Cannot modify header information – headers already sent

So what exactly is ‘modify header information’ anyway? Well, it’s quite a common problem and one that has no definitive answer because there are many different code reasons why it occurs. That said, if you understand why it’s happening you should be able to diagnose your issue more easily. I’ll give an explanation first and then go on to provide a fix for WordPress template files as these seem to be the most prevalent code examples that get hacked and chopped about.

Headers sent to your browser explained

So, this issue rears its ugly head when someone visits your website and requests a page. Your server duly sends the page but before the visitor’s browser has completed the rendering of that page on the screen, it gets told to redirect to another page. This is unacceptable and the browser doesn’t like this so you see the error “Cannot modify header information – headers already sent”. Take this code example:

<html>
<?php
header('Location: https://www.pcrepairmansblog.com/');
exit;
?>

It’s simple enough php code where the object is to redirect the user’s browser to another website. This will not work though because the <html> line has started to output the code to the browser already. Remember that header() must be called before any actual output is sent and this can be by standard HTML, via PHP or even via the presence of blank lines.

The blank lines header error

The presence of blank lines within PHP in a file can cause errors. Here’s another example:

/*Some file*/

<?php

header('Location: https://www.pcrepairmansblog.com/');

exit;

? >

Spot the mistake? It’s a common one but the extra space after the final question mark is actually output to the browser and can be the difference between the page working or not. Extra whitespace where it shouldn’t be is tricky for coding beginners to spot, so work logically through the code and try to structure it as cleanly as possible. Compare any modifications you have made to the original file and try the original again to see if that triggers the error. Typical problems include whitespace or new lines before the opening <?php or after the closing ?> which works in many cases but often causes this error. Try to code more cleanly and remember this can cause big problems later on.

If your code has more than one PHP block in it and they are directly after each other, remove any spaces in between them. Try to consolidate the PHP into one block if possible here too.

 

Modify headers error where session_start() is used

Here’s another scenario:

<html>

<?php session_start(); ?>

<head>

<title>What's wrong?</title>

</head>

</html>

So what is going wrong here? Well, the session_start() function attempts to send headers with the session cookie to the client. Unfortunately, PHP already sent headers when it wrote the title element to the ‘output stream’. To resolve this, you would need to move the session_start() code to the top, above the <html> line.

Often, the error indicates exactly where you should be looking in your code so look for php and html output around there.

Script encoding errors, UTF-8 and BOM

The Byte Order Mark (BOM) is a Unicode character used to signal the byte order (aka ‘Endianness’) of a text file or stream. Still with me? If you’re not, don’t worry, all you need to do is to try to make sure you don’t have any Byte Order Marks in your code as this messes up the headers too. There is, in my mind, little place for BOM on a WordPress installation. The Unicode standard permits BOM in UTF-8 but doesn’t recommend it.

Errors caused by the inclusion of BOM are generally because

  • You viewed the source in a bad text editor and saved it (hint use Notepad++ which is free and brilliant)
  • You used a poor FTP client (hint: use WinSCP, also free and brilliant)
  • You had the BOM in there originally (hint: don’t download files from dodgy sites).

The simple solution is to open up all the offending files in Notepad++ (or a similar good text editor) and swap the file format from Windows/Mac to Unix and turn off the BOM.

For advanced users, you can run this nifty ‘find’ code on the server to remove all BOM code. Use with caution as it can modify any file.

find . -type f -exec sed '1s/^\xEF\xBB\xBF//' -i.bak {} \; -exec rm {}.bak \;

If you prefer to tread cautiously, use this code to simply display those BOM files:

grep -rl $'\xEF\xBB\xBF' .

The code above cleverly looks in the first line only which is where we find the BOM byte sequence (the UTF-8 representation of this is 0xEF,0xBB,0xBF). This means it runs pretty quickly.

Code your way out in functions.php

Well, I said I would give you a solution that works for WordPress and here it is. Please note, I would thoroughly recommend attacking the other solutions above first but if you are at your wits end try adding this to your theme’s functions.php file:

add_action('init', 'do_output_buffer');
function do_output_buffer() {
        ob_start();
}

PHP will now not send any input to the browser until the page is fully loaded. This in turn allows your WordPress installation to redirect users as it sees fit.

Summary

Remember, what you are trying to find is basically two lots of output to your browser and this is often via HTML code and PHP code being run at the same time. Track it down and your error should be removed. Don’t underestimate the widespread duff code in 3rd party plugins too, disable these one by one and try again.

Hope this helps you to sort out your ‘headers already sent’ issues, please use the social links to recommend this page to others before they pull their hair out too 🙂

 


How to clear the DNS cache

clear dns cache mac windows

Your DNS cache stores IP addresses of webservers. These servers have delivered pages which you and others have recently viewed. If the location of the web server changes for any reason before the entry in your DNS cache automatically updates, you will find yourself unable to access the website. You may also see a lot of 404 error codes, which generally happens when your DNS cache is messed up.

This is particularly prevalent for Webmasters who are setting up a new website and suddenly get presented with an old page or no page at all. Often it is visble on another computer or mobile phone which makes it even more frustrating.

By clearing this DNS cache, your computer will then re-query the nameservers for the new DNS information.

How to clear your computer’s DNS cache in Windows 2000, XP, Vista, 7 or 8

  • Click the Start button
  • On the Start menu, click Run
  • If you do not see the Run command in Vista/7/8, enter “run” in the Search bar just above the start orb
  • Type the following in the Run text box: ipconfig /flushdns
  • Press Enter

Pay attention to the space between the g and the forward slash.

Close the command window and retry your browser.

How to clear your computer’s DNS cache in Mac OS 10.7 onwards

Please note that for this to work you require the Admin account password.

  • Click Applications
  • Click Utilities
  • Double click the Terminal application
  • Type in: sudo killall -HUP mDNSResponder

Close the terminal window and retry your browser.

How to clear your computer’s DNS cache in Mac OS 10.6 and below

  • Click Applications
  • Click Utilities
  • Double-click the Terminal application
  • Type in: dscacheutil -flushcache

That’s it and you should now be able to fire up your browser and get a fresh version of the page.


How to make WordPress secure

Want to make WordPress secure? Then let’s harden it now! OK this is going to be a long article that I’ll add to as “best practice” changes with new releases.  For starters, let’s clear up what I’m trying to teach.  What we are doing here is limiting access by people who are trying to compromise your WordPress installation. And they are out there, believe me.

So first off, the easy stuff….

  1. Keep your WordPress and Plugins updated. You can lock down WP all you want but if you have a dodgy plugin you could be wide open to the world.
  2. Keep your server up to date. Vulnerabilities in older versions of php and various scripts mean that an attacker could get in outside of the WordPress installation.
  3. Shared hosting. I personally don’t use this as it can severely compromise security. Even if you do all the locking down possible, someone else may leave wide-open gaps on the server.  If you want reliable VPS hosting I recommend taking a look at  Servint dedicated and VPS hosting.
  4. Use a decent antivirus and antimalware on your own PC.  The largest amount of compromised servers come from password attacks and if you have malware on your PC that gets your FTP password then it’s ‘Game Over’. Use Kaspersky and MalwareBytes for a great solution.
  5. Choose strong passwords. Never underestimate how easy most passwords are to crack with a computer. Passwords such as “Password”, “abc123”, “Letmein” are crackable in minutes. Pets’ names, people’s names, car names are all easily guessable too. Consider putting non-alphabet characters in there too such as $ or !

 

WordPress file permissions

Now let’s move on to WordPress file permissions.  These are most people’s nightmare but it doesn’t have to be difficult.  All files should be owned by your account and writable only by you. For directories, if you use SuPHP on your server (and I recommend you do) they should all be 755. If not using SuPHP then follow these rules:

  • /wp-content/plugins/ These are the plugin files. All files should be writable only by your user account.
  • /wp-includes/ WordPress’s ‘logic’ files.  All files should be writable only by your user account.
  • /wp-content/themes/ Your theme files. If you want to use the built-in theme editor, all files need to be group writable. If not, all files can be writable just by your user account
  • /wp-admin/ This is the WordPress admin area. All files should be writable only by your user account.
  • /wp-content/ This is for your content which should be writable by everyone (owner/user, group, and public)

For other directories under /wp-content/ you should read the relevant plugin or theme documentation.  Err on the side of caution here though, locking down first and working backwards to release permissions where required.

For novices looking for a quick guide, if you are not using SuPHP then do this:

Set all directories to 755 and all files to 644.  If you are on a shared-server, set your wp-config.php to 750 so no other user will be able to read your database username and password!


From WordPress version 2.7, there has been the facility to automatically update the WordPress installation.  It is remarkably stable and well tested so I recommend this is used.  The great thing is that after the update, all files are set to 644 and all directories to 755  and writable by only the user.  They are still readable by everyone else, including the web server.

This now leads us on to ‘security by obscurity’. In other words, making the default stuff different so attackers spend more time at the first hurdle. Here are my top tips for quick and easy fixes.

  1. Stop showing the WP version you are currently running. Why? Well, if you are running an older WordPress version with a known vulnerability then you effectively display this to the world. There are numerous plugins to do this for you but you can simply add <?php remove_action('wp_head', 'wp_generator'); ?> to your theme’s function.php file. Note that there are other ways of finding out the version that a WP website uses but this works well to hide the obvious.
  2. Rename the admin account. I do this on a new install from within Fantastico but you can also create a new Administrative account from WordPress’s back end and delete the default admin account. You will get prompted to pass ownership of all the deleted user’s posts to the new Admin which is recommended.
  3. Change the WordPress database table prefix. A lot of the  WordPress-specific SQL injection attacks assume that the database table prefix is “wp_” , so changing this blocks many (but nit all) SQL-injection attacks.

Finally, 3 words I can’t stress the importance of……Backup, Backup and Backup.  Don’t hesitate to make this a priority. For a complete backup AND a brilliant way to clone your entire site check out the excellent WP-Twin WordPress Clone Software. This not only creates a FULL backup of WordPress’s database, but it backs up all other files and folders for you. It will enable you to move your installation across servers too, something most backup software won’t do. Most blogs can be completely cloned and backed up in a few minutes without any technical knowledge.

Good luck and hope this helps you to make WordPress secure.

 


Online backup and coupon code for 20% off Mozy

Mozy online backup discount coupon codeOnline backup just got a whole lot cheaper with the latest coupon code from Mozy.   Click the link below and type in the coupon code ENCRYPTION for 20% discount:

Mozy online backup coupon code

Note: Enter the code into the promotional code box at signup to get the full discount.

 

Other recent contenders for our recommended backup software:

Crash Plan


Could not start the Task Scheduler service Error 1717: The interface is unknown

This error occurs when the event log service is turned off (set to manual or disabled).  To correct, do the following:

Start, Run and type in “services.msc”

Go to the “Event log” service and double click on it.

Set it to “Automatic” and click on OK.

Now you should be able to set the “Task Scheduler” service to automatic without error.  OK your way out of all boxes and close the services window.

 

 


Bootmgr is missing

Windows 7 BootMGR fix

If you get the error BootMGR is missing when trying to load a Windows based PC then you need to follow some logical steps to find the solution.

First and foremost, I would try a startup repair using the Windows installation CD/DVD.

How to Boot to the System Recovery Options in Windows 7

Insert the Windows 7 installation DVD or System Repair Disc into the DVD drive and restart the computer

Check to make sure that you set the BIOS to have the DVD drive listed first in the boot sequence

If prompted, press any key to boot from the Windows 7 installation DVD

Select your language preferences and click on Next. (See screeshot below).

Click on Repair your computer

Select which operating system you want to restore (your own Windows 7 should be listed) and then click on Next

NOTE: If Windows 7 is not listed here or it is blank, then it is ok to proceed. In this case, still click on “Next”

Select the system recovery option you want to do. Those listed are:

  • Startup Repair
  • System Restore
  • System Image Recovery
  • Windows Memory Diagnostic
  • Command Prompt

We want “Startup Repair”. Allow Windows to find the issue and restart the PC.


Do the above without a disk, using the manufacturer’s system recovery partition

If your computer has a system recovery partition then follow these instructions.

Start the PC and tap the F8 key on your keyboard about every half a second. You should see a boot menu, if not try to do this again.

Select the Advanced Boot Options screen (if you dual-boot) otherwise ignore this line.

Using the cursor keys (arrows), select “Repair your computer” then press Enter

Select your keyboard and language preferences then click on “Next”

Select your user name and type in your password, and then click on OK.

Select “Startup Repair”

Allow Windows to find the issue and restart the PC.

 

If you want to find out more about the system recovery options in Windows 7, take a look at this Microsoft article:
https://windows.microsoft.com/en-us/windows7/What-are-the-system-recovery-options-in-Windows-7

If this helped you to fix your PC then please click on one of the social buttons below to help others too.

 


Setting up shared folders in virtual box

Here’s how to setup shared folders on a VirtualBox installation. I’ll take it one step further and map it to a drive that reconnects on logon, forcing it to be a persistent share.

First, setup guest additions with “Devices”, “Install guest additions”

Now share a folder on your host PC or Mac. Do this by creating a folder anywhere you like (let’s call it “vbshared”) and giving it at least read permissions. Read/write is fine too.
On Windows boxes, make sure that everyone has access, this can be locked down later if required.

Now we go back to VirtualBox and do “Devices”, “Shared folders” and under machine folders we add the one we just setup (vbshared). Tick “Make permanent” and OK both windows.

Now we’re going to restart the host PC, restart the VirtualBox (don’t just fire up a snapshot) and if the image is a Windows one, open up Explorer. In the address bar at the top, type in:

\\VBOXSVR\vbshared

Press enter and you should see it pop up. Now we can map it to a drive by “Tools”, “Map network drive”, select a drive (eg z:) and retype the \\VBOXSVR\vbshared
Tick “Reconnect at logon” and there you have it, a working shared folder that maps to a drive and reconnects at logon!

For Linux machines, reinstalling Guest Additions often makes the share work afterwards.


Cheap freelance work on Friskk

Gigs for a fiverrIf you are looking for cheap freelance work then one site stands out above all others. Friskk has high quality services by freelancers from around the world. Starting from a ridiculously low $5 ( 3.17 GB Pounds at today’s exchange rates! ) Friskk users offer services in many different sectors.

Want a WordPress site cloning then moving to another server? $10

Want a new logo for your website, designed and built to a high standard? $15

See the PCRepairMan up top? He was designed and built using services found on Friskk.com.

Other cheap freelance work includes video intros, cheap website backlinks, zombie transformations to photos of your friends, singing birthday videos….sky’s the limit really.  Some of the imagination is incredible and for gift ideas this site is really top notch.  Each service offered is for a fixed price and these are called ‘gigs’. On completion of the gig you pay the service provider an agreed fee. You pay nothing to register, and no fees to the website. How cool is that?  If you want to sell a service then you would pay a small commission on the final sale price.  If you don’t see the service you need, then you can request a service using the instant suggestion box.

Cheap freelance work by professionals

Many of the users on Friskk are professionals in their field, looking to earn extra money with small projects. This means that they often finish the project in very good time and can deliver excellent results.

So have a look around, see what’s on offer and get something unique for less than the price of a Starbucks!    www.friskk.com

 

 


External 1TB hard drives at discount prices

Seagate external hard drive review

Seagate 1tb external hard drive review. You can get these 1 TeraByte (1TB) hard drives at incredible prices this month:

Seagate Expansions 1TB

This is a super slick USB2.0 drive that has good transfer rates and nice packaging.  It sits on rubber feet so suffers no vibration problems and looks good on any desk.  Easy ‘plug and go’ setup and Seagate reliability.  Highly recommended.

Best price on Seagate 1TB hard drive

Western Digital Elements 1TB

With USB 2.0 and 7200rpm this drive is very keenly priced.  The gloss case means it sits nicely on your desk, ready to backup your docs, photos etc.  Performance is pretty good and we only noticed a small hum when searching for and copying files.   Quiet, cool and comes with a 2 year warranty.  Currently on free delivery via Amazon.

Best price on Western Digital Elements hard drive


MalwareBytes cannot schedule scans using limited user accounts

Many people are finding that MalwareBytes cannot schedule scans using limited user accounts. Well this is not completely accurate as it can be done but it’s a little convoluted.  Imagine the scenario where you have an administrator account and one or more limited accounts setup. This is very common in households with kids (or flippin’ well should be anyway!).

You’ll need to logon as an administrator and do the following:

  • Remove all scheduled scans and updates if existing
  • Create a scheduled update and select “Perform scheduled update silently from the System account”.
  • Create a scheduled quick scan, 10 minutes after the update above, again ticking the “Perform scheduled update silently from the System account” option
  • Create a scheduled quick scan, 10 minutes after the ones above, but now don’t select the System account option.

Be aware that while scans can run from the limited account, they will not have admin privileges. This means that there is a drastic limit as to what can be removed as the limited account can’t access things like system folders and HKLM registry hive branches etc.