Blog Archives

securing WordPress

Part of securing a WordPress installation is checking up on your file permissions. In order to prevent overwriting by malicious code, limit the permissions to read-only except where necessary.

Here’s a good start:

Relative PathSuggested permissions
/0755
/wp-admin0755
/wp-includes0755
/wp-config.php0444
/wp-content0755
/wp-content/themes0755
/wp-content/plugins0755
.htaccess0444

I should also mention that I highly recommend WordFence for securing the internal WP system itself.

Tagged with: , , , , ,
Posted in how-to

essential and useful WordPress plugins I’ve tested and used

After installing and removing zillions of them, here are my faves:

BJ Lazy Load

Lazy loads images and other embedded media so that they are not sent to the client until the client scrolls near it. Saves bandwidth and makes for speed.

Breadcrumb NavXT

Automatic breadcrumb links on pages to ease navigation

Child Theme Configurator

Easily create and edit child themes based on themes already installed. This way you can update the third-party theme without losing custom changes to it.

Easy Updates manager

Allows disabling of updates of specified resources (WP core, themes, plugins, etc.). Useful if you don’t want your client bothered by update notifications.

Google Analytics Dashboard for WP

GA integration which inserts the tracking code on every page and also gives you a nice traffic history report on the admin dashboard.

Insert PHP

Allows insertion of PHP code in the WP content editor using tags like [ insert_php ]

Public Post Preview

Creates a link to an unpublished version of a page or post that you can share with anyone. Viewer need not be a registered user or admin. Perfect for in-place-UAT.

SEO Ultimate

Handles automatic metadata generation and tons of other SEO features.

TinyMCE Advanced

Must-have enhancement for the WordPress WYSIWYG content editor which adds many features.

UpdraftPlus

Automatic backup and restoration via S3, Dropbox, Google Drive, Rackspace, FTP, email, etc. I use this for weekly backups to my Google Drive.

Wordfence

Extensive security and virus-prevention package with automatic scanning and malicious user lock-out.

WordPress HTTPS

Helps WordPress cooperate with SSL/HTTPS-configured sites.

WordPress Visual Icon Fonts

Makes Font Awesome and Genericons icon sets available in WordPress.

Tagged with: , , , , ,
Posted in how-to

firing background tasks in PHP

Background case

madisonrightnow.com is a collection of near-real-time information about a metropolitan area. Traffic, weather, parking lot usage, and loads of web cam images are displayed on one page. Data come from a wide variety of sources: images come from cameras, weather data comes from a web API, and parking lot utilization come from good ol’ fashioned page scraping. All these transactions are triggered when a user wants to view the page. It is a challenge to get near-real-time information to the client from so many sources without a lot of pre-processing on the server end, and without the client having to make connections to a myriad of hosts to get images and other data. I found that asking the client to load all this makes the page too slow to load.

The solution is to build a server-side caching mechanism, so all the data and images are ready to go when the page is hit, and so that all transfers are between madisonrightnow.com and the client without having to wait on anybody else. This can cause the data served to be a little older, but is much better than asking the client to open connections to dozens of hosts and wait for every one to completely reply before the page can render. Under the caching scheme I developed, all data on the page are loaded from my server in order to give the user a smooth experience when expanding UI panels after the client renders it.

Continue reading “firing background tasks in PHP” »

Tagged with: , , , ,
Posted in how-to

Mac epoch?

Screenshot 2013-11-23 13.51.41

While installing the Mac OS X 10.9 (Mavericks) update, I noticed that the temporary file ( /Applications/Mac OS X Mavericks.appdownload created while the update “app” downloads has the creation date set to January 24th, 1984, the day of the initial Macintosh release. I think this file will be removed by the installer when the download completes and the update installs, so it was a good place to hide something most people probably wouldn’t notice.

Fun!

I wonder if 1/24/84 2:00 AM could be the standard the Macintosh epoch? At the time this page was rendered, the current UNIX time was 1503392671 seconds after January 1 1970, 00:00:00 UTC, which works out to August 22, 2017, 4:04 am United States central time.

For the curious, the PHP functions return and format the seconds since UNIX epoch is as follows:

date_default_timezone_set(‘America/Chicago’);
echo time();
echo date(“F j, Y, g:i a”);

Tagged with: , , ,
Posted in unsorted
filter