How we created our own free content delivery network for WordPress users

Try out our Free CDN service by installing the Shift8 CDN WordPress plugin Hello! We thought it would be an interesting challenge both from a DevOPS perspective as well as a web development and integration perspective to create our own fully managed content delivery network. Utilization of the network is geared specifically for WordPress users. The idea being to give users a dead simple way to leverage geographic CDN endpoints across the globe by simply installing a WordPress plugin and activating with the click of a button. You never have to leave your site to register on a 3rd party website, you never have to set up API keys by hand or troubleshoot problems. We wanted it to be simple. And to work! There are many components that need to be integrated and ultimately tied together in order for a system of this magnitude to work. I’ll try to break […]

How to inject advanced custom fields into your WPBakery post grid

Hello! Yes of course WPBakery / Visual Composer is bloated. Absolutely correct its more ideal to simply create your own page template with a custom WordPress query and design your own post grid from scratch. For smaller budget WordPress projects where time is money, it is sometimes ideal to go the post grid route. Why not? The customer wants the designed and customized end result but they have a restricted budget. WPBakery (aka “Visual Composer”) does save time in these scenarios, and there’s something to be said about applying customized CSS and jQuery to customize and tailor the vanilla packaged look and feel that these types of WordPress bundled solutions usually bring to the table. All that said, the point of this post is to describe how to properly inject custom ACF fields (advanced custom fields fields) into your post grids. Why would you want to do that? Well if […]

How to cache queries to admin-ajax.php in WordPress to improve performance

Hello! Working with wordpress for a while now, we noticed that many actions, whether administrative in nature or building a WordPress query on the front end, are dependent on the built-in admin-ajax.php or WordPress AJAX API. Since many 3rd party plugins depend on this Ajax API to dynamically push and pull data, it is unfortunately a common occurrence to have the performance of a site impacted when many AJAX API calls are happening. One of the tell tale signs of admin-ajax.php performance issues can be seen when inspecting the network connections of rendering a particular page on your WordPress site. If you filter “admin-ajax.php” in your network tab of the developer console in your browser, you should see clearly the admin-ajax.php POST that may be taking too long. In our experience, some post grid plugins that make it easy to render a grid of posts on your page heavily rely […]

How to craft an XSS payload to create an admin user in WordPress

Hello! XSS (or cross site scripting) attacks are a common method to maliciously execute actions against a website installation. In particular this type of attack vector is useful when dealing with a CMS like WordPress where you have administrative user accounts to target. This means that if you are able to craft an XSS payload that will ultimately be executed by the administrator of that site, you can essentially do whatever you want. In javascript of course. What I’ll go through in this post is exactly how to capitalize on a particular (old) WordPress plugin vulnerability to deliver a persistent XSS injection (not logged into WordPress) that will later be executed by someone logged into WordPress with higher privileges, such as an administrator. Persistent versus Reflected XSS This is debatable, but to simplify things it would be easiest to describe XSS attacks as being two high level methods : persistent […]

WordPress Woocommerce plugin to disable payment methods based on zip or postal codes

Hello! Woocommerce is a great easy-to-implement and versatile e-commerce platform. With the robust development community, expanding the core functionality can be relatively straight forward with the availability of a wide assortment of 3rd party plugins for Woocommerce. One of the things that we felt was missing, but a simple requirement, was the ability to manipulate the payment methods available based on the zip or postal code of the customer. This means that under certain conditions, the end-user will have a catered list of payment methods available to them. The system would need to have the ability to “Remember” the user, and subsequently the available payment methods, even if they came back later to purchase with a different postal or zip code. Why is this necessary? There could be many different justifications for this type of behavior with Woocommerce. If you are offering products and services to customers on a national […]

How to use PHP as a web service to backup MySQL over HTTPS to a remote destination

Hello! Following with the theme of our last post, we thought it might be useful to demonstrate how to create a pure PHP based web service to backup your MySQL database to a remote destination (also with PHP) over a secure HTTPS connection. High level, all we will be doing is iterating over all the tables of the database and generating the database data as JSON, transmitting it to the receiving end over an AJAX HTTPS post. We’ll save it for a separate post, but in this scenario you would also likely want to iterate over the JSON data on the receiving end in order to process and create the database backup on the receiving end’s MySQL instance. Trigger the backup In our scenario we would be implementing this solution as a WordPress plugin. There’s no point in going into it specifically in that context because it is most likely […]

New Company Site Launch for Shift8 Web

Hello! We are excited to announce that we have created a brand new website for ourselves! Sometimes its difficult to focus on ourselves when we are so often focused on our clients. With new and exciting projects on the horizon, we thought we would take the opportunity to chip away and eventually launch a new website for ourselves. While previous site was on the Drupal CMS, we decided it would be nice to migrate back to our old friend, WordPress.

Though our site may seem kind of simple, there’s a few interesting things that we did that we wanted to share. Mobile Detection with jQuery Why does anyone ever need to detect for mobile devices anymore? Don’t we just use media queries? Well, yes that is the best practice answer. But throw in multiple layers of caching like Memcache, Page caching, Object caching and Varnish caching and you will […]

Create self-populating ajax drop-down forms in Drupal with the Form API

Hello! At risk of making the title of this post a mouth full, I thought I’d share some of our experience with interacting with Drupal’s Form API (Specficially Drupal 7.x). There is a lot of documentation on different ways you can interact with the Form API to accomplish a wide range of tasks from collecting information, processing information or building complex search queries. The latter is where we ventured in our most recent work interacting with Drupal’s Form API. We worked on a project where the requirement was to build a drop-down based filtration system where content category choices in the drop-down boxes would auto populate dependent taxonomies based on the relationship of the taxonomies , content fields and content in general. After choosing all the drop-down boxes, the end-user would then be able to click a “Go” button to build a list of results that apply the selected filters. […]

Ajax Long Polling to your RESTful API

Hello! Whether your developing a mobile or web based application, keeping on top of constantly changing data is a challenge on its own. Sometimes its necessary to make repeated calls to your API to pull updates at regular intervals. We wrote a previous blog post describing how to use Ajax to pull JSON data via a RESTful web API (click here to read it). Somewhat extending that sentiment a bit, we would like to walk through the process of creating an Ajax “polling” process that repeatedly polls the API to pull data over and over again. This will allow you to receive, process and manipulate or display the data as it changes. The context through which we are using this process is to display changes made to a google map via geo-location updates to a centralized API server that processes updates and returns them to the end users. This particular […]

Pull JSON data from your website to your mobile application with Ajax and PHP

Hello! Making mobile applications is much easier than it used to be. As with previous posts, we have been experimenting with Apache Cordova Framework for easily building mobile applications, leveraging web frameworks like AngularJS. Many mobile applications communicate with a centralized “server” or website that retains all the data that may be useful for the mobile app. For example you might want to have a mobile application that retains a centralized “friends list” that the end-user can modify. You can store this friends list in a database, and access that data by making an Ajax request to pull the data in json format. For the website that retains and manages this data, we have decided (for this example) to use the PHP Slim Framework. We mainly chose this because it makes rolling out a web based application API with a database backend very simple (in under 30-50 lines of code). […]