Category Archives: wordpress

Polish translation for Ambrosia wordpress theme.

Ambrosia theme is the one you are looking at right now. I’m really happy with it and just today there was an 1.3.4 update with a couple of additional languages so I wanted to contribute.
You can get this theme from here or by searching the wordpress repository.

I have created the polish translation for this theme. You can download the language files from here: Ambrosia theme polish language files.

Simply install the Ambrosia theme and upload and pl_PL.po files to wp-content/themes/ambrosia/lang directory on your server.

WordPress GeSHi plugin optimization and modification.

Download link at the bottom.

Yesterdays research has pointed me one important issue – the WP-syntax plugin was taking way too long to process the homepage. And it wasn’t only the WP-Syntax but also other syntax-highlighting plugins including WP-GeSHi-highlight and Better WordPress Syntax Highlighter.
From few tested I found that WP-GeSHi-Highlight has the best performance but still – it wasn’t so great.
I was thinking – is there any way to speed up this plugin (or at least minimize the “damage”)?

The plugin itself is very well commented and is very simple, this is the simplified flow of the script:

  1. Plugin init
  2. Loop through posts to display and parse full text looking for <pre lang=”> tag
  3. If found – mark the place with unique identifier
  4. Replace every unique identifier with the GeSHi output

What if one of the posts doesn’t contain <pre lang=”> tag? The plugin still has to parse whole text to look for it. This doesn’t sound good if you want to highlight code only in a fraction of your posts.

Before I did anything else I wanted to run a couple of tests:

WP-GeSHi-Highlight disabled, didn’t parse anything – only initialization.

WP-GeSHi-Highlight enabled, parsed 3 posts.

WP-GeSHi-Highlight enabled, parsed all 10 posts.

After done with the profiling I decided it is worth to modify the plugin.
The new feature works in a very simple way, go to your dashboard and under Settings->WP-GeSHi-Highlight you can set the tag with which posts will be parsed.

The last thing you need to do is to tag all the posts with the code snippets and the plugin will do all the rest for you.

Keep your load times low and your wordpress will love you forever!

You can download the modified plugin here.

WordPress security with PHPIDS – plugin benchmark.

PHPIDS logoPHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to.

Security of your blog is very important and to keep your blog safe you must be very careful when installing new plugins. Even when you take all precautions you can never be sure that the plugin you have just installed is secure.
If you are worried about security there is a hope – Mute Screamer plugin. It’s very simple to use. Just install it and set few simple options to suit your needs and you’re done. From now on PHPIDS system will make sure that any input from your visitors will be stripped of any malicious code like SQL Injection or XSS attack.

Sounds good but you may ask – will it slow down my blog?
Well, it’s time to try it!

This is my test setup:

  • WordPress 3.3.2
  • P3 (Plugin Performance Profiler) – to profile wordpress installation
  • Akismet
  • Google XML Sitemaps
  • Better WordPress reCAPTCHA
  • Piwik Analytics
  • WP-Syntax
  • WP Super Cache
  • Mute Screamer

There were 5 main scenarios:

  1. No plugins – all plugins disabled
  2. IDS only idle – only Mute Screamer enabled at normal operation
  3. IDS only attack – only Mute Screamer enabled with attack detected
  4. All plugins – no cache – all plugins except cache enabled
  5. All plugins – with cache – all plugins including cache enabled

Each scenario was run 20 times on different parts of the blog each time.

Detailed results can be found in the following table:
[table id=1 /]
Nothing spectacular, right?
The following graph represents loading time of each wordpress segment in each scenario:

PHPIDS (via Mute Screamer plugin) doesn’t introduce any major weight to your blog as opposed to what you would think.
This breakdown proves the point, Mute Screamer is only a fraction of code needed to display the blog, the core still takes about 70% of resources:

Let’s look at the memory usage and execution of the plugins:

This also proves that the additional security layer will not slow your blog more that any other ordinary plugin (please note that left axis is in logarithmic scale) and even under attack conditions the script doesn’t introduce any significant stress on the system (this can be very important if you want to hide the fact you are using IDS).

Before running those benchmarks I’ve been very skeptical about this plugin but now I’m pretty sure the profit from the increased security costs me only a fraction of what I thought it would.

(During the tests and writing this post the PHPIDS has blocked 6 XSS attacks from the automated bots from all around the world)

WordPress 3.3.1 update.

Yesterday an security update for wordpress has been released. It fixes 15 minor issues and one XSS vulnerability. It is strongly advised to update your wordpress if you have installed your blog using an IP address (http://x.x.x.x/wp-admin/) instead of domain name (
This flaw can render your blog an “infected” nasty place which could serve your users unwanted content.
In my case it was a real issue so this blog is already patched up, I advise you to do the same!