WordPress Security: Primer & Advanced Techniques

WordPress is the most widely used open source blogging software in the world.  This didn’t happen overnight, and the developers over there have certainly earned their keep.  With any web application, especially a heavily used one, there are security risks and precautions we must take.  Without a security model and virtual barriers in place to protect us, it can be an all-out free-for-all for hackers. Continue reading WordPress Security: Primer & Advanced Techniques

Create a slide down menu with toggle button using jQuery

Recently, I have come to find myself recreating the same code over and over again for jQuery slide down menus equipped with one button to toggle display. There’s nothing complex about this code, but it will give beginners the gist of how to do accomplish the task. For this example, we will use jQuery 1.3.2, delivered from Google’s CDN.

On a side note, using a CDN like Google’s can lessen the load on your server, and will actually help reduce overall bandwidth usage on the web as whole. If a visitor has already downloaded the jQuery library from Google’s CDN, the majority of the time they won’t need to do it a second time if you implement this strategy.

The Google CDN address for jQuery 1.3.2 can be implemented using the following code:

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>

HTML:

<input type="button" id="hidden_menu_button" value="Toggle Menu" />
<div id="hidden_menu" style="display: none;">
	<label><input type="checkbox" />Checkbox #1</label>
	<label><input type="checkbox" />Checkbox #2</label>
</div>

JavaScript:

<script type="text/javascript">
(function($) {
	$("#hidden_menu_button").click(function() {
		if ( $("#hidden_menu").is(":hidden") ) {
			$("#hidden_menu").slideDown("normal");
		} else {
			$("#hidden_menu").slideUp("normal");
		}
	});
})(jQuery);
</script>

View Demo

OpenDNS is much more than you think

I recently came across a lovely, free service called OpenDNS by accident, and being the curious person that I am, I just had to read on to find out what it was all about.  Upon reading I found that OpenDNS was a neat little service, offering the following benefits to everyday people:

  • Anti-Phishing – Protects against phishing and scam sites at the lowest level of content filtering.
  • Content Blocking – Allows administrators (parents, managers, etc.) to block entire categories of sites. (Examples: Politics, Photo Sharing, Social Networking, Sexuality, Automotive, etc.)

    OpenDNS - Content Filtering
    OpenDNS - Content Filtering
  • www Navigation – Allows use of terms or keywords to get to your favorite sites.  For example, this is what you would put in your browser’s address bar with and without OpenDNS:
    • w/o OpenDNS: http://mydomain.com/category/subcategory/very_long_page_name_with_numbers_123579.html
    • w/ OpenDNS: anything-you-want
  • Statistics – View your top viewed domains, IPs, and more.  This allows parents to keep tabs on their kids, or network admins to keep tabs on Internet usage.
  • Typo Correction – OpenDNS can detect common typos in domain names.

    OpenDNS - Typo correction on Settings page
    OpenDNS - Typo correction on Settings page
  • Additional security – OpenDNS provides measures to prevent DNS Rebinding Attacks, and offers additional protection against malware/botware (IE Zero Day Exploit, Conficker Virus).
  • SmartCache Beta – This is a feature that allows users to surf the web even in the event of an authoritative DNS outage.  Read the SmartCache Beta press release for more info.
  • Improved reliability and speed – OpenDNS offers “global routing technology” that routes your requests to the closest OpenDNS server, and a more reliable network that is supposed to reduce pesky outages.

So far so good!  Since discovering the software, I have implemented it in two different locations, and both have benefited from it.  One implementation was for a parent of a teenage girl who kept downloading “games” and creating virus and malware outbreaks.  It turned out this was caused by sites disguised as the sites she usually visited… phishing sites.

If my opinion changes, you’ll be the first to know, but for now, two thumbs up for OpenDNS!

Visit the OpenDNS home page »

How Zend Server CE breaks WordPress Permalinks and how to fix it

Recently, I switched to Zend Server CE from a manually installed AMP package (Apache/MySQL/PHP) to make use of Zend’s lightweight environment and easy install package. In doing this, I found that it broke the permalinks associated with WordPress.  Despite mod_rewrite being enabled, and the “Pretty Permalinks” code being in the .htaccess file, it still didn’t work.

404 Error

To fix this problem do the following:

  1. Open up httpd.conf.  (On Windows, the default location of this file is C:Program FilesZendApache2conf.)
  2. Find the line with <Directory />.
  3. Make sure +FollowSymLinks is present on the Options line.  (i.e. Options +FollowSymLinks)
  4. Change AllowOverride None to AllowOverride All.
  5. Restart Apache.

AllowOverride controls how .htaccess files are used.  When AllowOverride is set to None, users cannot override the configurations set in httpd.conf for particular directories.  While the .htaccess in this client’s WordPress directory was correct, Apache wasn’t allowing it to override the default settings as stated in httpd.conf.  It is definitely worth it to learn more about how to configure Apache so that you can have a secure and well-performing environment, especially if a lot of developers work on the same production server.

If you have similar experience, we would love to hear what you have to say.  Perhaps it will save someone else a minute or even a few hours.

25+ Must-Have Cheat Sheets for Web Developers

Who wants to go to Google or break out the library of programming books every single time you get stuck on something? Below is a compilation of extremely useful cheat sheets, which can be printed, laminated and placed nearby for easy reference while doing your web development and design. Everyone has moments where a function cannot be remembered, and that is where these cheat sheets can be lifesavers. Bookmark this page for an easy portal to all of the cheat sheets, or an individual page if you find it helpful. Please don’t hesitate to post any cheat sheets we neglected to include, for this is about sharing knowledge.

1. PHP

PHP Cheat Sheet

http://www.addedbytes.com/cheat-sheets/php-cheat-sheet/ Continue reading 25+ Must-Have Cheat Sheets for Web Developers

MySQL database class using Singleton design pattern

(Note: The following is a revised tutorial I wrote earlier this year, transferred from one of my old web sites.)

Using the Singleton design pattern is a simple way to limit the number of class instances to one, helps keep database connections organized, and can also save memory.  The PHP code below is a basic example on how to use the Singleton pattern to create a database class.  This class can be used to manage a database connection throughout PHP script execution.  While this is a basic example, many improvements have been made over the original version.  If this is well received, we will be happy to add additional functionality. Click read more to view the class, and learn about the functionality of each part. Continue reading MySQL database class using Singleton design pattern

Top 3 PHP IDEs

What can I say about our beloved IDEs?  To those just learning, this may just seem like another meaningless acronym in a world already filled with pointless acronyms; however, this will save your life … literally!  So, what is an IDE?

IDE stands for Integrated Development Environment.  IDEs allow you to perform a multitude of tasks from one place.  Example uses of an IDE include editing code, debugging an application, and updating SVN.  IDEs don’t have to include all of these features, and they aren’t limited to just these features.

Below I’ve compiled my top three PHP IDEs:

1. Eclipse PDT (Free)

Eclipse PDT - PHP Perspective
Eclipse PDT - PHP Perspective

Eclipse is extremely powerful and supports a multitude of programming languages, most notably Java.  Eclipse PDT includes built-in support for JavaScript, and comes complete with code assist/completion, syntax highlighting, SVN and CVS support via Subclipse, project management features, and more.  The all-in-one package also comes with a PHP debugger. The downside is that it can be kind of slow at times if you are on an older PC.

2. Crimson Editor (Free)

Crimson Editor
Crimson Editor

Alright, so Crimson Editor is more of a “text editor” than anything else; however, it has proven to be quite useful regardless.  Though Crimson Editor hasn’t been actively worked on since 2008, when it was renamed Emerald Editor by another team, it is great for working on dual screens.  I often find myself using Crimson Editor to copy code from one place to another (i.e. Eclipse PDT on screen A, Crimson Editor on screen B).  Crimson Editor also comes equipped with syntax highlighting for many languages, word wrap, project settings, and built-in FTP.  CE is great because it takes up next to nothing as far as RAM and CPU, but it is not as robust as NetBeans or Eclipse PDT.

3. NetBeans (Free)

NetBeans IDE 6.7.1
NetBeans IDE 6.7.1

NetBeans is similar to Eclipse PDT, but is a little less robust in my opinion.  It does, however, offer version control functionality and database support right out of the box, as well as the other key features of any other IDE.  It seems to be a little faster than Eclipse, and has gained traction in the community.  I don’t really use NetBeans too often, but if Eclipse went away, I would start eating NetBeans.

There are many more great IDEs out there, but these have made quite the impression on me and some of my friends.  It really comes down to personal preference, and what you are trying to do.  They all revolve around the same basic principles, and have similar features.  Try each one out, and find out what works best for you.

I encourage everyone to comment and let us know which IDE you use and why you use it.

a2i48m6tnu

(Free)

eAccelerator reduces WordPress memory usage

In my quest to minimize the memory usage of our beloved blogging platform, WordPress, I came across eAccelerator.  After using Zend Server, and experiencing the performance boost their caching mechanism created, I started looking for something that would work easily with cPanel/WHM.  Lo and behold, there exists a program called eAccelerator which is quoted as being “a free open source PHP accelerator, optimizer, and dynamic content cache.”

eAccelerator in EasyApache
eAccelerator in EasyApache (Go to WHM > Click EasyApache under Software > Choose eAccelerator in the Short or Exhaustive Options screen)

Immediately, I saw the average WordPress memory usage go from 14MB to less than 8MB.  That is roughly 57% percent of the original memory usage.  Needless to say, I was quite pleased with the results!

Thoughts: In other languages, such as C# and Java, one has the ability to introduce libraries as needed without the extra burden of loading every last file, like in WordPress.  Would it be possible to come up with a custom autoload function to do the same sort of thing?  I believe Joomla uses a similar idea with the jimport() function.

WordPress: Zend Server CE vs. cPanel & Apache stacks

I recently decided to install Zend Server CE on my machine to use as a local development environment.  I chose the PHP 5.3 installation so I could update my PHP code to fit the new version.  I was intrigued and excited to find that WordPress used a mere 2 MB of memory compared with 12-13 MB on my production installation.

Zend Server CE cPanel/Other Stacks
Memory usage 1.5-2 MB 12-14 MB
OS Windows XP
Windows Server 2003
Linux
Windows XP
Windows Server 2003
Installation PHP 5.2.10/5.3
MySQL
Apache 2.2.12
(Full)
PHP 5.2.10
MySQL
Apache 2.2.xx
WordPress Version 2.8.4 2.8.4
WordPress Plugins Same Same

My primary testing was done on Windows Server 2003. Before installing Zend Server CE, WordPress was taking up what I would call an average amount of memory, 12 MB. After installing Zend Server CE with PHP 5.2.10, I found that peak memory usage went down to around 4 MB. After I found PHP 5.2.10 worked, I upgraded to 5.3, which resulted in yet another performance increase, bringing us to 2 MB peak memory usage.

WordPress Memory Usage on Zend Server CE
WordPress Memory Usage on Zend Server CE
WordPress Memory Usage on cPanel/WHM
WordPress Memory Usage on cPanel/WHM

Thoughts: I can’t find anything drastically different about the two installations, but I could be missing something. If anyone can solve this mystery, please comment!

How to do Ajax calls within the WordPress administration panels

To complete a simple Ajax call within the administration panels, we will need a minimum of three functions. Here are the functions used in the sample code:

  • _wp_display_content() — responsible for displaying the form or content, and the nonce field.
  • _wp_display_content_js() — displays the JavaScript code for our Ajax call in the footer.
  • _wp_sample_ajax_call() — completes security check for the Ajax request, processes the request, and returns a response.

Continue reading How to do Ajax calls within the WordPress administration panels