mytechead

Android & Wordpress Help center

Archive for the month “July, 2011”

Playing with wordpress categories

People often like to publish their posts under some categories, this helps them to organise better. Even this post is under Category “WordPress” 🙂

So how to get information about a category??
here is a smart and easy way.

To get the ID of a category use this :

$cat_id = get_cat_ID("category name");

To get all the information associated with this id :

$cat_id = get_cat_ID("category name");
$cat_information = get_category($cat_id);

get_category() returns an object that contains all the information related with a category. The information can be accessed like this ::

$cat_information->term_id
$cat_information->name
$cat_information->slug
$cat_information->term_group
$cat_information->term_taxonomy_id
$cat_information->taxonomy
$cat_information->description
$cat_information->parent
$cat_information->count
$cat_information->cat_ID
$cat_information->category_count
$cat_information->category_description
$cat_information->cat_name
$cat_information->category_nicename
$cat_information->category_parent

WordPress Hardening

1)WP prefix for DB tables should be something other than “wp_” and should be a strong prefix like a password, preferably alphanumeric characters.
It is a good practice to change the prefix at the time of installation.

We can change the prefix anytime after the installation as well by:

a) changing the prefix value in wp-config.php file and

b) renaming all the tables present in the database with that prefix and

c) we need to change the values for certain columns present in ‘wp_options’ table and in ‘wp_usermeta table’ :

i) in ‘wp_options’ table under the column ‘option_name’ we need to change any references starting with ‘wp_’ (or whatever the old and weak prefix was) needs to be updated by the new prefix.

ii) in ‘wp_usermeta’ under the column ‘meta_key’ any references starting with ‘wp_’ (or whatever the old/weak prefix was) needs to be updated by the new prefix.

SPECIAL CARE HAS TO BE TAKEN WHILE UPDATING wp_options & wp_usermeta tables, ANY NEGLIGENCE CAN CAUSE BREAKING OF THE ENTIRE SITE.

2) Disabling display of login errors for admin logins –
Generally hackers extract a lot of information even with the error messages. Its a good practise to disable them.

The procedure to implement it is:

CREATE A WP HOOK :: place the following code in the functions.php file
/**
* hide_anything :: This method returns blank, useful in security through obscurity.
*
*/
function hide_anything(){
return "";
}

add_filter('login_errors','hide_anything');

REMOVING THE RED NOTIFICATION BAR ::

In the file : wp-login.php (present in root of WP installation)
find the line: echo '

'
and replace ‘login_error’ with ‘login_error_old’

This will remove the red notification block, for all the users (both admin and normal users).

3) WordPress versions should not be displayed on the websites, this will ensure that even if your are using old wordpress versions it’ll be not known to hackers.
Hackers generally use loopholes in previous/out dated versions to get an entry into your site.

THE PROCEDURE ::
add the following hook in functions.php present in your theme :

add_filter('the_generator','hide_anything');

we have already defined hide_anything() method in step #2

This will prevent WP version from getting displayed both on site as well as in Feeds.

4) wp-admin directory should be password protected from server side by using htaccess.

5) Generally all the files & folder permissions sholud be 644 & 755 respectively (may vary for a few files, which needs to be determined).

6) Always use updated WP versions and also update plugins periodically. Dont use beta Plugins, they might act as a gateway for hackers.

7) Use forced ssl for logins.

THE PROCEDURE ::

in wp-config.php file , search for

/* That's all, stop editing! Happy blogging. */

/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )

just above these lines add the following::

define('FORCE_SSL_ADMIN',true);

This will enable ssl for logins.

(SSL should be enabled for the site as well)

8) wp-config.php file can be moved to a directory above the WordPress install directory. This means for a site installed in the root of a webspace, wp-config.php can be stored outside the web-root folder.

755 is what the permission should be otherwise it wont work.

Keeping the wp-config.php above the web-root folder ensures that it is inaccessible from the web and all the DB credentials and other data present in it is safe from illegal access. wp-load.php checks for wp-config.php in current directory i.e. the WP install directory, if it is not found there then it checks for it one level above it and tries to load it from there, so it should be present ideally at one of the two locations.

9) Another good practise is not to use admin/administrator or similar words as username. Using some other words instead, preferably alphanumeric words, will be an added advantage towards improving WP security.

If admin has admin/administrator or any other similar words as username then a new user can be created with admin privileges and using that account the previous admin account can be deleted.

10) Regularly take backups of your WP site.

WORDPRESS INSTALLATION FOR YOUR BLOG/SITE

Hey .. Today we are going to learn how to install wordpress and get started with your blog/site.

Step1. Download wordpress from here
Step2. Put this zip file in the document root of your web folder and unzip it.
Step3. Goto file wp-config.php present in the folder you just extracted the WP installation in .
So lest say you extracted the installation into wordpress folder of your document root, goto that folder and edit wp-config.php present in there.
Or else if you extracted it in root folder just edit wp-config.php present over there.
Step4. In wp-config.php provide your database credentials, the lines that you need to modify will look something like :

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'PUT_YOUR_DB_NAME_HERE');
/** MySQL database username */
define('DB_USER', 'PUT_YOUR_USERNAME_HERE');
/** MySQL database password */
define('DB_PASSWORD', 'PUT_YOUR_DB_PASSWORD_HERE');
/** MySQL hostname */
define('DB_HOST', 'PUT_YOUR_HOSTNAME_HERE');
/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');

/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');

Step5. After editing wp-config.php, you need to open your web browser and enter the url of your blog.
So lets say if your blog is, http://myblog.com/ ,you need to enter this:
http://myblog.com/wp-admin/install.php and hit enter.

This will ask you some personal questions (username, password for your blog’s admin section , to be precise) and once you do this, it’ll install WP and you are done!!!

CONgratulations on creating your WP blog/site  
Cheers!!

Hello world!

Hello World!! This is Shoaib, and i am a Software Developer.

I write Android apps and WordPress Blogs as a Hobby.

Through this Blog i intend to help you write Android apps and WordPress blogs.

Post Navigation