Stop bad bots from crawling your website

Stop bad bots from crawling your website

If you are experiencing performance issues with your site one of the reasons could be your Bandwidth is getting unnecessarily utilised by some bad bots. This article explains what are bad bots, how to identify them and how to stop bad bots crawling your website so that your genuine visitors are not affected. What are bad bots upto? There are quite a number of bad bots operating and the number keeps increasing rapidly. Most of them are from hackers trying to find some vulnerability in your code. They may be trying to get credit card numbers from an online store or may be scraping the text off an article and posting it on some random blog. They may also want to steal username and passwords of peole on your database hoping people use same credentials elsewhere which surprisingly they do. Some may just want to post spam comments on your website. How to stop bad bots from crawling your website Bots are supposed to obey the rules within...
Read More
Server load monitoring tools for your wordpress site

Server load monitoring tools for your wordpress site

Here are some basic tools which will allow you to monitor server load to keep your wordpress site optimised. Uptime (shell command) [crayon-59c674fbe9056210526076/] Above command is an example of the uptime command. It says the server is up since 364 days, 2 users are logged in and the rest of the numbers are showing the server average load. The three numbers show the load averages for the last minute, 5 minutes and 15 minutes. If you have 4 CPUs and the load is 2 then your server is using half the CPU capacity. If you have 2 CPUs and the load is 2 then your server CPU is running at full capacity. A load above the number of CPUs means that the system is overloaded which reduces performance. top (shell command) [crayon-59c674fbe905f520675902/] top command shows information like tasks, memory, cpu and swap. Here is a sample output of the top command. PHP sys_getloadavg function [crayon-59c674fbe9063758034592/] sys_getloadavg function returns an array. In above code, $load[0] would be the server load value. Based on the above code we...
Read More
How to prevent WordPress CSRF attack

How to prevent WordPress CSRF attack

Wordpress CSRF attack happens the same way as it happens on other sites. Wordpress provides some inbuilt tools to protect against CSRF. We will see how to make use of these tools while creating our own wordpress plugins. What is CSRF ? CSRF meansCross-Site Request Forgery (CSRF). It is a type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user's web browser to perform an unwanted action on a trusted site for which the user is currently authenticated. How does it happen ? For e.g. if you have a form on your website and you haven't protected it for CSRF attacks then a hacker can create a similar form elsewhere and trick one of your users to submit the form. This means the hacker can fill any values in the form. The damage depends on the functioning of the form. How to prevent CSRF In short, to prevent CSRF attack all we need to do is to check if...
Read More
Show custom field validation errors in WordPress Admin

Show custom field validation errors in WordPress Admin

If you are creating your own custom post type in wordpress and you use some custom fields to store data related to each post. For e.g. if you create a custom post for events then you would store data like event start date, end date, address, etc within custom fields. Unless all the all required custom fields are filled you do not want to publish the event and so you would want to warn the event editor about it. Wordpress admin_notices hook allows to achieve this very easily [crayon-59c674fbe9574375737760/] admin_notices is the hook available to display the messages add_settings_error - Registers the setting error to be displayed to the user settings_errors - This function simply displays all the errors line by line...
Read More
Selectively exclude pages from being cached in W3 Total Cache

Selectively exclude pages from being cached in W3 Total Cache

You may want to exclude some dynamic pages from being cached in W3 Total cache. To exclude a particular page from caching, W3 Total cache just needs below line of code on that page before the html  start tag [crayon-59c674fbe9937133243420/] For this code to appear on such pages all you need to do is to create some custom field e.g. nocache Just add this custom field to the post/page you want to exclude from caching and set the value to 1 In your header.php add below lines above the html tag [crayon-59c674fbe993f578367405/] Other w3total cache options Disable database caching => DONOTCACHEDB Disable minify => DONOTMINIFY Disable CDN (Content Delivery Network) => DONOTCDN Disable Object Caching => DONOTCACHCEOBJECT ...
Read More
Sendgrid Contacts API  Examples

Sendgrid Contacts API Examples

If you are using Sendgrid to send your Marketing / Promotional emails then using the Sendgrid Contacts API can automate quite a few things for you. Here are some simple API examples to add/remove/edit recipients to the Sendgrid Contacts Database and synchronising the Sendgrid lists with the Wordpress mailing lists. There are 2 ways to synchronise your mailing lists in wordpress with the Sendgrid lists. One is using the daily/weekly cron job and the other is through real time i.e. an on demand system. Obviously we all would prefer the real time system. However it largely depends on how you handle your subscription process in Wordpress. If you have created your own subscription system then you are either storing the contacts in your own table or you are using the Wordpress usermeta table. API can be called by making the necessary changes in your system. Synchronisation of the mailing lists in that case can be done in real time. If you are using some plugin...
Read More
Offsite data storage for Disaster Recovery

Offsite data storage for Disaster Recovery

Offsite data storage for your website means copying your database, code, media and other files to a remote server so that in case of any disaster the server can be rebuilt using the data available on the remote server. Copying your database and code backups and other files like images, etc to a remote/offsite server can be done for various reasons. It is mostly done for 2 reasons. Preparing for Disaster Recover where the server can be rebuild using the data from offsite data storage Redundancy (when the live server stops due to some reason, the remote server can take over) Although below steps can work in both the cases, this particular article is written with a viewpoint of understanding how to setup an offsite data storage for Distaster Recovery. For preparing disaster recovery the remote server should ideally follow below criteria Backup server requirements The hosting provider should be different to your live/production server The hosting server should be in a different location to your live/production server Bandwidth may not be a crucial...
Read More

Create staging environment using GitLab

Prequisite: Please go through the steps to set up GitLab on the Production/live server before going through this tutorial. Steps to create a staging environment using GitLab branch 1. Create a new branch for your GitLab project as shown below 1 A. Go to your project page in GitLab and click the option to add New branch 1 B. Create a new branch named as dev 2. Create your staging site by copying the files and the necessary databases 3. Follow all the steps mentioned on the article Autodeployment using GitLab Webhooks on your staging sever with only the exception of Step 7 which needs to be modified slightly on the staging server. For the staging server that command would change to [crayon-59c674fbea2da938531749/] Please note we are checking out only the dev branch on the staging server. So only your changes on the dev branch will be seen on this server. 4. Add the staging webhook.php file also to the list of webhooks on GitLab for Push events as shown below This completes setting up your...
Read More

Autodeployment using GitLab Webhooks

GitLab Webhooks GitLab provides various Webhooks to perform automated tasks after a certain event. For e.g. Push events Gitlab webhooks will work exactly similar to post-receive hook in GIT. Only thing is it needs a webpage (mostly on your server) which gets executed after a certain commit is made to the GitLab repository. This webpage can perform tasks like updating the local mirror repository and making the corresponding change in the files in your public_html folder. Read more about webhooks in GitLab Assuming you have a GitLab repository at: git@gitlab.com:username/some_project.git Steps to follow on your production/live server SSH to your production/live server Generate an SSH key for auto deployment to be used by the GitLab server [crayon-59c674fbea62b383500452/] Name of the key: gitlab_rsa_deploy, keep the passphrase blank Add the contents of the gitlab_rsa_deploy.pub key to Deyloy Keys section of your Project Settings and Enable it Create a config file in .ssh folder and add below contents to the file. Add your user key added to GitLab user key settings. [crayon-59c674fbea633805350898/] Create...
Read More