Lance Cleveland

Bitbucket Permission Denied / Conq

Hopefully this article will save at least one other person an hour of their life trying to figure out why they cannot clone a Bitbucket repository when using SSH.

My projects are broken into several teams, each with their own developer and administrator users.  Each team has a number of repositories that are being managed.  There is one common denominator; I have admin access to all repositories.   That means my Bitbucket user should have full read/write/admin privileges on all repos.    Yet no matter how many different keys I added to my Bitbucket user account it would not allow me to clone several repositories.

Read More

Performance Issues? Check Your Indexes

Any of the tech geeks that have worked for me in the past have heard me say it a million times.

“Check your indexes , people!”

It is the single-most overlooked issue that often yields the biggest performance gains on any SQL driven data system like WordPress, for example.

I cannot tell you how many times a junior coder or systems person has walked into my office and asked me to help them resolve an application performance problem.   The first thing I ask them is if the problem is data related.  The very next question is “have you checked your indexes?”.  More times than I can count  they find an improper or missing index.  Using SQL tools like ‘explain’ and building a proper index for the query that is causing problems can yield big performance gains with little effort.

Today I ran into a performance problem using my WordPress Dev Kit plugin that serves plugin updates to my WordPress plugin customers.   The dashboard on the sales site was horrendously slow.   The admin panel would take up to a full minute to load.    Building the right index on my data table brought that time down to less than 3 seconds.

Finding The Problem

I started by installing and enabling Query Monitor on my site.   This allowed me to see what was taking so long to execute.    The first report, a red herring, was the 18,000 entries from the wp_options table that was being loaded.

Turns out there were 15,000+ entries for _site_transient_brute_loginable , all of which were set to autoload.  That means WordPress was loading all 15,000 outdated and obsolete Brute Protect transients.

Query Monitor Output

Query Monitor Output

After deleting those 15,000 entries, Query Monitor brought me to the real culprit.  There were 4 database queries that were running slowly.  ONE of the queries was coming from my WPDK plugin.    It was only selecting 20 records , the 20 most recent entries, from a table with only a few data points.    However that table has 800,000+ rows and grows by a few thousand on a daily basis.

Fixing The Problem

The problem is that even though I was only asking for 20 records the “select the newest” was the problem.   MySQL had to read the ENTIRE database to find which 20 records were the newest.   Adding a simple index to the table fixed that issue.   Building an index on the lastupdated field allows the order by lastupdated DESC clause to utilize the index and read only 20 nodes from the index to fetch the record.    It is MUCH faster.  As in 57 seconds faster on a 60 second query.

MySQL Command Line Create Index

MySQL Command Line Create Index



Using PHP Anonymous Functions In WordPress

Recently I published an article “Adding WordPress REST API Security To Basic CRUD Operations” where the permissions callback points directly to a function:

This style of defining a function call is known in PHP as an anonymous function.   The example is based on an example provided by the WordPress REST API documentation.   The problem with such a method is that it is not supported on older versions of PHP;  the anonymous function was introduced in PHP 5.3.  To exacerbate the problem, WordPress recommends PHP version 5.6 but will run on PHP version 5.2.4.    As such many hosting companies opt to take the path of least-effort and run the oldest version of PHP they can.  That means they are running PHP 5.2.4.

Guess what happens when a customer runs your plugin or theme that uses anonymous functions on PHP 5.2.4?  It breaks.

How do you fix the issue?

Use named functions.   Anywhere you use an anonymous function you can use a named function.    In the example above we can convert the anonymous function to a method within the class that is setting up our REST route:


Adding WordPress REST API Security To Basic CRUD Operations

Work has been underway adding REST API functionality to the Store Locator Plus plugin.   Most people are familiar with the basic concept of using REST to fetch data from a remote server.   We use this every day when surfing the web using the basic premise of an HTTP GET protocol.   In short this is the simplest form of a REST “read” operation.   Go here, get this thing and show it to me.

REST APIs get more exciting when  you talk about adding basic create/update/delete operations proving the full CRUD functionality via the REST protocol.    The issue with using REST for these operations , especially via the WordPress REST API , is that you are now exposing your data via  service that anyone with even a touch of technical prowess can now create, update, or delete data elements from your site.     In the case of our locator plugin, we don’t want any random person to send a simple HTTP request to our server and delete a location.

The WordPress REST API provides a simple mechanism for adding security to these types of requests.   It uses the built-in WordPress user authentication and roles-and-capabilities to ensure a user has permission to alter the specific object, in our case location data, before handling the REST request.   To employ this security you will need two things;  A plugin that manages authentication requests  and the addition of a permission_callback parameter to your register_rest_route() call within your plugin/theme class that is managing your REST API.

The first part, adding a plugin, is easily handled by fetching one of the git repositories listed at the WordPress REST API documentation site.   You can choose either Basic Authentication (very weak security) or oAuth (much better option).   Using Basic Authentication is great for development and is what I use when testing RESTful services via phpStorm 2016 with its built-in RESTful service applet.

The second part, adding a permission_callback parameter, is done in the coding of your plugin or them that is managing your REST requests.   This can be handled using a simple anonymous function that returns the results of the WordPress current_user_can() function.     In Store Locator Plus we check to make sure the the user, authenticated with one of the above plugins as part of the source of the REST request, has the capability  of ‘manage_slp_user’ assigned.   By default this is assigned to all admin users when Store Locator Plus is installed.   The register_rest_route call looks like this:

This setup will check that the REST request has passed authentication and that the user identified with the request has the manage_slp_user capability before executing the add_location method in our REST API class.

Adding security on your POST/PUT/PATCH REST requests is as simple as that.

There are a lot of other tricks built into the WordPress REST API. Keep track of this blog to watch for more articles on WordPress development as I share what I’ve learned each week.

Billboard: ESPN Asked to Pay More Than $15 Million Annually to License Ambient Stadium Music

I wonder how, exactly, BMI determines what was played so they can fairly compensate the right creatives behind that music.

The answer is: they have no clue. They will apply their archaic generalized formula and make a wild guess then pay the most popular songwriters and composers. They’ll keep 12% for themselves and a good chunk in reserve , in a bank account where the keep the interest, in case they guessed wrong.

The PROs are a sham. Sad that music creatives don’t demand better.

ESPN Asked to Pay More Than $15 Million Annually to License Ambient Stadium Music

In response to ESPN’s demand that a New York federal court determine a reasonable license fee for the performance of songs on its cable sports networks, licensing agency BMI is noting the “vast amounts of music played loudly and prominently in stadiums and arenas,” ambient noise that is often picked up by the broadcaster’s microphones and heard by its viewers. Read the full story

Shared from Apple News

%d bloggers like this: