Archive for the ‘ php ’ Category

2012 in review

The WordPress.com stats helper monkeys prepared a 2012 annual report for this blog.

Here’s an excerpt:

4,329 films were submitted to the 2012 Cannes Film Festival. This blog had 17,000 views in 2012. If each view were a film, this blog would power 4 Film Festivals

Click here to see the complete report.

Advertisements

The easiest, most effective way to secure WordPress Sites

WordPress Site security : How To Avoid hackers

1. Place the below on functions to hide WordPress version.
function remove_wp_version() {
return ”; //returns nothing, exactly the point.
}
add_filter(‘the_generator’, ‘remove_wp_version’);

2. Activate the plugin Better WP Security and configure it.

3. Change folder permission
For Directories:  755
For Files: 644

4. Protect config file on htaccess
php>
order allow,deny
deny from all
</Files>

5. No directory browsing. Add the below code on htaccess
# directory browsing
Options All -Indexes

6. Prevent Access To wp-content
Order deny,allow
Deny from all
<Files ~ “.(xml|css|jpe?g|png|gif|js)$”>
Allow from all
</Files>

7. Protect .htaccess
Hh][Tt][Aa])”>
order allow,deny
deny from all
satisfy all
</Files>

8. Securing wp-includes
# Block the include-only files.
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ – [F,L]
RewriteRule !^wp-includes/ – [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]
RewriteRule ^wp-includes/theme-compat/ – [F,L]

# BEGIN WordPress

9. Help Prevent “Content Scrapers”
RewriteEngine On
#Replace ?mysite\.com/ with your blog url
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
#Replace /images/nohotlink.jpg with your “don’t hotlink” image url
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]

Make sure to replace “mysite” with your website’s URL and “/images/nohotlink.jpg” to the path of your image.

10. Protect Your WordPress Blog from Script Injections
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

11. Things to avoid when choosing a password:

Any permutation of your own real name, username, company name, or name of your website.
A word from a dictionary, in any language.
A short password.
Any numeric-only or alphabetic-only password (a mixture of both is best).

12. Change username of “admin.”  and Admin user id 1 to something else

13. Change the table_prefix: Many published WordPress-specific SOL-injection attacks make the assumption that the table_prefix is wp_, the default.
Changing this can block at least some SQL injection attacks.

14. Remove unused themes and inactive plugins from WP-content folder.

15. FTP : When connecting to your server you should use SFTP encryption if your web host provides it.
If you are unsure if your web host provides SFTP or not, just ask them.
Using SFTP is the same as FTP, except your password and other data is encrypted as it transmitted between your computer and your website.
This means your password is never sent in the clear and cannot be intercepted by an attacker.

16. Scan your site frequently.
http://sitecheck.sucuri.net/scanner/

Automatically Backup Your WordPress Site to Google Drive – Version 2

We have released new version(v2) on wp google drive plugin to make back of your wordpress site files to google drive in efeectivemanner.

http://wordpress.org/extend/plugins/wp-google-drive/

Exclusive tutorial on How to Backup your WordPress blog to Google Drive. It is always recommended to backup your WordPress blog, which includes files (themes, plugins etc) and SQL tables (all your blog posts, comments, drafts etc are stored as tables in database).

Whenever your blog is gone (due to unsecured activities or some other reasons), these backups will help to get back your blog. In some cases, using 3rd party plugins and themes can also lead to malfunction of your blog, here also these backups helps to retain back your blog.

Reasons to Backup WordPress Blog to Google Drive

  • Its a Google Product and is free to use up-to 5GB.
  • Can get access to backups on any of the devices like Smartphones, Tablet PC’s, Laptops etc.
  • Backups will be uploaded in quite less time (sometimes based on internet connection also).
  • Highly Secure and reliable service, so there wont be any loss of data in the process.
  • Backups can be shared with your blog partners (if have any) with a single click of mouse

How to Backup WordPress blog to Google Drive

Download and Install Google Drive for WordPress plugin from official WordPress plugin repository.

Google Drive for WordPress Plugin »

Please see the video for plugin process.

Here is the step-by-step guide that helps to backup your WordPress blog to Google Drive. Brief list of things you have to do in this tutorial:

  1. Login to Google API and create a Client ID in it.
  2. Authorizing the Plugin by using Client ID and Client Secret.
  3. Setting up the plugin frequency to take backups.

google-drive-plugin

  • Go to “API Access” tab and click on “Create an OAuth 2.0 client ID”

backup-wordpress-blog-google-drive-api-access

backup-wordpress-blog-google-drive-api

  • Go to “API Access” tab and click on “Create an OAuth 2.0 client ID”

google-drive-api-access

  • In the pop-up window, give a product name and upload logo before clicking on “Next” button.

google-drive-create-client-id

  • By default “Web Application” will be selected and don’t change it.

google-drive-client-settings

  • In “Your site or hostname” section, click on “More Options” to expand link sections.

google-drive-client-id

  • Now, paste the link in the “Backup Settings” page here. Enter domain name in “JavaScripts” origin field.

google-drive-insert-url

  • Click on “Create Client ID” and you have successfully created a Client ID using Google API Console.

google-drive-dashboard

  • Copy the Client ID and Client Secret from API dashboard and paste them in “Configure Google” page.

  • You have to authorize the plugin by clicking on “Allow Access” button.

google-drive-permissions

  • Allow Access to the Plugin and the entire setup has been successfully installed.

Check Out : WordPress Plugin

How to automatically Backup WordPress blog to Google Drive

  • Now, you can configure this plugin further by entering the custom folder ID of your Google Drive.
  • Also define the maximum number of backups (use any positive integer in that field).
  • Set the frequency of backup and everything will be automatically stored in your Google Drive.

    Backup Settings:

    1. You can name your backup directory, any name you like just enter it on text box.
    2. Mail Options : Enable this option to receive mail notification after successful backup on google drive.
    3. Schedule Backup:You can schedule a backup duration here. Based upon the Scheduled time, it will automatically perform schedule backup to google drive.
    4. Manage database :
    –Check yes, if you want to keep Database backup
    –Check the option if you want to exclude particular tables from backup
    –Always keep a recent backup of your site.Here you have option to keep most recent backups.
    Select how many you want to maintain on your server.
    –If you want, you can move particular backup folder to google drive.
    5. Manage Files:
    –Check option to exclude files from backup
    –Select how many backups you would like to maintain on your server.
    –If you want, you can move particular backup folder to Google drive.
    6. On-time backup: For immediate backup.

    FYI:

    Both schedule backup and Ontime backup will works based upon your files selection on Manage database and Manage Files section.

Explore the REST API

I have had the pleasure of working with the WordPress.com REST API over the past few weeks and am very excited to start “dogfooding” this resource everywhere I can. One cool feature is that all the endpoints are self-documenting. In fact, the documentation for the REST API is built by the API itself! With this information we were able to build a console to help debug and explore the various resources that are now available through the new API. So let me introduce you to the new REST console for WordPress.com. A word of caution: the console is only available when you are logged into WordPress.com and is hooked up to the live system, so be careful with your POST requests! At its simplest you can supply the method, path, query, and body for the resource you wish to examine (it’s pre-populated with /me). Press “Submit” to see the response status for your request and an expandable JSON object that you can explore. All links listed under meta are active, so click one to make another request. To get a better idea of what kind of parameters a request can take, select it under the “Reference” section. It will then provide an interface with some contextual help to let you know which path, query, and body parameters it accepts, what each of those parameters are for, and a field for you to provide the value.

Explore the REST API.

 

WANTED – URGENTLY 5 PHP DEVELOPERS

The PHP logo displaying the Handel Gothic font.

SecureNext Software

We plan to recruit 5 PHP developers with 2-3 years experience in our Chennai branch. The candidate should have a minimum 1.5 years experience as a PHP developer. A quick learner and a team player is an added advantage. The referred candidate must commit to serve the company for at least 2 years. If you know anybody who is meeting all the above requirements and is looking for a change, please refer them and ask them to send their resumes to murugan@securenext.net. & raman@securenext.com.

We want to close this recruitment in a week’s time and hence would appreciate a quick response !.. If the candidate referred by you is selected, then, you will get the referral bonus per selected profile as per the company rules and guidelines.

Job Description:-

For PHP openings, We need the following skill set :.

Edu.Qlfn: BE ( CSE / IT / EEE), MCA, MS (CS)

1) Should have minimum 1 year 6 month experience in PHP development

2) Good & hands-on knowledge in PHP, MYSQL, Jquery and CSS
3) A Fair knowledge in Joomla, wordpress and drupal will be an added advantage

We need the following details

Current CTC / Nett take home p.m.

Expected CTC / Nett take home p.m.

Referred By

Number of days required to Join

Reason for changing Job

Top 10 WordPress Security and Website Tips

When Office To-Go takes over WordPress website maintenance or a new project, we employ these security measures and recommendations.

1. Keep headers/logos under 125 pixels high. It takes up valuable viewing space, especially for laptop users, that is best left for the good stuff to appear “above the fold.” Take a cue from the big companies, simple logos done well say it all. This is our #1 pet peeve – screaming logos and headers!

2. Use STRONG passwords of 10 or more characters and DO NOT use “admin” for a username. Create a new user profile assigned to the administrator role, log back in with the new user profile and DELETE the admin file. It can’t be said strongly enough: use strong passwords for WordPress and any other site which requires passwords. Use an online password generator.

3. BACK UP your site regularly and keep a copy on your computer and off-site storage. If you have a very active site, back up daily. You spend a lot of time and money on your website, don’t skip this! The one complete solution that does it all is BackupBuddy, no other plug-ins back up your files, widgets, plugins and database. Need to move your site to another host, this will do it in less than a few minutes!

4. Select your plugins wisely, too many will slow down your site. Badly coded plugins are a hacker’s back door into your website.

5. Install the WordPress Firewall Plugin. This plugin investigates web requests with simple WordPress-specific heuristics to identify and stop most obvious attacks.

6. Move your configuration file one level above the root directory of your server (if you’re running WP in the root directory of your site as opposed to yourdomain.com/blog subfolder).

7. Do not use wp_ as a prefix for your databases. Most web hosting companies are eliminating that default now but if yours does not, change wp_ to anything else but that.

8. Install Secure WordPress plugin.

9. Install an anti-spam plugin such as WP-SpamFree.

10. Rewrite your .htaccess file to lock down your wp-admin directory by IP addresses. Add the following code to your file, replacing xxx.xxx.xxx.xxx with your IP address:

AuthUserFile /dev/null

AuthGroupFile /dev/null

AuthName “Access Control”

AuthType Basic

order deny,allow

deny from all

#IP address to Whitelist

allow from xxx.xxx.xxx.xxx

Article Source:

http://EzineArticles.com/?expert=Cyndi_Papia

WordPress 3.0.2 – Mandatory Security Release

WordPress 3.0.2 is available and is a mandatory security update for all previous WordPress versions. Haiku has become traditional:

Fixed on day zero
One-click update makes you safe
This used to be hard

This maintenance release fixes a moderate security issue that could allow a malicious Author-level user to gain further access to the site, addresses a handful of bugs, and provides some additional security enhancements. Big thanks to Vladimir Kolesnikov for detailed and responsible disclosure of the security issue!

Download 3.0.2 or update automatically from the Dashboard > Updates menu in your site’s admin area. You should update immediately even if you do not have untrusted users.

Source: wordpress.org

%d bloggers like this: