WordPress Error: This file cannot be used on its own.

In posting a comment to a friend’s WordPress blog, it came up with the error:

Error: This file cannot be used on its own.

I was responding to a comment, so I doubted that he broke his blog between making a comment and my response. So I went looking though my own install. Essentially, at a shell I used

find . -exec grep -l "This file cannot be used on its own." {} \;

to locate the file involved is wp-comments-popup.php. This file contains code which checks for the HTTP_REFERER variable has specific values equal to the path and file name for the comments page. If this is not the case, then it should throw this error. The file mentioned in the error is wp-comments.php.

Its seems that I had configured my web browser not to pass the HTTP referrer to web servers, so the check failed and threw this error.

Maybe the WordPress developer who designed this has no idea about the ability of web browsers not to send a referrer. Searching for the error on the WP site yielded nothing. From the tons of comments about people hitting this error, lots of people turn off sending referrers.

Solution for those leaving comments: If you attempt to leave a comment and see this error, then enable referrers. WordPress actually has a decent article on enabling HTTP referrers for a number of different pieces of software.

More friendly error for WP blog owners: Edit wp-comments-popup.php. Change

die (‘Error: This file cannot be used on its own.’);

to

die (‘Learn how to <a href=”http://codex.wordpress.org/Enable_Sending_Referrers”>enable HTTP referrers</a> to fix this. ‘);

Tale of Defeating the Crazy Woman

Babies are fascinated by me. When the two of us are in a room, they often find me the most interesting thing in the room. Usually, it is mutual.

So, a mutual friend of a friend, Mojan has a fantastic blog. The past year or so has been about being pregnant and most recently figuring out how to be a parent for the first time. Well, a crazy woman set up a ‘blog” which hotlinks images from Mojan’s blog and falsely represents the child in the photos. Ick. I offered to help with this identity theft issue.

Once upon a time, I was annoyed with people taking images from my last employer’s web site. Since I was the campus web designer, I created an image which said, “All your image are belong to VSU.” Also, as the web server administrator, I figured out how to defeat hotlinking with .htaccess by using mod_rewrite to give them my annoyance rather than their content. For the next couple days I watched the perpetrators try and figure out what was wrong. The hate mail I got was fantastic! I recommended Mojan do the same. When she agreed, I went researching to do what I did once upon a time. This is the .htaccess file I recommended she try.

# Basics
Options +FollowSymlinks
RewriteEngine On

# Condition is true for any host other yours
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mojansami\.com/ [nc]

# What to change gif, jpg, png to which target. In this case does not exist.
RewriteRule .*\.(gif|jpg|png)$ http://mojansami.com/images/stolenpic.jpg [nc]

My directions were not all that specific. So the next thing I know, her site is sporting an Internal Server Error. *headdesk* She used Dreamweaver to create the .htaccess file and upload it to her site. She reported the file she uploaded disappeared. Eventually, it did occur to me to look for the error.log and see what it said. The log complained about DOCTYPE in the .htaccess file in the home directory. A file which did not show in the FTP listing. So, replacing the bad .htaccess file with a blank one fixed the Internal Server Error.

The .htaccess file in the right place, of course, resolved the issue with the crazy woman hotlinking.

Nothing can fix the pain of another person committing identity theft against you or your loved ones. I really hope Mojan doesn’t become discouraged and abandon blogging entirely. Between moderation and authentication she might find a better balance.

Do you have any stories of online identity theft?