Tag Archives: WordPress

How to make WordPress database secure by changing default WordPress table prefix?

How to make WordPress database secure by changing default WordPress table prefix?

WordPress Database Security is the most important thing. Every single piece of information stored in it, which makes hackers and bots to target for stealing information by applying SQL Injection.

WordPress Database uses a default table prefix value “wp_” for all of its database tables. Typically, every website that is running WordPress will have its database tables with this prefix and this can surely be used by the hackers or malicious bots to guess your database table names. That’s why the smartest thing to do while creating a WordPress website is to change the prefix of the database, which can be done easily.

If you forgot to change the prefix of the database table while creating your WordPress website, you can do this now by following these simple steps.

Note: It’s recommended to backup your database before performing this task.

There are two simple steps you need to follow:

Step 1. By changing the wp-config.php file:

  • Go to your WordPress root directory and search for a file named “wp-config.php”.
wp-config.php file
wp-config.php
  1. Open “wp-config.php” in any code editor and search for “$table_prefix  = ‘wp_’;”
  2. Change “wp_” prefix to something like “Br1G@de” or anything you like.
WordPress database table prefix
Table Prefix
Note: Only alphabets, numbers and underscores.

Step 2. Change database table names:

Now you need to access your database using phpMyAdmin and change the table name’s prefix with the new one we entered in “wp-config.php” file.

You will find the phpMyAdmin link in cPanel under Databases section.

phpMyAdmin Database
phpMyAdmin

By default there are normally total 11 tables listed

WordPress Database Default Tables
Default Tables

Select the SQL tab and run the simple queries and use the prefix you add in “wp-config.php” file.

RENAME table `wp_commentmeta` TO `Br1G@de_commentmeta`;
RENAME table `wp_comments` TO `Br1G@de_comments`;
RENAME table `wp_links` TO `Br1G@de_links`;
RENAME table `wp_options` TO `Br1G@de_options`;
RENAME table `wp_postmeta` TO `Br1G@de_postmeta`;
RENAME table `wp_posts` TO `Br1G@de_posts`;
RENAME table `wp_terms` TO `Br1G@de_terms`;
RENAME table `wp_term_relationships` TO `Br1G@de_term_relationships`;
RENAME table `wp_term_taxonomy` TO `Br1G@de_term_taxonomy`;
RENAME table `wp_usermeta` TO `Br1G@de_usermeta`;
RENAME table `wp_users` TO `Br1G@de_users`;
 Note: If you have plugins installed, you have to make changes to those tables as well same we just did it with default WordPress tables.
interact with WordPress APis, how to add a custom field via wordpress

How To Interact With An API Using WordPress Standard Functions?

To interact with APIs is a very common thing in Web Development, WordPress gives us the utility functions to interact with APIs. As you know to interact with an API requires good knowledge of cURL and many other things, WordPress takes this responsibility and wrap the inner stories into utility functions for you.

wp_remote_get is the function that gets the data for you from an API. All you have to do is just put the endpoint as an argument and voila! It’s magic.

This function basically takes two arguments
1. $url – Resource to retrieve data from. This must be in a standard HTTP format
2. $args – OPTIONAL – You may pass an array of arguments in here to alter behavior and headers, such as cookies, follow redirects, etc.

Let’s make a call to GitHub API and see what happens.

$response = wp_remote_get( 'https://api.github.com/users/ifiwfi' );

It will retrieve the following data:

Array
(
[headers] => Array
(
[server] => GitHub.com
[date] => Thu, 12 Mar 2015 13:46:33 GMT
[content-type] => application/json; charset=utf-8
[connection] => close
[status] => 200 OK
[x-ratelimit-limit] => 60
[x-ratelimit-remaining] => 58
[x-ratelimit-reset] => 1426171579
[cache-control] => public, max-age=60, s-maxage=60
[last-modified] => Wed, 04 Mar 2015 18:42:08 GMT
[etag] => W/"87972c50f954668862db38480dab5c78"
[vary] => Array
(
[0] => Accept
[1] => Accept-Encoding
)

[x-github-media-type] => github.v3
[x-xss-protection] => 1; mode=block
[x-frame-options] => deny
[content-security-policy] => default-src 'none'
[access-control-allow-credentials] => true
[access-control-expose-headers] => ETag, Link, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval
[access-control-allow-origin] => *
[x-github-request-id] => 6E271E7B:376A:68977C5:550198B8
[strict-transport-security] => max-age=31536000; includeSubdomains; preload
[x-content-type-options] => nosniff
[x-served-by] => 07ff1c8a09e44b62e277fae50a1b1dc4
[content-encoding] => gzip
)

[body] => {"login":"ifiwfi","id":6972531,"avatar_url":"https://avatars.githubusercontent.com/u/6972531?v=3","gravatar_id":"","url":"https://api.github.com/users/ifiwfi","html_url":"https://github.com/ifiwfi","followers_url":"https://api.github.com/users/ifiwfi/followers"}
[response] => Array
(
[code] => 200
[message] => OK
)

[cookies] => Array
(
)

[filename] => 
)

If you want to get the body part from the response, you can do like this:

$response = wp_remote_get( 'https://api.github.com/users/ifiwfi' );
$body = wp_remote_retrieve_body( $response );

If you want to get the response code, you can do like this:

$response = wp_remote_get( 'https://api.github.com/users/ifiwfi' );
$http_code = wp_remote_retrieve_response_code( $response );

The next part of the interaction is to post the values to an API. You can use this function wp_remote_post. This function takes the first argument the URL on which the data has to be posted and the second argument the data which has to be posted. The data should be in the key value pair array. As GitHub doesn’t let us post data so we just assume some URLs.

$body = array(
'name' => 'Irfan Ahmed',
'profession' => 'Software engineer',
'email' => '[email protected]',
'subject' => 'How to post data to a form or API',
'comment' => 'Hey, I learned a lot from this article.'
);

$args = array(
'body' => $body,
'timeout' => '10',
'redirection' => '3',
'httpversion' => '1.0',
'blocking' => true,
'headers' => array(),
'cookies' => array()
);

$response = wp_remote_post( 'http://yourwebsite.com/contact/', $args );

The last important thing is to make any kind of call. Like you want to delete an object from database table using the API. It will be done like this:

$args = array(
'method' => 'DELETE'
);
$response = wp_remote_request( 'http://api.yourwebsite.com/object/to/delete', $args );

This is the most easiest and interactive way to use an API using WordPress using standard functions. Feel free to comment below and let us know how this tutorial helps you.

how to setup HTTPS in wordpress site

What is HTTPS and How to Setup HTTPS in WordPress Site?

One of the most important features which you should have to ensure that your WordPress website is secure and safe for those users who want to exchange their important information on your website while shopping or doing other stuff. Setting up your WordPress website to force use the most secure transaction system is not that difficult to implement, but it needs a lot of decision making when to enforce a secure transaction process for the user.

You would have seen on some websites, their URLs starting with “HTTPS” like Facebook, Google, and many others. An “HTTPS” enabled websites to add a security layer to the data communication between your computer and the server. The data communication is encrypted with an SSL (Secure Sockets Layer) certificate.

The next question in your mind will surely be “Why do you need it?”.

Any sensitive information like your credit card details, your passwords, or anything which could be called sensitive, needs to be safe whenever it is sent towards the server so that nobody between you and the server you are interacting with can get it. That’s why most of the shopping sites don’t use “HTTP”. The next important question is how you can enable SSL on your WordPress site. It is very easy.

Setting up your WordPress site with HTTPS:

First, you have to purchase an SSL certificate for your site and install it on your domain. Then go to the WordPress admin and open the settings page. There you will see these two text fields.

wordpressURL fields

Just change your URLs by putting adding “s” after “HTTP” and save it. The next step is to open your “.htaccess” file which is residing in the root of your WordPress and put this code into that file.

RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*)  https://%{SERVER_NAME}/$1 [R,L]

Let me explain the above code.

First-line will check whether the URL which has been entered by the user is having “HTTPS” or not and will be true if it is not having “HTTPS”.

In this part “https://%{SERVER_NAME}/$”

{SERVER_NAME} = “domain name”
^/?(.*) = “the slash is representing that slash, which is coming after the domain name and? (.*) means nothing or everything”
$ = “this variable will be having everything user entered after the domain name”
In “[R, L]”, “R” means redirect, and “L” means this was the last rule so stop further processing.

Save your “.htaccess” file and you are all done. Stay safe.

WordPress Cron, how to implement wordpress crons

What is a cron job and how to implement it in WordPress?

What is a cron?

A cron was first used in UNIX operating system to execute specific commands automatically on a specific time instead of executing them manually. In simple words “a cron is a time-based scheduler“.

What is a WordPress Cron?

A  WordPress cron refers to “pseudo-cron system”, WordPres cron job is a scheduled job that runs on a given time automatically.

Limitation of WordPress Cron:

WordPress cron will only run if any user visits your WordPress website’s page/post. Then WordPress will check for any available crons and execute them.

There are two types of crons in WordPress:

  1. Which runs on a specific time automatically and dies.
  2. Second, which run at a specific time automatically again and again.

A cron job may be of any type. It may be an automatic backup taking job, it may be an automatic emails sending job and list goes on depending on what you want to get done.

You can set a cron job by accessing your site’s Cpanel and it is possible some hosts might not be permitting you to set up a cron job for security reasons.

Instead of accessing crons from your site’s cPanel, you can also access crons from WordPress.

A cron job which sets up using cPanel, doesn’t need to check that visitor visits your site, cron will execute automatically at its specific time.

But, WordPress cron will only run if anyone visits your WordPress website, then WordPress checks whether the time is passed or not.

A thing to keep in mind:

“Never ever perform heavy processes in your cron job unless you have a super host like a dedicated host system with maximum performance. Otherwise, it will slow down the server.”

Usage of cron job

What do we need to know about setting up a cron job in WordPress?

WordPress cron job can be setup without using any coding simply by following the suggested steps:

1- Go to Tools and visit Cron Events page

2- Then scroll down to ‘Add Cron Event’ tab.

There you will be required  to provide a hook name for your cron event. Please keep in mind hook names must not have spaces or special characters.

What  does WordPress cron job do in WordPress?

WordPress core and a number of plugins use WordPress Cron to execute the following tasks at regular, repeating intervals:

  1. Checking the updates for plugins and themes.
  2. Checking the WordPress version to ensure it’s up to date.
  3. Backing up the website and database.
  4. Optimizing the database to improve performance.

Below are some examples of WordPress cron jobs which fire only once at a fixed time:

  1. Sending emails at a specific time.
  2. Publishing a blog post at a specific time.

Take a look on the following code snippet:

register_activation_hook( __FILE__, 'activate_cron_job' );
/**
* On activation, set a time, frequency and name of an action hook to be scheduled.
*/
function activate_cron_job() {
wp_schedule_event( time(), 'hourly', 'hourly_cron_job_hook' );
}

add_action( 'hourly_cron_job_hook', 'do_this_hourly' );
/**
* On the scheduled action hook, run the function.
*/
function do_this_hourly() {
// do something every hour
}

register_activation_hook triggered when plugin is activated, and will activate our cron job. First argument of wp_schedule_event is taking the current time and the second argument is about the time interval, like daily, twice daily or hourly. And the third argument is the function hook which will actullay call the original function “do_this_hourly”.

Let us know in comments below, if it helps you with your WordPress website.

what is plugin in wordpress, What is a WordPress Plugin and How to Develop it, WordPress Plugin

What is a WordPress Plugin and How to Develop it?

WordPress is a flexible platform which provides developer to add extra functionality without changing the core of WordPress. To enhance the functionality of WordPress we need to write custom plugins. WordPress Plugins are just like add-ons, which uses the core functionality of WordPress and add custom functionality into it.

In this article, we will look at what are WordPress plugins and how we can create one.

What is a Plugin in WordPress?

A plugin is a piece of custom code that extends the functionality of WordPress which already exists. It could be a single line of code or a bunch of lines.

What is a Plugin in WordPress

Why use a WordPress plugin?

Whenever you get a burger from a fast-food restaurant, you will be asked ” Sir, do you want extra cheese in your burger?

Why extra cheese in a burger? Of course, it will enhance the taste of your burger but it is not necessary. You can have your burger without adding cheese to it.

WordPress is your burger, and a plugin is your cheese that will add new functionality or enhance the basic functionality of your WordPress.

Plugin Behavior

There are two types of basic plugin behaviors

  1. add_action()
  2. add_filter()

add_action() and add_filter() both are WordPress hooks, to know more about hooks there is a complete tutorial for you on Some useful hooks in WordPress.

You want to perform some specific action using “add_action()” when:

  • A post is made

  • A post of a specific category is made

  • If a specific word occurs in the title of a post

  • If a new user added to a  particular group of users, like admins group, editors group

And the list goes on, depending on your requirements.

Let’s come to the presentation side. You want to perform some action using “add_filter()” when:

  • A post is presented(rendered) on the page

  • A post of a specific category is presented(rendered) on the page

  • If a specific word occurs in the title of a post

Practical example for add_action().

We will make a plugin that will fetch a list of email addresses of the subscribers from the database and send a notification email to each user having a link to that newly published post whenever a new post will be published

Open a text editor and put this code snippet in the file and save it with any name in the ‘wordpress\wp-content\plugins’ directory.

<?php

add_action(‘publish_post’, ‘notify’);

function notify(){

echo ‘Notified';

}

?>

Job has been done.  You have successfully created your new plugin. Go to the admin dashboard move the mouse over the plugins option and click on ‘installed plugin’ and see your plugin is coming in the list. What? It is not coming. Ok, no problem. Let’s tell WordPress about our plugin so that WordPress can know about it.

Open your plugin file and put these commented lines at the start of the file

/*

Plugin Name: My Notify Plugin
Description: With this plugin, you can notify a group of users about the publishing of a new post
Author: WpBrigade
Email: [email protected]
Version: 1.0

*/

So now your plugin file should look like this.

<?php

/*

Plugin Name: My Notify Plugin
Description: With this plugin, you can notify a group of users about the publishing of a new post
Author: WpBrigade
Email: [email protected]
Version: 1.0

*/

 add_action(‘publish_post’, ‘notify’);

function notify(){

echo 'Notified';

}

?>

 “publish_post” is a WordPress built-in function(hook) which is called when a post is to be published and what we are doing, we are telling the WordPress that when you call the “publish_post” function call our function also inside you “publish_post” function. This is called a hook. Like you don’t go and touch the core function and enhance that function in your own way.

Example for “add_filter()”.

Open your text editor again and put this code snippet into it.

<?php

/*

Plugin Name: Change Post Title
Description: With this plugin, you can change the titles of the post
Author: WpBrigade
Email: [email protected]
Version: 1.0

*/

 add_filter(‘the_title’, ‘add_text_to_post_title’);

 function add_text_to_post_title($title){

return $title. ‘ “Added when rendered”‘;

}

?>

“the_title” is also a WordPress hook and we are doing the same thing with it what we have done with the “publish_post” hook.

Again, keep the file and folder name the same, and put the plugin folder into the plugins directory.

So this was a little about how to enhance WordPress functionality, and plugins don’t stop here, you can create plugins to add new functionality to WordPress.