How to craft an XSS payload to create an admin user in WordPress

Hello! XSS (or cross site scripting) attacks are a common method to maliciously execute actions against a website installation. In particular this type of attack vector is useful when dealing with a CMS like WordPress where you have administrative user accounts to target. This means that if you are able to craft an XSS payload that will ultimately be executed by the administrator of that site, you can essentially do whatever you want. In javascript of course. What I’ll go through in this post is exactly how to capitalize on a particular (old) WordPress plugin vulnerability to deliver a persistent XSS injection (not logged into WordPress) that will later be executed by someone logged into WordPress with higher privileges, such as an administrator. Persistent versus Reflected XSS This is debatable, but to simplify things it would be easiest to describe XSS attacks as being two high level methods : persistent […]

How to integrate Chart.js into WordPress Woocommerce to show charts and graphs of your products

Hello! One of the nice things about Woocommerce is that it is very easily customized. Actions can be removed and re-added in order to adjust the default behavior. Additionally you can override many of the default templates that come with Woocommerce and its many extensions to fine tune and adjust the way you want your e-commerce to behave. Whether you are selling t-shirts or auto parts, sometimes its nice to have a clean visual representation of the statistics of each of your products. This will allow the customer to easily attain the pertinent information that they may be looking for, perhaps even assisting in leading them into an online sale. One of the best javascript libraries out there for “charting” is Chart.js. It is very simple yet extremely flexible for plotting and drawing visual representations of data. Things like chart colors, borders and a responsive layout are all things that […]

Read and auto populate fields in WordPress Gravity forms with jQuery

Hello! When designing and implementing Gravity forms there may be occasions where you would want to auto populate multiple fields based on a preceding field selection. This was the case in our scenario where we wanted to populate the selection of a drop-down box based on a Google Map location field within Gravity Forms on WordPress. What we wanted was for the person to enter their location in a Google Map location field (within gravity forms) and based on that selection, read the respective City within that location and based on that selection, populate a drop-down box. Gravity forms already possesses the ability to implement conditional logic, however it largely is designed for the purpose of revealing/hiding/activating input elements based on preceding choices. We need to actually inject an input selection I’ll try to walk through the process to implementing this type of logic specifically with Gravity Forms. Get the […]

How to use PHP as a web service to backup MySQL over HTTPS to a remote destination

Hello! Following with the theme of our last post, we thought it might be useful to demonstrate how to create a pure PHP based web service to backup your MySQL database to a remote destination (also with PHP) over a secure HTTPS connection. High level, all we will be doing is iterating over all the tables of the database and generating the database data as JSON, transmitting it to the receiving end over an AJAX HTTPS post. We’ll save it for a separate post, but in this scenario you would also likely want to iterate over the JSON data on the receiving end in order to process and create the database backup on the receiving end’s MySQL instance. Trigger the backup In our scenario we would be implementing this solution as a WordPress plugin. There’s no point in going into it specifically in that context because it is most likely […]

How to use jQuery to sort and reorganize your content

Hello! Recently we were tasked with finding ways to re-organize search results on a Drupal page in such a way that we could prioritize, group and sort the results in a coherent way. The simplest way to look at organizing in general, especially content that is dynamically generated, is to either adjust the query that actually produces the results (back-end) OR adjust the results with jQuery (front-end). There are advantages and reasons why one way may be more advantageous over the other. Adjusting the query that produces the results may produce the sorted results quicker however the downside might be that making further adjustments or improvements requires extra overhead since building and executing database queries (for example) requires additional testing, QA and all that sort of stuff. Alternatively, if you sort the content / results on your page with jQuery, it is much more flexible and easier to manipulate the […]

WordPress plugin to display your portfolio in a full width grid

Hello! We just released a WordPress plugin, Shift8 Portfolio, to organize your portfolio in a grid using bootstrap scaffolding! This is a very straightforward plugin that we decided to write for our own portfolio page. After using it ourselves it was decided that we needed to share it with the world 🙂 There are many many portfolio type plugins that already exist but the desire was to write something that was very simple and could be expanded later on to accommodate any changes in the custom content that needed to be created such as different sorting categories as well as different shortcode options that might be needed. There are a few interesting things that had to happen when writing this plugin that might be helpful to share for anyone who is interested. How to create a custom post type in WordPress Instead of using the built-in WordPress blog post type, […]

New Company Site Launch for Shift8 Web

Hello! We are excited to announce that we have created a brand new website for ourselves! Sometimes its difficult to focus on ourselves when we are so often focused on our clients. With new and exciting projects on the horizon, we thought we would take the opportunity to chip away and eventually launch a new website for ourselves. While previous site was on the Drupal CMS, we decided it would be nice to migrate back to our old friend, WordPress.

Though our site may seem kind of simple, there’s a few interesting things that we did that we wanted to share. Mobile Detection with jQuery Why does anyone ever need to detect for mobile devices anymore? Don’t we just use media queries? Well, yes that is the best practice answer. But throw in multiple layers of caching like Memcache, Page caching, Object caching and Varnish caching and you will […]

WordPress plugin for a mobile friendly sticky navigation menu

Hello! Creating a unique, original and flexible navigation menu in WordPress can be challenging. There are many commercial and free plugins out there to establish navigation systems, however many of the commercial options seem to be “overkill” providing many bloated options with embedded CSS that can be difficult to adjust by a novice user. What we wanted to do is put together a very simple and clean navigation menu that sticks to the top of the screen and is mobile friendly in a simple yet flexible way. We created a plugin, which you can view by clicking here, to do just that! The plugin utilizes FontAwesome, Modernizr, Google Fonts and CSS from Codyhouse to put together a simple and clean navigation menu solution. Below I’ll walk through the different components that went into this plugin in order to tie everything together in an easy to use solution. Register settings to […]

WordPress plugin to create animated full screen modal flyouts

Hello! We have recently created & submitted our first official WordPress plugin : Shift8 Modal. This is a relatively straightforward plugin that integrates the animatedModal jQuery library into WordPress as an easy-to-use shortcode. Submitting our plugin to the WordPress plugin directyl took roughly 7 days to complete. WordPress has pretty straightforward (though sometimes changing) development policies, standards and best practices to follow. Once approved, a WordPress team member provides SVN access to submit / commit your code to the plugin directory. This plugin is pretty simple in terms of what it does, but I’ll break down what it does. Load animatedModal.js and Animate.css The animatedModal library makes use of the (popular) Animate.css library as well. So we’ll need to load both as an enqueue within the plugin :

Without the above files, the entire plugin will not function properly. Depending on what other libraries you are using, you might […]

How to customize WordPress search results page

Hello! When designing websites, especially websites that have an active blog, it is often necessary to style, customize and design the WordPress search results page. When styling the search results, we typically like to modify the way the results are presented as well as append a few custom CSS container classes in order to ensure the results resemble the way content is arranged throughout the rest of the site. In addition to the CSS containers, we would also manipulate the results containers with responsive CSS @media queries in order to ensure that the results are displayed efficiently and responsively on mobile and tablet devices. Typically we like to keep things clean and minimal, so the data presented and styling are styled as such. Typically in most WordPress starter themes such as underscores, you will have a standard search.php file which will be our starting point. Modify your theme’s search.php file […]