Join the Internet Defense League using the Cat Signal plugin for WordPress!

Back in 2012 “the internet”, as a collective, realized the power of people speaking up with the Internet Blackout to fight against SOPA/PIPA. Major players stepped up and told the government they did not like what was happening with the two bills, including companies like Google, reddit, Mozilla, WordPress, Craigslist and more.

Since then, other campaigns have happened – though none have drawn nearly as much press as the Internet Blackout did. To help boost awareness of, and participation in, future similar campaigns a group calling themselves the Internet Defense League have created a means of easily disseminating code, so that as many websites as possible can quickly get the code and implement it in the future.

Cat Signal is a WordPress plugin that implements the JavaScript needed to participate. Turn it on, leave it on, and your website will always display a message any time a campaign happens. For example, today 9/10/2014 is the Internet Slowdown which is being used to inform people about Net Neutrality and collect digital signatures which will sent to your local Congressman. Here is a screenshot of what Binary Templar looked like when a site visitor would come to the site for the first time today.

Internet Defense League

If you don’t want to keep the plugin enabled, feel free to deactivate it between campaigns. As long as you know something is happening, you can always turn it back on again. But as long as you’re not so worried about the extra js file include on your site performance, you are probably fine to just keep it enabled so that you don’t have to proactively do anything the next time a campaign occurs.

If you like, you can also go to the Internet Defense League’s members area to grab a badge for your site, advertising that you support their cause. There are multiple to choose from, for use in including in different locations on the site or with different designs.

Have fun, and happy protesting!

 

disableMUWell, there’s nothing like quickly pushing an update after your initial release! After all the initial testing that went into the version of DisableMU which I submitted to the repository, it turned out there was a severe failure in the logic used when determining where to inject the Constants which I needed to override with the plugin.

Due to the fact that wp-settings.php is included just before the end of the file, that was in turn including default-constants.php which defines the values of the /mu-plugin directory & url. That meant that by the time WordPress got to my definitions… it ignored them.

This meant no harm was done by the installation of the plugin, but it also meant that nothing was effectively happening by using the plugin! Initial tests to confirm the value of the Constants were done prior to the final coding which injected at the end of the file, which just goes to prove that you should always check your work! No matter how confident you are in it, each change you make in the development process has the potential to have unexpected consequences.

Go download version 1.1 from the repository now!

disableMUYesterday, my first plugin was approved and released within the plugin repository on wordpress.org. Woohoo!

http://wordpress.org/plugins/disablemu/

Most of the relevant information can be found on the repository page or on the DisableMU page here on the site. Long story short, I wanted a way to protect my sites from malicious code being uploaded to the /wp-content/mu-plugins directory in the event of a server compromise or malicious plugin code executing.

The way the plugin works is by tricking WordPress into not being able to find the intended path to the mu-plugins folder. This can (and is) accomplished by defining three Constants inside of wp-config.php

if ( !defined('WPMU_PLUGIN_DIR') ) 
    define( 'WPMU_PLUGIN_DIR', ABSPATH . 'wp-content/plugins/mu-12345678901234567890' ); 

if ( !defined('WPMU_PLUGIN_URL') ) 
    define( 'WPMU_PLUGIN_URL', get_option('siteurl') . '/wp-content/mu-12345678901234567890' );

if ( !defined( 'MUPLUGINDIR' ) ) 
    define( 'MUPLUGINDIR', 'wp-content/mu-12345678901234567890' );

The only difference is, using DisableMU removes the need for you to touch your own wp-config.php file and that the final directory path is randomly generated each time the plugin is activated. This means that no two installations are running the same “renamed” directory.

Hopefully it helps you, and let me know if you have any feedback!