterSuccess” class=”newsletter__success hide cw fit-x p”>Thanks for signing up!</div>

{% form ‘customer’ %}
{% if form.posted_successfully? %}
<div id=”newsletterSuccess” class=”newsletter__success cw mv05″>
<p>Thank you for signing up!</p>
</div>
{% else %}
<div class=”flex flex-items-start”>
<div class=”newsletter__field flex-auto”>
<input id=”newsletterEmail” class=”w1″ name=”contact[email]” type=”email”
placeholder=”Email Address” required
value=”{% if customer %}{{ customer.email }}{% endif %}” autocorrect=”off”
autocapitalize=”off”>
</div>

<button type=”submit” id=”popupbutton” class=”button button–dark”>Sign Up</button>
</div>
{% if form.errors %}
<p class=”newsletter__error align-c c3 mt05″>*Invalid email address, try again.</p>
{% endif %}
{% endif %}
{% endform %}
</div>

</div>
</div>
</div>
</div>

<script type=”text/javascript”>
function openFancybox() {
setTimeout( function() {$(‘#various1’).trigger(‘click’); },10000);
}
$(document).ready(function() {
var visited = $.cookie(‘visitedPopup4’);
if (visited == ‘yes’) {
return false;
} else {
openFancybox();
}
$.cookie(‘visitedPopup4’, ‘yes’, { expires: 7 });
$(‘#various1’).fancybox();
});
</script>
<!– Newsletter Popup END –>

Clean WordPress Malware

WordPress Malware Removal

Following a recent encounter with the latest WordPress Malware I decided to write this article.

There are a number of WordPress malware infections like the popular wp-vcd / we_vcd infection that infects and spreads to the functions.php file of your theme. While this particular malware is nasty and can persist leaving backups and executable code in various outdated/nulled plugins, it’s fairly easy to remove and block.

What I was faced with a while back is a crafty piece of malware that infects every file and folder on your server –  and for people using a shared hosting to house a bunch of websites this can turn into the End Of Days real quick.

What the malware does is phish your website and hook various pop-up ads to it, depending on the person deploying it, but primarily Russian Porn sites and ads.

So once you realise your host is infected it’s probably too late, the malware has spread to places where you haven’t had the slightest idea it may lurk and hide.

How to identify the infection?

In my case the name for this malware exploit was CPLUGIN which appeared in filenames and in injected code.
This malware creates .<filename> files in every folder it has access to – you’ll see your inode usage spiking due to the large number of hidden files created. It will look similar to the screen below.

What are the steps to remove the malware and clean your entire server?

    1. Do a backup of your entire host (file structure and databases).
    2. Get all of your pages into maintenance mode and disable all active plugins to limit the spread of the malware until you can get on with the cleaning process.
    3. Download the backup onto your local machine.
    4. Load all the files and folders in an editor like VisualStudio for example, look in your functions.php file and identify the infected string, usually added at the top of the functions file above the theme’s original functionality.You’ll need to manually remove that string from your functions file and any other files it may have been injected into – so simply search and replace for that bit.
      That’s the way to identify and remove the injected string from all your files.
      After you are left with the files generated by the malware, below are the steps to identify and remove those.
    5. Now that you have identified and removed the injected string from all of the files on your   system we can useThe GREP and FIND commands you can use to search and remove all files generated by the infection files in a few simple steps.
      I took the time to identify the main strings and filenames to search for and remove.
      – .class-wp-cache.php
      .cplugin
      .cplugin.php
      WPTemplatesOptions
      WPCacheExist
      WPPluginsOptions
      cplugin
      .cplugin

You can find the code snippet with the commands I used and this successfully cleaned the contents of my server.

 
find  -name .class-wp-cache.php -delete
find  -name .cplugin -delete
find  -type f -exec grep -q "class WPTemplatesOptions" {} \; -delete
find  -type f -exec grep -q "class WPCacheExist" {} \; -delete
find  -type f -exec grep -q "class WPPluginsOptions" {} \; -delete
find  -type f -exec grep -q "cplugin" {} \; -delete

This set of commands will successfully clean all that’s left from the malware infection.
If there are other strings that you would like to identify and remove the files for you can just replace the ones above with your findings and give it a go.

This concluded the saga for me.
I hope you find this useful and save some time and manual work – restoring your content or website.

Cheers,
Sam