WordPress: “HTTP Loopback Connections Disabled”

You get a WordPress error that says, “HTTP Loopback Connections Disabled.”

It took me awhile to figure this one out. I was getting it on a BuddyPress install (and other have reported seeing it with BackupBuddy, among others).

Most of the web sites had pointless or ineffective solutions. Some said to add define('ALTERNATE_WP_CRON', true); to wp-config.php, which was completely irrelevant, uneffective and annoying. Others first defined what a loopback was (thanks, Sherlock) and suggested that I associate every domain with 127.0.0.1 in /etc/hosts, which:

  1. This is neither an issue nor required on my other cPanel instance.
  2. That is rather ridiculous to do for each domain on a shared server setup.

What Worked for Me

It turns out that allow_url_fopen was disabled on this (new) instance. Once I enabled that (which is on by default in PHP), the errors went away. In WHM:

  1. Go to Software > MultiPHP INI

WordPress Speed Experiments

I was working on a client site and was wondering about similar impact that my optimizations would have on a cloud instance with even traffic (read: zero traffic). I tested various things on a demo site that I set up for a client. I thought that the results were interesting, so I’ll share.

Setup

  • An 8GB IO Zoom instance with CloudLinux 7.3, MariaDB 10.1, Apache 2.4 proxied by Nginx, PHP 7.1, no TLS.
  • A clean-but-tiny 2GB IO Zoom Ubuntu 16.04 instance running Redis in a Docker container.

Note: These servers literally get NO traffic (they are my personal development servers), so for the most part, all things should be equal.

Quick Results

I used GTmetrix for the speed tests. Screenshots here: wordpress-speed-tests.pdf

  • Page 1 – Shows the site with NO caching/optimization. Bare WordPress.
  • Page 2 – I added Redis caching and shaved about 25% off of the load time.

Snippet: Disable WordPress Enqueued Script Caching

This code snippet will show you how you can disable caching of enqueued scripts in WordPress in your development/staging environment(s) but not in your production environment.

Add Environment Variable

  1. Edit the wp-config.php for each of your instances.
  2. Add the following (if it doesn’t already exist):

(replace ‘development’ with whatever label you want for each environment, such as ‘staging’, ‘production’, etc.)

Add/Modify Code to Enqueue Your Custom Scripts

We’re now going to tell our enqueued scripts to either:

  • If WP_ENV is ‘production’, when append the theme version to the script.
  • If WP_ENV is anything else (like ‘development’ or ‘staging’), append a timestamp to the script link.

Carbon Fields

 
It is rare that I find a plugin/framework that gets me so excited. One of these days I will have to publish a list of my favorites. Today I am here to talk about Carbon Fields for WordPress.

Let me begin by saying that Advanced Custom Fields Pro is one of my favorite plugins, and I probably use it more than any other (maybe on par with Redis Object Cache). I have a developer’s license for it. It is amazing and also a bargain! I wish that I could use it for everything!

That said, some of the things that make ACF Pro amazing, like Repeater field and Options pages, are not redistributable for free (as in beer) plugins. I totally understand and respect why – I would do the same thing. However, there are times when I make a plugin that I just want to give …

Comparison: AWS, DigitalOcean, Vultr & Linode

Over the years, I have used several dedicated and cloud hosting companies. I thought that I would share my opinions on them (as far as the features that I’ve used among them).

Although I have tried Microsoft Azure and the Google Cloud Platform, I preferred the interface of AWS and/or the price of other options, so I did not give them much of a trial. As a result, they will not be included much in this article. I also do not have a DevOps background so I will not be discussing HA or load balancing a lot.

Amazon Web Services (AWS)

I used to be a die-hard promoter of AWS (I still use them for some of their specialty services, and recommend them depending on infrastructure needs).

Pros:

  • Speed – I have always gotten impressive transfer speeds while using Amazon’s

Streaming Video Devices

I’ve tried several of the video streaming devices on the market and I thought that I would share my recommendations for those in the market for one.

Units that I have tried include:

Amazon Fire TV

Price: $49 and up

Amazon Fire TV StickI was excited when the Amazon Fire TV came out. At the time, I was an exclusive Roku user, but Roku had not updated their units in quite some time and they were beginning to feel sluggish. The Fire TV promised a significant speed boost, and it delivered in that respect. However, it was disappointing for other reasons.

Pros:

  • Speed – The unit was pleasantly fast.
  • Vendors – Supports Amazon Instant video and Prime
  • Voice – It was the first streaming unit (to my knowledge) that offered voice commands.
  • Apps – It supports most

WordPress Security Tips (Comprehensive List)

There are some simple, some free, some more difficult and some commercial solutions out there for making WordPress more secure. The question is not IF you will get hacked, but WHEN. The more you can do to secure your web site, the better.

The Basics

Below are minimal steps that you should take to help secure WordPress, in order of importance:

  1. Keep WordPress, plugins and themes updated – There are a number of ways that you can do this:
    • If you are working with a web site that isn’t too complex and/or doesn’t need to be babysat, WP Update Settings is a great plugin. It allows you to configure what to update: WordPress minor updates, major update, plugins and/or themes. It also has the option to notify you of updates. Configure as needed.
    • You can update your plugins manually if you prefer. It may help to use a monitoring services

A Comprehensive SSL/TLS Guide

I’ve seen a lot of sites that don’t use HTTPS by default. I’ve heard the argument, “We don’t need it. We’re not e-commerce.” This is absurd thinking:

  1. You are probably using some sort of CMS product, possible a popular one like WordPress, Magento, Joomla, etc.
  2. There is a good chance that you are not keeping them as updated as you should, but for arguments sake, let’s assume that you are (or pretend to be).
  3. All of these products have default administrative login paths. If you monitor your logs, you will notice that bots from all over the world are hitting this default path constantly.

Read more: Why HTTPS? Here Are the 5 Reasons Folks

Note: If you are using WordPress, consider forcing HTTPS using the WP Force SSL plugin or modifying your wp-config.php.

Step 1: Change your default admin path!

If you are on WordPress, there are several …

Bootstrap 4 – Grid Only

This situation happens to me all the time. I’m working on a client web site, making updates or content changes, but the site is not responsive and/or wasn’t built with any sort of CSS framework. I also encounter this problem when trying to throw together pages for the WordPress admin. I could do the work manually, but I’ve become spoiled by grids. Bootstrap happens to be my favorite.

If I include the regular Bootstrap distribution, I have the problem of it changing style and typography. That won’t work. I could use a different, grid-only framework, but I have become used to Bootstrap conventions.

To solve this problem, I simply compile the Bootstrap SASS files, including only the grid and responsive utilities modules. To avoid potential conflicts with other CSS, I use a wrapper (in this case, .bootstrap-wrapper). Now, I can simply include the CSS file in the project and use …

Installing Node.js, Nginx, PHP 5.6 & MongoDB on an Amazon Linux AMI EC2 Instance

This guide gives step-by-step instructions for installing Node.js, Nginx, PHP 5.6 and MongoDB on an AWS EC2 instance running the Amazon Linux AMI. If you notice any errors, changes or have suggestions for alternatives/clarifications, please let me know.

Assumptions

This guide assumes that you are familiar with Amazon Web Services and using the Linux command line. This guide also assumes that you are performing these tasks on a fresh Amazon Linux AMI instance.

Setup

This guide was written using a fresh Amazon EC2 instance with the following configuration:

  • Instance type: t2.micro
  • Operating System: Amazon Linux AMI 2015.09.1 (HVM), SSD
  • Storage: 8GB (default)

If you are using a newly-created instance, don’t forget to install the latest updates:

ManageWP - WordPress Management Made Easy

Node.js & NPM

This section shows the commands used to install and update Node.js and NPM.

Install Node.js and NPM