Posts from — April 2009

1) WP Security Scan

This plugin will scan your wordpress installation for security vulnerabilities and give you hints for fixing them.

Features:

• passwords
• file permissions
• database security
• version hiding
• WordPress admin protection/security
• removes WP Generator META tag from core code

Download Here

2) Change all accounts that have known usernames (example: admin).

Even though this will not protect you if someone knows your password or gets into your wordpress blog through some other vulnirability, it will be one less piece of information a potential attacker can use to compromise your site.

3) Remove Wordpress Version

This plugin removes the wordpress version from everything, including the RSS feed.

If you have extensions installed that requires the wordpress version information, this might break them. So install with care.

Plugin available Here

4) adminSSL

Features:

• Forces SSL on all pages where passwords can be entered.
• Works with both Private and Shared SSL.
• Can be installed on WordPress MU to force SSL across all blogs (only works if you have a Private SSL certificate installed) from WPMU 1.3 upwards.
• Custom additional URLS (e.g. wp-admin/) can be secured through the config page.
• You can choose where you want the Admin SSL config page to appear

Download Here

5) askApache Password protect

This plugin allows you to set up Password Protection for your blog using HTTP Basic Authentication, or you can choose to use the more secure HTTP Digest Authentication. Choose a username and password to protect your entire /wp-admin/ folder and login page. Forbid common exploits and attack patterns with ModSecurity, ModRewrite, Mod_Alias and Apache’s Core Security features.

Download Here

6) Wordpress firewall

Features:

• Detect, intecept, and log suspicious-looking parameters — and prevent them compromising WordPress
• Also protect most WordPress plugins from the same attacks.
• Optionally configure as the first plugin to load for maximum security.
• Respond with an innocuous-looking 404, or a home page redirect.
• Optionally send an email to you with a useful dump of information upon blocking a potential attack.
• Turn on or off directory traversal attack detection.
• Turn on or off SQL injection attack detection.
• Turn on or off WordPress-specific SQL injection attack detection.
• Turn on or off blocking executable file uploads.
• Turn on or off remote arbitrary code injection detection.
• Add whitelisted IPs.
• Add additional whitelisted pages and/or fields within such pages to allow above to get through when desirable.

Download Here

1) Twitbin

Twitbin is a firefox extension that allows you to keep up with all of your Twitter conversations right from your browser sidebar.

Features

• Send messages
• Receive messages
• Share links
• Also supports internet explorer v7+

2) Twitterbar

TwitterBar allows you to post to Twitter from Firefox’s address bar. A small Twitter icon sits to the right of your address bar; clicking on it will post your tweet, and you can hover your mouse over it to see how many characters you have left.

You can also post by typing “–post” at the end of your tweet. Clicking the Twitter icon when visiting a webpage will send a tweet containing the URL of the webpage you are currently viewing.

3) Twitterfox

The extension adds a tiny icon on the status bar that notifies you when your friends update their status. Also it has a small text input field to update your status.

4) TwitKit

Features

• Runs on mac, windows, or linux
• Shows your entire network of followers.
• Easily delete tweets
• Has a 6-section interface, using tabs to separate content

5) Yoono

Yoono simplifies your social life on the web by centralizing all your social networks and instant messaging in one easy to use browser sidebar. Get all your friend updates automatically wherever you are on the web and update your status instantly across Facebook, MySpace, Twitter, and more. Yoono also shows you personalized recommendations for related websites, products, videos, and more based on the page you are viewing.

Why use a template engine?

Successful PHP applications and projects do not require a template engine. However, when a project starts to involve both programmers and designers, it is a good idea to separate application code from presentation. Another benefit of this model is with security/application updates.

Oscommerce is an open source shopping cart written in PHP. Presentation code is mixed with application code and as a result, most updates require manual code changes. This is because most people using this application customized the files that contain the presentation+application code. If it were separate, it would be easier to make the required updates and users would be more likely to make the changes.

The Engines

1) smarty

Features

• Output caching
• Multiple template sources: build them on the fly or load from a database
• Can be extended with your own functions and variable modifiers
• Output filters
• If, elseif, else statements
• Control flow statements, foreach

2) Prado

Prado is an event-based template language.

Features

• Configurable and pluggable modular architecture
• Feature-rich Web components: HTML input controls, validators, datagrid
• AJAX-enabled Web components
• Generic caching modules and selective output caching
• Security measures: cross-site script (XSS) prevention and cookie protection

3) phpHTMLLib

Features

• Layered approach to Application development
• Cacheable interface – cached pages, objects, widgets
• Notifies the programmer, which HTML tags are deprecated by the W3C
• PDO based cacheable queries
• Ajaxable pages, datalist, widgets

4) vlibTemplate

Features

• Includes a class that you can include called vlibTemplateDebug, which will output an HTML-formatted page with all data needed to see where you’re going wrong (great for debugging)
• Caches your templates to a file, which can speedup display time
• Built-in support for displaying database rows (supports: Mysql, Postgres, Informix, and Oracle)

5) php savant

Features

• Template scripts are written in PHP, so you don’t have to worry about permissions on a compiled directory
• The sourcecode of the savant template engine is well commented and designed, so it is easy to make additions
• The Template script is a regular PHP script, which allows you to use phpDocumentor to document it
• You don’t need to learn a new language or markup to create a template

The following are the top 5 firefox extensions that every developer should be using.

5) Open source in tab

Opens the page’s source file in a new tab. Has a preference to either open source in a new tab or existing tab.

Download here

4) IE Tab

A great extension that allows you to run an instance of Internet Explorer in a firefox tab. This is great for testing a new site that may look different in each browser.

Features:

• Supports multiple languages
• Allows the switching of the rendering engines (IE and mozilla) with one click

Download here

3) Server Switcher

Server Switcher allows you to easily switch between sites on your development and live servers, so that you can immediately see the differences.

Features:

• You can create multiple development/live-server-pairs.
• Multiple keyboard shortcuts
• Support for ports other than 80
• supported by flock and firefox

Download here

2) Web Developer

The sheer number of options and developer tools that are available with this plugin make it a great option for a web 2.0 environment.

Features:

• Easily disable java, javascript, popup blocker, and referrers.
• View Advanced cookie information
• Advanced form debugging – (Show passwords,convert GET <=> POST,remove maximum length)
• Outline frames, headings, links, and tables
• Resize the current window
• Validate CSS,HTML,Links, and WAI

Download Here

1) Firebug

Any list involving firefox plugins and developers should have firebug near the top. This plugin is great for debugging javascript in realtime, which is a must for anyone developing a web application.

Features:

• Inspect and edit HTML live on any website.
• Measure all the offsets, margins, borders, padding, and sizes (great for CSS).
• Get a list of each individual javascript file that is being loaded and each load time.
• Pause javascript execution and set breakpoints.
• Advanced javascript, CSS, and XML error reports
• Edit DOM objects in real-time
• Javascript command-line for easy execution of code

Download Here

While working on an AJAX project over the weekend, I ran into the following issue: (through a GET request), every time I tried to call a certain function, It was returning the same data (which was supposed to be different each time)

I first tried the following (which should disable browser caching):

(in PHP)

header( “Expires: Mon, 26 Jul 1997 05:00:00 GMT” );
header( “Last-Modified: ” . gmdate( “D, d M Y H:i:s” ) . ” GMT” );
header( “Cache-Control: no-cache, must-revalidate” );
header( “Pragma: no-cache” );

The data still did not change.

I finally came to the following solutions:

1) use a POST request. When using with xmlhttprequest, it is slightly more complicated.

2) add a unique identifier to the end of my GET url.

I choose #2. A unique Identifier can be created using the current data+time. Here is a simple way to generate this (in Javascript):

var date = new Date();
var timestamp = date.getTime();

createXMLHttpRequest();
xmlHttp.onreadystatechange = handleMessages;
xmlHttp.open(”GET”,”script.php?time=”+timestamp,true);
xmlHttp.send(null);