Importing SSH key into keychain on Mac

Importing an SSH key to your keychain on Mac allows you to login without entering your passphrase each time.

This helps if you are a developer and require to commit your changes to the server quite frequently.

Here are the steps

  1. If you have a Cpanel on your server, login to your CPanel
  2. Generate an SSH Key (choose a suitable passphrase while generating the key and make a note of it)
  3. Once the SSH Key is generated, Authorise the key
  4. Download Private and Public keys and copy both the keys to your ~/.ssh directory
  5. Change permissions on both keys, Remove staff, everyone no access, Admin read write
  6. Open terminal and run: ssh-add -K ~/.ssh/KEY_NAME
  7. When prompted enter passphrase used while creating the key

How to create extra widget/sidebar areas

Depending upon your theme you may have some predefined widget/sidebar areas like Left Sidebar, Right Sidebar.

If you want to create a new sidebar area let’s say for footer then you can add below code in your functions.php file

Replace THEME_NAME with the name of your theme

Finally add below code in the theme where the sidebar needs to appear

 

WordPress Security – Configuration / Installation

Wordpress Security
Photo credit – 2508581015littleblackcamera

1. WordPress security at the Configuration and installation level

This section explains measures to be taken for achieving wordpress security while installing and configuring wordpress.

1.1 Change default table prefix

Many published WordPress-specific SQL-injection attacks make the assumption that the tableprefix is wp, the default. Changing this can block at least some SQL injection attacks.

1.2 Securing wp-config.php

Are you aware that wp-config.php can be stored one directory level above the WordPress installation?

This is quite a simple task. Also, make sure that only you (and the web server) can read this file (it generally means a 400 or 440 permission). This file contains quite sensitive information like password, database user etc so it’s very imp to protect this file

1.3 Disable File Editing through WordPress Dashboard

The WordPress Dashboard by default allows administrators to edit PHP files, such as plugin and theme files. This is often the first tool an attacker will use if able to login, since it allows code execution. WordPress has a constant to disable editing from Dashboard.

Add below line in wp-config.php

1.4 Blocking Search Engine Spiders from Indexing the Admin Section

Search engine spiders crawl over your entire blog and index every content. Using robots.txt file we can restrict the content which we would like to be indexed by Search engines. Obviously the admin section is not required to be indexed. Just create a file named robots.txt in your root folder (generally public_html) folder and paste below contents in that file.

#
User-agent: *
Disallow: /cgi-bin
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins/
Disallow: /wp-content/cache/
Disallow: /wp-content/themes/
Disallow: */trackback/
Disallow: */feed/
Disallow: /*/feed/rss/$

1.5 HTTPonly cookie

This prevents the cookie to be accessed by any Javascript

Add below in your htaccess file.

php_flag session.cookie_httponly On

Reference: OWASP XSS Bonus Rule SQL injection

1.6 Subscriber account

Login with a  subscriber account regularly to check of any of your plugins have created any unnecessary administrative links which are not supposed to be accessed by subscribers

1.7 Keep your wordpress and plugins uptodate with latest versions

Latest wordpress version mostly has fixes related to recent security vulnerabilities. It is very important to update your wordpress installation as soon as a new version is released. The same follows for plugins. However plugins security is mostly upto the author so it is very important to select a secure plugin.

1.8 Change the default login URL

WordPress default login URL is http://www.yoursite.com/wp-login.php

A hacker who wants to break in to you site typically uses Brute Force technique on this URL. Brute Force in this case means a script which will automatically try various usename/password combinations on your login URL. You would think that you are safe because your firewall is set to track this particular activity and would just block the IP. Howerver the hackers are one step ahead. They keep trying this script from various IPs. So if one IP is blocked the script automatically runs from a different IP. Also the script is set to run at regular intervals to avoid any DDoS alarlms

To avoid such scripts attacking your login page, just change/redirect your login page to some secret page e.g. http://www.yoursite.com/entermysite. That way you would protect yourself from such automated scripts trying to Brute Force your authentication.

To change your login page just install the plugin Rename wp-login.php and on the settings page on this page provide your new URL.

Create wordpress plugin for custom PHP code

Often there is requirement to create your own PHP application and generally most people tend to install a plugin which allows to run PHP code snippets as it is much easier to do so.
Although this approach may seem ok it may not be ideal. Lot of times people use this approach because they do not know how to create plugin for the same in WordPress.

Actually it is much easier to create wordpress plugin than you think.
I understand it may take a bit longer to create a plugin than just writing a PHP code snippet. However the difference is not that big.

Creating your own WordPress plugin for your requirement works out better in the long run

  1. It allows you to deactivate as soon as you feel you do not need the code to run on your site
  2. You are in total control of the code.
  3. If the PHP plugin which allows you to run your PHP code snippets stops providing support or is no longer maintained then you need to find another plugin and move all your code to the other plugin. This means lot of your applications may break in the meantime.

Here is one simple solution to create wordpress plugin to run our small PHP code snippet.

  1. First of all create a folder in your plugin folder where the plugin files will reside e.g. my_php_code_snippet
  2. Create a main plugin file inside the folder called as plugin.php with below content
  3. Now create a file named my_php_code_snippet_class.php in the same folder with below contents

    If you want the snippet to be executed only for logged in users just add is_user_logged_in condition
  4. Activate the plugin
  5. Finally add the shortcode [PHP_CODE_SNIPPET_1] on the page on which you wish to execute the PHP code snippet

Google Maps PHP API – Reverse Geocode

Reverse Geocoding is finding address by providing latitude and longitude

 

Geocoding an address using Google Maps PHP API

Geocoding address means finding Latitude and Longitude for physical address. This uses Google Maps PHP API.

E.g. Let’s assume we need to plot some events happening in various locations on Google Maps

Geocoding all events to find their latitude and longitude using below function

If the address provided is in a way google can understand, the above function returns $data_arr in array format where

latitude => $data_arr[0]

longitude => $data_arr[1]

WordPress – remove emoji code introduced by 4.4

If you are on WordPress 4.4 or more you may have noticed the emoji related code in your source code.

If you do not need this code just add below lines in your theme’s functions.php

 

WordPress – How to disable dashboard access to subscribers

Control Dashboard Access
Photo credit – declanjewell2472470758

For security reasons you may wish to disable dashboard access to subscribers and allow access to only Admins, Editors and Authors.

Below is a simple snippet of code to achieve this. Add below code in your theme’s functions.php file

The above code will redirect the user to your home page when the user tries to visit the Dashboard.

However in some cases you may want a certain subscriber to access Dashboard. In that case I have created a capability called as dashboard_access. This capability can be assigned to the required user.

WordPress – Limit pages displayed in the parent page drop down

If you have lot of pages in your wordpress site then it becomes quite big problem selecting parent pages from a huge drop down.

There is a way to show only selected pages in the drop down as selectable parent pages.

This is never an issue for bloggers who have majority of their content in posts as there is no need to select parent post for a blog.

Download this plugin from WordPress plugin directory

Step 1: Create a custom field/Radio button to select if the page is to be listed in the drop down or not

 

Step 2: Save the option to the post custom field

 

Step 3: Limit pages listed in the page attributes drop down and quick edit parent page drown down

 

In Step 3 we are checking for pages which have custom field parent_dropdown set to 0 and excluding those pages from the page attributes drop down pages

How to overcome Cloudflare 522: Connection timed out error

There are a few reasons why this error occurs. The most obvious is your server is down or a certain process is taking too long and your server is very busy. However that may not be the most likely reason for this error especially if this is happening quite frequently. Here are the 2 most likely reasons.

  1. When your website goes on clouflare, most of the incoming connections to your website are through the cloudflare IPs. If your server does not know about cloudflare IPs, its internal firewall limits access to any connections through those IPs simply because of the number of connections. So it is very important for your server firewall to whitelist those IPs. (Just to tell your server that connections through these IPs are ok). These IPs can be found on the cloudflare site: https://www.cloudflare.com/ips
  2. You may have tried something which may have triggered some rule set within the clouflare firewall. This block is only limited to you and mostly for a certain time duration. However if you are a developer or are maintaining the website then you need to whitelist your IP by adding it to your IP firewall within the firewall settings on your cloudflare. If you are on a dongle or a network with frequent IP changes then you may need to do this a few times. In that case better to add a range of IP.

Cloudflare IP Firewall

 

For more information visit cloudflare page on this error