Wordpress

WordPress Web Development Advantages


1. Flexibility and lower cost of development: Being an open source CMS WordPress is free, does not involve licensing cost and has no restrictions on modifications, additions or changes to the code.
2. Customizable: WordPress CMS is the ideal platform to build websites customized to any requirements or budget,be it a small individual website, blog, an e-commerce website or a complex web portal optimized for search engines.
3. WordPress has a large pool of themes and ready-made plugins.
4. Using WordPress you can build powerful, intuitive, interactive, visually engaging and feature rich websites as it has rich in text editors as well as rich multimedia support like high definition images, audio, video, animation,etc.
5. It is easy to use, configure and setup, it is simple & convenient and does not need specialized programming kills.
6. WordPress comes packed with all core features like membership management and content management and provides powerful search engine optimization features built in to the site to handle traffic intensive websites capable of handling high loads while still remaining responsive.
7. WordPress provides multi-lingual support and easy administrative interface for managing websites including multi user accounts, role assignments, workflows, menu management, and layout customizations.

Redirection


In previous articular we have discus Migrate site from ASP to WordPress

After successfully migration your ASP site to WordPress it’s important to maintain redirection. Because If you have an old url ranking is good in Google and move to a new, permanent location, a 301 redirect can pass the search engine ranking score of the old ranking URL (not abruptly; it will take time) to the new URL. Hence the new URL will appear and start to rank in the search engine results, replacing the old URL.

Before discuss on this topic need to know about Permalink

Permalink means “Permanent Link”. It is a unique URL for each article on your blog. Even if you publish two posts with the same title, they get different permalinks.

A permalink is generated when you hit the publish button for a post or page. It remains the same after publishing, even if you make changes to the title. That is why it is called a permanent link!

On the Internet, a permalink represents a unique address for each of your blog posts and other stuff. So if a permalink breaks, your visitors will be lost.

Similarly on the Internet, if a permalink breaks, the visitors coming from search engines, social media, bookmarks, backlinks from others posts will be lost.

 

Maintaining Permalinks

Try to set your permalink to similar to your old site url.

 

As you know by now, when you move your site from (ASP) to WordPress, permalink structure gets altered. you can use some WordPress plugin for redirection.

But there are Few known limitations of redirecting permalinks are:

  • Facebook/Twitter count will reset for sure. New permalink will have all zeros.
  • Google pagerank for new permalink will be zero. New permalink may gain Google pagerank over the time but big risk.
  • Human visitors will notice delay in opening your posts on WordPress. Delay will be obvious if they are using slow Internet connection.

If you do not take any extra effort to use to maintain permalink and redirection then you will loose traffic, ranking and of-course Google AdSense revenue from your blog.

Google pagerank can be retained if you maintain permalink and redirection.

 

Best WordPress Plugin for Improving Your Customer Service


I have search many support plugin for WPSeeds support and finally  found most popular WP Support Plus plugin.

The plugin works great, installation and configuration are very simple, and customization is a breeze.

It seems like a very nice and clean plug-in so far. It is great for someone who needs something quickly and make it up.

And most important is  No need Third Party Support Services.

This plugin adds to WordPress the features of a complete ticket system with 100% responsive and 100% Ajax functionality. This allows users to submit tickets to report problems or get support on whatever you want. Users can set the status, priority and category of each ticket.

This one adds a ticketing system where users can submit a ticket to get support. The users can set the status, priority, and category of each ticket. Tickets can be submitted through the admin panel or through the frontend. They can attach files to the tickets and to email.

It adds a nice dashboard that’s intuitive to use. The dashboard shows you the tickets along with their subject, status, when it was submitted, etc. You can click on each ticket to handle it. You can also sort the tickets by status, type, category, and priority. There is a search feature so you can search through them to see history or find something specific. And you can create a ticket form this dashboard if you want to create it yourself. There is also a tab for Agents where you can set the agent’s signature.

You create the support page by choosing the page or post from a dropdown list and then placing a shortcode on that page or post. It will also give you a support button that will appear on your site. You can choose its location from a list of choices. It will add a captcha to avoid spam and you will receive the ticket in the admin panel and as an email.

You can get more pro features on following link :

http://pradeepmakone.com/wpsupportplus/

Secure your WordPress Plugin : CSRF protection


I fixed this vulnerability in my WordPress ‘WP Database Backup‘ plugins and would like to share the same knowledge to other developers.

Lest you think this security stuff isn’t important, a major vulnerability was recently found in the WordPress plugins, which is installed on many WordPress sites and which allowed hackers to manipulate the WordPress database using CSRF(Cross-Site Request Forgery).

Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user’s browser.

How to Prevent CSRF

We can stop CSRF attacks by using some handy functionality built into WordPress.

  1. A nonce is generated.
  2. That nonce is submitted with the form.
  3. On the back end, the nonce is checked for validity. If valid, the action continues. If invalid, everything halts – the request was probably forged (You verify the nonce before doing anything else).

The nonce field is used to validate that the contents of the form request came from the current site and not somewhere else. A nonce does not offer absolute protection, but should protect against most cases. It is very important to use nonce fields in forms.

Let’s Add a Nonce

1.First create nonce using wp_create_nonce  function and pass it along with your request.

<input name=”wpdbbackup_update_setting” type=”hidden” value=”<?php echo wp_create_nonce(‘wpdbbackup-update-setting’); ?>” />

2.Verify nonce using wp_verify_nonce function.

if (!isset($_POST[‘wpdbbackup_update_setting’]))
die(“<br><br>Invalid form data. form request came from the somewhere else not current site! “);
if (!wp_verify_nonce($_POST[‘wpdbbackup_update_setting’],’wpdbbackup-update-setting’))
die(“<br><br>Invalid form data. form request came from the somewhere else not current site! “);

Using nonces you can stop forgery, and foil hackers!

Disable WordPress Admin Bar


 Disable WordPress Admin Bar for All Users Except Admin

if you want Disable WordPress Admin Bar for All Users Except Admin then Paste following code in your theme’s functions.php file

add_action('after_setup_theme', 'remove_admin_bar');
 function remove_admin_bar() { 
if (!current_user_can('administrator') && !is_admin()) 
{ show_admin_bar(false); } }

Disable Admin Bar for All Users

If you want to disable Admin Bar for all users, then past following code in your theme’s functions.php file

 show_admin_bar(false);

Disable Admin Bar for certain role

Use this if you want this only for a certain role

function remove_admin_bar() {
$user = wp_get_current_user();
if (in_array('subscriber', $user->roles)) {
show_admin_bar(false);
}
}

Why WordPress is popular blogging system?


About WordPress

  • WordPress started in 2003
    • It was first released on May 27, 2003, by its founders, Matt Mullenweg and Mike Little
  • WordPress is an Open Source projectwordpress_use_graph

    • WordPress was used by more than 22.0% of  the top 10 million websites as of August 2013
    • WordPress is the most popular blogging system in use on the Web, at more than 60 million websites

What You Can Use WordPress For

WordPress started as just a blogging system, but has evolved to be used as full content management system.

  • Personal blog
  • Photoblog
  • Business website
  • Professional portfolio
  • Government website
  • Magazine or news website
  • E-commerce Application

WordPress FeaturesWP_feature

  • Simplicity
  • Flexibility :   With WordPress, you can create any type of website you want
  • Publish with Ease :  You can create Posts and Pages, format them easily.
  • User Management
  • Easy Theme System
  • Extend with Plugins
  • Built-in Comments
  • Search Engine Optimized
  • Easy Installation and Upgrades
  • Community

Famous Brands That Use WordPress

Georgia State’s  univercity : http://www.gsu.edu/

Sweden’s Official Site: https://sweden.se/

Bata is a family-owned global footwear and fashion accessory manufacturer and retailer : http://www.bata.com/

Coca-Cola France  The French site of the popular soft drink runs on WordPress:  http://www.coca-cola.fr/

Sony Music Entertainment : http://www.sonymusic.com/

Time is an American weekly news magazine published in New York City, and the flagship publication of Time Inc:  http://www.times.com/

Popular blogs:

WordPress is a powerful semantic publishing platform, and it comes with a great set of features designed to make your experience as a publisher on the Internet as easy, pleasant and appealing as possible.

Backing up your WordPress database


Your database contains all your important information if the database is erased or corrupted you lose everything.

Sometimes accident can happen when we least expert it. If you can have made a careless mistake and your database is gone how can you restore your data in your database?

So Backup your database regularly.

The WordPress backup files contain sensitive data, such as the WordPress administrator credentials. Such files should be stored in a secure location where other users do not have access to. You can also compress the WordPress backups into a password protected zip file so in case someone manages to get a copy of your WordPress backup files, he or she would need a password to access the content.

WordPress Database backup

Backup your WordPress database from CPanel

  1. Login to your hosting provider CPanel and click on the Backup icon in the Files section.
  2. Once in the backup options page, click on the WordPress database name listed under the section ‘Download a MySQL Database backup’.
  3. Once you click on the WordPress database name, a compressed SQL script file is automatically downloaded to your computer.

Store the WordPress database file in a secure place and ideally it should be stored on a different media.

Backup WordPress database using MySQL command line

If you host your own web server and have access to it via SSH or other protocol, you can make a database backup using a MySQL standard tool called mysqldump. As the name implies, the mysqldump tool dumps a MySQL database into a text file which can later be used to restore the WordPress database.

In the below example, we are using the MySQL root user to connect to the MySQL server, selecting the wpdatabase database and exporting it to a text file called wpdb_backup.sql.

Mysqldump –u root –p wpdatabasebk > wpdb_backup.sql

Below is a breakdown of the switches and parameters used in the command:

-u is used to specify the username to connect to the MySQL server.

-p is used to specify a password. If no password is specified in the command line like in the above example, the MySQL server will prompt you to specify the password once you issue the command. For security reasons it is better not to specify the password via command line since it will be stored in the command line history.

Wpdatabasebk is the actual WordPress database name.

> This sign means export. It is used to specify where to export the MySQL server database dump.

Wpdb_backup.sql is the name of the file where the database dump will be stored. If the file does not exist it will be generated by the tool. Once the database is dumped into this file, download it to your computer and store it in a secure location, ideally on a separate media.

Backup WordPress database using phpMyAdmin

phpMyAdmin is a MySQL Server admin web based tool. This can be accessed directly via a specific URL or else from your hosting provider’s CPanel under the Databases section. To backup the WordPress database from the phpMyAdmin follow the below procedure:

  1. Once logged in to phpMyAdmin, depending on your installation you might notice that you have several databases. In that case, select the WordPress database by clicking on it.
  2. Once you select the WordPress database you are redirected to the database options page form where you can launch several database related tasks. As seen in the below screenshot, a list of tables in the database will also be populated. You might have more than 11 tables in your WordPress database, if you have WordPress plugins that store data in the WordPress database.WP-database-backup-phpmyadmin
  3. Click on the Export option (highlighted in the above screenshot) to export/backup the WordPress database to a file. From the Export section, select Custom export and ensure that the below options are selected as highlighted in the below screenshot:
    1. All tables are highlighted.
    2. The option “Add Drop….” from the Object Creation options is enabled. This can be useful in case you are restoring the WordPress database onto an existing one.

Back up your website Using WordPress plugins

There are some limitation in default WordPress installation is backup.The included backup system limits you to exporting posts, pages, comments, custom fields, categories and tags. What you don’t get are backups of directories, files and databases.

There are plenty of plugins available to improve the WordPress database backup solution.

WP Database Backup

If you are use WordPress so you can use backup plugins for take database backup.

If You want to schedule a backup of your WordPress site database but do not have enough permissions to access your host then Install “wp database backup” plug-in.

WP-Database-Backup :When plugin is installed and active. you can backup your blog database easily in single click. Some time you have create database backup on your server or localhost and if some one hack your site or you have made some mistake then how can you recover your database which include important information. So it is important to save your database safer place like FTP, on your Email or Dropbox.

for more information about how to backup database using WP-database-Backup plugin check this link : https://walkeprashant.wordpress.com/wp-database-backup/

How to add search function to your website


If you are design any website it important to add search functionality on your site. Visitor or user essay find the content or exact data/page on your site. So add search function in your site and make your site user friendly.

Allowing visitors to search your site is very important. We are so used to being able to search for what we need that when we come across a website with no search function – particularly a large site – we are likely to find it extremely frustrating. A good search function can be used by your visitors as another method of navigation on your site. Adding search functionality should therefore be a priority.

In this articles we are focus on “How to add search function to your website”.

There is no feature in HTML that will perform the search. But you do have  alternative options:

  • You can integrate 3rd-party search engines like Google into your site.
  • You can upload a CGI page which uses PHP, Perl, or another scripting language to perform the local search for you.
  •  JavaScript search engines which work right inside the page , but that requires you to transfer all the data to the client, so it is not a very good idea.

Few people realise this, but you can actually use the major search engines like Google as your site’s search engine, free of charge.

To do this with Google, go to Google Custom Search Engine and complete the online form.

 

This useful script allows your visitors to search the contents of your site by leveraging the 3 most popular search engines- Google, Yahoo, and MSN. Now your site’s search is truly covered!

<a class="left carousel-control" href="#carousel-example-generic" role="button" data-slide="prev">
<span class="glyphicon glyphicon-chevron-left"></span>
</a>
<a class="right carousel-control" href="#carousel-example-generic" role="button" data-slide="next">
<span class="glyphicon glyphicon-chevron-right"></span>
</a>
</div>

<form name="jksearch" action="http://www.google.com/search" method="get" onSubmit="jksitesearch(this)">

<input id="hiddenquery" type="hidden" name="q" />
<input name="qfront" type="text" style="width: 200px" value="database " /> <input type="submit" value="Search" /><br />
<div style="font: bold 11px Verdana;">Google:<input name="se" type="radio" checked> Yahoo:<input name="se" type="radio"> MSN:<input name="se" type="radio">
</div>

<script type="text/javascript">

//Enter domain of site to search.
var domainroot="https://walkeprashant.wordpress.com"

var searchaction=[ //form action for the 3 search engines
"http://www.google.com/search",
"http://search.yahoo.com/search",
"http://search.msn.com/results.aspx"
]

var queryfieldname=["q","p","q"] //name of hidden query form for the 3 search engines

function switchaction(cur, index){
cur.form.action=searchaction[index]
document.getElementById("hiddenquery").name=queryfieldname[index]
}

function jksitesearch(curobj){
for (i=0; i< document.jksearch.se.length; i++){ //loop through radio to see which is checked
if (document.jksearch.se[i].checked==true)
switchaction(document.jksearch.se[i], i)
}
document.getElementById("hiddenquery").value="site:"+domainroot+" "+curobj.qfront.value
}
</script>

</p>

</form>

following disadvantages for 3rd-party search engines:

  • If the search engine decides to discontinue the service, your site search will suddenly fail to work.
  • The results page has the search engine’s advertisements and formatting. You have even less control over the output than when using the third party search engine remotely hosted services.
  • Limited in functionality

You could consider a JavaScript search option. Be aware that not all browsers support JavaScript, although most do nowadays, so this shouldn’t cause a problem.

The best method is to store your information in your database and use server scripting like php and MySQL to query the data

ASP to Wordpress migration

Migrate site from ASP to WordPress


Now a day WordPress is most popular blogging framework. many people are use WordPress for blogging as well as e-commerce application like online shop. using WordPress you can easily manage SEO, Change contain and take your site backup. WordPress framework is user friendly framework and any one can use without technical knowledge.only need some creativity and all depend on your interest.that’s why most of people prefer WordPress for Dynamic web design.

If you have design your site in to ASP and you want to translate/convert in to WordPress then don’t mind. In this tutorial i will explain how to Migrate site from ASP to WordPress without losing your existing url rank .Some time you have migrate site or convert static to dynamic site it may affect on your rankings. so it important to maintain your ranking.

Although WordPress includes built-in migration tools for importing content from other blogging platforms, migrating an ASP-based site is a little more challenging because everything must be moved manually. After you’ve installed WordPress on your server or with its Web host, you are left essentially with a shell into which you need to insert content. Because all WordPress sites are template-driven, the first thing you must do is select a template. After you’ve selected a template, you can begin migrating your ASP site page by page and then uploading any additional media and other content stored on your company’s server.

Select a Template

Step 1 : Log in to your  WordPress dashboard.
Step 2 : Highlight “Appearance” on the main menu and click “Themes” on the menu that appears.

Step 4 : Enter search terms into the Search field and place checkmarks in the provided Feature Filter checkboxes to further refine your search criteria. Press the “Search” button or the “Find Themes” button to display a list of themes that match your search criteria.
Step 5 : Browse through the theme thumbnails. Click the “Preview” link below a theme to preview the theme in your browser. Click “Install Now” to download and install the theme on your WordPress site.
If you want to design same layout of  your ASP site then you need to create theme.
You can refer this link for how to create new theme: http://codex.wordpress.org/Theme_Development
Also you need to design different template for different page layout.( like home page template,contact page template,gallery template,single page template) .
Using above link you can design same theme/layout which look like similar to old one.
or you can hire any WordPress developer for create theme.

Migrate Pages

Step 1 : Open your ASP website and click one of the items on your site’s main menu.
Step 2 : Launch a second browser tab and log in to your WordPress dashboard.
Step 3 : Hover your mouse over “Pages” on the main menu and click “Add New” on the menu that appears.
Step 4 : Enter a title for your page in the provided field. This title should be the same as the page currently being copied from your ASP site.
Step 5: Highlight all of the text on the current page of your ASP site and click “Ctrl-C” on your keyboard to copy it to the clipboard. Switch back to the tab on which your WordPress dashboard is displayed, click your mouse in the Visual editor and press “Ctrl-V” to paste all of the text into the editor. Some images may copy over, too. If this is the case, click them and delete them because they will be linked to the file directory on your old ASP-based site, rather than to your WordPress site. You will instead need to re-upload these images to your WordPress site from your computer.
Step 6 : Place your cursor at the location in the visual editor where you want an image to appear. Click the “Upload/Insert” button to launch the Add Media dialog. Drag and drop the desired image into the dialog or click “Select Files” and double-click the image from its location on your computer to upload it into your WordPress page. Repeat this step for each image or other multimedia file you want to migrate into this WordPress page.
Step 7 : Click the “Publish” button to finish migrating this page from your ASP site to your WordPress site. Repeat these steps for each page you want to migrate into WordPress.

Migrate Media and Other Content

Step 1 : Download the media you want to migrate from your ASP site. Skip this step if the media is already stored on your computer.
Step 2 : Log in to your WordPress Dashboard, highlight “Media” on the main menu and click “Add New” to launch the Add New Media screen. From this screen you can add content to your WordPress library for use at a later date. Compatible content includes videos, images, audio, text files, and more.
Step 3 : Drag and drop your files into the Upload New Media window or click “Select Files” to select files manually. After the files have been uploaded to your WordPress site, you will be prompted to enter titles and descriptions for each file.

Redirections

There is a plugin for changing from one permalink structure to another, but I am quite sure that this will not be enough for your needs. You will have to use some .htaccess rewrite rules.
There are several instances when you administer WordPress blogs where you will need to perform a 301 redirect. It is one of the most important corrective actions you can take when moving content.

one reasons why you should do a permanent 301 redirect are to maintain search engine rankings, such as in Google. If you have an old, ranking URL in Google and move to a new, permanent location, a 301 redirect can pass the search engine ranking score of the old ranking URL (not abruptly; it will take time) to the new URL. Hence the new URL will appear and start to rank in the search engine results, replacing the old URL.

If 301 redirection is not implemented, the old URL will still rank in Google. And no matter what you do, your new URL will never appear in search results unless you do a 301 redirect.

Redirections will more detail in next artical

Database Security


wp-database-backupNowadays, databases are cardinal components of any web based application by enabling websites to provide varying dynamic content. Since very sensitive or secret information can be stored in a database, you should strongly consider protecting your databases.

 

Designing Databases

The first step is always to create the database, unless you want to use one from a third party. When a database is created, it is assigned to an owner, who executed the creation statement. Usually, only the owner (or a superuser) can do anything with the objects in that database, and in order to allow other users to use it, privileges must be granted.

Applications should never connect to the database as its owner or a superuser, because these users can execute any query at will, for example, modifying the schema (e.g. dropping tables) or deleting its entire content.

You may create different database users for every aspect of your application with very limited rights to database objects. The most required privileges should be granted only, and avoid that the same user can interact with the database in different use cases. This means that if intruders gain access to your database using your applications credentials, they can only effect as many changes as your application can.

You are encouraged not to implement all the business logic in the web application (i.e. your script), instead do it in the database schema using views, triggers or rules. If the system evolves, new ports will be intended to open to the database, and you have to re-implement the logic in each separate database client. Over and above, triggers can be used to transparently and automatically handle fields, which often provides insight when debugging problems with your application or tracing back transactions.

Connecting to Database

You may want to establish the connections over SSL to encrypt client/server communications for increased security, or you can use ssh to encrypt the network connection between clients and the database server. If either of these is used, then monitoring your traffic and gaining information about your database will be difficult for a would-be attacker.

Encrypted Storage Model

SSL/SSH protects data travelling from the client to the server: SSL/SSH does not protect persistent data stored in a database. SSL is an on-the-wire protocol.

Once an attacker gains access to your database directly (bypassing the webserver), stored sensitive data may be exposed or misused, unless the information is protected by the database itself. Encrypting the data is a good way to mitigate this threat, but very few databases offer this type of data encryption.

The easiest way to work around this problem is to first create your own encryption package, and then use it from within your PHP scripts. PHP can assist you in this with several extensions, such as Mcrypt and Mhash, covering a wide variety of encryption algorithms. The script encrypts the data before inserting it into the database, and decrypts it when retrieving.

SQL Injection

Many web developers are unaware of how SQL queries can be tampered with, and assume that an SQL query is a trusted command. It means that SQL queries are able to circumvent access controls, thereby bypassing standard authentication and authorization checks, and sometimes SQL queries even may allow access to host operating system level commands.

Direct SQL Command Injection is a technique where an attacker creates or alters existing SQL commands to expose hidden data, or to override valuable ones, or even to execute dangerous system level commands on the database host. This is accomplished by the application taking user input and combining it with static parameters to build an SQL query.

Owing to the lack of input validation and connecting to the database on behalf of a superuser or the one who can create users, the attacker may create a superuser in your database.

Avoidance Techniques

While it remains obvious that an attacker must possess at least some knowledge of the database architecture in order to conduct a successful attack, obtaining this information is often very simple. For example, if the database is part of an open source or other publicly-available software package with a default installation, this information is completely open and available. This information may also be divulged by closed-source code – even if it’s encoded, obfuscated, or compiled – and even by your very own code through the display of error messages. Other methods include the user of common table and column names. For example, a login form that uses a ‘users’ table with column names ‘id’, ‘username’, and ‘password’.

These attacks are mainly based on exploiting the code not being written with security in mind. Never trust any kind of input, especially that which comes from the client side, even though it comes from a select box, a hidden input field or a cookie. The first example shows that such a blameless query can cause disasters.

  • Never connect to the database as a superuser or as the database owner. Use always customized users with very limited privileges.
  • Use prepared statements with bound variables. They are provided by PDO, by MySQLi and by other libraries.
  • Check if the given input has the expected data type. PHP has a wide range of input validating functions, from the simplest ones found in Variable Functions and in Character Type Functions (e.g. is_numeric(), ctype_digit() respectively) and onwards to the Perl compatible Regular Expressions support.
  • If the application waits for numerical input, consider verifying data with ctype_digit(), or silently change its type using settype(), or use its numeric representation by sprintf().

  •  If the database layer doesn’t support binding variables then quote each non numeric user supplied value that is passed to the database with the database-specific string escape function (e.g. mysql_real_escape_string(), sqlite_escape_string(), etc.). Generic functions like addslashes() are useful only in a very specific environment (e.g. MySQL in a single-byte character set with disabled NO_BACKSLASH_ESCAPES) so it is better to avoid them.
  • Do not print out any database specific information, especially about the schema, by fair means or foul. See also Error Reporting and Error Handling and Logging Functions.
  • You may use stored procedures and previously defined cursors to abstract data access so that users do not directly access tables or views, but this solution has another impacts.        

Your database contains all your important information if the database is erased or corrupted you lose everything.

Sometimes accident can happen when we least expert it. If you can have made a careless mistake and your database is gone how can you restore your data in your database?

So Backup your database regularly.

If you are use WordPress so you can use backup plugins for take database backup.

WP-Database-Backup :When plugin is installed and active. you can backup your blog database easily in single click.

WP Database Backup

WP Database Backup plugin helps you to create Database Backup and Restore Database Backup easily on single click.Manual or automated backupswp-database-backup_download_button