How to optimize and speed up your WordPress site

Hello! What a topic : how speed up your WordPress site. There are so many elements and factors that contribute to site speed, it is my intention to cover each area that contributes or affects overall site speed, specifically with a WordPress site. Being the most popular CMS in the world means that all sorts of people are using WordPress for all sorts of reasons. Having a fast performing site has been proven to improve things like overall sales with e-commerce as well as bounce rates with end-users visiting your site. People tend to not have patience to wait around for websites to load these days, and Google has recognized that and will prioritize sites organically that render faster than others. This is a tricky endeavour because some of the issues that may be contributing to underlying slowness may be pointing you in the wrong direction in terms of a […]

How to create self-populating “smart” forms in Drupal 8 with Form API

Hello! Many years ago (2015 to be exact), we published an article on how to create self-populating dropdown forms using the Drupal 7 Webform API. Now that the year is 2019 and Drupal 8 has been “Released” for quite some time now, with 8.7.1 as of May 2019, we thought it might be a good idea to update the strategy to do the same or similar action in Drupal 8. What are we trying to do anyways? Well we want a way for people to interact with a Webform in an interactive way. This means we want subsequent dropdown selections to be populated by previous choices. This logic doesn’t have to be restricted to dropdowns, it can be input  boxes, checkboxes or radio buttons. Anything, really. In the example above, you can see “Beverage” is chosen for “Industries”. The “Products” dropdown underneath has the options that you see  populated based […]

How to make bulk changes to WordPress Woocommerce product attributes with PHP

Hello! Sometimes its necessary to make site-wide changes to WordPress posts in order to save time and programmatically propagate changes without having to edit each post one at a time. For bulk manipulation of WordPress data, it is sometimes effective to write a command line PHP script to hook into your WordPress environment and execute changes. One of the main advantages with executing these types of functions on the command line as opposed to a web based interaction is you are not subject to the same execution and other timeout restrictions for web based requests. This means that a command line PHP solution can run longer, which is sometimes needed for complicated efforts. In our example, we will break down the PHP Command line script, how to safely and securely hook into WordPress to take advantage of all the built in functions, and update all the products in our WordPress […]

How to craft an XSS payload to create an admin user in WordPress

Hello! XSS (or cross site scripting) attacks are a common method to maliciously execute actions against a website installation. In particular this type of attack vector is useful when dealing with a CMS like WordPress where you have administrative user accounts to target. This means that if you are able to craft an XSS payload that will ultimately be executed by the administrator of that site, you can essentially do whatever you want. In javascript of course. What I’ll go through in this post is exactly how to capitalize on a particular (old) WordPress plugin vulnerability to deliver a persistent XSS injection (not logged into WordPress) that will later be executed by someone logged into WordPress with higher privileges, such as an administrator. Persistent versus Reflected XSS This is debatable, but to simplify things it would be easiest to describe XSS attacks as being two high level methods : persistent […]

WordPress plugin to integrate Jenkins to streamline your build process

Hello! We love integrating Jenkins into development workflow. Typically Jenkins would be used for custom development projects to streamline the development “push” process in order to seamlessly integrate code changes from a testing / staging environment over to the live environment. For frameworks like Laravel or Django, this works very nicely. Until recently, we haven’t considered integrating Jenkins into our development workflow for WordPress projects simply because it seemed like overkill. It wasn’t until a few larger WordPress projects came along that required a standalone staging site to push changes that we considered actually integrating the push process with Jenkins into the WordPress administrative interface. What this means is that our clients wanted a staging environment to make content and other front facing changes, approve them internally and then initiate a content push from the staging site to the production / live site. From a development perspective we would be […]

How to use PHP as a web service to backup MySQL over HTTPS to a remote destination

Hello! Following with the theme of our last post, we thought it might be useful to demonstrate how to create a pure PHP based web service to backup your MySQL database to a remote destination (also with PHP) over a secure HTTPS connection. High level, all we will be doing is iterating over all the tables of the database and generating the database data as JSON, transmitting it to the receiving end over an AJAX HTTPS post. We’ll save it for a separate post, but in this scenario you would also likely want to iterate over the JSON data on the receiving end in order to process and create the database backup on the receiving end’s MySQL instance. Trigger the backup In our scenario we would be implementing this solution as a WordPress plugin. There’s no point in going into it specifically in that context because it is most likely […]

How to use jQuery to sort and reorganize your content

Hello! Recently we were tasked with finding ways to re-organize search results on a Drupal page in such a way that we could prioritize, group and sort the results in a coherent way. The simplest way to look at organizing in general, especially content that is dynamically generated, is to either adjust the query that actually produces the results (back-end) OR adjust the results with jQuery (front-end). There are advantages and reasons why one way may be more advantageous over the other. Adjusting the query that produces the results may produce the sorted results quicker however the downside might be that making further adjustments or improvements requires extra overhead since building and executing database queries (for example) requires additional testing, QA and all that sort of stuff. Alternatively, if you sort the content / results on your page with jQuery, it is much more flexible and easier to manipulate the […]

Securing your MySQL queries from SQL injection in PHP

Hello! There is many strategies for securing your code against malicious user input. Some frameworks have checks and balances built in. There are simple standard PHP functions that are designed to strip tags and illegal characters from variables like strip_tags and filter_var. Filtering XSS in PHP Those standard functions are good for basic input filtering, but will not protect you 100%. For example, with strip_tags, you can still escape the filter and inject javascript into the request :

So what do you do? Well this post was written to mainly cover SQL injection with MySQL queries in PHP. Before we get to that, I’ll touch on one option which is to create your own customized input sanitize function. The function can be adjusted based on the queries, commands and risk factors that are dependent on the actual function of your code. Using str_replace, you could craft your own function […]

Use PHP to set up a RESTful API with simple authentication

Hello! It is sometimes necessary to bridge different web applications together in order to transmit or receive information and process it. One scenario could be a mobile application that connects to a web service to pull or push data in order to update the app or provide “real time” services with centralized data. One of the PHP frameworks we have been working with lately is the aptly named Slim. The Slim framework is a very lean PHP framework that allows for a straight forward path to creating the commonly needed building blocks to produce dynamic web services. First, before we do anything, it would be ideal to set up a web site to host the Slim based API service. In the interest of security it is a good idea to force SSL for all requests. That means you will have to purchase an SSL certificate for your website. This will […]

Pull JSON data from your website to your mobile application with Ajax and PHP

Hello! Making mobile applications is much easier than it used to be. As with previous posts, we have been experimenting with Apache Cordova Framework for easily building mobile applications, leveraging web frameworks like AngularJS. Many mobile applications communicate with a centralized “server” or website that retains all the data that may be useful for the mobile app. For example you might want to have a mobile application that retains a centralized “friends list” that the end-user can modify. You can store this friends list in a database, and access that data by making an Ajax request to pull the data in json format. For the website that retains and manages this data, we have decided (for this example) to use the PHP Slim Framework. We mainly chose this because it makes rolling out a web based application API with a database backend very simple (in under 30-50 lines of code). […]