WordPress is the most widely used open source blogging software in the world. This didn’t happen overnight, and the developers over there have certainly earned their keep. With any web application, especially a heavily used one, there are security risks and precautions we must take. Without a security model and virtual barriers in place to protect us, it can be an all-out free-for-all for hackers. Continue reading WordPress Security: Primer & Advanced Techniques
Recently, I have come to find myself recreating the same code over and over again for jQuery slide down menus equipped with one button to toggle display. There’s nothing complex about this code, but it will give beginners the gist of how to do accomplish the task. For this example, we will use jQuery 1.3.2, delivered from Google’s CDN.
On a side note, using a CDN like Google’s can lessen the load on your server, and will actually help reduce overall bandwidth usage on the web as whole. If a visitor has already downloaded the jQuery library from Google’s CDN, the majority of the time they won’t need to do it a second time if you implement this strategy.
The Google CDN address for jQuery 1.3.2 can be implemented using the following code:
<input type="button" id="hidden_menu_button" value="Toggle Menu" /> <div id="hidden_menu" style="display: none;"> <label><input type="checkbox" />Checkbox #1</label> <label><input type="checkbox" />Checkbox #2</label> </div>
I recently came across a lovely, free service called OpenDNS by accident, and being the curious person that I am, I just had to read on to find out what it was all about. Upon reading I found that OpenDNS was a neat little service, offering the following benefits to everyday people:
- Anti-Phishing – Protects against phishing and scam sites at the lowest level of content filtering.
- Content Blocking – Allows administrators (parents, managers, etc.) to block entire categories of sites. (Examples: Politics, Photo Sharing, Social Networking, Sexuality, Automotive, etc.)
- www Navigation – Allows use of terms or keywords to get to your favorite sites. For example, this is what you would put in your browser’s address bar with and without OpenDNS:
- w/o OpenDNS: http://mydomain.com/category/subcategory/very_long_page_name_with_numbers_123579.html
- w/ OpenDNS: anything-you-want
- Statistics – View your top viewed domains, IPs, and more. This allows parents to keep tabs on their kids, or network admins to keep tabs on Internet usage.
- Typo Correction – OpenDNS can detect common typos in domain names.
- Additional security – OpenDNS provides measures to prevent DNS Rebinding Attacks, and offers additional protection against malware/botware (IE Zero Day Exploit, Conficker Virus).
- SmartCache Beta – This is a feature that allows users to surf the web even in the event of an authoritative DNS outage. Read the SmartCache Beta press release for more info.
- Improved reliability and speed – OpenDNS offers “global routing technology” that routes your requests to the closest OpenDNS server, and a more reliable network that is supposed to reduce pesky outages.
So far so good! Since discovering the software, I have implemented it in two different locations, and both have benefited from it. One implementation was for a parent of a teenage girl who kept downloading “games” and creating virus and malware outbreaks. It turned out this was caused by sites disguised as the sites she usually visited… phishing sites.
If my opinion changes, you’ll be the first to know, but for now, two thumbs up for OpenDNS!
Recently, I switched to Zend Server CE from a manually installed AMP package (Apache/MySQL/PHP) to make use of Zend’s lightweight environment and easy install package. In doing this, I found that it broke the permalinks associated with WordPress. Despite mod_rewrite being enabled, and the “Pretty Permalinks” code being in the .htaccess file, it still didn’t work.
To fix this problem do the following:
- Open up httpd.conf. (On Windows, the default location of this file is C:Program FilesZendApache2conf.)
- Find the line with <Directory />.
- Make sure +FollowSymLinks is present on the Options line. (i.e. Options +FollowSymLinks)
- Change AllowOverride None to AllowOverride All.
- Restart Apache.
AllowOverride controls how .htaccess files are used. When AllowOverride is set to None, users cannot override the configurations set in httpd.conf for particular directories. While the .htaccess in this client’s WordPress directory was correct, Apache wasn’t allowing it to override the default settings as stated in httpd.conf. It is definitely worth it to learn more about how to configure Apache so that you can have a secure and well-performing environment, especially if a lot of developers work on the same production server.
If you have similar experience, we would love to hear what you have to say. Perhaps it will save someone else a minute or even a few hours.
Who wants to go to Google or break out the library of programming books every single time you get stuck on something? Below is a compilation of extremely useful cheat sheets, which can be printed, laminated and placed nearby for easy reference while doing your web development and design. Everyone has moments where a function cannot be remembered, and that is where these cheat sheets can be lifesavers. Bookmark this page for an easy portal to all of the cheat sheets, or an individual page if you find it helpful. Please don’t hesitate to post any cheat sheets we neglected to include, for this is about sharing knowledge.
http://www.addedbytes.com/cheat-sheets/php-cheat-sheet/ Continue reading 25+ Must-Have Cheat Sheets for Web Developers
(Note: The following is a revised tutorial I wrote earlier this year, transferred from one of my old web sites.)
Using the Singleton design pattern is a simple way to limit the number of class instances to one, helps keep database connections organized, and can also save memory. The PHP code below is a basic example on how to use the Singleton pattern to create a database class. This class can be used to manage a database connection throughout PHP script execution. While this is a basic example, many improvements have been made over the original version. If this is well received, we will be happy to add additional functionality. Click read more to view the class, and learn about the functionality of each part. Continue reading MySQL database class using Singleton design pattern
What can I say about our beloved IDEs? To those just learning, this may just seem like another meaningless acronym in a world already filled with pointless acronyms; however, this will save your life … literally! So, what is an IDE?
IDE stands for Integrated Development Environment. IDEs allow you to perform a multitude of tasks from one place. Example uses of an IDE include editing code, debugging an application, and updating SVN. IDEs don’t have to include all of these features, and they aren’t limited to just these features.
Below I’ve compiled my top three PHP IDEs:
1. Eclipse PDT (Free)
2. Crimson Editor (Free)
Alright, so Crimson Editor is more of a “text editor” than anything else; however, it has proven to be quite useful regardless. Though Crimson Editor hasn’t been actively worked on since 2008, when it was renamed Emerald Editor by another team, it is great for working on dual screens. I often find myself using Crimson Editor to copy code from one place to another (i.e. Eclipse PDT on screen A, Crimson Editor on screen B). Crimson Editor also comes equipped with syntax highlighting for many languages, word wrap, project settings, and built-in FTP. CE is great because it takes up next to nothing as far as RAM and CPU, but it is not as robust as NetBeans or Eclipse PDT.
3. NetBeans (Free)
NetBeans is similar to Eclipse PDT, but is a little less robust in my opinion. It does, however, offer version control functionality and database support right out of the box, as well as the other key features of any other IDE. It seems to be a little faster than Eclipse, and has gained traction in the community. I don’t really use NetBeans too often, but if Eclipse went away, I would start eating NetBeans.
There are many more great IDEs out there, but these have made quite the impression on me and some of my friends. It really comes down to personal preference, and what you are trying to do. They all revolve around the same basic principles, and have similar features. Try each one out, and find out what works best for you.
I encourage everyone to comment and let us know which IDE you use and why you use it.
In my quest to minimize the memory usage of our beloved blogging platform, WordPress, I came across eAccelerator. After using Zend Server, and experiencing the performance boost their caching mechanism created, I started looking for something that would work easily with cPanel/WHM. Lo and behold, there exists a program called eAccelerator which is quoted as being “a free open source PHP accelerator, optimizer, and dynamic content cache.”
Immediately, I saw the average WordPress memory usage go from 14MB to less than 8MB. That is roughly 57% percent of the original memory usage. Needless to say, I was quite pleased with the results!
Thoughts: In other languages, such as C# and Java, one has the ability to introduce libraries as needed without the extra burden of loading every last file, like in WordPress. Would it be possible to come up with a custom autoload function to do the same sort of thing? I believe Joomla uses a similar idea with the jimport() function.
I recently decided to install Zend Server CE on my machine to use as a local development environment. I chose the PHP 5.3 installation so I could update my PHP code to fit the new version. I was intrigued and excited to find that WordPress used a mere 2 MB of memory compared with 12-13 MB on my production installation.
|Zend Server CE||cPanel/Other Stacks|
|Memory usage||1.5-2 MB||12-14 MB|
Windows Server 2003
Windows Server 2003
My primary testing was done on Windows Server 2003. Before installing Zend Server CE, WordPress was taking up what I would call an average amount of memory, 12 MB. After installing Zend Server CE with PHP 5.2.10, I found that peak memory usage went down to around 4 MB. After I found PHP 5.2.10 worked, I upgraded to 5.3, which resulted in yet another performance increase, bringing us to 2 MB peak memory usage.
Thoughts: I can’t find anything drastically different about the two installations, but I could be missing something. If anyone can solve this mystery, please comment!
To complete a simple Ajax call within the administration panels, we will need a minimum of three functions. Here are the functions used in the sample code:
- _wp_display_content() — responsible for displaying the form or content, and the nonce field.
- _wp_sample_ajax_call() — completes security check for the Ajax request, processes the request, and returns a response.