Personal Web Tech Development » plugin http://suraja.com My other personal approach on tech and website development Tue, 17 Jan 2012 20:23:50 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 How to avoid WordPress Remote SQL Injection http://suraja.com/website/website-development/how-to-avoid-wordpress-remote-sql-injection.html http://suraja.com/website/website-development/how-to-avoid-wordpress-remote-sql-injection.html#comments Thu, 26 Jun 2008 10:18:00 +0000 Web Tech http://suraja.com/website/website-development/how-to-avoid-wordpress-remote-sql-injection.html Picture of WordPress Remote SQL InjectionWordPress Remote SQL Injection could be a pre-disaster for your WordPress blog, it has been discovered a SQL Injection vulnerability that allows an attacker to retrieve remotely any user credentials from a vulnerable site, this bug is caused because of early database escaping and the lack of validation in query string like parameters.
Wordpress Remote SQL Injection most likely not a destructive job for your WordPress blog, they just inject a redirect or iframe to their own page/website. This is a blackhat SEO injection technique that could hurt your website SEO campaign.

To prepare yourself, read some tips below:
- Always check your AWSTATS to determine your suspicious visitor activity.
- Backup your WordPress files and database weekly incase you need to restore it if needed
- Always update your WordPress instalation to the latest stable version. On the main dashboard, you’ll always see new release information.

If you have to keep to use an old WordPress version, make sure that you hide your WordPress version. A lot of attackers and automated tools will try and determine software versions before launching exploit code. Removing your WordPress blog version may discourage some attackers and certainly will mitigate virus and worm programs that rely on software versions.
Please note that hiding your WordPress version may break any plugins you have which are version dependant.

Then how to avoid WordPress Remote SQL Injection?
I found this WordPress Security Scan plugin that will scan your WordPress installation for security vulnerabilities and suggests corrective actions.Such
- passwords
- file permissions
- database security
- version hiding
- WordPress admin protection/security
- removes WP Generator META tag from core code
You can download this useful plugin here

And to complete your mission to fight the WordPress Remote SQL Injection, set the file permission (chmod) to 444 (r–r–r–) or read-only to these WordPress files:
- index.php
- wp-config.php
- wp-setting.php
- All your themes file located on wp-content/themes
Note: Actually you can set all files on your root WordPress directory to 444 (exclude the sitemap or any 666 needed files)

This last tips completely rocks!

Let me how it works for you and say something to fight the WordPress SQL Injection!

Incoming search:

444 avoids sql injections]]> http://suraja.com/website/website-development/how-to-avoid-wordpress-remote-sql-injection.html/feed 0 WordPress Plugin for Auto Nofollow and Opened in New Window http://suraja.com/website/website-development/wordpress-plugin-for-auto-nofollow-and-opened-in-new-window.html http://suraja.com/website/website-development/wordpress-plugin-for-auto-nofollow-and-opened-in-new-window.html#comments Fri, 20 Jun 2008 11:33:56 +0000 Web Tech http://suraja.com/website/website-development/wordpress-plugin-for-auto-nofollow-and-opened-in-new-window.html Picture of Nofollow pluginCouple weeks ago I wrote about how to make your Paid Post safe for Google, and for this purpose I found a great WordPress plugin to do this automatically. This WordPress plugin will automatically make any link on your post to be rel=nofollow and target=_blank (will make it opened in a new window)
This could save your time if you have a large post on your WordPress blog and make your selling link list more safe on Google’s eye. Great for any SEO campaign!

You can download the plugin here and read the manual instructions, it’s not too difficult anyway. Just let me know how it works for your SEO campaign.

]]> http://suraja.com/website/website-development/wordpress-plugin-for-auto-nofollow-and-opened-in-new-window.html/feed 2 Gallery Navigation Plugin http://suraja.com/website/website-development/gallery-navigation-plugin.html http://suraja.com/website/website-development/gallery-navigation-plugin.html#comments Sat, 10 May 2008 00:55:54 +0000 Web Tech http://suraja.com/website/website-development/gallery-navigation-plugin.html Picture of Gallery navigation PluginGallery Navigation Plugin is a simple WordPress 2.5 plugin that allows you to quickly add page navigation to your wordpress 2.5 gallery.

Installation

1. Upload `galnav.php` to the `/wp-content/plugins/` directory
2. Activate the plugin through the ‘Plugins’ menu in WordPress
3. Place ‘<?php isgal($post->ID); ?>` before the contenty loop (the_content();)
in your post templates
Example:
<?php the_content(’<p class=”serif”>Read the rest of this entry »</p>’); ?>

4. Don’t forget to fill the Custom Fields
Key: isgallery
Value: true

The demo page can be seen here

Download Gallery Navigation Plugin

Give your feedback/comments, so we could develop this plugin more for you

Incoming search:

wordpress Gallery pagination, gallery navigation wordpress plugin, golak gopu, photo gallery navigation wordpress, photo gallery with navigation wordpress, wordpress gallery navigation plugin, wordpress gallery plugin with navigation]]> http://suraja.com/website/website-development/gallery-navigation-plugin.html/feed 12