November Project – WordPress Security Plugin

Last month I mentioned that to help me develop further as a programmer and to be motivated that I would be working on a new project every month.

In October I decided to create a Crossword creation script that has now been completed (with some bugs still so still stuff to do). I have posted the outcome on a public BitBucket Repository. Feel free to download and play with the script. I have created some bugs and feature enhancement requests myself so there is stuff to work on.

Now for the plans for November. Continue reading “November Project – WordPress Security Plugin”

Developing And Monthly Projects.

As many people know it can be very easy to make plans however harder to action them. I seem to be very good at procrastination and less so of removing things from my to do list.

To help me focus and get into the swing of programming I have decided that I need to set myself proper tasks with a set time for completion. To make sure that I carry through I am also going to be posting updates on my blog.

The plan is to start a new project on the 1st of every month, once the end of the month arrives I should have a project that I can then release. This does not necessarily mean the product will be perfect but in a state that I am happy to show others and essentially gives me something to build upon in future. Some of these may remain proof of concepts therefore will never be in a finalised state.

I have now set myself a bucket list, over time I will mark off those that are completed and add new tasks and projects to the list.

For my first month I am working on a simple Crossword Maker. This will not necessarily be something that will result in a finalised project but aims at getting me back into the swing of programming again.

The requirements of this are quite simple. For creating the crossword we have:

  1. User decides on the grid size for the crossword and this is output to the browser
  2. User can select which boxes are blank.
  3. User enters the answers into the crossword
  4. Script automatically creates numbered clue placeholders
  5. User can specify the question
  6. javascript submits the structure of the crossword to a PHP script
  7. Potential to have a script automatically generate the crossword with specified answers so that the creator doesn’t have to crate the layout.

For allowing people to complete the crossword:

  1. Script fetches the structure from the server and outputs this
  2. User manually enters the answers into the crossword grid
  3. If a user clicks on a clue when the user starts to enter the answer it automatically puts the letters into the correct locations.
  4. User can click on a button to check the solutions, the javascript submits the answers to the server and this specifies either correct or incorrect.
  5. Another potential would be to have a cheat option that fills in a letter for a chosen clue.

 

What do you guys think? How do you keep yourself motivated and staying on task? How about suggestions for projects?

Interested In Security And Running WordPress?

WordPress is currently (and has been for a long time) 1 of the most popular tools for creating blogs and web sites on the internet. Due to the level of popularity that WordPress has gained it has been a target for hackers looking to deface the website, send spam or make the site a part of a bot net (and of course many other things).

The attackers use vulnerabilities that are found in the core code, plugins and yes even themes.

There are many plugins that try to help mitigate the risks but they are fighting a lost cause and really cannot combat all vulnerabilities. Continue reading “Interested In Security And Running WordPress?”

iThemes Banning You For 404 Error

Recently I updated the Better WP Security plugin. The developers have decided to rename it to iThemes Security. After a while I kept getting banned from the blog (I just kept getting a page stating “error”.

After doing some digging I found that the problem had been caused by the “default-user-image.png” image that was set in the All In One SEO Pack. I had changed the name of my wp-content folder (as per 1 of the recommendations in iThemes) however the links to this file were still leading to wp-content.

After installing iThemes make sure that you modify the location of the default user image in “All In One SEO” >> “Social Meta”. The setting you are looking for is “Default OG:Image”. Simply change wp-content to the new name that you have given the folder.

On a side note when looking for the issue I came across a red herring. In the main plugin script (all_in_one_seo_pack.php) a couple of constants are defined to state the name of the wp-content folder. When questioning this in the support forum I was advised they are not used any more. Begs the question why are they still there?

Installing Zend Server 6.1 using Nginx and PHP 5.4.

Zend recently updated Zend Server and added the ability to use Nginx as the web server. I thought I would give it a go. I have installed Zend Server 6.1 on a fresh new install of Cent OS 6.4 (I used the minimal install ISO weighing at around 300 meg).

The following are the steps required to install.

Firstly we need to create the Nginx repository file as we re going to use yum to install everything:

touch /etc/yum.repos.d/nginx.repo

Next we need to add the repo details to use. Firstly open the file in vi:

vi /etc/yum.repos.d/nginx.repo

Then add the repo details (press “i” before typing, 😡 to close and save the file)

[nginx]
 name=nginx repo
 baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
 gpgcheck=0
 enabled=1

We now need to do the same for Zend Server:

touch /etc/yum.repos.d/zend.repo

Open the file:

vi /etc/yum.repos.d/zend.repo

Enter the repo details (remembering to press “i” before typing, 😡 to close and save the file):

[Zend]
 name=zend-server
 baseurl=http://repos.zend.com/zend-server/6.1/rpm/$basearch
 enabled=1
 gpgcheck=1
 gpgkey=http://repos.zend.com/zend.key
[Zend_noarch]
 name=zend-server - noarch
 baseurl=http://repos.zend.com/zend-server/6.1/rpm/noarch
 enabled=1
 gpgcheck=1
 gpgkey=http://repos.zend.com/zend.key

Now we simply need to download everything. For this I am choosing to use PHP 5.4 (my choices are 5.4 and 5.3, replace 5.4 with 5.3 in the next command if you are chosing PHP 5.3):

yum install zend-server-nginx-php-5.4

You maybe prompted to allow a key to be used. This is ok we are using the official repos for the packages so select y if prompted.

After some time (depending on your connection speed) Zend Server 6.1, PHP 5.4 and Nginx will be installed and we can reach the GUI. You maybe wondering when we installed Nginx. When we asked yum to install Zend Server it saw that it was dependant upon Nginx being installed first so added this to the download list (and used the Nginx repo from above to install it).

Now I am only using this locally behind a router etc so decided that I would disable iptables. I strongly recommend you do not do this for public servers. To disable iptables simply run the following command:

/etc/init.d/iptables stop

We can now access both the Nginx web server and the Zend Studio control panel which is located at http://your-ip:80081

Now we shall finish the installation. Firstly accept the licence and click next. The choose the profile you are using. As this is a development machine for me I am going to choose the development option. Needless to say you should choose the option that is right for your situation. Again click on next.

On this next page it is going to ask you for a password 4 time. 2 for the admin and 2 for the developer. If you intend to use the free licence, the developer password really is not going to be of much use but I would set something you will know anyway. The developer user is disabled for the free licence. Click next after entering the password.

On the next page click next. Read the summary and click submit.

After a few moments you will enter the web interface for the Zend Server application. Be sure to browse about and become comfortable with it. Be warned tho the initial licence is a trial licence and after 7 days you will need to enter a new licence. As mentioned there is a free licence which will disable some functionality (but still useful). For a breakdown of what each licence includes be sure to check our the Zend Server editions page which has more info.

One last note. The first time entering the web interface you will not be prompted for a login. After this you will need to use a login. The login is:

Username: admin
Password: As entered

Enjoy and happy programming.

Updating Zend Server 6.01 (PHP 5.4.11) to 6.10 (PHP 5.4.16)

Not too long ago I installed Zend Server which is a great tool that can help you manage and debug your PHP applications. It can also help make sure that your development environment is the same as your live environment so that surprises are less common for you.

Recently Zend updated Zend Server to 6.10 however there are no good instructions on how to update the product. After a bit of browsing I could see some questions about how to do this but little in the way of answers (it did only update a few days ago).

Anyway when you install Zend Server on Linux it sets up a new yum repository to use to install and keep the package updated however when trying to update nothing actually updated.

Upon checking the repository file at “/etc/yum.repos.d/zend.repo” I found that this contained the following:

[Zend]
 name=Zend Server
 baseurl=http://repos.zend.com/zend-server/6.0/rpm/$basearch
 enabled=1
 gpgcheck=1
 gpgkey=http://repos.zend.com/zend.key
[Zend_noarch]
 name=Zend Server - noarch
 baseurl=http://repos.zend.com/zend-server/6.0/rpm/noarch
 enabled=1
 gpgcheck=1
 gpgkey=http://repos.zend.com/zend.key

As you can see the file specifically references the repository for 6.0. To try to fix this I changed the file to have:

[Zend]
 name=Zend Server
 baseurl=http://repos.zend.com/zend-server/6.1/rpm/$basearch
 enabled=1
 gpgcheck=1
 gpgkey=http://repos.zend.com/zend.key
[Zend_noarch]
 name=Zend Server - noarch
 baseurl=http://repos.zend.com/zend-server/6.1/rpm/noarch
 enabled=1
 gpgcheck=1
 gpgkey=http://repos.zend.com/zend.key

Once I had done this I then carried out the following 2 commands:

yum clean all
yum update

This now prompted me if I wanted to update many components. Low and behold Zend Server now reports:

PHP Version 5.4.16Zend Server Version: 6.1.0

Zend Framework: 1.12.3, 2.2.1
Zend Server Gateway: 0.9.0
Build: 71826

Fingers crossed. All appears fine.

One thing that is a bit disappointing however is that now we have no ETA on Zend Server with PHP 5.5 support. I was looking forward to utilising some of the PHP 5.5 features on the product I am making.

PHP 5.5 Release Imminent

*** New Since Writing This ***

PHP has now officially been released as can be seen on the PHP news page.

***

The release of PHP 5.5 is imminent now. The source code now appears to be getting merged on the official PHP github repository. The news file (which highlights a lot of the new features and fixes) can be found at https://github.com/php/php-src/blob/php-5.5.0/NEWS. I am particularly looking forward to using the new password functionality as well as being able to use the FINALLY keyword.

Along with the release of PHP 5.5 this will begin the end of life process for PHP 5.3. The issue is already being discussed on the PHP internals list.

http://news.php.net/php.internals/67734

As you can see the current plan is that once 5.3.27 is release in a few weeks the only updates to the 5.3 branch will be security only fixes (and there doesn’t appear to be any opposition to this). Johannes Schluter has posted a new blog post about what you can do from here if you are using PHP 5.3 and can be found here.

Now really is a good time to be looking at upgrading PHP. Preferably you should be looking at upgrading to 5.5.

ADDED

A good video to help explain the new release and update cycle for PHP can be found on youtube (this subject starts at 3:14):