Tag: security

How to wordpress secure file upload using apache rules

WordPress tutorial, How to wordpress secure file upload using apache rules, Here we given apache rule for secure your wordpress file upload functionality.

How to wordpress secure file upload using apache rules

Website security is most important point of any website. In wordpress we need to give 777 permission to wp-content/uploads folder. Some time we don’t want to give the 777 (read, write and execute) permission to folder due to security reason but wordpress do not allow you to upload images or media files to uploads folder.

Tip: Do not give 777 permission to wp-content/uploads folder. In stead change user ownership to apache folder.

Security

What you can do is. You can restrict other file types to upload in uploads folder using simple apache rule. following code you can use in .htaccess file.


	Order Allow,Deny
	Deny from all

<FilesMatch ".(jpg|jpeg|jpe|gif|png|tif|tiff)$">
	Order Deny,Allow
	Allow from all

Using above code you can secure your uploads folder and only selected files can be pushed into uploads folder.

How to wordpress secure file upload using apache rules
How to wordpress secure file upload using apache rules

Update version before wordpress hacked by hacker

We always found news about wordpress new release and updates. But few reasons some people does not update there wordpress sites.
There should be some may be issues with there plugins. WordPress tutorial for, Update version before wordpress hacked by hacker. Might be there plugins are not supporting the newer wordpress update or version.

Update version before wordpress hacked by hacker

Theme Issue

Some people will thought about theme. Their theme code will break and Site will go down due to errors.

Cost

Sometimes due to unknown issues Wrodpress up-gradation will be costly if you included the some paid plugins and themes then updating will cost you.

You need to hire wordpress developer for fixing those issues which will happen after wordpress updating.

You can choose the following options for updating the wordpress version:

  • Hire plugins developer and ask him to fix it.
  • Hire WordPress developer and pay him to fix it.
  • Remove plugin and start using another plugin But consult with developers.

WordPress Updation is very important.
WordPress updates are often issued for the purposes of fixing potential security issues.
recently noted that if you do not update your self-hosted WordPress software frequently, you are just about guaranteed to get hacked at some point.

I recommend to update the wordpress version and plugins because hacker will hack your site. Do not miss the security updates from wordpress.

Here is article for fix wordpres site. Best wordpress plugins for wordpress security and protection. and If wordpress site is hacked then how to fix issue

Update version before wordpress hacked by hacker
Update version before wordpress hacked by hacker

If wordpress site is hacked then how to fix issue

Recently one of my wordpress site is hacked which is on wordpress. There is something wrong happening on server. We fixed issue with some steps, we given full steps for fixing issue. Due to disk I/O notification and CPU usages notification email I got to know.

If wordpress site is hacked then how to fix issue

There is something wrong happening on server.

First thing I did which is checking the apache access logs and error logs. I was getting per second 100 request from some IP addresses.

I stoped apache server and I took my database and filesystem backup. Deleted my admin username and added new administrator with new username.

You should use the Better WP Security wordpress plugin. This is very useful plugin.

iThemes Security (formerly Better WP Security)

I added following code in my .htaccess file

 # BLOCK BAD IPS
 <limit GET POST PUT>
 Order Allow,Deny
 Allow from all
 # uncomment/edit/repeat next line to block IPs
 # Deny from 123.456.789
 Deny from 192.111.152.122
 Deny from 192.111.144.233
 Deny from 110.85.90.123
 </limit>
If wordpress site is hacked then how to fix issue
If wordpress site is hacked then how to fix issue

But above code was still not helpful to me because disk I/O and apache process was taking time to sending the request to 403.

Then I blocked the IP Address on My Linux server using following commands.

 iptables -A INPUT -s 192.111.144.789 -j DROP
 iptables -A INPUT -s 192.111.152.122 -j DROP
 iptables -A INPUT -s 192.119.144.123 -j DROP

This solved my issue.

most used wordpress functions in theme

In wordpress theming is very important. Developers know the importance of functions.php file. Here we given most used wordpress functions in theme which will be useful for wordpress developer. I always written some very nice code snippets in functions.php file.

most used wordpress functions in theme

I found very useful codes which is very helpful for very wordpress designer and developers.

Here is very useful code snippets.
Enable Hidden Admin Feature displaying ALL Site Settings

// CUSTOM ADMIN MENU LINK FOR ALL SETTINGS
   function all_settings_link() {
    add_options_page(__('All Settings'), __('All Settings'), 'administrator', 'options.php');
   }
   add_action('admin_menu', 'all_settings_link');

Remove Update Notification for all users except ADMIN User

// REMOVE THE WORDPRESS UPDATE NOTIFICATION FOR ALL USERS EXCEPT SYSADMIN
       global $user_login;
       get_currentuserinfo();
       if (!current_user_can('update_plugins')) { // checks to see if current user can update plugins
        add_action( 'init', create_function( '$a', "remove_action( 'init', 'wp_version_check' );" ), 2 );
        add_filter( 'pre_option_update_core', create_function( '$a', "return null;" ) );
       }

Include custom post types in the search results.

// MAKE CUSTOM POST TYPES SEARCHABLE
function searchAll( $query ) {
 if ( $query->is_search ) { $query->set( 'post_type', array( 'site','plugin', 'theme','person' )); }
 return $query;
}
add_filter( 'the_search_query', 'searchAll' );

Add your custom post types to your sites main RSS feed by default.

// ADD CUSTOM POST TYPES TO THE DEFAULT RSS FEED
function custom_feed_request( $vars ) {
 if (isset($vars['feed']) && !isset($vars['post_type']))
  $vars['post_type'] = array( 'post', 'site', 'plugin', 'theme', 'person' );
 return $vars;
}
add_filter( 'request', 'custom_feed_request' );

Modify the Login Logo & Image URL Link

add_filter( 'login_headerurl', 'namespace_login_headerurl' );
/**
 * Replaces the login header logo URL
 *
 * @param $url
 */
function namespace_login_headerurl( $url ) {
    $url = home_url( '/' );
    return $url;
}

add_filter( 'login_headertitle', 'namespace_login_headertitle' );
/**
 * Replaces the login header logo title
 *
 * @param $title
 */
function namespace_login_headertitle( $title ) {
    $title = get_bloginfo( 'name' );
    return $title;
}

add_action( 'login_head', 'namespace_login_style' );
/**
 * Replaces the login header logo
 */
function namespace_login_style() {
    echo '<style>.login h1 a { background-image: url( ' . get_template_directory_uri() . '/images/logo.png ) !important; }</style>';
}

Loading jQuery from the Google CDN

// even more smart jquery inclusion :)
add_action( 'init', 'jquery_register' );

// register from google and for footer
function jquery_register() {

if ( !is_admin() ) {

    wp_deregister_script( 'jquery' );
    wp_register_script( 'jquery', ( 'https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js' ), false, null, true );
    wp_enqueue_script( 'jquery' );
}
}

Remove the WordPress Version Info for Security

// remove version info from head and feeds
function complete_version_removal() {
    return '';
}
add_filter('the_generator', 'complete_version_removal');

Add Spam & Delete Links to Comments on Front End

// spam & delete links for all versions of wordpress
function delete_comment_link($id) {
    if (current_user_can('edit_post')) {
        echo '| <a href="'.get_bloginfo('wpurl').'/wp-admin/comment.php?action=cdc&c='.$id.'">del</a> ';
        echo '| <a href="'.get_bloginfo('wpurl').'/wp-admin/comment.php?action=cdc&dt=spam&c='.$id.'">spam</a>';
    }
}

Remove Default WordPress Meta Boxes

// REMOVE META BOXES FROM DEFAULT POSTS SCREEN
   function remove_default_post_screen_metaboxes() {
 remove_meta_box( 'postcustom','post','normal' ); // Custom Fields Metabox
 remove_meta_box( 'postexcerpt','post','normal' ); // Excerpt Metabox
 remove_meta_box( 'commentstatusdiv','post','normal' ); // Comments Metabox
 remove_meta_box( 'trackbacksdiv','post','normal' ); // Talkback Metabox
 remove_meta_box( 'slugdiv','post','normal' ); // Slug Metabox
 remove_meta_box( 'authordiv','post','normal' ); // Author Metabox
 }
   add_action('admin_menu','remove_default_post_screen_metaboxes');

// REMOVE META BOXES FROM DEFAULT PAGES SCREEN
   function remove_default_page_screen_metaboxes() {
 remove_meta_box( 'postcustom','page','normal' ); // Custom Fields Metabox
 remove_meta_box( 'postexcerpt','page','normal' ); // Excerpt Metabox
 remove_meta_box( 'commentstatusdiv','page','normal' ); // Comments Metabox
 remove_meta_box( 'trackbacksdiv','page','normal' ); // Talkback Metabox
 remove_meta_box( 'slugdiv','page','normal' ); // Slug Metabox
 remove_meta_box( 'authordiv','page','normal' ); // Author Metabox
 }
   add_action('admin_menu','remove_default_page_screen_metaboxes');

Add Custom User Profile Fields

// CUSTOM USER PROFILE FIELDS
   function my_custom_userfields( $contactmethods ) {

    // ADD CONTACT CUSTOM FIELDS
    $contactmethods['contact_phone_office']     = 'Office Phone';
    $contactmethods['contact_phone_mobile']     = 'Mobile Phone';
    $contactmethods['contact_office_fax']       = 'Office Fax';

    // ADD ADDRESS CUSTOM FIELDS
    $contactmethods['address_line_1']       = 'Address Line 1';
    $contactmethods['address_line_2']       = 'Address Line 2 (optional)';
    $contactmethods['address_city']         = 'City';
    $contactmethods['address_state']        = 'State';
    $contactmethods['address_zipcode']      = 'Zipcode';
    return $contactmethods;
   }
   add_filter('user_contactmethods','my_custom_userfields',10,1);

Add an excerpt box for pages

if ( function_exists('add_post_type_support') )
{
    add_action('init', 'add_page_excerpts');
    function add_page_excerpts()
    {
        add_post_type_support( 'page', 'excerpt' );
    }
}

Function to change the length of Exerpt

function new_excerpt_length($length) {
    return 100;
}

add_filter('excerpt_length', 'new_excerpt_length');

Auto Extract the First Image from the Post Content

/ AUTOMATICALLY EXTRACT THE FIRST IMAGE FROM THE POST
function getImage($num) {
    global $more;
    $more = 1;
    $link = get_permalink();
    $content = get_the_content();
    $count = substr_count($content, '<img');
    $start = 0;
    for($i=1;$i<=$count;$i++) {
        $imgBeg = strpos($content, '<img', $start);
        $post = substr($content, $imgBeg);
        $imgEnd = strpos($post, '>');
        $postOutput = substr($post, 0, $imgEnd+1);
        $postOutput = preg_replace('/width="([0-9]*)" height="([0-9]*)"/', '',$postOutput);;
        $image[$i] = $postOutput;
        $start=$imgEnd+1;
    }
    if(stristr($image[$num],'<img')) { echo '<a href="'.$link.'">'.$image[$num]."</a>"; }
    $more = 0;
}

Unregister WP Default Widgets

// unregister all default WP Widgets
function unregister_default_wp_widgets() {
    unregister_widget('WP_Widget_Pages');
    unregister_widget('WP_Widget_Calendar');
    unregister_widget('WP_Widget_Archives');
    unregister_widget('WP_Widget_Links');
    unregister_widget('WP_Widget_Meta');
    unregister_widget('WP_Widget_Search');
    unregister_widget('WP_Widget_Text');
    unregister_widget('WP_Widget_Categories');
    unregister_widget('WP_Widget_Recent_Posts');
    unregister_widget('WP_Widget_Recent_Comments');
    unregister_widget('WP_Widget_RSS');
    unregister_widget('WP_Widget_Tag_Cloud');
}
add_action('widgets_init', 'unregister_default_wp_widgets', 1);

Enable GZIP output compression

if(extension_loaded("zlib") && (ini_get("output_handler") != "ob_gzhandler"))
   add_action('wp', create_function('', '@ob_end_clean();@ini_set("zlib.output_compression", 1);'));

Enable shortcodes in widgets

// shortcode in widgets
if ( !is_admin() ){
    add_filter('widget_text', 'do_shortcode', 11);
}

If you have any interesting code snippets then please suggest me.

most used wordpress functions in theme
most used wordpress functions in theme

Google’s is creating the Buzz more secure in few more days

On Saturday, the company announced it would change Buzz again, not with regard to profiles (which will apparently continue to be made public, if only to other Buzz users, by default) but rather, followers. As Buzz product manager Todd Jackson wrote, “Starting this week, instead of an auto-follow model in which Buzz automatically sets you up to follow the people you email and chat with most, we’re moving to an auto-suggest model. You won’t be set up to follow anyone until you have reviewed the suggestions and clicked ‘Follow selected people and start using Buzz.'”
GoogleBuzzLogo68
Also over the weekend, Google essentially admitted it was not the best of ideas to assume that items already shared through Picasa and Google Reader, on a local basis, should become automatically shared through Buzz; new users were discovering they were already sharing Picasa photos without ever having given their permission. What we have also yet to see next week is whether Buzz users can still make use of a trick that a security engineer discovered last Friday, to use Picasa to ascertain one’s semi-public Google Profile URL as though it were a fully public one.

A Google spokesperson confirmed to Betanews this afternoon that a second round of privacy changes, the nature of which was revealed last Saturday evening, is still being developed, and may yet go live “in the next couple of days.”

Source Link