Ninja Developer

Friday, January 13, 2017

How to protect your site from hackers

Is your website need security many of web owner not take it seriously that they need website protection. Why anyone want to hack your website and how you can protect that from hacking.

Website password

You website need to have strong password so hacker have not easy to crack it . Only set strong password one time and not change it regularly is not enough you need to change you web password in time interval to reduce the chances of password hack. Use alpha numeric password with special character which is not easy to guess and crack your password strength should be 8 character or more for strong password .Use upper and lower case combination with all these .

In advance if you are using any CMS for you website they provide good password check and auto generate random password combination for security reason you can use them easily.

File Uploads

If you are providing file upload facilities for visitor or logged in users you need to take care. Add the file type of file you want to allow user upload on site like image file , word doc file or any other type to restrict all other file type so user unable to upload that on server .Add size limit because very large file may create issue in site process and take time to scan process if you are using antivirus to scan files . Try to save files outside the root directory if possible .Change the Permission of uploaded files folder to chmod 0666 so it can’t be executed. You can also give permission by .htaccess for that

order deny,allow

allow from all

</Files>

You can add any file type here and add the code in .htaccess file on root to apply condition.

Other solution i have mentioned that to save files in private folder outside the root in that way you need script to access files from that private folder .

Most hosting provide provide facility for this you can also set it by setting firewall setting and block all non essential ports only allow 80 and 443 for outside all.

If you are trying to upload files try to upload if from secure method like SFTP.On other way add data base on other server and connect if on your server by this way database server cannot be accessed directly and you database is safe in this way .

Use Website Security Tool

If you want to check website security you can use any third party tool to check all website security and they also provide you hint how you can fix security issues which arises in software audit .

If you are using CMS like word press you can use security plug-in like wordfence security

All In One WP Security & Firewall Itheme Security there is many more option available which you can use in CMS word press for security and scanning

You can use other scan my server , sucuri ,Site Guarding etc many more by which you can check you site security issues .

After checking all list you can start working on issue which they list to make site more secure .

Guarding Include Files

In php we many time include files on page as per requirement for our ease which contact code database credential and any other sensitive information . many developer just include the file with extension .inc in that way file can directly accessible as text file only not php because php not parsed it directly .

If any attacker directly accesses this file then he can easily get all the database credential detail and any other sensitive information which is in that file and can attack on related database and other file easily. So always include your files with the extension .php and keep these type of file which have sensitive information out site in a folder which is not directly accessible by any one .

Error handling

It’s good to check all the related errors and warning if we are developing and application for its security because fixing error and warning will secure our application lack hole .After completing application hide all errors and warning because live hacker can easily trace the vulnerable.

When you are developing any application configure you server as like for development and production server in development server you need to show all the error and warning so that you able to fix all the issue and lack of security easily on development server and when go on live server hide all the errors and warning from you application so hacker not able to see loop hole in site if any .

Protect Session Data

You session data default save in temp file and on shared hosting it can easily accessible by writing script easily .So we need to protect our sensitive information like credit card info password etc from hacker to access that by session data .

You can protect that by sending data in encrypted for so that its not normal readable for any one .You can change the session data store location so that hacker unable to access that easily from default location you can use

session_set_save_handler()  for that 
purpose by your  own way .

`SQL Injection Attack`

Sql injection is the process of accessing data from form input field submission and also from url

And adding that in database and making changes based on data captured and delete table data and many other activity can b done by that way. To fix this you need to use parameteralised query in which pass the parameter in query to access data.

Like  "SELECT * FROM table WHERE column = '" + parameter + "';"

Keep Up to date

Keep you software program up to date with the new latest versions so any issue in previous version will directly fix your site issue. If you are using any cms or software in your site update that time to time according to latest versions.

In Hosting company taken care of his software’s updates and update theme accordingly security time to time you also need to check regularly many time they provide manually option for updates so you need to follow their instruction and work on that to fix any possible security hole if have .

Tuesday, January 10, 2017

Website Speed Optimization

Website speed is that how fast the content load from server to your local machine to display in web browser. Page load time is the time between the clicking and loading the web page content requested browser.

There are some aspects to understand web page speed.

To view the time taken by web server delivering HTML content to web browser.

How browser respond to page request.

End User as requested web page renders in browser this is best way to measure page speed.

If your website speed low it impact on the website performance user experience search results web site responsiveness and load time bad use experience and many other .So it need that your page load fast for better performance.

How To Optimize Website to Increase page Speed if its taking long time to load

You can check you site speed on Google speed test PageSpeed Insights

Or in Pingdom Tool there are many other available but most used these tools.

There are different Steps to Increase page load.

Image optimisation to increase site Speed

Image are the main key for website because all the impression by images like “Like a picture is worth rather than one thousand words” . But if you image are bigger in size and take time to load that will give you low page loading and site take long time to load as soon as image load . For this you need to optimise you images according to need and quality. Images should be in lesser size so they load easily when web browser request info from site . You can use Photoshop and online tool to optimise image Photoshop is better because we don’t compromise with quality of image in website .

By reducing URL Redirecting

When visitor visit to web browser then if you page redirecting visitor need to wait for more time to see page because page load again on redirection HTTP request cycle to complete. So by reducing page redirection we can increase web page load speed.

Leverage Browser Caching

When your site loads in web browser it save some information on local machine like CSS HTMl files to load page easily on next visit for repeated resource. In the leverage browser cache you need to define the expire time for all the downloadable data instruct browser for how much long you want to save data so if visitor visit from same resource can see best fast page load because old resource can be used that time and no need to download all data again . you can read more about this here Leverage Browser Caching

Server Response Time need to approve

There may be slow server response time due to slow database quarries ,Slow routing or lack of memory you need to fix them to increase server speed .Normal server response time is under 200ms.

Enable Compression

You can use Gzip compression to compress CSS, JS, HTML files that are larger in size . You do not need to compress Image files by this way because that may reduce the quality of image and you site will not look good you can use other tool Photoshop etc for that so you can maintain quality of image accordingly .

Minify Files For site CSS JS and HTML

You need to minify you files css js html by removing unnecessary data form files like comments , remove spaces commas and other unnecessary characters . By this way you can increase the page load speed easily. Any tool you use like PageSpeed Insights which will show you necessary steps for the implementation to increase website speed.

You can use CDN Content Distribution Network

CDN is the server that are used for content Distribution They save the copy of your website on different geographical server location take load on their server and if any visitor visit on you site they provide all info which load faster .

Leverage browser caching

IF you visit some site browser will save some files on local machine which is call browser caching.

Leverage browser cache is that to instruct browser how to use their resources files which is downloaded by browser on local machine .

When visitor visit the site browser loads some files on local machine like css images logo etc so if user visit on other page browser use their resources which is downloaded on local machine so in this way on first page load it take time after that other page will load easily because browser already loaded some need resource files which is repeating in site to display that properly.

In leverage browser caching your web page files get stored in web browser cache so your page load faster because other pages share the repeated resources which is already downloaded .

How to use Leverage Browser Caching

First change request header of your resource to use caching .

Caching strategy need to be optimised.

To Set Difference cache time for different files resource saved on local machine.

You need to add some code in . htaccess to give instruction to web browser which resource need to save and for how much time it need to stored in web browser .

You need to add code at top of your .htacess files

## LEAVERAGE BROWSER EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access 1 month"
ExpiresByType image/jpeg "access 1 month"
ExpiresByType image/gif "access 1 month"
ExpiresByType image/png "access 1 month"
ExpiresByType text/css "access 1 month"
ExpiresByType text/html "access 1 month"
ExpiresByType application/pdf "access 1 month"
ExpiresByType text/x-javascript "access 1 month"
ExpiresByType application/x-shockwave-flash "access 1 month"
ExpiresByType image/x-icon "access 1 year"
ExpiresDefault "access 1 month"
</IfModule>
## LEAVERAGE BROWSER EXPIRES CACHING ##

After adding code in . htaccess files you need to save it at same location on root where it is after that refresh browser and see changes .

Other Method cache-Control Method

Other cache control method is much easier to control browser cache which is saving on your local machine . Many People fine it easier to setup.

You need to add the given below code in your root .htaccess files click on .htacess files edit it add code in it and save file.

# 1 Month for most static assets
<filesMatch ".(css|jpg|jpeg|png|gif|js|ico)$">
Header set Cache-Control "max-age=2592000, public" filesMatch>

It will set up cache control according to your file type .

Explaination

# 1 Month for most static assets

This code is comment part of htaccess file. Because any line with # sign htaccess ignore that line so we use it for commenting .

<filesMatch ".(css|jpg|jpeg|png|gif|js|ico)$">

In the above line code will work for any type of file which extension provided in code will follow the caching instructions. You can add more file extension in this if you want to apply caching instruction on them also if you want to any type of file like png or css don’t want to apply cache rule on file you can simply remove them from the given line .

Header set Cache-Control "max-age=2592000, public"

Here is the real header added and time value given.

Header set Cache-Control is the part of setting header .

max-age=2592000, public It is used to set the time for how long it should be cached it's in seconds it's nearly one month.

Public It show the status of cache public which is good to use .

Thursday, January 5, 2017

Features Of new version (wordpress 4.7) of wordpress

1. New Twenty Seventeen Theme

A new theme added in New Release of wordpress 4.7 with video header feature . Theme is mainly focus on business sites and features a customizable front page with multiple sections .You can use them with the help of widgets , Navigation , Social menu , Logo , Custom Colours and other many things .

2. No Destructive Live Previews

In wordpress 4.7 new feature is you can review the live preview of site without saving the actual changes to add them on site . In the customise section all the parts of site visible which you able to customize while live previewing. Click on any icon and start editing and you can customize your site in faster way.

3. Smooth Menu Building

Lastly in many site have menu and that links to pages of you site. But what you can do

When there is no pages yet . Now in new version you once create menu in the menu section when you publish menu section you will automatically get new pages for site to fill the content in them.

4. Custom CSS

Some time when you need to make some little changes with css on your site to make that look better or solve little issue to make your site perfect . Wordpress new version 4.7 help you to add custom CSS and you can check changes on frontend after saving that in backend. Also Preview with work directly without refresh pages.

5. PDF Thumbnail Previews

Lastly in wordpress when you are uploading any PDF in media section it will show you default thumbnail there for PDF doc. In NEW wordpress 4.7 you will see auto generated PDF thumbnail so you can easily distinguish between different documents .

6. Dashboard In your Language

One language doest mean that every body will prefer same language for site . In New wordpress 4.7 you will get user language option to change you language .It will show in wordpress user Profiles .

7. Rest API End Points

New Wordpress 4.7 comes with REST API endpoints for posts , Comments , terms , users , meta and settings .Content endpoints provide machine-readable external access to your wordpress site .

8. Post Type Templates

New opening for wordpress developer is post type template like the one we are using for page template . You can create it easily by same way like

<?php

Template Name: New Post layout

Template Post Type: post, page, product

// … your code here

When At least one template exists in theme for post type “Post attributes” meta box will display in backend . Post attribute label can be customized per post type using “attributes” label when registering post type .

9 Custom Bulk Actions

In wordpress 4.7 developer can Register custom bulk action in the list table screen in the backend screen.

To add bulk action email to all you can use the same function way below :

add_filter( 'bulk_actions-edit-post', 'register_new_bulk_actions' );

function register_new_bulk_actions($bulk_actions) {

$bulk_actions['email_to_all'] = __( 'Email to All', 'email_to_all');

return $bulk_actions;

}

Now how to handle the form submission

TO handle bulk action register a call back handle_bulk_actions-edit-post

add_filter( 'handle_bulk_actions-edit-post', 'new_bulk_action_handler', 10, 3 );

function new_bulk_action_handler( $redirect_to, $doaction, $post_ids ) {

if ( $doaction !== 'email_to_all' ) {

return $redirect_to;

}

foreach ( $post_ids as $post_id ) {

// action for each post.

}

$redirect_to = add_query_arg( 'bulk_emailed_posts', count( $post_ids ), $redirect_to ); return $redirect_to; }

Show Notices

add_action( 'admin_notices', 'new_bulk_action_admin_notice' );

function new_bulk_action_admin_notice() {

if ( ! empty( $_REQUEST['bulk_emailed_posts'] ) ) {

$emailed_count = intval( $_REQUEST['bulk_emailed_posts'] );

printf( '<div id="message" class="updated fade">' .

_n( 'Emailed %s post to All.',

'Emailed %s posts to All.',

$emailed_count,

'email_to_all'

) . '</div>', $emailed_count );

}

10. WP_Hook

New wordpress release 4.7 introduced reworking of action and filters iteration to address bugs that arose from recursive call back and from the call back that changed the hooked call backs on currently running actions and filters. All the things are look like same for all the developer as expected this shuld fix number of hard traces bugs when different plug-in make call back .

11. Registration Api Settings

Register_setting() used to include type description and rest API Visibility Its improved enabled more information for developer about meta .

Register_setting now accept an array for argument which allow wordpress core to know more about settings . This is usefull for REST API, where wordpress needs to know more about type of data settings .

12. Customize Change sets

Changes in customizer like auto save drafts also make existing new feature like starter content possible.