Nov
11
2008
0

Safer Software Practices

Wordpress

Wordpress

I’ve been upgrading to the latest releases of WordPress as soon as each one comes out.  And, its a good thing too.

Over the last week or two a website named “Wordpresz.org” ((I’ve edited the link so that it goes to WordPress.org instead.  I don’t want contribute to these hackers fooling anyone else.)) was discovered.  The people who created this website were using a vulenerability in WordPress version 2.6.2 to redirect users to their website.  Their website purported to release WordPress version 2.6.4[1].  The problem was that they had hacked one file in the installation package to create a bigger security vulerability.

This just goes to show that:

  1. Monitor for Updates. Many programs these days automatically check to see if new versions are available.  If the program does not have this feature[2] , its a good idea to check about once a month or so.
  2. Update Frequently. Not all software updates are equal.  If the program is being updated to fix security vulnerabilities or improve the program’s stability, you definitely want to install the update.  This website’s installation of WordPress was already “inocculated” against this kind of attack because I had alled version 2.6.3 almost as soon as it came out.
  3. Use Official Sources. WordPress is open source software built using PHP and MySQL.  Since the program is open source, its easier to modify the code. ((As Uncle Ben said, “With great power comes great responsibility.”))  The themes and plugins available through WordPress.org are reviewed by other users for malicious code and for possible improvements.  If you’re not certain how to examine source code for malicious code, its best to only use official sources.
  1. The latest version is 2.6.3 which is just version 2.6.2 with a small but important security fix. []
  2. Or if you turn it off, as I sometimes do. []
Aug
27
2008
0

Website upgraded again!

In my never ending quest to build the world’s best workers’ compensation website, I’ve made a few upgrades:

  • Upgraded from WordPress 2.6 to WordPress 2.6.1
  • Infinitesimal changes to the theme
  • Adapted a new plugin for WordPress that redirects you directly to the calculator page as soon as you log in

Why keep upgrading WordPress?

Using open source software can be a two-edged sword. On the down side, anyone with the ability to read the source code can figure out the security vulnerabilities. The plus side is that people are constantly working to improve and eliminate those very same security vulnerabilities.

Since people are working on WordPress all the time, it will need to be upgraded all the time. Doing so allows me to take advantage of the latest features and security updates. So far I’ve used WordPress 2.3.2, 2.5, 2.5.1, 2.6, and now 2.6.1.

Why change the theme?

The theme (the “look” of this website) is completely user configurable. Since this website’s launch I’ve been constantly tweaking the look. Minor changes to the color scheme, menu at the top of the website, and how many posts are shown on the blog page.

I work on the theme in order to (hopefully) make the website more aesthetically pleasing and easier to use.

Why the new plugin?

I’d like to make the free registration process as quick and as painless as possible. I’ve had the opportunity to watch a few people go through the free registration process for this website. What I saw was that people were logging in for the first time and were sent to their user page – which looks totally different from the rest of the website. Unfortunately, this caused no end of confusion.

I modified an existing plugin to override website’s default settings to send users directly to the calculator page as soon as they log in.

Aug
25
2008
1

Inside the Calculators – Part IV – MySQL

I recently gave a brief overview of my permanent disability and workers’ compensation benefit calculators. In that post I wrote a little bit about how my online benefits calculators work. Since then I’ve posted about my use of javascript, PHP, and AJAX in creating these permanent disability and permanent impairment calculators.

As I mentioned in the prior post in this series, my first few versions of this website and its workers’ compensation calculators did not use MySQL.  The initial versions of this site only saved information – which meant I only had to use PHP to open a file on the server, add an extra line of information, and then close the file.  This had several problems:

  1. Once my website became more popular, it was not uncommon to have more than one user online.  That meant the server tried to open the file – but couldn’t since it was already open.  This caused the program to freak out.
  2. In order to view just a little bit of information, I had to download the entire file.  This got crazy pretty quickly.
  3. Each time the file got larger, it would take slightly longer to open, append with more information, and close.

MySQL is an incredible tool for storing, organizing, and retrieving a large amount of data.   Like PHP, it is also open-source.  This means it is:

  • Well supported.  There are lots of online resources and books to help you learn.
  • Secure.  Lots of people spend a lot of time thinking of ways to prevent security vulnerabilities.
  • Customizable.  You can configure or even rewrite it, if you wish.
  • Interoperability.  You can save it to just about any format – including MS Excel spreadsheets.
  • Free.  Unlike Oracle or any of the MS alternatives, it is totally free.

So, why did I avoid MySQL?  I didn’t want to have to learn a whole new programming language.  I had to learn how to set up a database, tables within the database, how to search for information in a table, how to put information into a table, and how to change information which was already in a table.  There was a lot of trial and error.  I ended up doing some pretty cool things in the process of learning this language.  Some examples:

  • Teaching others some of the basics of MySQL
  • Writing a program for cataloging books
  • Writing several programs which performed various calculations to track invoices, billings, etc
  • Setting up several blogs/websites

The end result of learning this language is a more interactive website.  One of the last incarnations of this site was a version that would show different color schemes, advertisers, and messages depending upon the user.  All of this was made possible by large amounts of data stored in MySQL.

Thus ends my technical overview of my workers’ compensation permanent disability calculators!  If you have any questions, please feel free to email me or leave a comment below!

Use of this site constitutes agreement to its Terms of Use, Privacy Policy and Legal Disclaimer.
Copyright 2007 - 2017 - PDRater – PD calculators and Jay Shergill
Powered by WordPress | Aeros Theme | TheBuckmaker.com WordPress Themes