Developer - Post archive

WordPress under attack: How to protect yourself

Published by | Monday, April 15th, 2013

WordPress is under attack and your self-hosted site may well be in the crosshairs of people with nefarious intent. I’d like to shed some light on what’s going on, how to protect yourself against becoming a victim, and what to do if you’re hacked.

A bot-what-now attack?

Over the last couple of weeks, WordPress sites all over the world have been subjected to an unprecedented attack. Botnets—essentially thousands or millions of infected computers working in tandem—are executing brute-force attacks on self-hosted WordPress sites, attempting to log into administrator accounts, and taking over the sites. A brute-force attack is when a computer tries to log in using every password under the sun. While this would take forever for a human, a computer can make hundreds or even thousands of attempts per minute and eventually stumble upon the correct user name/password combination. This is one of the most extensive and wide-reaching botnet attacks ever recorded and it’s targeting all kinds of sites, from personal blogs to enterprise solutions.

Automatically back up your Drupal site’s database

Published by | Friday, February 15th, 2013

You do back up your computer, don’t you? It’s an easy process, even if you don’t use a utility like the Apple Time Machine: you simply move a bunch of files from your one place to another.

But if you try that with your Drupal site, you’ll leave out the most important part—your site’s content and configuration. That’s because those parts live in your site’s database, which is stored far away from the site’s files. The solution is to export the database as a file, then save that file along with everything else. Doing that manually can be a pretty awkward procedure, but the Backup and Migrate module makes it easy. Here’s what I do:

  1. Install Backup and Migrate the usual way (shown in the section “Expanding a Site’s Capabilities with Modules” in Drupal 7 Essential Training).
  2. Define where you want Drupal to store private files by clicking Configuration > File  system. Be sure to secure the destination by following the link on that page. If you don’t, your raw database file could become accessible to everybody.
  3. Configure Backup and Migrate to save the database into that directory. (I set up a schedule to save it once a day.) The video Backing up with the Backup and Migrate module in Drupal 7 Advanced Training shows you how.
  4. Save that database file when you save the rest of the Drupal files.

A conservative strategy: Backup and Migrate set to save six months of backups.

 

One last step: Be sure to practice restoring from that backup to make sure it works, as a bad backup is the same as no backup! Note that this is not the same as a straightforward MySQL export: you’ll need to use the Drupal Backup and Migrate module itself to reestablish your site. But while unusual, I’ve found this procedure to be far easier (and more foolproof) than noodling with my site’s Drupal database manually.

Open source—a two-way street

Published by | Monday, February 11th, 2013

Do you have a favorite open-source software you’re using in your professional work? Most open-source software is created by volunteers, organized as a project where the software is created. If you’re making money from the software, strongly consider giving back to the project.

You don’t have to know how to program to contribute. Answer software questions in discussion forums or social media. Make a financial donation to your project. Many projects would like help with issues peripheral to software development, like accounting, legal advice, marketing or SEO expertise, and more. So get involved and give back to the software you love!

Plan for Drupal 8, build for Drupal 7

Published by | Friday, February 8th, 2013

Rumor has it that early computer maker Osborne folded because it promoted its next-generation (but not-yet-released) model over the adequate (but sellable) one. People decided to wait, starving the company of revenue.

But while Drupal 8′s release is mere months away, there’s no reason to wait. Here’s why you should build your site now, in Drupal 7:

  • Drupal 7 will be good for a while. The community officially supports Drupal with security updates for two major releases. Drupal 6 came out in early 2008; Drupal 7 followed in early 2011. If the pattern continues, Drupal 7 won’t be obsolete until 2015 or later.
  • You’ll (probably) be able to upgrade your site to Drupal 8 later, as core Drupal is always upgradeable. The potential problem is in add-on modules and custom code, which sometimes lag. The good news is the biggie: Views is becoming part of Drupal core.
  • The cost for waiting is too great. While you wait for Drupal 8, your site stays locked in your imagination. There’ll always be something “even better” on the horizon.

So don’t fall victim to the Osborne Effect—build your dream Drupal site now!

Manage unplanned expenses in your web projects

Published by | Monday, January 28th, 2013

When working on a website design or redesign project, have you ever encountered small, unanticipated fees in the course of doing business? These might include costs for stock photography, fonts, content management system extensions, domain name(s), static IP addresses … the list goes on!

Rather than paying this cost from your own budget, or hitting the client up with a bunch of little fees (which gets annoying on both sides), consider quoting a separate line item for website design and development fees. I typically budget roughly 10 percent of the total for this. This is for any additional costs for assembling the site. There’s no guarantee you’ll use this at all, but if you need it, the money is there!

Why WordPress?

Published by | Wednesday, January 16th, 2013

Why WordPress?

 

What makes WordPress a good solution? Why is it so popular? Regardless of the question, the answer is the same, and it can be boiled down to three simple words:

Because WordPress works.

Of course, it’s a little more complicated than that. Let me put it into context from the perspective of the three main users of WordPress: the end user, the site owner, and the designer/developer.

 

 

Easy to find, easy to use, easy to share

A poorly kept secret about WordPress is its findability. If someone asked you how to get indexed on Google and you answered “Just set up a WordPress site,” you would not be far from the truth. The way WordPress is built makes it a magnet for search engines and other online indexes. So much so that if you don’t want your WordPress site indexed, you have to take steps to prevent it from happening.

Out of the box, WordPress has great search and share optimization. With the addition of plugins like WordPress SEO, AddThis, and Facebook for WordPress, these built-in capabilities are further enhanced, giving any site the opportunity to become the next big thing on the web. This is provided the content is great, of course. We’ll get to that later.

The purpose of many websites is to put out easily findable, accessible, and shareable information. And WordPress does this in spades. When you are searching for content on the web today, you will likely find it on a WordPress site. If you are reading or viewing content on a WordPress site, you are able to access and interact with that content through comments and RSS feeds. And once you have read the content, you will have an easy time sharing it with your friends on social sharing sites and social media.

 

Easy to publish, easy to configure, easy to maintain

WordPress is a prime example of the virtues of open source. It is built, evolved, and maintained by the people that use it and is therefore in a constant state of forward-moving flux. For site owners this means by simply running a WordPress site and keeping it up to date, they are at any time using the most current web technologies to communicate with the world.

Over the past three years, WordPress has undergone several fundamental design and development changes that have made an already easy-to-use application even easier to use. At the same time it has become more powerful and diverse. From how it is installed to how a site owner can publish content and interact with visitors, WordPress leads the way in removing the barriers that prevent anyone from publishing online. Between WordPress.com and self-hosted WordPress, most people with access to an Internet connection are now able to publish their thoughts, ideas, and creations online with minimal effort. With the challenges of web technologies all but removed, the site owner can focus on what matters: producing and publishing excellent content to share with the world.

 

Easy to build, easy to augment, easy to evolve

For me, the true power of WordPress lies in the back end. Whether you are a complete novice or a seasoned pro, building themes and plugins for WordPress will make your life easier and will enable you to do more in less time. I am walking proof.

With a design in place, building a custom WordPress site from scratch—one that looks and behaves nothing like what is expected of a WordPress site but is still just as easy to use and maintain—takes less time than with any other platform I have tried. When people ask me what WordPress can do I answer, “Whatever you want it to do.” And I stand by that statement. At its core, WordPress is a simple interface between the site owner, the database, and the end user. All the stuff in between (administration, themes, and functionalities) is available for the designer and developer to play with and add to in any way they want. And because WordPress is open source, people can step in and contribute to the WordPress community in whatever capacity they feel fit, from answering questions in the forums and building free themes or plugins to contributing to WordPress Core.

The bottom line

Though it may sound like I see WordPress as the be-all and end-all of web publishing, the reality is I am a pragmatic platform agnostic. The reason I laud WordPress and why I love teaching people about WordPress is because I see it as one of the best available solutions for most websites today. I have and continue to work with other solutions including Drupal and Joomla!, but for most of the websites I encounter, WordPress is one of the best options.

Whether you are just starting to play with the idea of publishing a blog, you want to become a web designer or developer, or if you already know all there is to know about the web and you just want to play with something new, WordPress is a great tool to use. It has both the ease of use and the advanced features to suit pretty much any need. And when that need isn’t met, a theme, a plugin, or an extension is there to fill the void.

Interested in more?

Suggested courses to watch next:

Introduction to JavaScript templating using mustache.js

Published by | Thursday, December 27th, 2012

Recently I built a small website for an event in my area. This type of project required me to manage small amounts of data—information about speakers, bios, titles, and a description of the talks. I wanted to have a speakers page, but I also wanted a rotating promo built as a component I could use on the homepage, and on other pages to highlight the event’s speakers. That meant two different views for the same data.

This was the kind of problem I used to throw a quick SQL database at, but it really wasn’t worth the pain for this project as the amount of data was so minimal.  However, I didn’t want to resort to HTML because I knew the information would change often and be a pain to update. To solve the problem, I used a library called mustache.js. It’s pretty easy to use, and solves the problem with just a few lines of code.

Why mustache.js?

Mustache is a library that allows you to read in JSON formatted data and display it using templates you design with JavaScript. There are lots of similar libraries, such as underscore.js, handlebars.js, and dust.js. So why did I choose mustache?

Responsive download, not just responsive design

Published by | Monday, November 19th, 2012

When considering a responsive design for a website, many web designers and developers only consider the layout. While it is key to ensure the layout and composition make use of the user’s screen size, the download time should also be considered as part of the user experience.

To really understand the concept of designing for responsive download, we first need to take into account that CSS can be used to add imagery to HTML elements of webpages. From there it becomes more apparent that CSS3 media queries can be used to alter imagery, as well as layout, based on a user’s screen size.

With this in mind, the <header> is one HTML5 element to focus on when planning a web layout. Typically the header area of a website is used for corporate branding, navigation, and imagery that sets the tone of the design. When creating a responsive web design, three or more sets of CSS rules will need to be specified based on the user’s screen size. These CSS rules will then in turn make adjustments to the sizing- and layout-based properties of the header elements based on available screen real estate. If we use CSS to specify imagery to be used in the header area, we can also drive more of the design tone with CSS.

Example of CSS driven imagery

Now, with CSS driving the imagery for the header element, combining CSS3 media queries with image assignments allows the imagery to adjust based on screen size. This allows designers to use larger, less compressed images for larger screens, while smaller screens reference smaller, more compressed images.

The ability to call on CSS referenced images that have varying dimensions and compression settings results in reduced download sizes and times for devices with smaller screens. This means the same HTML and CSS files will call on files for small- and large-screen devices, but the files called on for small-screen devices will be up to one-fifth the size of those called on for large-screen devices.

Three different images sizes created for a responsive web design with responsive download

This technique can be used in many elements of a responsive website, including photography galleries, graphics and diagrams, and even navigation or promotional elements. The amount of compression you apply to smaller images can be greater due to the higher pixel density of modern tablet and phone screens. That being said, compression versus quality has always been a trade-off on the web, so experiment with settings that will decrease file size while still maintaining the integrity of the original image. Also, make sure to always test your work on multiple devices if you get the chance.

If you’re interested in learning more about responsive web design in the lynda.com library, consider checking out Creating a Responsive Web Design from Chris Converse, or Responsive Design Fundamentals from James Williamson.

 

Interested in more?
• All web design courses on lynda.com
• All courses from Chris Converse on lynda.com

Suggested courses to watch next:
• CSS: Core Concepts
 CSS3 First Look
 HTML Essential Training