Set remote GIT on VPS / Dedicated server

It is possible to set Remote GIT on your own server provided your hosting provider allows to install GIT on the server.

If your site/application is hosted on VPS or a dedicated server then it much easier to do so.

Prerequisite to set remote GIT

GIT should be installed on there server

If you are on VPS or dedicated server then it is likely that GIT is already installed on the server.

To check if GIT is installed or not SSH to your server and try below command.

If GIT is installed then it will show the version of GIT.

If not it will give an error message.

If GIT is not installed then you first need to install GIT on your server. For this you may need root access to your server. If you do not have root access ask your hosting provider to install GIT for you.

Once git is installed follow below steps on the server to set remote GIT

Create a Directory

SSH to your server (using Putty on Windows or using terminal on MAC)

Initialise Repository

Hook (Push to deploy)

post-receive hook in GIT is used to perform action after receiving or committing a file to GIT. This hook can be used to deploy our changes automatically to the live server using below commands.

Add below content to the post-receive hook/file

Press ctrl+d to save the file

File permissions

Through these simple steps your GIT is ready to accept commits. On the client side or on the localhost you can set up Remote GIT to push your changes to the server. This is easily possible if you are using Netbeans or similar software.

Plot multiple places on Google Maps – WordPress plugin

Plot events, photos, places, etc on Google Maps using a simple WordPress shortcode which is built using Google Maps API.

Everything below can be achieved easily with a simple plugin, XML file to provide the markers and a configurable shortcode

  • Plot Multiple Locations on a Map
  • Marker Clustering (markerclusterer)
  • Ability to click each marker to get more details i.e. through a Marker popup
  • Marker’s info popup details is customizable through shortcode and CSS
  • Ability to set initial zoom level

Step 1: Get an API Key for Google Maps API

First of all we need an API key for Google Maps. You can get an API key from Google Developer Console

Here are the steps to create an API Key

1. Visit Google Developer console Projects page and create a project as per your requirement

2. Go to API Manager and select the project created in above step

3. Enable Google Maps JavaScript API and Google Maps Embed API

4. Click the Credentials link

5. Click New Credentials and select API Key. On the options page select Browser Key

6. Add your domain name as shown in below screenshot

Screen Shot 2016-02-14 at 10.25.38 PM

7. Finally click the Create button which will generate the API Key

Step 2: Install the Google Maps plotter plugin

  1. Download the plugin files from WordPress plugins repository 
  2. Install and activate the plugin

Step 3: Generate XML file for the Google Map markers

Make sure you have the markers XML file ready.

XML markers file can also be dynamically created through php from your database or it could just be a static file in below format

Sample XML file for the markers

Read how to generate XML file dynamically – coming soon

Step 4: Display Google Map

Now just display the map on a page, post, custom post, widget, etc using below shortcode

Zoom => In above shortcode the initial zoom level is set to 2

html  => will display the marker popup text

Data attributes are separated with a bar (|)

Each data attribute has the data attribute matching to the XML file and the corresponding comma separated label

e.g. topic is the data attribute you wish to display while Topic is the label to it

Above html will display the popup as below after clicking the 1st Marker

Topic: Some Topic

Presenter: Mary

Date: 14-Feb-16

Telephone / Mobile:

Step 5: Stylize Google Maps Marker popup text

Now the last thing is to stylise the marker popup text

If you notice the source code for the marker. It is as below

So the label and the data associated with it can be easily styled using the IDs in your CSS

 

 

Replace wordpress search with Google Custom Search (CSE)

For better search results or due to integration with Adsense you many want to replace wordpress search with Google Custom Search (CSE)

Below are the steps to follow using a simple wordpress plugin. [Download Plugin]

1. Register you site on Google Custom Search by filling a simple form as shown below

Google Custom Search
2. After creating your CSE you will get a search engine ID as shown below. Make a note of this ID.

Screen Shot 2016-01-25 at 12.10.01 PM
3. Create a page to display the search results page and add [PW_ADD_GSEARCH_RESULTS] shortcode on this page.

4. Add the the URL of the search results page on the setting screen of the plugin.

Replace wordpress search with google custom search
Settings screen

5. Comment/Remove the code in searchform.php in your themes folder of probably header.php and add below code instead

This will create the search box.

 

 

 

 

How to change default RSS feed posts limit

By default RSS feed in WordPress shows 10 posts. This default count can be changed by adding below code in your functions.php file

In above code the limit is increased to show 20 posts

Importing SSH key into keychain on Mac

Importing an SSH key to your keychain on Mac allows you to login without entering your passphrase each time.

This helps if you are a developer and require to commit your changes to the server quite frequently.

Here are the steps

  1. If you have a Cpanel on your server, login to your CPanel
  2. Generate an SSH Key (choose a suitable passphrase while generating the key and make a note of it)
  3. Once the SSH Key is generated, Authorise the key
  4. Download Private and Public keys and copy both the keys to your ~/.ssh directory
  5. Change permissions on both keys, Remove staff, everyone no access, Admin read write
  6. Open terminal and run: ssh-add -K ~/.ssh/KEY_NAME
  7. When prompted enter passphrase used while creating the key

How to create extra widget/sidebar areas

Depending upon your theme you may have some predefined widget/sidebar areas like Left Sidebar, Right Sidebar.

If you want to create a new sidebar area let’s say for footer then you can add below code in your functions.php file

Replace THEME_NAME with the name of your theme

Finally add below code in the theme where the sidebar needs to appear

 

WordPress Security – Configuration / Installation

Wordpress Security
Photo credit – 2508581015littleblackcamera

1. WordPress security at the Configuration and installation level

This section explains measures to be taken for achieving wordpress security while installing and configuring wordpress.

1.1 Change default table prefix

Many published WordPress-specific SQL-injection attacks make the assumption that the tableprefix is wp, the default. Changing this can block at least some SQL injection attacks.

1.2 Securing wp-config.php

Are you aware that wp-config.php can be stored one directory level above the WordPress installation?

This is quite a simple task. Also, make sure that only you (and the web server) can read this file (it generally means a 400 or 440 permission). This file contains quite sensitive information like password, database user etc so it’s very imp to protect this file

1.3 Disable File Editing through WordPress Dashboard

The WordPress Dashboard by default allows administrators to edit PHP files, such as plugin and theme files. This is often the first tool an attacker will use if able to login, since it allows code execution. WordPress has a constant to disable editing from Dashboard.

Add below line in wp-config.php

1.4 Blocking Search Engine Spiders from Indexing the Admin Section

Search engine spiders crawl over your entire blog and index every content. Using robots.txt file we can restrict the content which we would like to be indexed by Search engines. Obviously the admin section is not required to be indexed. Just create a file named robots.txt in your root folder (generally public_html) folder and paste below contents in that file.

#
User-agent: *
Disallow: /cgi-bin
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins/
Disallow: /wp-content/cache/
Disallow: /wp-content/themes/
Disallow: */trackback/
Disallow: */feed/
Disallow: /*/feed/rss/$

1.5 HTTPonly cookie

This prevents the cookie to be accessed by any Javascript

Add below in your htaccess file.

php_flag session.cookie_httponly On

Reference: OWASP XSS Bonus Rule SQL injection

1.6 Subscriber account

Login with a  subscriber account regularly to check of any of your plugins have created any unnecessary administrative links which are not supposed to be accessed by subscribers

1.7 Keep your wordpress and plugins uptodate with latest versions

Latest wordpress version mostly has fixes related to recent security vulnerabilities. It is very important to update your wordpress installation as soon as a new version is released. The same follows for plugins. However plugins security is mostly upto the author so it is very important to select a secure plugin.

1.8 Change the default login URL

WordPress default login URL is http://www.yoursite.com/wp-login.php

A hacker who wants to break in to you site typically uses Brute Force technique on this URL. Brute Force in this case means a script which will automatically try various usename/password combinations on your login URL. You would think that you are safe because your firewall is set to track this particular activity and would just block the IP. Howerver the hackers are one step ahead. They keep trying this script from various IPs. So if one IP is blocked the script automatically runs from a different IP. Also the script is set to run at regular intervals to avoid any DDoS alarlms

To avoid such scripts attacking your login page, just change/redirect your login page to some secret page e.g. http://www.yoursite.com/entermysite. That way you would protect yourself from such automated scripts trying to Brute Force your authentication.

To change your login page just install the plugin Rename wp-login.php and on the settings page on this page provide your new URL.

Create wordpress plugin for custom PHP code

Often there is requirement to create your own PHP application and generally most people tend to install a plugin which allows to run PHP code snippets as it is much easier to do so.
Although this approach may seem ok it may not be ideal. Lot of times people use this approach because they do not know how to create plugin for the same in WordPress.

Actually it is much easier to create wordpress plugin than you think.
I understand it may take a bit longer to create a plugin than just writing a PHP code snippet. However the difference is not that big.

Creating your own WordPress plugin for your requirement works out better in the long run

  1. It allows you to deactivate as soon as you feel you do not need the code to run on your site
  2. You are in total control of the code.
  3. If the PHP plugin which allows you to run your PHP code snippets stops providing support or is no longer maintained then you need to find another plugin and move all your code to the other plugin. This means lot of your applications may break in the meantime.

Here is one simple solution to create wordpress plugin to run our small PHP code snippet.

  1. First of all create a folder in your plugin folder where the plugin files will reside e.g. my_php_code_snippet
  2. Create a main plugin file inside the folder called as plugin.php with below content
  3. Now create a file named my_php_code_snippet_class.php in the same folder with below contents

    If you want the snippet to be executed only for logged in users just add is_user_logged_in condition
  4. Activate the plugin
  5. Finally add the shortcode [PHP_CODE_SNIPPET_1] on the page on which you wish to execute the PHP code snippet

Google Maps PHP API – Reverse Geocode

Reverse Geocoding is finding address by providing latitude and longitude