CleanTalk's blog

    Sign up

    Category: WordPress

    • Non-visual methods to protect the site from spam. Part 1. Statistics

      Part 1. What statistic says

      Non-visual methods to protect the site from spam suggest automatic analysis of data coming from the visitor. As more data is analyzed, the more fully and more accurately visitor can be defined and made a decision is he a spammer or not.

      Systems that analyze such data usually accumulate visitor data statistics and the judgments. We offer an overview of the statistical data collected by us (service to protect sites from spam CleanTalk).

      Here I purposely do not cite the data analysis of IP addresses on black lists. Without them, you can obtain enough data, analyzing only the contents of form fields and HTTP headers.

      I’ll review the data by text message, nickname and email address and HTTP headers and the audit results of JavaScript test.

      Analysis on these figures algorithmically very simple and not demanding to resources, so it can be used before other more resource-intensive inspections.

      The data reflect the real picture at the time of writing and made on the basis of our analysis of the current traffic (more than 2 000 000 requests per day). Data can be freely used in the analysis of visitors to your sites. I note that the judgment for each criterion separately is not true — the best result will be achieved with a comprehensive analysis.

      1. Message text

      Message text – it is certainly the main thing in the spam. Consequently, spammers will build their posts so that on several criteria, they are clearly different from normal messages.

      The following table shows the most, in my view, informative statistics.

      Message text settings (average values) Not spam Spam
      Number of links, pcs 1.47 4.27
      Number of contacts (phone, e-mail), pcs 1.72 6.38
      Form filling time, sec 177 8
      The ratio of the length of the message to the time of filling, symbols/sec 23.81 308.54

      Amount of links speaks for itself. The amount of contact information can also be said about spam. Form filling time and, as a consequence, the rate of posts set differ most strongly.

      1. The nickname of the visitor

      The nickname can also tell about a lot of things. Probable cause is the quality of the algorithms of generating names that spammers use.

      Parameters of nickname (average values) Not spam Spam
      Length, symbols 7.40 16.52
      The number of delimiters, pcs 1.89 3.80
      The number of digits, pcs 3.29 7.59
      The length of a continuous sequence of consonant letters (for Latin), symbols 3.61 5.90

      One of the tasks of the spammer is not stumble on an error that a user with the same name is already on the site. So the uniqueness of nicknames currently provided, according to statistics, in the forehead – length, insert delimiters and numbers. As a result, you get a lot of nicknames with a large number of adjacent vowels and consonants, with the latter more.

      1. Name in e-mail

      Everything said for nicknames true for the name in the email.

      Parameters of name in e-mail (average values) Not spam Spam
      Length, symbols 10.09 19.16
      The number of delimiters, pcs 1.62 4.12
      The number of digits, pcs 4.30 9.57

      Note that as the delimiters characters are often used point – generated character string, then it randomly adds points, so you get a lot of e-mail names.

      1. HTTP-headers

      Spam-bots forge their headers to not be very different from the browser.

      However, statistics show that this is often true only at the time of writing the bot. In the future, it continues to work and send clearly outdated titles that can be seen in the table below.

      The percentage of HTTP headers User-Agent Not spam Spam
      Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) 0.01% 11.42%
      Opera/9.80 (Windows NT 6.2; Win64; x64) Presto/2.12.388 Version/12.17 0.01% 10.84%

      Ready spam solutions may also leave their headings, in particular, when using HTTP-proxy. And this is also reflected in our statistics.

      The percentage of HTTP headers Via Not spam Spam
      Mikrotik HttpProxy 0.86% 33.07%

      1. JavaScript-test

      Additional simple but very effective check can be JavaScript-test. For example, changing the JS-code the desired cookies, the options are many.

      The most advanced (and expensive) bots pass JS-tests. However, as can be seen from the statistics, a large percentage of spam comes from very simple programs, unable to do so.

      Percentage of failing JS-test Not spam Spam
      change cookies through JS 0.41% 68.53%
      1. Conclusion

      I have shown statistical data collected by our system at the moment. Again, for the most accurate solution to spam/not spam you need to analyze the indexes comprehensively, as well as in combination with other methods of spam checks.

      Learn more about CleanTalk Anti-Spam.

    • Solve the problem with caching of dynamic JavaScript code on the frontend of WordPress

      In the process of developing anti-spam plugin CleanTalk for WordPress we faced with the problem of caching of dynamic JavaScript code on the frontend of sites. Namely, if you place JavaScript that contains any pieces of code that can be dynamically inserted from backend site, in the presence on the site of any plug-in caching pages, JavaScript code is not possible to use as directed.

      Consider the example

      In the backend we have the template of JavaScript code,

       <?php
$html = '
<script type="text/javascript">
function ctSetCookie(c_name, value, def_value) {
 document.cookie = c_name + "=" + escape(value.replace(/^def_value$/, value)) + "; path=/";
}
ctSetCookie("%s", "%s", "%s");
</script>
'; 

$ct_checkjs_key = rand(0,100); // The value of the variable dynamic
$field_name = 'ct_checkjs'; // The value of a static
$ct_checkjs_def = 0; // The value of a static

$html = sprintf($html, $field_name, $ct_checkjs_key, $ct_checkjs_def);
?>

      An example of the output on the frontend,

       <script type="text/javascript">
function ctSetCookie(c_name, value, def_value) {
document.cookie = c_name + "=" + escape(value.replace(/^def_value$/, value)) + "; path=/";
}
ctSetCookie("ct_checkjs", "455", "0");
</script>

      Accordingly, the cache gets the JavaScript code in which parameter value of function ctSetCookie unchanged on all pages of the site and the same for all visitors, which leads to the impossibility of using JavaScript individually for each visitor. Consider options for solutions.

      Use built-in tools to disable caching

      If the plug-in of caching of content on WordPress more or less popular, then it is bound to have a means to exclude a list of pages from the cache. For example, for the WP Super cache, you can specify in your plug-in code line,

      define( "DONOTCACHEPAGE", true );

      This will be enough for your pages with dynamic code were not included in the cache. The disadvantages of this approach,

      It is necessary to integrate and test your plug-in with popular caching plug-ins.

      Still there will be cases when your code incorrectly works off due to the fact that one or another site is set rarely used plug-in of caching.

      And most importantly, this approach virtually eliminates the use of caching plugins, if your JavaScript code is placed on all pages of the website, or on the most loaded pages.

      Let’s look at other option solutions.

      AJAX call to the backend

      The essence of this approach is that on the frontend place only a static JavaScript code, and all that is required to use dynamically obtain the backend of the site through an AJAX call. The example code on frontend,

      
//
// Making a call to admin-ajax.php
//
function sendRequest(url,callback,postData) {
    var req = createXMLHTTPObject();
    if (!req) return;
    var method = "GET";
    req.open(method,url,true);
    if (postData)
            req.setRequestHeader('Content-type','application/x-www-form-urlencoded');
        req.onreadystatechange = function () {
            if (req.readyState != 4) return;
            if (req.status != 200 && req.status != 304) {
                return;
            }
        callback(req);
    };
    if (req.readyState == 4) return;
    req.send(postData);
    return null;
}
var XMLHttpFactories = [
    function () {return new XMLHttpRequest()},
    function () {return new ActiveXObject("Msxml2.XMLHTTP")},
    function () {return new ActiveXObject("Msxml3.XMLHTTP")},
    function () {return new ActiveXObject("Microsoft.XMLHTTP")}
];
function createXMLHTTPObject() {
    var xmlhttp = false;
    for (var i=0;i<XMLHttpFactories.length;i++) {
        try {
            xmlhttp = XMLHttpFactories[i]();
        }
        catch (e) {
            continue;
        }
        break;
    }
    return xmlhttp;
}

//
// Process the results of the AJAX call.
//
function ct_callback(req)
{
ct_cookie=req.responseText.trim();  
    ct_setCookie('ct_checkjs', ct_cookie);

return null;
}
//
// Set cookie
//
function ct_setCookie(name, value)
{
    document.cookie = name+" =; expires=Thu, 01 Jan 1970 00:00:01 GMT; path = /";
    document.cookie = name+" =; expires=Thu, 01 Jan 1970 00:00:01 GMT";

    var date = new Date;
    date.setDate(date.getDate() + 1);
    setTimeout(function() { document.cookie = name+"=" + value + "; expires=" + date.toUTCString() + "; path = /;"}, 500);

    return null;
}

var ct_ajaxurl = 'http://wordpress.local/wp-admin/admin-ajax.php';
sendRequest(ct_ajaxurl+'?'+Math.random(),ct_callback,'action=ct_get_cookie');

      Please pay attention to the structure

      ct_ajaxurl+'?'+Math.random()

      This approach is used to avoid caching including an AJAX call.

      Move to the last listing, look at the backend,

      
add_action( 'wp_ajax_nopriv_ct_get_cookie', 'ct_get_cookie',1 );
/**
 * Returns a new cookie
*/
function ct_get_cookie()
{
    global $ct_checkjs_def;
    $ct_checkjs_key = ct_get_checkjs_value(true); 
    print $ct_checkjs_key;
    die();
}

      Disadvantage of this approach only in one thing – your plug-in does one call more in the backend of WordPress. Given the fact that the hosting service cannot be the fastest or the WordPress can be set more than a dozen plug-ins, such a call would increase the response time of the site.

      Good luck in developing for WordPress!

      Learn more about CleanTalk Anti-Spam.

    • CleanTalk Anti-Spam Released a New Version of the Spam FireWall

      CleanTalk company Inc is a cloud service protecting websites from spam bots, has announced the launch of a new version of the Spam FireWall which is designed to block spam attacks on the web sites.

      The CleanTalk SpamFirewall manages and filters all inbound HTTP traffic to protect web sites from spam bots and to reduce the load on the web servers.

      Spam FireWall – allows blocking the most active spam bots before they get access to web site. It prevents loading of pages of the web site by spam bots, so your web server doesn’t need perform all scripts on these pages. Also it prevents scanning of pages of the web site spam bots. Therefore Spam FireWall significantly can reduce the load on your web server. Spam FireWall also makes CleanTalk the two-step protection from spam bots. Spam FireWall is the first step and it blocks the most active spam bots, CleanTalk Anti-Spam is the second step and it checks all other requests on the web site in the moment before submit comments/registers and etc.

      How Spam FireWall works?

      -The visitor enters to your web site.
      -HTTP request data is checked of the nearly 5,8 million of certain IP spam bots.
      -If it is an active spam bot, it gets a blank page, if it is a visitor then it gets a site page. This is completely transparent to the visitors.
      -All the CleanTalk Spam FireWall activity is being logged in the process of filtering.

      CleanTalk’s Spam FireWall Features

      -Protection from spam bots without access to the web site. Spam FireWall blocks most of the spam bots before they load the page of the website.

      -Reducing the load on a web server. In order to post spam, many spam bots load the page, this creates a burden on the database and the server, and when a large amount of spam attacks it can have a significant impact on the performance of the website.

      -Protection against HTTP/HTTPS DDoS attacks. This is one of the most common types of DDoS attacks with the aim to load a web server so that it was not able to handle all other requests.

      -Protection against RPC-XML attacks. One of the most common types of attacks on sites running WordPress in order to pick up the username and password of the administrator of the web site or to organize DDoS attacks. Spam FireWall’s SQL Protection provides an affordable, automated solution for protecting from a variety of SQL injection attacks.

      -Spam FireWall’s logs allows you to monitor the service work and reporting all incidents.

      -Installation for 60 sec does not require modification of configuration files and others.

      -Spam FireWall is available for web sites on WordPress and Joomla

      Spam bots messages (comments) often disguised as ordinary users posts, but contain advertising links or text. The main objectives of such messages are the translation of the user to a malicious resource, advertisement, or by the links to raise the position of their site. This compromises the site and can spoil the reputation, the search engines lower the position of the site in the search results. That is why reliable protection from spam bots is only way to prevent the undesirable effects of cyber attacks. CleanTalk provides reliable protection from attacks and spam bots and promotes strengthening information security throughout the world.

      CleanTalk Spam protection FireWall based on the use of private data black lists of IP addresses.

      The main consumers are the administrators and owners of web sites, the solutions offered by CleanTalk allows to obtain an effective and automated solution to many security problems of the web sites and to save time for business development.

      Another area of use is the use CleanTalk for hosting providers, as it can reduce the load on web servers to save resources and costs.

      About CleanTalk

      CleanTalk is a SaaS spam protection service for Web sites. CleanTalk uses protection methods which are invisible for site visitors. Connecting to the service eliminates needs for CAPTCHA, questions and answers and other methods of protection, complicating the exchange of information on the site. Their solutions are reliable, easy and efficient. The module is completely invisible to the visitors and allows you to permanently abandon the ways of protection that impedes the communication of visitors to the site (CAPTCHA, question-answer, etc.). CleanTalk allows you to automate protection against distributed from spam and registration spam bots.

      The team CleanTalk has been developing a cloud spam protection system for 4 years and has created a truly reliable anti-spam service designed for you to ensure your safety.

      CleanTalk

      CleanTalk Spam FireWall

    • How to protect your WordPress site against spam and spam bots

      How to protect your WordPress site against spam and spam bots

      There are many plugins to protect against spam, almost all of them have some disadvantages. In our view it is optimal to use the cloud service CleanTalk.

      Since this is a cloud service, by obtaining and analyzing data from over 100,000 web sites, CleanTalk very effectively protects against spam. The algorithms analyze the behavior of spam bots increase service efficiency up to 99.998%. This is one of the fastest anti spam plugins and does not load the server and database.

      To start use CleanTalk on your WordPress site, follow these steps:

      Go to WordPress Dashboard->Plugins->Add New and in the search bar, type CleanTalk and click Install.

      install CleanTalk

      Activate the plugin and go to settings CleanTalk.

      To connect the plugin to the service, you’ll need your Access key. To get the key click on the button “Get access key”.

      Get key

      You will be taken to the website CleanTalk. You can change your email to register for the service.

      Register for an account

      Push the button and get your access key.

      CleanTalk anti spam setup on WordPress

      Return to the plugin settings, insert the access key and click “Save Changes”. The installation and configuration of the plugin completed, changes in Advanced Settings needed in rare cases.

      To test the plugin, log out of the account administrator and go to your website. Write a test review or make a test registration with e-mail *@*******lk.org, these messages will be blocked.

      test message

      Next, you should get a message about blocking

      forbidden

      Great, your website protected from spam bots!

      Similarly you can check any form in your website.

      Additional features CleanTalk. Dashboard, view logs.

      To view service logs, go to CleanTalk Dashboard. Or log in to your WordPress Dashboard->Settings-CleanTalk and click “Click here to get anti-spam statistics”

      get stat

      If you have any questions you can always contact us. We will be happy to help you.

      For more info

      Help

      Features

    • Spam FireWall – how to reduce CPU usage on website and to block DDoS attacks

      Spam FireWall – how to reduce CPU usage on website and to block DDoS attacks

      The CleanTalk SpamFirewall manages and filtres all inbound HTTP traffic to protect web sites from spam bots and to reduce the load on the web servers.

      CleanTalk has got an advanced option “Spam FireWall” for WordPress and Joomla!, this option allows blocking the most active spam bots before they get access to web site. It prevents loading of pages of the web site by spam bots, so your web server doesn’t need perform all scripts on these pages. Also it prevents scanning of pages of the web site spam bots.

      Therefore Spam FireWall significantly can reduce the load on your web server.

      Spam FireWall also makes Cleantalk the two-step protection from spam bots. Spam FireWall is the first step and it blocks the most active spam bots, CleanTalk Anti-Spam is the second step and it checks all other requests on the web site in the moment before submit comments/registers and etc.

      How Spam FireWall works

      • The visitor enters to your web site.
      • HTTP request data is checked of the nearly 5,8 million of certain IP spam bots
      • If it is an active spam bot, it gets a blank page, if it is a visitor then it gets a site page. This is completely transparent to the visitors.

      All the CleanTalk Spam FireWall activity is being logged in the process of filtering. The logs will be available for viewing in CleanTalk Dashboard since 10/15/2015.

      Spam FireWall DDos Protection
      Spam FireWall can mitigate the HTTP/HTTPS DDoS attacks. When an intruder makes use of GET/POST requests to attacks on your website. Spam FireWall blocks all requests from the bad IP addresses. Your website will issue give for infringer a special page instead of the website pages. Therefore Spam FireWall can help to reduce of CPU usage on your server.

      Get SpamFireWall

    • Spam Is Still a Big Problem, 99.6% comments/register are spam bots!

      CleanTalk is dynamically developing cloud service of web-sites protection from spam. It is the powerful tool that becomes a serious competitor for leaders like Akismet and Mollom.

      Spam is a big problem for Web sites or blogs. Even just launched WordPress Blog is likely to receive traffic from spam bots.

      In 2013, the share of bot traffic was 61.5%. In comparison with 2012 the growth of bot traffic was 21% and this growth continues. This non-human traffic is search bots, scrapers, hacking tools, and other human impersonators, little pieces of code skittering across the web. (Source Incapsula)

      Without effective automated counter measures, dealing with spam is time consuming, annoying and painfully slow.

      CleanTalk seeks to provide reliable protection, thus contributing to strengthen information security in the world. Every day CleanTalk processes about 2.5 million requests. In general only 0.4% are comments, registration, etc. from real visitors and the remaining 99.6% are spam bots!

      CleanTalk detects and stops spam witout CAPTCHAs or other math-based, human/bot testing techniques. Analyzing behavioral factors, the parameters of filling out forms and structure of the text, CleanTalk has a very high efficiency. According to the founder of the project Denis Shagimuratov “At 2.5 million queries the service makes a mistake in 40-45 cases, i.e. CleanTalk detects spam with 99.9982% accuracy. We constantly monitor these errors and make adjustments to our algorithms”, so the team is aiming to improve those figures over time.

      All of this makes CleanTalk powerful tool against spam and it is easy for users at the same time.

      Novadays CleanTalk is generally recognized by users who say CleanTalk is one of the best anti-spam services.

    • A new kind of WordPress anti-spam plugin settings page

      We have simplified the plugin settings page and added new elements.

      1. Add visual display protected forms and the user can immediately see that the protection is active.
      2. We’ve removed in a drop-down advanced settings, these settings for 99.99% of the users  are optimal and do not require changes.
      3. In the status bar we’ve added  plugin statistics of processed events in the past 24 hours. You’ll always know how many comments was added and how many spam attacks was stopped. Statistics has a link to the CleanTalk Control Panel to view detail and service management, as well as a quick link to the plugin’s settings.

      We will be grateful to you if you say your opinion. Thank you!

    • For WordPress users, checking existing comments for spam

      For WordPress users, checking existing comments for spam

      CleanTalk offers more protection from spam bots to sites by WordPress. The new version provides a unique opportunity to test existing spam comments.

      CleanTalk adds new features in CleanTalk Anti-Spam, our solutions are reliable, easy and efficient. Work of the module is absolutely invisible for visitors and allows to renounce forever the ways of protection complicating communication on the website (CAPTCHA, question and answer, etc.). CleanTalk allows you to automate protection from spam and registering of spam bots.

      Cloud anti-spam service CleanTalk released a new version of the anti-spam plugin for WordPress, the new version has a unique function of automatic check for spam of the existing comments on the site.

      This allows administrators of the Web sites automatically check and identify spam bots comments, which were not detected by conventional anti-spam tools.

      This function is present only for WordPress, it will gradually be introduced for other CMS.

      CleanTalk identifies spam bots, using its own algorithms to estimate the parameters visitor, on the basis of these tests is formed its own database of spam bots. Checking existing comments is made on the basis of the nearly 2 million of certain spam bots. Detailed statistic allows CleanTalk customers to control the whole process.

      “The team CleanTalk has been developing a cloud spam protection system for four years and has created a truly reliable anti-spam service designed for you to guarantee your safety”.

      Download the new version anti spam by CleanTalk for WordPress

    • 84% of the WordPress site can be hacked: What’s Next?

      CleanTalk is a SaaS spam protection service for Web-sites. CleanTalk uses protection methods which are invisible for site visitors. Connecting to the service eliminates needs for CAPTCHA, questions and answers and other methods of protection, complicating the exchange of information on the site.

      f3ca345cc7ed3cf2bb0e3396a0596528

      If you often read IT-news, you probably already tired of the horror stories about another vulnerability that was found in the popular OS / database / CMS / coffee maker. Therefore, this post is not about the vulnerability and about monitoring how people react to it.

      But first – a few words about “the villain of the peace”. Critical vulnerabilities in popular WordPress blogging engine was found in September by the Finnish specialists from companies with funny name Klikki Oy. Using this hole, the hacker can lead as a comment to the blog a special code that will be executed in the browser of the site administrator when reading comments. Attack allows you to secretly take over the site and do unpleasant things under the admin access.

      Here’s how easy it looks like in practice. Go to the blog by WordPress and enter a bad comment:

      8758dfb3bad2ce0e7a14dd14cdd535db

      Next we see a specially crafted comment allows to bypass checks and conduct XSS-attack:

      b76d8a02ea439497f939a01fd973e02a

      After capturing admin permissions an attacker can run their code on the server that is hosting the attacked blog, that is, can develop an attack on a broad front. Now is the time to remember that just recently 800,000 credit cards were stolen by a bank trojan which was distributed across WordPress sites.

      This vulnerability applies to all versions of WordPress 3.0 and higher. Problem can be solved upgrade engine to version 4, where no such problem.

      And now about the actual reaction. Finnish security experts discovered a vulnerability reported it to the vendor on September 26. At the time of this writing, that is, two months later after finding renewed no more than 16% of users of WordPress (see diagram on the title picture post). What Finnish experts concluded that all the other 84%, that is tens of millions of users of this engine in the world, stay potential victims.

      In fact, the victims will certainly be less because there is a small additional condition for the operation – need the opportunity to comment on posts or pages (default is available without authorization). However, we are interested in here is the lifetime of vulnerability, and in this case it is possible to observe in real time – to monitor the statistics update WordPress here. Although you probably already understand the meaning of these figures: don’t lock the barn door after the horse is stolen.

      We also follow the intruders attempt to exploit this vulnerability “in the wild”. To do this, use a network attack detection based applications PT Application Firewall. The mechanism of intrusion detection based on the analysis of anomalies in this case worked well, and we did not have to add the signature. In other words, PT AF elicited this “0 day” from the very beginning:

      7cb201b9b1a2dd366483e30842c7c00f

      At the moment, the vulnerability exploitation attempts is already found. They can not be called mass – but if you have an older WordPress, should still be updated.

      This text is a translation of article “84% сайтов на WordPress могут быть взломаны: что дальше?” by ptsecurity published on habrahabr.ru.

      Forums and blogs without spam

      CleanTalk is a SaaS spam protection service for Web-sites. CleanTalk uses protection methods which are invisible for site visitors. Connecting to the service eliminates needs for CAPTCHA, questions and answers and other methods of protection, complicating the exchange of information on the site.

    • Little-known functions in WordPress

      CleanTalk is a SaaS spam protection service for Web-sites. CleanTalk uses protection methods which are invisible for site visitors. Connecting to the service eliminates needs for CAPTCHA, questions and answers and other methods of protection, complicating the exchange of information on the site.

      Has it ever happened that during parsing code-party plugin or theme you found quite useful standard function, which did not know before? At such moments, any developer feels a sense of worthlessness, remembering he reinvented the wheel in previous projects.

      In order to reduce the amount of frustration, I decided to describe a few little-known but very useful features:

      make_clickable
      Find in the text links and make them clickable.
      Example:

      $string = "This is a long text that contains some links like https://www.wordpress.org and https://www.wordpress.com .";
echo make_clickable( $string );

      popuplinks
      Adds  target='_ blank' rel='external' to all the links in the text.
      Example:

      $string = "This is a long text that contains some links like <a href='https://www.wordpress.org'>https://www.wordpress.org</a> and <a href='https://www.wordpress.com'>https://www.wordpress.com</a> .";
echo popuplinks( $string );

      wp_list_pluck
      Takes out certain fields from the collection.
      Example:

      $posts = get_posts();
$ids = wp_list_pluck( $posts, 'ID' ); // [1, 2, 3, ...]

      antispambot
      Converts email addresses to symbols HTML for protection from spambots.
      Example:

      $email = 'ex*****@***il.com';
echo '<a href="mailto:' . antispambot( $email ) . '">' . antispambot( $email ) . '</a>';

      checked / selected
      Adds an attribute checked (selected) if the first argument is equal to the second.
      Example:

      <input type="checkbox" name="remember" value="1" <?php checked( $remember ) ?> />
<select name="options">
    <option value="1" <?php selected( $options, 1 ); ?>>1</option>
    <option value="2" <?php selected( $options, 2 ); ?>>2</option>
    <option value="3" <?php selected( $options, 3 ); ?>>3</option>
</select>

      human_time_diff
      Represents the difference in time in human-readable form.
      Example:

      $published = get_the_time( 'U' );
echo human_time_diff( $published ); // 2 days

      wp_send_json_success / wp_send_json_error
      Displays data in a JSON format for Ajax requests.
      Example:

      if( $success ) {
    $result = array(
        'message'	=> 'Saved',
        'ID'		=> 1
    );
    wp_send_json_success( $result ); // { "success": true, "data": { "message": "Saved", "ID": 1 } }
}
else {
    wp_send_json_error(); // { "success": false }
}

      wp_remote_get / wp_remote_post
      Receives data from a third-party web resource.
      Example:

      $response = wp_remote_get( "https://api.twitter.com/1.1/search/tweets.json?q=%23WordPress", array( 'timeout' => 10 ) );
$tweets = wp_remote_retrieve_body( $response );

      wp_is_mobile
      Specifies the user’s device.
      Example:

      if ( wp_is_mobile() ) {
    get_footer( 'mobile' );
}
else {
    get_footer();
}

      wp_oembed_get
      Converts a link to a media resource in the code of the player.
      Example:

      $youtube_url = 'https://www.youtube.com/watch?v=Lcvh0DgytH8';
$embed_code = wp_oembed_get( $youtube_url, array( 'width' => 800 ) );

      wp_tempnam
      Creates a temporary file with a unique name.
      Example:

      wp_tempnam( 'cache.log', get_temp_dir() );

      zeroise
      Complements the number with zeros to the specified length.
      Example:

      $tickets_count = 8;
echo zeroise( $tickets_count, 3 ); // 008

      capital_P_dangit
      Corrects common errors in brand name WordPress.
      Example:

      $string = "I Love WordPress";
echo capital_P_dangit( $string ); // I Love WordPress

      get_num_queries
      Shows the total number of SQL-queries to the database page.
      Example:

      <!-- Number of queries: <?php echo get_num_queries(); ?> -->

      wp_text_diff
      Finds the differences in the text and displays them in a convenient form for comparison.
      Example:

      $left_string = 'This is the original string';
$right_string = 'This is the revised string';
echo wp_text_diff( $left_string, $right_string );

      submit_button
      Generates code for the button.
      Example:

      <?php submit_button( __( 'Save Changes' ) ); ?>

      enjoy 🙂

      This text is a translation of article “Малоизвестные функции в WordPress” by Pingbull published on habrahabr.ru.

      Forums and blogs without spam

      CleanTalk is a SaaS spam protection service for Web-sites. CleanTalk uses protection methods which are invisible for site visitors. Connecting to the service eliminates needs for CAPTCHA, questions and answers and other methods of protection, complicating the exchange of information on the site.