Blog

Creating Great URLs


Creating URLs for your site is more important for increase SEO. You need to select proper URL for pages.

Good SEO practices for URLs is to keep them under 100 characters long, to use dashes instead of underscores and to avoid special characters.

Bad URL:

https://walkeprashant.wordpress.com/php_que=asdasdasda133213ASADSSAD

This URL doesn’t have any significance to your user.

Good URL:

http://www.technorati.com/technology/php/

This URL is clean, each folder (“technology” and “php” in the URL) makes sense, and it gives us a pretty good idea of what we’ll find when we visit the page (technology php).

How to Creating Great URLs

  • It should be obvious: If a user can look at your URL and make an accurate guess about the contents of your page, you’re on the right track.
  • Use keywords when you can:Those keywords that you spent so much time researching for your content can be used in your URL. Name your folders accordingly, using the keywords where appropriate.
  • Shorter is better:A short URL is easier to copy and paste, say, and write.
  • Never use multiple subdomains: 
  • Avoid too many folders: A folder creates one more layer that search engines have to crawl through—omit unnecessary folders from your site structure.
  • Don’t use uppercase characters:Keep your URLs simple and concise by always using lowercase text.
  • Don’t use any symbols:Search engines treat dynamic and static URLs differently, so keep yours static—that means no random characters. “?^&” means nothing to your user. If your website is in the CMS, then you have nothing to worry about—all CMS URLs are static.
Advertisements

Cron job fail to include files


If you select php as the command language for your cron job, relative paths may not work. This is because some PHP scripts expect to be run from the directory where they are stored, and due to the nature of our Sites platform they will be run from another location. This means including or requiring files from a relative path may result in errors such as:

 PHP Warning: include(../dbconnection.php): failed to open stream: No such file or directory
Solution

To correct this problem, you could use the absolute path to reference any files in your script. An absolute include looks something like this:

include('/var/www/html/dbconnection.php');

Disable WordPress Admin Bar


 Disable WordPress Admin Bar for All Users Except Admin

if you want Disable WordPress Admin Bar for All Users Except Admin then Paste following code in your theme’s functions.php file

add_action('after_setup_theme', 'remove_admin_bar');
 function remove_admin_bar() { 
if (!current_user_can('administrator') && !is_admin()) 
{ show_admin_bar(false); } }

Disable Admin Bar for All Users

If you want to disable Admin Bar for all users, then past following code in your theme’s functions.php file

 show_admin_bar(false);

Disable Admin Bar for certain role

Use this if you want this only for a certain role

function remove_admin_bar() {
$user = wp_get_current_user();
if (in_array('subscriber', $user->roles)) {
show_admin_bar(false);
}
}

Why WordPress is popular blogging system?


About WordPress

  • WordPress started in 2003
    • It was first released on May 27, 2003, by its founders, Matt Mullenweg and Mike Little
  • WordPress is an Open Source projectwordpress_use_graph

    • WordPress was used by more than 22.0% of  the top 10 million websites as of August 2013
    • WordPress is the most popular blogging system in use on the Web, at more than 60 million websites

What You Can Use WordPress For

WordPress started as just a blogging system, but has evolved to be used as full content management system.

  • Personal blog
  • Photoblog
  • Business website
  • Professional portfolio
  • Government website
  • Magazine or news website
  • E-commerce Application

WordPress FeaturesWP_feature

  • Simplicity
  • Flexibility :   With WordPress, you can create any type of website you want
  • Publish with Ease :  You can create Posts and Pages, format them easily.
  • User Management
  • Easy Theme System
  • Extend with Plugins
  • Built-in Comments
  • Search Engine Optimized
  • Easy Installation and Upgrades
  • Community

Famous Brands That Use WordPress

Georgia State’s  univercity : http://www.gsu.edu/

Sweden’s Official Site: https://sweden.se/

Bata is a family-owned global footwear and fashion accessory manufacturer and retailer : http://www.bata.com/

Coca-Cola France  The French site of the popular soft drink runs on WordPress:  http://www.coca-cola.fr/

Sony Music Entertainment : http://www.sonymusic.com/

Time is an American weekly news magazine published in New York City, and the flagship publication of Time Inc:  http://www.times.com/

Popular blogs:

WordPress is a powerful semantic publishing platform, and it comes with a great set of features designed to make your experience as a publisher on the Internet as easy, pleasant and appealing as possible.

Backing up your WordPress database


Your database contains all your important information if the database is erased or corrupted you lose everything.

Sometimes accident can happen when we least expert it. If you can have made a careless mistake and your database is gone how can you restore your data in your database?

So Backup your database regularly.

The WordPress backup files contain sensitive data, such as the WordPress administrator credentials. Such files should be stored in a secure location where other users do not have access to. You can also compress the WordPress backups into a password protected zip file so in case someone manages to get a copy of your WordPress backup files, he or she would need a password to access the content.

WordPress Database backup

Backup your WordPress database from CPanel

  1. Login to your hosting provider CPanel and click on the Backup icon in the Files section.
  2. Once in the backup options page, click on the WordPress database name listed under the section ‘Download a MySQL Database backup’.
  3. Once you click on the WordPress database name, a compressed SQL script file is automatically downloaded to your computer.

Store the WordPress database file in a secure place and ideally it should be stored on a different media.

Backup WordPress database using MySQL command line

If you host your own web server and have access to it via SSH or other protocol, you can make a database backup using a MySQL standard tool called mysqldump. As the name implies, the mysqldump tool dumps a MySQL database into a text file which can later be used to restore the WordPress database.

In the below example, we are using the MySQL root user to connect to the MySQL server, selecting the wpdatabase database and exporting it to a text file called wpdb_backup.sql.

Mysqldump –u root –p wpdatabasebk > wpdb_backup.sql

Below is a breakdown of the switches and parameters used in the command:

-u is used to specify the username to connect to the MySQL server.

-p is used to specify a password. If no password is specified in the command line like in the above example, the MySQL server will prompt you to specify the password once you issue the command. For security reasons it is better not to specify the password via command line since it will be stored in the command line history.

Wpdatabasebk is the actual WordPress database name.

> This sign means export. It is used to specify where to export the MySQL server database dump.

Wpdb_backup.sql is the name of the file where the database dump will be stored. If the file does not exist it will be generated by the tool. Once the database is dumped into this file, download it to your computer and store it in a secure location, ideally on a separate media.

Backup WordPress database using phpMyAdmin

phpMyAdmin is a MySQL Server admin web based tool. This can be accessed directly via a specific URL or else from your hosting provider’s CPanel under the Databases section. To backup the WordPress database from the phpMyAdmin follow the below procedure:

  1. Once logged in to phpMyAdmin, depending on your installation you might notice that you have several databases. In that case, select the WordPress database by clicking on it.
  2. Once you select the WordPress database you are redirected to the database options page form where you can launch several database related tasks. As seen in the below screenshot, a list of tables in the database will also be populated. You might have more than 11 tables in your WordPress database, if you have WordPress plugins that store data in the WordPress database.WP-database-backup-phpmyadmin
  3. Click on the Export option (highlighted in the above screenshot) to export/backup the WordPress database to a file. From the Export section, select Custom export and ensure that the below options are selected as highlighted in the below screenshot:
    1. All tables are highlighted.
    2. The option “Add Drop….” from the Object Creation options is enabled. This can be useful in case you are restoring the WordPress database onto an existing one.

Back up your website Using WordPress plugins

There are some limitation in default WordPress installation is backup.The included backup system limits you to exporting posts, pages, comments, custom fields, categories and tags. What you don’t get are backups of directories, files and databases.

There are plenty of plugins available to improve the WordPress database backup solution.

WP Database Backup

If you are use WordPress so you can use backup plugins for take database backup.

If You want to schedule a backup of your WordPress site database but do not have enough permissions to access your host then Install “wp database backup” plug-in.

WP-Database-Backup :When plugin is installed and active. you can backup your blog database easily in single click. Some time you have create database backup on your server or localhost and if some one hack your site or you have made some mistake then how can you recover your database which include important information. So it is important to save your database safer place like FTP, on your Email or Dropbox.

for more information about how to backup database using WP-database-Backup plugin check this link : https://walkeprashant.wordpress.com/wp-database-backup/

Send emails from localhost(WAMP Server)


If you are developing php project on localhost and you are using mail function on your project that time you may face problem with send mail function. so in this tutorial we are explain how to configure sendmail.

Follow the step below for configure sendmail:

Step 1: Download sendmail

Download sendmail and extract all the files in the folder “C:\sendmail\”

Step 2: Configure sendmail.ini

Open the file “C:\sendmail\sendmail.ini” and add the following params in the corresponding lines:

smtp_server=smtp.gmail.com
smtp_port=465
auth_username=your_address@gmail.com
auth_password=your_password
force_sender=your_address@gmail.com

Step 3 : Configure php.ini

Open the php.ini, find the following lines and add the path to the sendmail executable file. Don’t forget to restart the Apache server after doing that.

sendmail_path = "C:\sendmail\sendmail.exe -t"

Step 4: Test

Create a PHP script with the following code:(test.php)

mail('your_email@gmail.com','Test Mail Working','Mail received Successfully!!!!')

Run your test.php file and check your mail.

 

Filenames with spaces are break the download in Mozilla Firefox


When downloading certain files, you may find that the filename is truncated up to the first space. Thus, a link to download the file “My music.mp3” produces a save dialog containing “My” as the filename. This is a case of the website incorrectly sending the filename, and the browser coping as best it can.

if the file name contains a quote or spaces; then you have to escape that quote or spaces.

So you can use following code for download mp3 file for the solve this issue.

header(‘Content-Disposition: attachment; filename=”‘ . str_replace(‘”‘, ‘\\”‘, $fileName) . ‘”‘);

downlaod.php file:

 <?php

 // $audioFile = "Maid with the Flaxen Hair.mp3";
 $fileName = $_GET['id'];
 // Fetch the file info.
 $filePath = '../uploads/music/' . $fileName;
 
 if(file_exists($filePath)) {
 $fileName = basename($filePath);
 $fileSize = filesize($filePath);

 // Output headers.
 header("Cache-Control: private");
 header("Content-Type: application/force-download");
 header("Content-Type: audio/mpeg, audio/x-mpeg, audio/x-mpeg-3, audio/mpeg3");
 header("Content-Length: ".$fileSize);
// header("Content-Disposition: attachment; filename=".$fileName);
 header('Content-Disposition: attachment; filename="' . str_replace('"', '\\"', $fileName) . '"');

 // Output file.
 readfile ($filePath); 
 exit();
 }
 else {
 die('The provided file path is not valid.');
 }

?>

html file:

 <a href="http://localhost/musiclib/include/download.php?id=my music.mp3"> Download</a>

How to add search function to your website


If you are design any website it important to add search functionality on your site. Visitor or user essay find the content or exact data/page on your site. So add search function in your site and make your site user friendly.

Allowing visitors to search your site is very important. We are so used to being able to search for what we need that when we come across a website with no search function – particularly a large site – we are likely to find it extremely frustrating. A good search function can be used by your visitors as another method of navigation on your site. Adding search functionality should therefore be a priority.

In this articles we are focus on “How to add search function to your website”.

There is no feature in HTML that will perform the search. But you do have  alternative options:

  • You can integrate 3rd-party search engines like Google into your site.
  • You can upload a CGI page which uses PHP, Perl, or another scripting language to perform the local search for you.
  •  JavaScript search engines which work right inside the page , but that requires you to transfer all the data to the client, so it is not a very good idea.

Few people realise this, but you can actually use the major search engines like Google as your site’s search engine, free of charge.

To do this with Google, go to Google Custom Search Engine and complete the online form.

 

This useful script allows your visitors to search the contents of your site by leveraging the 3 most popular search engines- Google, Yahoo, and MSN. Now your site’s search is truly covered!

<a class="left carousel-control" href="#carousel-example-generic" role="button" data-slide="prev">
<span class="glyphicon glyphicon-chevron-left"></span>
</a>
<a class="right carousel-control" href="#carousel-example-generic" role="button" data-slide="next">
<span class="glyphicon glyphicon-chevron-right"></span>
</a>
</div>

<form name="jksearch" action="http://www.google.com/search" method="get" onSubmit="jksitesearch(this)">

<input id="hiddenquery" type="hidden" name="q" />
<input name="qfront" type="text" style="width: 200px" value="database " /> <input type="submit" value="Search" /><br />
<div style="font: bold 11px Verdana;">Google:<input name="se" type="radio" checked> Yahoo:<input name="se" type="radio"> MSN:<input name="se" type="radio">
</div>

<script type="text/javascript">

//Enter domain of site to search.
var domainroot="https://walkeprashant.wordpress.com"

var searchaction=[ //form action for the 3 search engines
"http://www.google.com/search",
"http://search.yahoo.com/search",
"http://search.msn.com/results.aspx"
]

var queryfieldname=["q","p","q"] //name of hidden query form for the 3 search engines

function switchaction(cur, index){
cur.form.action=searchaction[index]
document.getElementById("hiddenquery").name=queryfieldname[index]
}

function jksitesearch(curobj){
for (i=0; i< document.jksearch.se.length; i++){ //loop through radio to see which is checked
if (document.jksearch.se[i].checked==true)
switchaction(document.jksearch.se[i], i)
}
document.getElementById("hiddenquery").value="site:"+domainroot+" "+curobj.qfront.value
}
</script>

</p>

</form>

following disadvantages for 3rd-party search engines:

  • If the search engine decides to discontinue the service, your site search will suddenly fail to work.
  • The results page has the search engine’s advertisements and formatting. You have even less control over the output than when using the third party search engine remotely hosted services.
  • Limited in functionality

You could consider a JavaScript search option. Be aware that not all browsers support JavaScript, although most do nowadays, so this shouldn’t cause a problem.

The best method is to store your information in your database and use server scripting like php and MySQL to query the data

ASP to Wordpress migration

Migrate site from ASP to WordPress


Now a day WordPress is most popular blogging framework. many people are use WordPress for blogging as well as e-commerce application like online shop. using WordPress you can easily manage SEO, Change contain and take your site backup. WordPress framework is user friendly framework and any one can use without technical knowledge.only need some creativity and all depend on your interest.that’s why most of people prefer WordPress for Dynamic web design.

If you have design your site in to ASP and you want to translate/convert in to WordPress then don’t mind. In this tutorial i will explain how to Migrate site from ASP to WordPress without losing your existing url rank .Some time you have migrate site or convert static to dynamic site it may affect on your rankings. so it important to maintain your ranking.

Although WordPress includes built-in migration tools for importing content from other blogging platforms, migrating an ASP-based site is a little more challenging because everything must be moved manually. After you’ve installed WordPress on your server or with its Web host, you are left essentially with a shell into which you need to insert content. Because all WordPress sites are template-driven, the first thing you must do is select a template. After you’ve selected a template, you can begin migrating your ASP site page by page and then uploading any additional media and other content stored on your company’s server.

Select a Template

Step 1 : Log in to your  WordPress dashboard.
Step 2 : Highlight “Appearance” on the main menu and click “Themes” on the menu that appears.

Step 4 : Enter search terms into the Search field and place checkmarks in the provided Feature Filter checkboxes to further refine your search criteria. Press the “Search” button or the “Find Themes” button to display a list of themes that match your search criteria.
Step 5 : Browse through the theme thumbnails. Click the “Preview” link below a theme to preview the theme in your browser. Click “Install Now” to download and install the theme on your WordPress site.
If you want to design same layout of  your ASP site then you need to create theme.
You can refer this link for how to create new theme: http://codex.wordpress.org/Theme_Development
Also you need to design different template for different page layout.( like home page template,contact page template,gallery template,single page template) .
Using above link you can design same theme/layout which look like similar to old one.
or you can hire any WordPress developer for create theme.

Migrate Pages

Step 1 : Open your ASP website and click one of the items on your site’s main menu.
Step 2 : Launch a second browser tab and log in to your WordPress dashboard.
Step 3 : Hover your mouse over “Pages” on the main menu and click “Add New” on the menu that appears.
Step 4 : Enter a title for your page in the provided field. This title should be the same as the page currently being copied from your ASP site.
Step 5: Highlight all of the text on the current page of your ASP site and click “Ctrl-C” on your keyboard to copy it to the clipboard. Switch back to the tab on which your WordPress dashboard is displayed, click your mouse in the Visual editor and press “Ctrl-V” to paste all of the text into the editor. Some images may copy over, too. If this is the case, click them and delete them because they will be linked to the file directory on your old ASP-based site, rather than to your WordPress site. You will instead need to re-upload these images to your WordPress site from your computer.
Step 6 : Place your cursor at the location in the visual editor where you want an image to appear. Click the “Upload/Insert” button to launch the Add Media dialog. Drag and drop the desired image into the dialog or click “Select Files” and double-click the image from its location on your computer to upload it into your WordPress page. Repeat this step for each image or other multimedia file you want to migrate into this WordPress page.
Step 7 : Click the “Publish” button to finish migrating this page from your ASP site to your WordPress site. Repeat these steps for each page you want to migrate into WordPress.

Migrate Media and Other Content

Step 1 : Download the media you want to migrate from your ASP site. Skip this step if the media is already stored on your computer.
Step 2 : Log in to your WordPress Dashboard, highlight “Media” on the main menu and click “Add New” to launch the Add New Media screen. From this screen you can add content to your WordPress library for use at a later date. Compatible content includes videos, images, audio, text files, and more.
Step 3 : Drag and drop your files into the Upload New Media window or click “Select Files” to select files manually. After the files have been uploaded to your WordPress site, you will be prompted to enter titles and descriptions for each file.

Redirections

There is a plugin for changing from one permalink structure to another, but I am quite sure that this will not be enough for your needs. You will have to use some .htaccess rewrite rules.
There are several instances when you administer WordPress blogs where you will need to perform a 301 redirect. It is one of the most important corrective actions you can take when moving content.

one reasons why you should do a permanent 301 redirect are to maintain search engine rankings, such as in Google. If you have an old, ranking URL in Google and move to a new, permanent location, a 301 redirect can pass the search engine ranking score of the old ranking URL (not abruptly; it will take time) to the new URL. Hence the new URL will appear and start to rank in the search engine results, replacing the old URL.

If 301 redirection is not implemented, the old URL will still rank in Google. And no matter what you do, your new URL will never appear in search results unless you do a 301 redirect.

Redirections will more detail in next artical

Database Security


wp-database-backupNowadays, databases are cardinal components of any web based application by enabling websites to provide varying dynamic content. Since very sensitive or secret information can be stored in a database, you should strongly consider protecting your databases.

 

Designing Databases

The first step is always to create the database, unless you want to use one from a third party. When a database is created, it is assigned to an owner, who executed the creation statement. Usually, only the owner (or a superuser) can do anything with the objects in that database, and in order to allow other users to use it, privileges must be granted.

Applications should never connect to the database as its owner or a superuser, because these users can execute any query at will, for example, modifying the schema (e.g. dropping tables) or deleting its entire content.

You may create different database users for every aspect of your application with very limited rights to database objects. The most required privileges should be granted only, and avoid that the same user can interact with the database in different use cases. This means that if intruders gain access to your database using your applications credentials, they can only effect as many changes as your application can.

You are encouraged not to implement all the business logic in the web application (i.e. your script), instead do it in the database schema using views, triggers or rules. If the system evolves, new ports will be intended to open to the database, and you have to re-implement the logic in each separate database client. Over and above, triggers can be used to transparently and automatically handle fields, which often provides insight when debugging problems with your application or tracing back transactions.

Connecting to Database

You may want to establish the connections over SSL to encrypt client/server communications for increased security, or you can use ssh to encrypt the network connection between clients and the database server. If either of these is used, then monitoring your traffic and gaining information about your database will be difficult for a would-be attacker.

Encrypted Storage Model

SSL/SSH protects data travelling from the client to the server: SSL/SSH does not protect persistent data stored in a database. SSL is an on-the-wire protocol.

Once an attacker gains access to your database directly (bypassing the webserver), stored sensitive data may be exposed or misused, unless the information is protected by the database itself. Encrypting the data is a good way to mitigate this threat, but very few databases offer this type of data encryption.

The easiest way to work around this problem is to first create your own encryption package, and then use it from within your PHP scripts. PHP can assist you in this with several extensions, such as Mcrypt and Mhash, covering a wide variety of encryption algorithms. The script encrypts the data before inserting it into the database, and decrypts it when retrieving.

SQL Injection

Many web developers are unaware of how SQL queries can be tampered with, and assume that an SQL query is a trusted command. It means that SQL queries are able to circumvent access controls, thereby bypassing standard authentication and authorization checks, and sometimes SQL queries even may allow access to host operating system level commands.

Direct SQL Command Injection is a technique where an attacker creates or alters existing SQL commands to expose hidden data, or to override valuable ones, or even to execute dangerous system level commands on the database host. This is accomplished by the application taking user input and combining it with static parameters to build an SQL query.

Owing to the lack of input validation and connecting to the database on behalf of a superuser or the one who can create users, the attacker may create a superuser in your database.

Avoidance Techniques

While it remains obvious that an attacker must possess at least some knowledge of the database architecture in order to conduct a successful attack, obtaining this information is often very simple. For example, if the database is part of an open source or other publicly-available software package with a default installation, this information is completely open and available. This information may also be divulged by closed-source code – even if it’s encoded, obfuscated, or compiled – and even by your very own code through the display of error messages. Other methods include the user of common table and column names. For example, a login form that uses a ‘users’ table with column names ‘id’, ‘username’, and ‘password’.

These attacks are mainly based on exploiting the code not being written with security in mind. Never trust any kind of input, especially that which comes from the client side, even though it comes from a select box, a hidden input field or a cookie. The first example shows that such a blameless query can cause disasters.

  • Never connect to the database as a superuser or as the database owner. Use always customized users with very limited privileges.
  • Use prepared statements with bound variables. They are provided by PDO, by MySQLi and by other libraries.
  • Check if the given input has the expected data type. PHP has a wide range of input validating functions, from the simplest ones found in Variable Functions and in Character Type Functions (e.g. is_numeric(), ctype_digit() respectively) and onwards to the Perl compatible Regular Expressions support.
  • If the application waits for numerical input, consider verifying data with ctype_digit(), or silently change its type using settype(), or use its numeric representation by sprintf().

  •  If the database layer doesn’t support binding variables then quote each non numeric user supplied value that is passed to the database with the database-specific string escape function (e.g. mysql_real_escape_string(), sqlite_escape_string(), etc.). Generic functions like addslashes() are useful only in a very specific environment (e.g. MySQL in a single-byte character set with disabled NO_BACKSLASH_ESCAPES) so it is better to avoid them.
  • Do not print out any database specific information, especially about the schema, by fair means or foul. See also Error Reporting and Error Handling and Logging Functions.
  • You may use stored procedures and previously defined cursors to abstract data access so that users do not directly access tables or views, but this solution has another impacts.        

Your database contains all your important information if the database is erased or corrupted you lose everything.

Sometimes accident can happen when we least expert it. If you can have made a careless mistake and your database is gone how can you restore your data in your database?

So Backup your database regularly.

If you are use WordPress so you can use backup plugins for take database backup.

WP-Database-Backup :When plugin is installed and active. you can backup your blog database easily in single click.

WP Database Backup

WP Database Backup plugin helps you to create Database Backup and Restore Database Backup easily on single click.Manual or automated backupswp-database-backup_download_button