Steps to Keep WordPress Secure

It has been brought to my attention that WordPress is becoming a juicy target for hackers and bot-nets.  As such, here are some simple steps you can take to prevent your WordPress site from being hacked.

  • Change your admin password regularly.
    One strategy that hackers are using is simple brute-force attacks to try and guess your password.  You should change it regularly, and make sure the password you choose is very hard to guess.  Long combinations of letters, numbers and symbols are best.  Sentences can be good too.  Consider using a password storage solution such as LastPass.
  • Install a plugin to block bad logins.
    There are a number of plugins out there which can lock user accounts if too many bad login attempts are detected.  Installing one of these would be a good security measure. Read the rest of this entry »

AmazonFeed 2.1 Released

I have finally released AmazonFeed v. 2.1. While not a major release, it updates the code to be compatible with WordPress 3.1.1 and fixes a few minor bugs. One bug for example would prevent your custom Amazon tags from being saved in certain situations. This has now been fixed. Hope you enjoy the plugin. If you have questions or comments, feel free to leave them in the comments associated with this post.

Wicked Cool PHP – Review

Wicked Cool PHP

Wicked Cool PHP

It’s not often that I write reviews about specific products, but I recently bought this book and couldn’t resist recommending it to anyone who has a basic grasp of PHP and is looking for some practical applications and scripts to work on. I have found it to be a great PHP scripting resource which walks through a number of very useful scripts in detail, discussing exactly what is going on and how the script might be used in real life.

The authors, William Steinmetz and Brian Ward, do an excellent job of walking through each script showing how it works, what the potential pitfalls are and how it might be used in real life.  The best part is, there isn’t a single “Hello World” script in the book.  Rather the scripts are solutions to real life programming situations that most PHP programmers will run in to at one point or another.

I highly recommend Wicked Cool PHP to anyone starting out with PHP who wants to go a little deeper than “Hello World” or wants to see real examples of practical PHP scripts.

PHP Object Unit Testing

I recently found a PHP tool that might actually be useful to a lot of developers in helping to keep their PHP code clean and help with bug tracking and diagnosis.  With PHP 5, we now have the ability to delve quite heavily into OOP based scripting.  This basically means creating PHP code as Objects instead of spaghetti code.  The tool I found recently is a simple framework for testing your newly created PHP objects.  It is called SimpleTest.

Basically, you can build your PHP objects and use this tool to create test cases in order to ensure that future upgrades don’t break existing code. This is called Unit Testing.  Check it out.  I’d love to know how you like it.

WordPress Plugin: Related Products from Amazon.com

This plugin will allow you to make money on your website as an Amazon.com affiliate.  It enables you to automatically advertise products from Amazon.com which are specifically related to the topic you are writing about.

Features:

  • Automatically load category or tag related products from Amazon.com.
  • Earn rewards as an affiliate, simply by entering your affiliate tracking code.
  • Provide valuable additional content to your visitors on the topics of your posts.
  • Total control to tailor results for any given post.
  • Excellent content caching for lightning fast response times.
  • Ability to disable related products from being displayed at all on any given post.
  • NOT JavaScript based, meaning it is not hidden from users with no JavaScript capability.

Read the rest of this entry »

SendFeed WordPress Plugin

I’m very excited to announce the release of SendFeed, a brand new RSS/XML Feed to Email WordPress plugin.

The SendFeed Plugin for WordPress allows you to send your latest post from your RSS feed to an external Mailing List Manager in both text and HTML formats.

It is capable of sending messages out immediately, at predefined intervals such as daily/weekly/monthly or manually.  Also, the text and HTML templates are completely customizable on a per feed basis so you can tailor the emails to suit the list or feed you are using.

The plugin was developed by me while working for TruthMedia.  We have just released the very first edition of the plugin on WordPress.org.

You can find it at: http://wordpress.org/extend/plugins/sendfeed/

Original Post Here: http://truthmedia.com/2008/11/19/sendfeed-v-11-released/

Website Subversion Backup

As a PHP coder and web developer, I have recently discovered and fallen in love with a tool which helps to keep my source code safely backed up. This tool is called Subversion and “it is used to maintain current and historical versions of files such as source code, web pages, and documentation.” (1) In simple terms, it allows you to back up your files and keeps a history of all the versions of files that you send to it.

This is VERY useful when doing PHP development because as you develop your application you can commit versions of the files to the Subversion (SVN) repository and it will keep track of all the changes you have made. If necessary, you can even revert back to older versions.

One of the difficulties that I have run into while doing website development is how to keep the live remote website synchronized with my local working copy. This is especially true of WordPress installations where editors may be uploading new pictures or documents to the site on a daily basis. If you are not constantly downloading the latest copy of the website, your local copy will be out-of-date and may cause problems in your development.

Subversion to the Rescue:

However, I have come up with a relatively simple solution to this problem, which utilizes the controls within Subversion, to both back up the data on the LIVE website, as well as providing version control for all the site data as a whole. For the sake of simplicity, I will be using a WordPress website as my example, but the concepts here could be applied to essentially any website.

One of the useful features of Subversion is the ability to run what they refer to as “hook scripts” at different points in the versioning process. For example, an SVN repository can be configured to run a set of scripts directly after any data is “committed” to it. (sending data to the repository is called “committing” the data) For this example, this is exactly the functionality we are going to be using.

Before I go any further though, let’s go over some of the requirements for setting up a website and subversion repository in this way.

Read the rest of this entry »

FormBuilder WordPress Plugin

I am very excited to announce the public (beta) release of the FormBuilder WordPress plugin on WordPress.org. FormBuilder is a project which was inspired, in part, by my work on FormContact 1.0 and came about as a result of our need for a good yet simple form building utility for WordPress.

The plugin was developed by me while working for TruthMedia. At the time of writing, it is at v. 0.57 and is compatible with WordPress 1.5 – 2.5. If you have a WordPress blog already, why not check it out!

Where to Start with PHP Programming

I’m going to start this tutorial with an assumption. I’m going to assume that you, the reader, already have access to a PHP enabled server. My specialization is programming, not server setup, so I’ll leave that part out of this. If for some reason, you DON’T yet have access to a PHP enabled server, or you are wanting to install your own, I recommend hosting with DreamHost. They’re VERY good, offer great PHP server support and are very inexpensive. Click here for more information on how to START building a website.

First off, a little discussion about the nature of PHP. PHP is a server side scripting language, which means that it runs stuff on the server, and returns the results of that process to the web browser of the person who ran it.

Example: When somone on a website clicks “Submit” on a contact form, the server receives the data but doesn’t inherently know what to do with that data. This is where PHP comes in. If the data is submitted to a PHP script on the server, that script can then take that data and email it to someone or stick it in a database.

A PHP script can be as simple as a single line of code to do a math calculation, or complex enough to run an entire website. The format of PHP code is similar to C but in my opinion, is much more forgiving.

A Little About Style

One of the most important lessons to be learned by any coder, even before you really get into much of it, is code documentation. In my opinion, one of the worse problem with many coders is that they don’t know how to document their code. This will be a pain both to you when you want to go back and edit something, and to anyone else who needs to use your code. I can’t say this strongly enough. LEARN TO DOCUMENT ALL YOUR CODE! I’m not talking so much about pages of documentation in addition to the script you are writing. Rather, I’m talking about writing out in the code itself, what you’re doing with each statement or set of statements. You will appreciate it in the future, when you come back to a script and want to figure out what it does, and other programmers who may use your work, will also bless you. It’s also a pretty key factor in getting hired in this industry. If an employer knows what they’re doing, they’re going to have someone look through your code to make sure it’s well formed and not going to cause their other programmers headaches.

Keys to Good Style

  1. In Code Documentation
    As I’ve mentioned above, get in the habit of writing plain text explainations for what you’re doing in the code you’re designing. It’s not difficult to put in a bit of text before a segment of code to explain what you’re going to be doing.
  2. Clear and Appropriate Variable Names
    While coding, you’re most likely going to be declaring variables. (Variables are like boxes of information stored in memory) The more clearly you name your variables, the better off you’ll be later, and the less likely you are to run into conflicts or confusion.

Some Examples

Well, let’s take a look at some PHP Code now so we get the feel for what we’re looking at.

A standard PHP script will be enclosed in tags like this:
<?PHP
# Some php commands here
?>

There are some variations of this as well. For example, some servers will allow you to simply use <? instead of <?PHP. Usually though, it’s good form to use the full <?PHP for clarity.

Now, let’s take a look at some examples of good code documentation and bad code documentation.
Poor Code Style:
<? $x="Some text"; $y="some more text"; $z=$x.$y; echo "Combined text variables = ".$z ; ?>

Better Code Style:

<?PHP
# Declare some text variables
$text_1 = "Some text ";
$text_2 = "some more text";

# Combine the two previous variables into a third variable
$text_combined = $text_1 . $text_2;

# Print out the results
echo "Combined text variables = " . $text_combined;
?>

Output:
Combined text variables = Some text some more text

Both of these examples would print out the same result to the browser, but you’ll notice that in the second example, I’ve added line breaks in appropriate places, used more appropriate variable names, and have added comments before each segment of code. (comments are denoted in PHP by a # sign at the beginning of a line) You could even go so far as to add comments to the very beginning of the script, explaining when it was made and what it’s purpose was. See this example…

Better Code Style:

<?PHP

# Sample PHP Programming Script
# Designed Nov. 18, 2005
# Used on "Where to Start PHP Programming" as an example of good
# programming style.

# Declare some text variables
$text_1 = "Some text ";
$text_2 = "some more text";

# Combine the two previous variables into a third variable
$text_combined = $text_1 . $text_2;

# Print out the results
echo "Combined text variables = " . $text_combined;
?>

So what do you think? Still want to be a PHP Programmer? I hope so… It can be a lot of fun.

In the next few tutorials we’ll start going over some of the basic programming structures and commands that you’ll be using as you start coding. You may also find it useful to get a book like the one I’ve recommended at the top of this page. These tutorials will give you the basics and help you to get started, but if you want to get into more complex coding, a book like this one is the way to go.

PHP/MySQL Programming for the Absolute Beginner

** Author’s Note: More tutorials will be coming as soon as I get time to write them. If you have a suggested topic or article that you would like to submit as a tutorial, I’d love to work with you on it.