May 2019 work summary

This is the second month in a row with slow business. This may be part of a trend or there may be other issues going on. Some possibilities:

  • Most of those who needed to upgrade from phpBB 3.0 to 3.2 have done so already, probably because the issue was forced on them due to upgrades of PHP. Upgrades are the bulk of my business and a lot of clients can do updates themselves.
  • I may be losing search ranking. I don’t think this is an issue because if you Google “phpbb service” I come right up.
  • The phpBB group has a new Wanted! forum, which some people are using to get paid help. I’ve started monitoring the forum but so far haven’t gotten any business from it.
  • The phpBB platform is becoming more buttoned down, with fewer issues and quirks that need expert assistance.

So we’ll see whether the trend continues or not. With the downtime I made more progress on a selective mass emails extension. In addition, I have begun work on a filter by country code extension. As part of developing these extensions, I am getting more comfortable writing extensions. So rather than redirect these requests to other extension developers, I am more open to doing them. So if you need an extension written, hit me up!

This site has been a consistent and growing revenue stream for me each year (pretty much) since I started in 2006. Last year I made a record amount of income from it. Since my phpBB salad days may be over, I’m thinking of moving into WordPress consulting, which is a huge market. (WordPress runs about 40% of websites.) I already run a monthly WordPress meetup, so if you live in western Massachusetts, come to my meetings. But I only do occasional WordPress work. I’m thinking of becoming a WordPress plugin developer. Picking up their framework doesn’t look too hard, but finding a niche that I can turn into a plugin with both a free and a paid version may be the most challenging part. Selling a plugin does not have an equivalent for phpBB, where all extensions are free because they derive from the license phpBB uses for its open source software. That’s not necessarily a constraint with WordPress, and a quality plugin can generate a lot of passive income.

But it’s not like I didn’t do any paid work in May. I’m working on one job at the moment that will show up in next month’s report.

  • Upgraded a forum from phpBB 3.1.3 to phpBB 3.2.7. There were a number of extensions that were not used, so they were deleted. I updated the 24 hour activity stats and Tapatalk extensions. I remove some bogus rows from the styles table. The phpBB logo file was removed before upgrade, so I hid the logo with the upgrade so forum title is now flush on left. I encountered an error on accessing the extensions tab. I had to go in and remove disabled module then all was well. First upgrade was to 3.2.6, then I noticed 3.2.7 was released so I upgraded to that.
  • Troubleshooting. There were two issues. First was an error saying mysqli was not enabled. mysqli is a newer driver for interacting with the mySQL database using PHP. When I got cPanel access, I discovered the domain was using PHP 7.3. phpBB 3.2 does not yet support phpBB 7.3. So I dropped the version of PHP to 7.2 for the domain and was able to login. However, when going into the ACP got: “iconv(): Wrong charset, conversion from `utf-8′ to `utf-16be’ is not allowed”. Could not do anything in the ACP. I commented out the code triggering the error as a temporary solution. Told client to file a support ticket with their web host. iconv library is probably not enabled and this is causing this error. Will be a factor for the client in the future when phpBB is updated if it is not fixed.
  • Updated a forum with phpBB from version 3.2.5 to 3.2.7, with no issues. Client complained of emails not being sent because of items in the private message outbox. I explained that this was due to how phpBB handles whether a message is read or not. If it wasn’t read by the recipient, it remains in the outbox. This work inspired this post. It may be that the recipient needs to enable email notifications. Upgraded my digests extension from version 3.2.12 to 3.2.13.
  • More work for a client who I did a job for in April. Edited overall_header.html to do a better job of showing the song currently playing, the playlist and who is listening.
  • Upgraded forum from phpBB 3.2.5 to phpBB 3.2.7. This client’s host was using PHP 7.3 too, so I had to downgrade it to 5.6 because no other version of PHP 7 was an option. I also had to enable mysqli. Looks fine. No logo, no extensions installed, prosilver style, so the upgrade was very straightforward.
  • Client tried to update from phpBB 3.2.5 to 3.2.7 and encountered timeouts; he had forgotten to disable extensions first. I investigated. First issue was PHP 7.2 was being used, so I had to edit config.php to tell it to use mysqli. Next I disabled his extensions and was able to update the forum without an issue. Reenabled extensions, reenabled board, all is well. One extension is out of date.

Integrating your phpBB topics and posts into WordPress … or any web page!

As some know, I am the developer of phpBB’s Smartfeed extension. This extension provides an ATOM, RSS1 or RSS2 feed of posts and topics on your website.

These feeds allow people to read posts on the forum remotely using a newsreader application, like one built into MS Outlook or using feed aggregator sites like The main advantage of feeds is that it allows you to read a forum without actually having to visit the site. If you regularly read lots of sites, using a newsreader is very efficient way to read content compared to actually visiting each site.

Smartfeed is not the only extension that does this. In fact, if you don’t need to support the RSS format and only want to show posts in public forums, an ATOM Feed has been built into phpBB since version 3.0.6. You might want to read the knowledge base article to learn the syntax to use. You can control your feeds in the Administration Control Panel: ACP > General tab > Board configuration > Feed settings.

Sometimes you want to highlight recent topics and posts on your larger website, or on another domain. For example, you may have a phpBB forum in a folder on a WordPress site. You might want to use a WordPress widget to highlight current topics and posts on a sidebar of your WordPress site. The links in the sidebar will take people directly to the post or topic of interest.

I will demonstrate how to do this using WordPress. However, conceptually you don’t need WordPress to do this. You just need something that can read an ATOM or RSS feed of your forum, and parse its XML into HTML for display, or write your own program to do this. For example, if you are familiar with jQuery, there are a number of jQuery feed plugins that would work. The PHP SimpleXML library is one way you can do it in PHP with a short PHP program.

Here’s one way to do it in WordPress:

  1. Spend some time figuring out what you want to highlight in WordPress: recent posts or recent topics. I will show a list of recent posts. In this example, I first installed my Smartfeed extension. This is because I got a SimplePie parser error when I used phpBB’s ATOM feed. This is due to a bug when parsing ISO dates in ATOM feeds using the SimplePie library. SimplePie is bundled with WordPress. I reported the bug. The resulting URLs for the feed can be seen if Smartfeed is installed. It is in the HTML source for the forum. I will use the second link because the ?y=2 parameter creates a RSS feed instead of an ATOM feed to avoid the SimplePie bug.
<link rel="alternate" type="application/atom+xml" title="ATOM" href="/phpbb/app.php/smartfeed/feed" />
<link rel="alternate" type="application/rss+xml" title="RSS" href="/phpbb/app.php/smartfeed/feed?y=2" />
  1. Note: if using Smartfeed, and you want a list of recent topics only, the resulting URL will look something like this. You should be logged out when using the Smartfeed interface. Note that you can refine the URL in the Smartfeed user interface. lp=1 limits the feed to the last post in the topic only, t=2 suppresses the time limit for retrieving posts, s=1 gives a standard sort from most recent to least recent, i=0 means to not require a minimum number of words in the post, y=2 forces a RSS2 feed, d=3 sets the feed style to use HTML, w=0 means not to limit the maximum number of words in the post, and tt=1 means to show topic titles only. There are lots of variations so use the Smartfeed interface to get the output just the way you like it.
  1. Presumably you have installed WordPress already. If you haven’t, it can be downloaded from Or you can usually install it from Plesk or cPanel.
  2. Login to WordPress as an administrator and go to the WordPress dashboard.
  3. WordPress comes with a RSS Widget preinstalled that also can handle ATOM feeds. You can find it off the dashboard: Appearance > Widgets
  4. Click on the RSS Widget then press the Add Widget button which appears, which by default appears on the sidebar.
  5. In the sidebar, click on the RSS Widget that was added. Enter the URL for the feed and give it an optional description. Note that it needs to be the full URL, not the partial one shown above. Then press Save.

    Configuring RSS Widget
    Configuring RSS Widget
  1. I dragged the widget to the top of the sidebar so it would appear first on the sidebar. Of course, you can place it anywhere on the sidebar that you like.
  2. Go to your WordPress site and find it on the sidebar.

    List of recent forum posts in the WordPress sidebar
    List of recent forum posts in the WordPress sidebar

Note that this works for any domain, providing the feed is publicly accessible. So you can promote this approach to have similar sites show your list of recent topics or posts. Note also that my Smartfeed extension has a number of options to make the post subject or topic title prettier if the default looks too wordy.

October 2017 work summary

October was a very profitable month for me, best of the year so far. It’s a little mysterious to me why it was so, but I did collect on a few projects I was owed so that helped. Anyhow, here’s a summary of the work I did in October. All client information has been anonymized, of course:

  • Upgraded a forum from phpBB 3.0.9 to 3.2.1. The vendor folder was corrupt in my archive, which I think was due to a bad release by the phpBB Group since corrected. I fixed my archive, installed the prosilver_se style and applied the client’s logo. I also installed my digests extension (version 3.2.4) and tested it. In programming the cron job, since HTTPS was used, I added -K option to curl so it didn’t verify the certificate.
  • Client upgraded from phpBB 3.1 to 3.2. He had the portal extension installed but the upgrade caused an error rendering the portal page. Updating the extension to 2.2.0-b1 solved the problem although it should be noted there is not an approved version of the portal for phpBB 3.2 at this time.
  • Client was having trouble getting version 3.0.7 of my digests extension to mail from a phpBB 3.1.10 instance. I figured out the issues were due to incorrect manual testing procedures. Then wanted me to create a customized version that removed certain items from the digest email. I made changes which also required a change to the mailer program. I also found a digests 3.0.7 French language translation and installed it (since the board is hosted in France) and modified that language file as well as the English version to accommodate the requested changes. I tested it on a 3.1.9 instance on my machine and since I did not have installation permissions, I placed a copy on Google Drive for the client to access and install, with instructions. Later there was additional work. Now with full permissions, I upgraded the client from phpBB 3.1.10 to 3.2.1. I installed a new version of we_universal style, but the development version has a few issues (quote icons and the like would not show). I reapplied custom code changes to my digests extensions. In addition the client wanted additional template changes with banner images in the digests. These plus communication challenges added a lot of time.
  • Client said he had managed to acquire the domain name a competitor was using, which had expired. Changed DNS to redirect to the selected domain but the action never completed. However, I later learned that the domain did not expire but GoDaddy let him buy it anyhow. Client paid me for my time.
  • Upgraded a forum from phpBB 3.0.12 (subsilver2 style, no mods) to 3.2.1. Changed the style with the upgrade to Allen Subsilver. I added the old logo. I added an extension so external links render pages in new tabs. Redirect issues were solved by removing cPanel redirects and creating an index.html file with a meta tag to redirect to forum. In addition, SuperCacher was turned on. I had to flush SuperCacher in cPanel to affect logo changes. I created a question on registration but registration is currently disabled. I suggested configuring the new reCaptcha if this is enabled.
  • Another error was reported by client I helped last month. I looked at the error log. I determined that German language pack said it was installed by the files were not there and that triggered the error. I added the German language pack for phpBB 3.1.10. Another error pointed to something wrong with the Profile Side Switcher extension. Version 0.0.1 was installed, updated to 1.0.0 and that error went away. I also removed some dead modules. I changed permissions on cache, files, images/avatars/upload and store folders. I cleared the cache. The extensions tab did not show. This may be a database issue with the modules table. Waited for feedback or additional permissions. Client paid me for the work to date.
  • I completed a month plus long project to change the website’s front end from static pages to WordPress. Originally I placed WordPress in a /wordpress folder. I moved the old files into an old_files folder, moved WordPress into the root folder, installed a plugin to change some paths and changed some database columns to get it to work from the root folder. The move to WordPress included creating a shopping cart and testing it, replicating a members only area by doing it inside of WordPress, installing a theme, installing a form generator for membership applications and creating the membership form, and the integration of a photo gallery using a plug in. So while phpBB is my specialty, I can do a lot of WordPress work too, so it doesn’t hurt to ask if you want me to do some WordPress work for you.
  • Upgraded a forum from phpBB 3.2.0 to 3.2.1. Reapplied logos. Updated American English language pack.
  • Removed malware from site using cPanel’s file manager, placed bad content in Trash for customer’s review then submitted it to Google for a check. Later, client encountered more spam issues. Web host said WordPress plugins were sending spam. They blocked access to the site so I couldn’t go in and do anything. Sent support an email. Never replied back but a couple days later I could get into WordPress. Client has both a French and an English site. Updated plugins and updated WordPress on both sites. Installed plugin that automatically updates plugins on both sites.
  • Upgraded a forum from phpBB 3.0.14 to 3.2.1. Work involved rehosting the forum too as the customer’s virtual server was underpowered, making database operations problematic. Customer eventually chose a new web host and it took about a week to move the content over along with the WordPress content. Resource limitations occurred trying to upgrade forum on old host, requiring me to move it to my machine, do the work there and upload it. However, bigdump.php would not complete loading the database, due to resource limitations on the database (first time I’ve seen this for virtual hosting). Many tables had primary keys and indexes missing. Eventually the new host got WordPress working correctly for the client. I had to reload the phpBB database to recreate the indexes and primary keys that were missing. While running bigdump.php on the new host I encountered a Javascript error but I was able to load database from the command prompt instead. Installed the Hexagon style, configured the logo, placed a special tile background image and uploaded old icons for forum and topic images. In some cases browser resized them, making them a bit fuzzy. Installed the Advertising Management Extension and added two ads in two locations. Upgraded PHP to 7.1 and tested. Installed the Advanced BBCode Box extension. Uploaded his many old images used in the headers principally to /styles/Hexagon/theme/images.
  • Troubleshooting. Email interface wasn’t working. It was set to send mail via SMTP. I turned it off and tested it and received a sample mass email.
  • Upgraded a forum from phpBB 3.0.11 to 3.2.1. Kept the prosilver style and reapplied the logo. Installed Google Analytics extension. Installed Advertising Management extension but HTTP 403 errors triggered when creating ad. Asked client to file a support request to get this addressed. Advised about placement of skyscraper ads (not a good idea for phpBB). Forum is inside a frame. Recommended this be addressed. Later, working with security rules were setup to bypass modSecurity for ad placement. Installed reCaptcha.

Session hijacking: what’s (probably) going on

Over the last couple of months I’ve had a number of clients come to me because of mysterious things happening on their forums. Going to a forum they find that they are logged in as someone else and can see things they definitely should not see, such as private messages and forums they don’t have privileges to see. I’ve spent a lot of time trying to figure this out talking to client’s web host support teams and scouting for a solution.

The good news is that this is not due to some deficiencies in phpBB. The bad news is that this is due to the way your web host has configured their servers and it’s affecting phpBB.

phpBB is the #1 forum solution, with something like 70% of the market. But as a percentage of popular software installed on websites, phpBB is tiny, on about 1% of websites. What’s the 800 pound gorilla? It’s WordPress, which runs 27% of websites. So web hosts will meticulously tune their servers to optimize for WordPress, giving short shrift to much of the rest of the open source software out there. Most web hosts now say they are optimized for WordPress and market WordPress-specific hosting. phpBB is being left behind along with lots of other software. Because phpBB gets most of its content from a database to be presented on the fly, more than most open source solutions it is not amenable to static content.

The problem is most acute if you have Bluehost shared hosting. The underlying issue is some software called Varnish, more specifically Varnish HTTP Cache. Varnish helps dynamically driven sites perform more efficiently by caching content in your server’s virtual memory. Web hosts can make more money if they can get more utilization off one one web server. Varnish is one way they keep costs down as it allows them to stuff more websites on one machine.

Varnish is kind of pointless with phpBB since phpBB already has its own cache, which you can find in your forum’s cache folder. Essentially phpBB programs, templates, stylesheets and SQL calls are all compiled into .php programs in the cache folder so they can be executed more quickly. So it’s duplicitous but more importantly interferes with phpBB’s default behavior. So if you have the issue, contact your web host to find if they are using Varnish and if so have them turn it off. As for Bluehost, as of this writing they will tell you they can’t turn it off. You have shared hosting so one size fits all. They will however be happy to move you to their cloud product. Varnish is not installed there, so you won’t be affected. However you may have to pay a higher hosting fee.

It’s unclear if Varnish is the sole cause. Other potential problems may be due to Content Delivery Networks (CDNs). This is most typically CloudFlare, since it is bundled free by most web hosts. CDNs attempt to move content closer to the user by having it fetched from server farms geographically close to the site viewer, thus speeding up page load time. This is usually fine with phpBB since CDNs generally only store static files like images. So a CDN shouldn’t cause issues like this, but if you have a CDN you might want to disable it to see if the problem goes away. Note: the one time you do need to do something with your CDN is when you add a style or significantly change the look of your site. Then it’s a good idea to tell the CDN to delete all its cached content. Otherwise, the experience by end users might be mixed or odd.

I also suspect that ModSecurity may be causing issues like this, but I don’t have enough proof yet. If it is enabled, disabling ModSecurity may make your problem go away. As I blogged recently, disabling ModSecurity in general tends to solve a lot of weird phpBB issues, while it may introduce others by potentially making it easier for your site to propagate malware and viruses.

November 2016 work summary

Here is some of the work I did for clients in November. I also released version 3.0.7 of my digests extension that involved a considerable amount of time and effort during November.

  • Some non-phpBB work. I worked on refining a WordPress widget to show a picture of current snow conditions for a client’s WordPress site. Since the client has a retinal device and found the picture uploaded a bit fuzzy, I found and installed a WordPress plugin that creates retinal images and intelligently serves them if it detects the device supports retinal images. I also edited the widget’s stylesheet to reduce the margins so it fits the sizing of other content. I also changed media library medium image setting to 332 pixels width to fit the image container optimally. I also provided instructions on how the client can do this himself in the future so images can be swapped in and out based on current conditions.
  • Digest troubleshooting. Digests stopped going out for a client that had version 3.0.6 of my digests extension installed. It appears this was due to incorrectly programming a system cron. After testing I used my “shared hosting” approach for doing a system cron which recognizes that on shared hosting where cron’s with multiple commands don’t work. This involved changing the cron to call curl instead and turning off the system cron capability inside phpBB. I filed a bug report on about what I think is insufficient explanation text for the system cron control in the ACP.
  • A client upgraded his forum to phpBB 3.1 but there were dead modules in the ACP. Installed us_en language pack to fix certain issues. I deleted bad module links for digests mod and the advanced block mod. I installed Digests 3.0.6 but had to manually change the database to get it to install on 3.1.10. I installed Cleantalk but waiting on activation key. I manually tested digests and it worked. Client chose to defer the cron installation until after rehosting. Days later I ended up redoing the work due to the client moving to a new host running Linux, not Windows. I upgraded forum from 3.0.12 to 3.1.10. I changed email settings to turn off SMTP since client is not on Windows anymore. To get the forum to come up I had to edit the config.php file and change the value of $dbms and $acm_type, which had namespace syntax in it that was triggering an error. I installed the American English language pack again. I installed the Cleantalk extension again. I installed and tested the digests extension. This took quite a bit of time because of known issues with the 3.1.10 migrator. I had to make a number of database changes manually. I then did a manual test of the mailer and it worked. I then created a cron job and verified that it sent digests. I found a peculiar quirk: clicking on the extensions tab generates a HTTP 500 error if debug is not turned on in the config.php file.
  • I programmed a scheduled cron for digests because users like to receive digests in hour requested. As with the other client, I ended up with a scheduled phpBB cron due to shared hosting issues not allowing multiple statement in a cron.
  • I replaced an ad at top of the page with one provided that had slightly different dimensions.
  • I moved a forum from to shared hosting. I upgraded the forum from 3.0.14 to 3.1.10. I installed Cleantalk. Later I patched a bug in 3.1.10 that didn’t allow custom profile fields or search engine settings to be changed.
  • I fixed a malware issue for a client. Most directories had a new .php file in it, consisting of six random letters, with an eval statement likely injecting malware. A routing error occurred when accessing the forum. I eventually figured out a bad .htaccess file was the reason the forum did not come up, so I copied in a standard .htaccess file. I then compared his software with 3.1.5 and saw the malware problem by comparing client’s files with a reference. I carefully removed all software files, uploaded a referenced version of these files and manually deleted malware files in some directories that should not be deleted. It solved the problem. I then upgraded the forum to 3.1.10.
  • Client attempted upgrade from 3.1.7-PL1 and it failed with a HTTP 500 error. I puzzled through it but eventually deleted all files but the files, images, store directories and config.php and uploaded 3.1.10. I then ran install/database_update.php and upgrade completed. I re-uploaded the backup I had of his black style and the forum came up. However, I couldn’t login with his old credentials. So I created my own account and gave myself founder permissions in the database. Client could not login either. I provided instructions to use the lost password link.
  • Client with my digest extension said it was sending out duplicate digests. I upgraded digests from 3.0.5 to 3.0.6 but that did not solve the problem. After some debugging I determined this was due to digest exception being thrown if there are no bookmarked topics. This stops remaining digests from going out for the hour and the hour will not mark as completed. I fixed this bug in version 3.0.7 and didn’t charge the client for my work.
  • Client was concerned that the public saw a “no forums” message. His new forum was created without using the copy permissions function. I added these permissions so public could see forums.
  • Issue with using advanced BBCode extension and creating and editing BBCodes so that tables, table rows and table columns could appear in a post. I fixed client’s BBCodes to substitute the correct HTML when creating tables, table rows, table columns and to properly align text.

WordPress and phpBB?

Update 19 February 2017 – FYI, bbPress is a WordPress plugin that can add a forum to your WordPress site. It’s not nearly as sophisticated and functional as phpBB but it may be good enough for your needs.

It’s not too surprising that people will want to integrate WordPress and phpBB. WordPress after all is an extremely popular blogging program, but really it’s a lightweight content management system. I use it for this site. Why? Because it’s much easier than doing everything by hand with HTML or even a fancy web page program like Dreamweaver. There are thousands of themes and tens of thousands of plugins that let you extend the functionality of WordPress in lots of ways. The quality of some of these plugin are amazing. The design of some of WordPress themes are as well. All this plus it is free, except possibly for some plugins where you get nagged to buy a “professional” version.

In my mind, WordPress is the best-of-breed lightweight content management system out there and a phenomenal blogging tool. But WordPress has limits. Like any content management system, at some point it becomes not quite enough. Try managing a hundred pages with WordPress, for example. WordPress also has some drawbacks. Unlike phpBB, where a modification and extension review is rigorous and must be approved by a peer-reviewed team of developers to get listed, in WordPress it’s pretty straightforward to get a plugin listed if you follow their coding standards. The quality of plugins are thus suspect.

There are forum plugins for WordPress that are generally decent. None come close to having the quality and breadth of phpBB. This is not surprising. phpBB is a best-of-breed forum solution. It is continuously updated, quality reviewed and has a passionate set of developers who strive to write very good code. Unsurprising I get regular requests to integrate phpBB into WordPress.

WordPress and phpBB can coexist, as long as you keep each in their own spaces. For example you could put the forum in a /forum folder and have the rest of the site in WordPress. However, phpBB can’t use WordPress’s authentication system, and visa versa. phpBB styles don’t match WordPress themes. A number of clever WordPress developers have tried to bridge the two platforms. The solutions are inelegant. For example, WP-United tries to create a common authentication system, so that if you are a forum user you will also be a user in WordPress. Unfortunately, as of this writing, WP-United supports phpBB 3.0, not 3.1. It’s really just one developer and he seems to not be actively supporting it. Worse, when I have installed it I found it flaky so I didn’t warrant the work. BridgeDD is another effort, but it too only supports phpBB 3.0.

The bigger problem is that clients naturally want phpBB to work inside their WordPress theme, but it won’t. That’s not to say I haven’t done this for a number of clients. I can usually make it work but takes considerable trial and error. Sometimes there are conflicts between WordPress and phpBB styles, such as using similar names for classes. The result is often a solution that looks nice but may run slowly. The larger problem is that if the WordPress theme changes, phpBB won’t automatically pick up the new style changes. Someone has to retrofit it, and that requires someone with expertise in HTML, CSS, phpBB and WordPress.

So phpBB and WordPress don’t dance together and probably never will. One approach I sometimes recommend is to put the forum into a subdomain, like so the user sort of expects it won’t look the same. You can also create a domain just for the forum, like and link the two. This allows both phpBB and WordPress to inhabit separate areas and do their things elegantly while also setting the user expectation that both have separate purposes.

If you do want to integrate them expect a non-optimal experience at best.

Feel free to contact me if you want me to try but do expect the work to be costly, generally in the hundreds of dollars range, if it can be done at all.