Microsoft & WordPress – Good Work MS!

4 Jun, 2010 | mayank
Topics: Wordpress Plugins

For Windows

Microsoft has always been criticized for not adhering to Open standards and not being active in Open-source community. However, it looks like Microsoft has tried a fair bit of things to ensure that their products work well with popular web applications. I personally believe that Microsoft’s web servers aren’t good enough for PHP/MySQL driven websites and moreover, the security concern is one of the biggest factors to avoid Microsoft Windows. When Linux servers aren’t safe then no doubt, it’ll be a bigger pain to manage Windows Servers for .

is another topic, coming back to the point of Microsoft & WordPress, I was a bit surprised to see how Microsoft has bundled in Web Platform Installer along with various other popular web applications like Drupal, Joomla etc. Check out the list of application in the gallery. Although, I was happy to see that Microsoft has made this move, this should give confidence to those who find working with Linux web servers and web applications a bit difficult.

Microsoft & technologies shake hands!

1. on SQL Server : With the help of IIS 7, SQL Server Express and on SQL Server distribution, its possible to run easily on Windows Vista, Windows 7 etc. It’s not the simplest way to install it, however this great guide by Zach Skyles Ownes should take you home.

2. SilverLight Gallery Plugin – Microsoft has been trying hard to make SilverLight popular among developers and end users. This plugin can surely help them achieve this goal. If this plugin gets adopted by bloggers, then the end users will have to install SilverLight in order to ensure that they can view the image gallery on their browsers.

3. SilverLight Bing Maps – This plugin integrates SilverLight & Bing Maps with . This plugin lets bloggers to put their location with interactive maps like Google Maps on their .

4. Windows Azure Storage for – This plugin lets users to store their media files and static files on Windows Azure platform whose more popular alternatives are Amazon Web Services or Rackspace Cloud Files.

Why is Microsoft doing this?

The first question that comes in mind that why is Microsoft trying to make its technologies work with , Drupal or other PHP/MySQL driven web applications. Well, Zach has already answered this question -

I’m a PHP-bred Technical Evangelist at Microsoft, and I love the fact that PHP now runs great on Windows, SQL Server, Windows Azure and SQL Azure.  It’s exciting to see how Microsoft technology can light up , whether it’s through Silverlight image gallery plugins, Bing Maps integration or future opportunities with technologies like our information service, Dallas.

Business sense says that Microsoft is using these popular web applications to make its existing or new technologies popular amongst end users, bloggers and developers. However, the interesting part will be to see that how many bloggers & developers [the ones not sold to Microsoft's technology] will be keen in adopting these? I personally welcome this move by Microsoft, although practically I doubt that I would use any of these technologies as I’m already comfortable with the setup that I currently have. What do you think about this move from Microsoft?

Bookmark and Share

4 Comments / Add yours

Webmasters! For heaven’s sake start using Mac or Linux!

18 May, 2010 | mayank
Topics: Wordpress Tutorials

I’ve written a fair bit on the topic of securing WordPress based sites and blogs however, it seems that no matter how much I write, it still is less. There is hardly any week that goes by where I don’t hear about the horror stories from our clients and various other friends in the trade whose sites get infected with malware. After handling lot of such cases and doing some research about it, I found out that one of the major reasons why the sites get infected is because its webmaster’s own computer was infected with a malware.

I’ll be also listing various resources that can be used to further strengthen the however, firstly I would like to put forth my views on the topic of why web-masters should use Mac or Linux. I would only list those points that are logical and none of them are influenced by any sorts. So here’s why I suggest so and how its easy to switch too -

1. To keep yourself safe from viruses :  I’ve used all three OSes and I’ve personally experienced that Mac & Linux aren’t prone to viruses as Windows is and the simple fact is that the market share of Windows is more than 90% and thats why almost every virus is targeted towards Windows Users. So, if you are using any of those two OSes you’d be safe from viruses and thus you reduce the chances of getting your website hacked.

2. For keeping others safe : As I’ve said that majority of cases that I’ve dealt are those where the webmaster’s computer was compromised. Moreover, once the sites are infected, they infect those computer who visit that site and that’s how they spread so quickly! Now, if at the first place the webmaster would have been using linux or mac, it would have ensured that at least they are not making the situation worse.

3. Switching is pretty easy – Most of the users give a reason that they won’t be able to switch because of the incompatibility issue and that they think that it would be pain to switch the platforms because of unavailability of ssoftware. I agree at one time it would have been difficult for most of the people, however web-masters specifically won’t find any issues in choosing these two platforms as most of their tasks are done online, else most of the software required have either a worthy alternative or if you are an open-source fan then you’d surely find most of them available for all three platforms. Here are some of the resources -

Try a gradual switch and start using these OSes and if you really want to run a windows software then you can try WineHQ or CrossOver (commercial) and most likely the software will work fine for you. If the software still doesn’t work and you don’t find any alternative then you can simply use VirtualBox or Parallels to run Windows inside Linux or Mac.

So when we know that for web-masters it can be easy to switch to Mac or Linux then why not use either of those two operating systems and keep yourself and the world safe from those malware? Anyway, enough of ranting – as I said that during my research, I did read quite a bit about websites, so I would like to share that with you :

How to strengthen the of your ?

  1. Don’t forget to read my articles that I wrote a while back on the topic of securing wordpress.
  2. If possible switch your OS as soon as possible – Don’t think it as a stupid suggestion. Consider this one for sure!
  3. Restrict admin use by IP Address.
  4. Learn to restrict the FTP server access for specific IPs using VSFTPD – I know that not everyone gets a static IP address from their internet service providers, however use of VPN can certainly [I use StrongVPN] help you get over that problem.
  5. More steps that can be done through htaccess file, here are some 11 more steps that you can use.
  6. Jeff Starr has created wonderful instructions for securing servers via htaccess and blocking the know malware techniques.
  7. Blocking spam is equally important – Chances are that some spam comment will have the URL to a site that is infected, so its important to ensure that no spam comment passes through.

What else can be done other than IP address, Htaccess tricks?

Some of ’ cool features come from allowing some files to be writable by web server. However, letting an application have write access to your files is a dangerous thing, particularly in a public environment. It is best, from a perspective, to lock down your file permissions as much as possible and to loosen those restrictions on the occasions that you need to allow write access, or to create special folders with more lax restrictions for the purpose of doing things like uploading images. In short we are talking about CHMOD settings of the server.

All files should be owned by your user account, and should be writable by you and any file that needs write access from should be group-owned by the user account used by the webserver. Of course, learning this can surely take some time, but if you really want to secure your server, then this is one thing you should focus on!

  • / — the root directory: all files should be writable only by your user account.
    • EXCEPT .htaccess if you want to automatically generate rewrite rules for you
  • /wp-admin/ — the administration area: all files should be writable only by your user account.
  • /wp-includes/ — the bulk of application logic: all files should be writable only by your user account.
  • /wp-images/ — image files used by : all files should be writable only by your user account.
  • /wp-content/ — variable user-supplied content: intended by Developers to be completely writable by all (owner/user, group, and public).
    • /wp-content/themes/ — theme files. If you want to use the built-in theme editor, all files need to be group writable. If you do not want to use the built-in theme editor, all files can be writable only by your user account
    • /wp-content/plugins/ — plugin files: all files should be writable only by your user account.
    • other directories under /wp-content/ should be documented by whatever plugin / theme requires them. Permissions may vary.

Plugins that I prefer for securing

1. WordPress File Monitor - Think of it as a watch dog! It monitors your installation for added/deleted/changed files. When a change is detected an email alert can be sent to a specified address. So even if you add files using FTP, it will let you know. This is a fantastic way to ensure that no compromised file will go on server without going through its nose.

2. WordPress Firewall – I personally love this plugin. Of course, using this plugin means that you’d lose out on theme/plugin editing capabilities and few things here and there, however this plugin will ensure that everything will be super secure.

3. Block Bad Queries – Another gem from Jeff Starr. This plugin will ensure that your site will be safe from known vulnerabilities.

Well there have been countless number of posts on the topic of and the worst part is that things aren’t improving a little bit. Its important to choose the right web-hosts as well. If this post of mine was a request towards web-masters, Mark Jaquith has asked web hosts to become more secure and to help web-masters in understanding the of blogs/websites. It is one interesting read, so even if you are not a web host,  I would suggest you to read it.

What are your thoughts about changing the OS for ensuring safe and secure website? Do you think that one should go ahead and change their OS to ensure that their site will remain secure from malware to a large extent? Please share your thoughts in comments.

Bookmark and Share

5 Comments / Add yours

WordPress 3.0 – The Ultimate One!

9 Apr, 2010 | mayank
Topics: Wordpress Customization

Nearly a month is left before long awaited and much talked about 3.0 comes out. However, we are seeing a flurry posts on 3.0. Most of the bloggers are writing about this upcoming master piece, so I thought that I should write something about 3.0 too as Beta 1 has already been released. There are lot of new features in this release and I thought a small walkthrough won’t be bad!

Video for the Lazy Fellows!

Highlight Features of 3.0

I’m sure now you’ll be convinced that you’d want to upgrade to 3.0 right away, however it won’t be available till next month i.e. May 2010. Although there are few other things that have changed in 3.0 and lets have a look at them -

Other Important Features in 3.0

1. Choose username & password at installation – As we have already discussed that keeping “admin” as the username is not cool but it makes life easier for hackers. To avoid this, 3.0 will let you choose your desired username during installation itself! Thanks WP Cookies for the image.

custom-username-password.jpg

2. Custom Backgrounds made easy 3.0 will support custom background for themes. By adding only 1 line of code in functions.php of the theme, users will be able to change the background of the with lot of ease! This means that any user will be able to literally change the look of their in couple of clicks.

3. Introducing Super Admin – Till now, “Administrator” role was the top user and it was able to do all the tasks. However, now there is a new user role i.e. “Super Administrator”. This new user role will be able to manage everything from individual features to multi-site features.

Well, there are hell lot of new additions or changes that anyone would love to list in a post, however its practically impossible to do so. Some are even way too difficult to explain – however those who are interested in the nitty gritty of the development can head over here and check out the current development process.

I must say that I’m UBER EXCITED about the release of 3.0. One of the key reason is that 3.0 will help theme & plugin developers a lot. Its shaping up as a mature CMS and it certainly helps us in faster development. You won’t believe, I literally wish every day that it gets released ASAP! What are your thoughts about 3.0? Will it be able to compete with Drupal anytime in near future?

Bookmark and Share

5 Comments / Add yours

How to have VaultPress like protection for your WordPress blog

5 Apr, 2010 | mayank
Topics: Wordpress Plugins

vaultpress.jpg

From last couple of weeks, I’ve been trying to ensure that how WordPress can be secured enough to avoid any kind of malware attack. In the course, I found lot of new information about securing web applications and realized that how small and little settings can make and break things. While my struggle to know more about was going on, I came across the launch post of VaultPress, a backup and protection service from Automattic.

Please note that the service has been announced in beta and is available for only few users. One can apply for the invite over here. It’ll be a premium service and while signing up you can also mention that how much are you comfortable in paying for this kind of a service. If I were to decide the price, I would keep it around $10/month. I’ve not tested the service myself, however we could gather all the information about VaultPress from the coverage it has received from the biggies like TechCrunch, ReadWriteWeb, Silicon Alley Insider, VaultPress blog and finally my favorite WordPress Tavern.

Features of VaultPress

1. Focused on .org users.com is one of the most powerful and secure services around. However, same can’t be said for the users who use self hosted version on their own servers. There have been many horror stories in the past where many self hosted installs got infected from malware and much hoopla was created. VaultPress has been designed to work with self hosted to ensure that they can also get the quality backup and service to avoid any mishap.

2. Real Time & Complete Backups – VaultPress is an all-in-one backup package. It will backup posts, categories, tags and rest of the data along with themes, files etc. Jeff @ Tavern reckons that VaultPress will face stiff competition from Backupify, BackupBuddy and other backup plugins. According to Matt, founder of , VaultPress will be able to make the backup instantly as soon as one would publish the changes on the or website.

3. Safeguards against Zero-Day Attacks – This is one feature that I would be most interested in as this is one feature that no one else is offering. VaultPress will be able to safeguard your against the Zero-Day Attacks focused towards . It will also monitor your site to alert you against any suspicious or hacking activity.

Well, keeping these features in mind. We can install few plugins that can help us achieve similar level of protection and that too free of cost. We just need to ensure that we configure the plugins in the right manner. Here’s the guide …

Get VaultPress Features Before Hand!

wordpress-backup.jpg

1. Automatic BackupThis little plugin saves all the important files including themes, plugins and database on Amazon S3. The plugin allows you to schedule the backup of the database or just files or if you want you can ask for the complete backup as well. The plugin will send you the confirmation messages over the email, so you will constantly be aware of the happenings. Amazon S3 can be used as a backup service for your ’s important files and believe me in most of the cases this will not cost you more than $5/month. Only in case of large publishers this cost can be more than $15/month i.e. the indicative price of VaultPress. By the way, Amazon S3 can help you in improving the site load time as well, don’t forget to check our guide on how to optimize the WordPress blogs.

2. Firewall – This nifty plugin monitors changes in the files, attacks based on various Zero-day patterns. Of course, this is not the ultimate solution however, our experience has been pretty neat with this plugin. It did alert me whenever I tried to make any change in the theme files or plugin files. It didn’t allow the change until and unless I approved the change. Make sure that if you are planning to install this, then you may get lot of notifications. So keep the settings appropriate or use GMail filters for ease!

3. OSSECossec-security.jpgOSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. Of course, this is something which will not be as easy as installing plugins, however investing a little time on this can ensure that you’ll have real peace of mind in future!! There is enough documentation available for avoiding initial hiccups!

Of course, the first two plugins won’t ensure that you are getting instant and real time backups. However, a regular and weekly backup will ensure that you’ll be able to bring your back from a situation where nothing will look nice in the world. I hope you understand the point that i’m trying to make here! If you install OSSEC then I’m sure one could easily compare this setup with something that VaultPress will offer in future!

Isn’t it neat that you can enjoy the VaultPress like features even before you can get a hand on it or if VaultPress looks out of budget!

The success of VaultPress will depend on the following factors; 1) what will be the cost involved for end users and 2) how effective its monitoring system will be. I’m sure the takers of this service will be much more than any other similar service as it directly comes out from the makers of . However, personally I’ll be willing to test other services if they offer similar features at a competitive price. What are your initial thoughts on VaultPress.

Bookmark and Share

4 Comments / Add yours

WordPress Security Service for free!

18 Jan, 2010 | mayank
Topics: Wordpress Customization

secure-wordpress.jpg
(Image Credit – ClickonF5)

Since few months, I’ve been hearing lot of horror stories regarding the compromises that bloggers have to deal with. It’s open source nature, what has been the boon for , is now standing against it (For Hardcore Open-source lovers – I am in favor of Open-source all the way and that statement of mine should not be taken as personal attack). There have been many blogs that weren’t using the latest version of are now infected with some sort of worm or some hacker gets access to the web server and misuses your precious resources. There are cases where they even harm the website by effecting its search engine rankings.

read full article →

Bookmark and Share

3 Comments / Add yours

Boost Your Blog’s Speed!

2 Nov, 2009 | Igor
Topics: Wordpress Customization

n-f-s-most-wanted.jpg

So you want to create a high-traffic site? It’s so cool to have all those plugins too. But will be sufficient for your high-traffic site? Will it survive tons of heavy traffic every day? Well the answer can be yes as long as you take care of few things. Here are some tips on how to speed up your site. Before you go ahead with this post, you should go ahead and read the following post as well – Unclutter your blog.

read full article →

Bookmark and Share

6 Comments / Add yours

So now you understand the importance of Upgrading WordPress?

6 Sep, 2009 | mayank
Topics: Wordpress Tutorials

My apologies for not updating the since long time. Thanks to Vivekk for point it out to me and reminding me about that how he’s missing the content of this (definitely makes me feel good). Coming back to the actual post and the talks of not being a secure engine and the questions being raised about the security of WordPress tells me that how we all tend to blame others for our own faults!

read full article →

Bookmark and Share

6 Comments / Add yours
Page 1 of 31 2 3