Category: Technical Tips

Using Apache to better secure WordPress

Securing WP with Apache

This is part 1 in a series to inform developers and administrators on the best methods to lock down their WordPress installations. By following even just some of the steps in these guides, one should be able to avoid many of the common security issues with WP.

CodeIgniter, extending the Cart class for robust product names

CodeIgniter’s new cart class lets you build robust shopping carts quickly for your site in php, but doesn’t, out of the box, let you add products that have non-alpha-numeric (and dashes, underscores, colons or periods) product names into the cart. Here’s the proper way to extend the class that is upgrade-proof.

html5 Forms and WP 3.0 comments

Being the further adventures of: html5 already works somewhat. Article comments didn’t get the treament, last time, because they’re produced by wp_list_comments() in the comment.php template. But actually this isn’t that hard to sort, and I also took a look at the form fields in the comment post section of the page.

HTML5 already works somewhat

HTML5 is no radical departure from it’s predecessors. It offers aids to better semantic markup and embedded content, useful form validation, and a little less depreciated cruft. Most importantly it provides the platform for CSS3, about which more in a later article. But the best thing about html5 is that you can have it now, without sacrificing browser compatibility. Take a look over here where I’ve recoded Ponderwell’s site in html5. That was an afternoon’s work, and the result was sufficiently encouraging that I think I’ll be using html5 exclusively from now on. It works just fine even in IE6 – or rather, it works as well as any site ever does in that horrible browser.

Fruit harvesting using graudit

graudit is a great tool to find low hanging security issues with your PERL, PHP, Python, JSP, and even .Net scripts. But, it should not be used solely to report for issues as it lacks the capabilities to find most real security issues.

Adding Google Analytics to “WordPress AudioPlayer”

If you are using the WordPress AudioPlayer plugin on your site, you know that it’s a versatile flash player with many options. The missing option from my point of view is tracking the playing of the audio tracks themselves. I’ll show you how to add Google Analytics tracking to the player, so you can get… Read more »

PHP5 stdClass assignment gotcha

PHP5 is not an Object Oriented Language, but just the same it is being used as and OOL, and it has language constructs which facilitate that. If you’re like me, though, you tend to use stdClass objects not as simple class instances but as PHP’s answer to what is called a record or struct in other languages. This can cause confusion, especially when assignment doesn’t go quite as planned.

Adobe hits us again.

Adobe added the Launch command to the PDF spec in 2008. Since then, attacks using this command have surfaced and we explain a sample attack along with how to disable the Launch feature to protect your environment from this type of attack.