Archive

Posts Tagged ‘Wordpress’

PHP – HTML5

August 18, 2016 Leave a comment

 

PHP

Starting with PHP 5, the object model was rewritten to allow for better performance and more features. This was a major change from PHP 4. PHP 5 has a full object model.

features in PHP 5 are the inclusions of visibility, abstract and final classes and methods, additional magic methods, interfaces, cloning and typehinting.

PHP treats objects in the same way as references or handles, meaning that each variable contains an object reference rather than a copy of the entire object. See Objects and References

Features

Visibility : The visibility of a property or method can be defined by prefixing the declaration with the keywords public, protected or private.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

HTML

How do you improve the performance of a website.

  1. code unification :Each CSS file must be loaded before the page can be displayed in an internet browser.
  2. compress css and javascript files:We can compress a CSS file by removing unnecessary spaces, comments,
  3. Using sprite images instead of multiple images
  4. Always put javascripts at the bottom of the page.

What is bootstrap ?

Bootstrap is CSS framework for developing responsive, mobile first projects on the web. Current version of bootstrap is v3.3.6.  Bootstrap also comes with two preprocessors: less and saas.

 

Bootstrap uses 12 column grid system. Bootstrap’s grid system is responsive, and the columns will re-arrange depending on the screen size

 

What new features has been added in bootstrap 3?

  1. New Glyphicons icon font!
  2. Smallest file size.
  3. New grid system.
  4. its uses CSS compressors (Less/Saas)

Difference between container and container-fluid in bootstrap?

.container has a max width pixel value, whereas .container-fluid is max-width 100%.

.container-fluid continuously resizes as you change the width of your window/browser by any amount.

.container resizes in chunks at several certain widths, controlled by media queries (technically we can say it’s “fixed width”

because pixels values are specified, but if you stop there, people may get the

impression that it can’t change size – i.e. not responsive.)

 

Tell me latest jquery version ?

Latest version of jquery is  V-3.1.0 (11-8-2016)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Difference between html5 tag and normal tag ?

HTML5 tag are called as semantic tags.

A semantic element clearly describes its meaning to both the browser and the developer.

<article>

<aside>

<details>

<figcaption>

<figure>

<footer>

<header>

<main>

<mark>

<nav>

<section>

<summary>

<time>

 

Difference between live and bind function in jquery.

 

The bind() method attaches one or more event handlers for selected elements, and specifies a function to run when the event occurs.

 

The live() method was deprecated in jQuery version 1.7, and removed in version 1.9. Use the on() method instead.

 

Some new fautures of css3?

 

  1. border-radius (border-radius: 25px;)
  2. box-shadow (box-shadow:3px 3px 3px 2px #797979;)
  3. Text Shadow ( text-shadow: #aaa 2px 2px 2px;)
  4. Multiple Backgrounds

.container {

/* fallback */

background: url(image/bg1.png) no-repeat;

 

/* modern browsers */

background: url(image/bg1.png) 0 0 no-repeat,

url(image/bg2.png) 100% 0 no-repeat;

}

 

 

 

 

 

 

 

 

 

  1. Transition

We can add animation to an element using transition. We need to specify these parameters.

  1. transition-property
  2. transition-duration
  3. transition-timing-function
  4. transition-delay

 

div {

width: 150px;

height: 150px;

background: red;

/* For Safari 3.1 to 6.0 */

-webkit-transition-property: height;

-webkit-transition-duration: 2s;

-webkit-transition-timing-function: ease-in-out;

-webkit-transition-delay: 1s;

/* Standard syntax */

transition-property: height;

transition-duration: 2s;

transition-timing-function: linear;

transition-delay: 1s;

}

 

what is closest in jquery ? What’s the difference between .closest() and .parents(‘selector’)?

.closest() method begins its search with the element itself before progressing up the DOM tree, and stops when current element matches the selector.

.parents() Begins with the parent element, get the parent of each element in the current set of matched elements

What is json?

JSON stands for JavaScript Object Notation. JSON is language independent, lightweight data interchange format. JSON data is written as key value pairs.

Eg :”name”:”Selva”

Explain position property in css?

The CSS positioning properties allow you to position an element. There are four different positioning methods: Static, Fixed, relative, absolute.

 

 

 

Difference between $(this) and this in jquery?

Keyword ‘this’ is a native DOM element. $(this) is a jQuery object that allows you to call functions such as .addClass() on it.

Will HTML5 canvas supported in IE ?

HTML5 canvas is not supported in IE version less than 9. ExplorerCanvas(excanvas) a JS library is the option to render HTML5 canvas for IE6, 7, and 8.

what is jsonp?

JSONP is nothing but JSON with padding. JSONP is mostly used in RESTFull APIs(Cross domain request). JSONP is a simple trick to overcome XMLHttpRequest same domain policy. (As you know one cannot send AJAX (XMLHttpRequest) request to a different domain.). JSONP request appends the callback function with URL. Eg: http://www.abcs.com/example.php?callback=simplecallback

Whenever the server receives the callback it will return the data. The data can be accessed using that call back function.

A simple implementation of JSONP request.

//

(function() {

var flickerAPI = “http://api.flickr.com/services/feeds/photos_public.gne?jsoncallback=?&#8221;;

$.getJSON( flickerAPI, {

tags: “mount rainier”,

tagmode: “any”,

format: “json”

})

.done(function( data ) {

$.each( data.items, function( i, item ) {

$( “” ).attr( “src“, item.media.m ).appendTo( “#images” );

if ( i === 3 ) {

return false;

}

});

});

})();

// ]]>

 

 

 

How do you create a simple plugin in jquery?

Sample plugin creation code is given below:

(function($){

$.fn.showLinkLocation = function() {

return this.filter(‘a’).each(function(){

$(this).append(

‘ (‘ + $(this).attr(‘href’) + ‘)’

);

});

};

}(jQuery));

 

// Usage example:

$(‘a’).showLinkLocation();

 

List out some CSS Frameworks for creating responsive templates?

Bootstrap

-> Bootstrap is mobile first framework. It includes predefined classes for easy layout options, as well as powerful mixins for generating more semantic layouts.

 

Foundation 3

-> Foundation 3 is built with Sass, a powerful CSS preprocessor. “Pricing Tables” is an interesting componenet in foundation 3. Pricing tables are suitable for marketing site for a subscription-based product. It also offers super cool features like Right-to-left text direction support.

 

Skeleton

Skeleton is a small collection of CSS files that can help to rapidly develop sites that look beautiful at any size, be it a 17″ laptop screen or an iPhone.

 

YAML 4

YAML 4 is built on SAAS. You can check the documentation in the above link.

 

ResponsiveAeon

Responsive Aeon is a simple, fast, Intuitive css framework. It contains almost 120 lines of code and only 1kb minified.

 

 

 

 

 

What is the difference between canvas and svg?

<canvas> is an HTML element which can be used to draw graphics using JavaScript. This can be used to draw graphs, create animations etc.

The <canvas> element is not supported in older browsers, but is supported in recent versions of all major browsers.

The default size of the canvas is 300 px × 150 px (width × height). But custom sizes can be defined using the HTML height and width property.  The declaration is as follows.

<canvas id=”animate” width=”250″ height=”250″></canvas>

SVG stands for Scalable Vector Graphics (SVG) is based on XML markup language, for describing 2D vector graphics.

Can you explain the difference between cookies, sessionStorage and localStorage.?

LocalStorage stores data with no expiration date, and gets cleared only through JavaScript, or clearing the Browser Cache / Locally Stored Data – unlike cookie expiry.

Local storage and session storage are perfect for non sensitive data. The data stored in localStorage and sessionStorage can easily be read or changed from within the client/browser

so should not be relied upon for storage of sensitive or security related data within applications.

Data stored in the SessionStorage is only available for the duration of the browser session (and is deleted when the window is closed) – it does however survive page reloads.

In cookie, we can store 4096 bytes of data. Data stored in the cookie can be hacked by the user, unless the site uses SSL. We can also prevent injections like Cross-Site Scripting (XSS)/Script injection using httponly in the header.

Explain about quirks mode?

There are three modes used by the layout engines in web browsers: quirks mode, almost standards mode, and full standards mode.

Quirks mode is turned on when there is no correct DOCTYPE declaration, and turned off when there is a DOCTYPE definition.

However, invalid HTML – with respect to the chosen DOCTYPE – can also cause the browser to switch to quirks mode.

 

 

What is meant by hardware acceleration?

It means the graphical rendering is done on dedicated hardware (your GPU / graphics card) rather than your CPU. Hardware acceleration generally produces more fluid animation.In general you should always enable hardware acceleration as it will result in better performance of your application.

This will usually be a higher frame rate (the number of images displayed per second), and the higher the frame rate, the smoother the animation.

How can you load css resources conditionally?

Using CSS media querises we can load CSS contidionally. If you want to load the stylesheet for the device less than 600px, then you can declare as below.

<link rel=”stylesheet” media=”screen and (min-width: 600px)” href=”small.css”>

This style sheet will only load for screen size less than 600px.

Difference between article and section tag in HTML5. How can you nest them in your document?

The section element represents a generic section of a document or application. A section, in this context, is a thematic grouping of content, typically with a heading.

So basically the section element should contain related information bunched under a common heading.

The HTML5 <article> element represents a complete composition in a web page or web application that is independently distributable or reusable, e.g. in syndication.

This could be a forum post, a magazine or newspaper article, a blog entry, a user-submitted comment, an interactive widget or gadget, or any other independent item of content.

We can nest article inside a section tag and vice versa. This is completely legal interms of HTML5.

What happen when you dont use doctype?

When omitted, browsers tend to use a different rendering mode that is incompatible with some specifications.

Also HTML5 tags such as < article >,< footer >, < header >, < nav >, < section > may not be supported if the Doctype is not declared.

 

 

 

 

What are data- attributes good for?

The data-* attributes is used to store custom data related to the page or application.The custom data can be used in JavaScript to complete events or animations.

Which set of definitions, HTML attributes or CSS properties, take precedence?

CSS properties take precedence over HTML attributes. If both are specified, HTML attributes will be displayed in browsers without CSS support but won’t have any effect in browsers with CSS support.

How do I eliminate the blue border around linked images?

in your CSS, you can specify the border property for linked images:

a img { border: none ; }

However, note that removing the border that indicates an image is a link makes it harder for users to distinguish quickly and easily which images on a web page are clickable.

 

Explain about HTML5 local storage ?

There are two ways to store data in HTML as objects locally :

 

  1. localStorage – store data across session acess
  2. sessionStorage – storing data for current session only

Data will be stored in key/value pair format.

example:

localStorage.empid=”420″;

sessionStorage.companyname = “Thiruvarur info tech ”;

 

explain CSS media queries ?

CSS media queries are used to develop responsive templates for different layout of screen, print, mobile , tablet or any other resolutions

 

CSS media queries can be added in 3 ways as like CSS style sheet :

 

Internal stylesheet :  <style type=”text/css”>

@media only screen and (max-width: 600px){

/* rules apply to the device resolution is 480px or less  */

}

</style>

Imported stylesheet :   @import “tablet.css”   (min-width: 800px) and (max-width: 1200px);

External stylesheet:  <link rel=”stylesheet” type=”text/css” href=”deskto.css” media=”screen and (min-width: 1200px), print and (min-resolution: 300dpi)” />

 

 

explain css inheritance ?

Inheritance propagates property values from parent elements to their children. The inherited value of a property on an element is the computed value of the property on the element’s parent element. For the root element, which has no parent element, the inherited value is the initial value of the property.

<div class=”firstClass secondClass thirdClass fourthClass ” > </div >

what is javascript inheritance ?

In simple terms, inheritance is the concept of one thing gaining the properties or behaviours of something else.

Inherited children inherit their parent’s behaviour To say A inherits from B, is saying that A is a type of B.

In JavaScript You must use a special object called prototype.

function Animal() {}; // This is the Animal *Type*

Animal.prototype.eat = function () {

alert(“All animals can eat!”);

};

 

function Bird() {}; // Declaring a Bird *Type*

Bird.prototype = new Animal(); // Birds inherit from Animal

Bird.prototype.fly = function() {

alert(“Birds are special, they can fly!”);

};

The effect of this is that any Birds you create (called an instance of Bird) all have the properties of Animals

var aBird = new Bird(); // Create an instance of the Bird Type

aBird.eat(); // It should alert, so the inheritance worked

aBird.fly(); // Important part of inheritance, Bird is also different to Animal

 

var anAnimal = new Animal(); // Let’s check an instance of Animal now

anAnimal.eat(); // Alerts, no problem here

anAnimal.fly(); // Error will occur, since only Birds have fly() in its prototype

 

explain javascript associative array ?

Associative arrays are where we can associate a key string with a value string

JavaScript objects are also associative arrays.

i.e the property  emp.Name can also be read by calling emp[‘Name’]

We can access each property by entering the name of the property as a string into the array

it refers to accessing the DOM elements of HTML also [as object or associative array]

 

 

 

explain JS Namespace ?

Namespacing is a technique employed to avoid collisions with other objects or variables in the global namespace

and also helps to organize blocks of functionality into easily manageable groups that can be uniquely identified.

JavaScript doesn’t  builtin support of namespacing but using objects and closures we can achieve a similar effect.

javascript Namespacing patterns :

1)    Single global variables :

var myApplication =  (function(){

function(){

/*…*/

},

return{

/*…*/

}

})();

 

2)    Object literal notation :

var myApplication = {

getInfo:function(){ /**/ },

// we can also populate our object literal to support

// further object literal namespaces containing anything

// really:

models : {},

views : {

pages : {}

},

collections : {}

};

 

 

 

 

 

 

3)    Nested namespacing :

var myApp =  myApp || {};

// perform a similar existence check when defining nested

// children

myApp.routers = myApp.routers || {};

myApp.model = myApp.model || {};

myApp.model.special = myApp.model.special || {};

// nested namespaces can be as complex as required

 

4)    Immediately-invoked Function Expressions :

// an (anonymous) immediately-invoked function expression

(function(){ /*…*/})();

// a named immediately-invoked function expression

(function foobar(){ /*..*/}());

// this is technically a self-executing function which is quite different

function foobar(){ foobar(); }

 

5)   Namespace injection :

// define a namespace we can use later

var ns = ns || {}, ns2 = ns2 || {};

// the module/namespace creator

var creator = function(val){

var val = val || 0;

this.next = function(){

return val++

};

 

this.reset = function(){

val = 0;

}

}

creator.call(ns);

 

// ns.next, ns.reset now exist

creator.call(ns2, 5000);

// ns2 contains the same methods

// but has an overridden value for val

// of 5000

 

 

 

 

Type of webservice ?

there are two types of web service….1. SOAP [Simple Object Access Protocol] Webservice and 2. RESTful [REpresentational State Transfer] Webservice.

SOAP is a messaging protocol , REST is a design philosophy , not a protocol.

SOAP:

you define your interface in a .wsdl file, which describes exactly which input parameters are expected and how the return values will look like

there are tools to generate the .wsdl files out of java class hirarchies. JAXB for example

there are also tools to generate java objects/classes as part of eclipse for example (don’t know the name in the moment).

SOAP is very strict. Every request is validatet against the wsdl before processing.

A good but not so easy to start with framework for SOAP WS is Apache CXF

 

REST:  (no hands on experience up to now, feel free to correct and improve 😉 ):

a way to access a webserver or web application to retrieve data from or send to it.

it’s only negotiated, how it is accessed.

common is something like this http://server.domain.com/app/type/id=123 to retrieve object of type type with id=123 very intuitive, but no automatic validation of requests.

The main advantages of REST web services are:

  1. Lightweight – not a lot of extra xml markup
  2. Human Readable Results
  3. Easy to build – no toolkits required

SOAP also has some advantages:

  1. Easy to consume – sometimes
  2. Rigid – type checking, adheres to a contract
  3. Development tools

 

 

 

What is namespacing?

In many programming languages, namespacing is a technique employed to avoid collisions with other objects or variables in the global namespace. They’re also extremely useful for helping organize blocks of functionality in your application into easily manageable groups that can be uniquely identified.Namespacing Fundamentals

  1. Single global variables
  2. Object literal notation
  3. Nested namespacing
  4. Immediately-invoked Function Expressions
  5. Namespace injection

 

Single global variables

One popular pattern for namespacing in JavaScript is opting for a single global variable as your primary object of reference. A skeleton implementation of this where we return an object with functions and properties can be found below:

var myApplication =  (function(){

function(){

/*…*/

},

return{

/*…*/

}

})();

Object literal notation

Object literal notation can be thought of as an object containing a collection of key:value pairs with a colon separating each pair of keys and values. It’s syntax requires a comma to be used after each key:value pair with the exception of the last item in your object, similar to a normal array.

var myApplication = {

getInfo:function(){ /**/ },

// we can also populate our object literal to support

// further object literal namespaces containing anything

// really:

models : {},

views : {

pages : {}

},

collections : {}

};

 

 

One can also opt for adding properties directly to the namespace:

myApplication.foo = function(){

return “bar”;

}

myApplication.utils = {

toString:function(){

/*..*/

},

export: function(){

/*..*/

}

}

 

  1. Nested namespacing
  2. Immediately-invoked Function Expressions (IIFE)s
  3. Namespace injection

 

  1. Explain about css specificity

 

  1. what is the use of box shadow and tell me the syntax.

 

  1. how to acheive rounded corners in css3.

 

  1. How will you improve the performance of a website.

 

  1. What is the use of sprite images.

 

  1. What are the different font formats and how will you include in your css stylesheet.

 

  1. What is responsive web page layout.

 

  1. What is fluid layout and advantages of it ?

 

  1. What do you know about css animations. Will you do css3 animation if we give google access?

 

  1. what are the css frameworks you know. have you ever used any css frameworks like LESS SAAS?

 

 

 

 

 

 

 

 

 

  1. Difference between HTML4 and HTML5?

 

  1. What is the use of canvas ? have you ever used it.

 

  1. What is the main difference between canvas and svg?

 

  1. What are semantic tags in html5. What is the main advantage of it.

 

 

 

  1. How will you add a jquery to your page.

 

  1. What is the diiference between javascript and jquery?

 

  1. Tell me the difference between document.ready and onload function in jquery?

 

  1. how can u apply css in jquery?

 

  1. Can you dynamicaaly add a div using jquery ?

 

  1. What are filters in jquery?

 

  1. What is an anonymous function in jquery and how will you define it?

 

  1. Have you ever heared about MVC in javascript?

 

  1. Javascript or Jquery which is faster ?

 

  1. How can you animate using Jquery?

 

  1. Tell me the use of is() , eq() methods in jquery?

 

  1. Why we use index() method in jquery.

 

  1. Tell me jquery.noConflict() method.

 

  1. Have you ever contributed any plugin?

 

  1. Tell me what are the Jquery UI you know. And how can you customize them.?

Google Introduces Search Engine Apps : Springboard

springerboard

Springboard is designed and marketed towards business and enterprise users of Google’s productivity apps — particularly those that have to regularly sort and search through large numbers of documents and files.

Within the same announcement Google also announce a significant upgrade to Google Sites, which is a tool designed by the company for creating web pages. The update will allow users to easily pull in information from other Google apps, and features all fully responsive designs for all of its layouts.

Both Springboard and the upgrade to Sites are currently being tested amongst a select group of users in Google’s early adopter program. If you’re interested in getting an early look at Springboard you can sign up here. An official public release date was not mentioned in the announcement.

What You Should Know About WordPress SEO

January 27, 2014 Leave a comment

No doubt you understand how helpful WordPress is for a variety of applications, if you work as an Internet marketer or blogger.

It makes running a quality website possible for people with limited experience, and allows almost anybody to get whatever content they want onto the net. Perhaps the most substantial benefit that WordPress offers over other platforms is its ability to levy targeted, organic search traffic. Web site visitors prove to be the vital element for anyone’s website, and improving this function provides many advantages, allowing your SEO work to go smoother and better; this is WordPress’ specialty.

By utilizing the pre-existing features of your new WordPress installation, you can see a serious boost to your search engine visitors. This is far better than being desperate for the almighty search engines to throw traffic in your direction absent targeted instructions, which is what happens with your typical HTML site. The easy to use features WordPress incorporates into your site help you get the most targeted traffic out of Google and other popular search engines. In the following, we will consider the options for achieving a significant ranking for your WordPress blog, and what is involved in reaching this goal.

The first thing you need to focus on is the titles for your content. Google and other search sites look for keywords to prioritize findings, so the titles you use for each post must incorporate as many targeted keywords as possible. These relevant keywords should be in the title as well as your content. You have to be very clear when you’re communicating with the search engines, so don’t have your title repeated elsewhere on the site.

Instead, have a list of related keywords by your side so that you can use them when writing titles for your posts. As you are working, check your titles to be sure they attract readers and are not just a list of words for search engines. Your post title is the first thing anyone will see, so it has to be interesting. As long as you communicate a title that’s relevant and easy to understand, you can keep its length on the short side. Your site’s content is crucial for achieving high ranking in the search engines, so it not only has to be high quality; it has to be relevant in every way.

In particular, if you are not interested in indexing your blog, you should put up a sitemap to your WordPress site. Creating a oogle site mapG is easy with the use of a plugin. It is an easy, but important step to take to maximize your online presence. The site map guides search engines throughout your site to find and index all of the pages. Pinging is another vital action to take and should be done with each new post you place on your site. When other bloggers link back to your blog, you’ll get targeted backlinks, which ultimately helps in your ranking. Notifying (or “pinging”) other sites after every post is published is important.

Make sure to mention and link to older related posts when you add new content. This makes it even easier for readers to get from one post to another. To do this effectively, you can use a plugin which will list related posts under each new post. Additionally, the number of related posts can be changed; this will give the search engines a more efficient way to archive your content.

Welcome New Year 2014

December 31, 2013 Leave a comment

Hello Guys,
card

Wishes to everyone who online on this post.
Wish you all the best to you and your family for your bright future.
This year may come the biggest joy and joy so that you can’t explain that.
You all are invited here to wish Happy New Year 2014 each other.
You can easily wish each other just commenting below.

You have a big opportunity to start the new work today, you can enjoy yourself and motivate yourself by opting the following positive lines: –
Say to yourself every morning:
-Today is going to be a great day!
-I can handle more than I think I can!
-Things don’t get better by worrying about them!
-I can be satisfied if I try to do my best!
-There is always something to be happy about!
-I’m going to make someone happy today!
-It’s not good to be down!
-We always have an option!
-Life is great, make the most of it!

BE AN Optimist!

Best Wishes to all
Balt (selvabalaji)

My Team Plugin for WordPress

December 19, 2013 1 comment

We are  happy to release “My Team” a new WordPress to display team/staff members. You can also display a set of pictures and information in different layouts.

Nowadays, WordPress is more than just a blog. And behind such website is a team. The plugin acknowledges those guys, by creating a template which anyone can copy in his theme directory and have a page ready for the people behind it. The plugin provides the administrator with a nice interface to add/edit/delete the team members. The plugin is under active development so keep checking the page. The plugin uses the short-code given at

http://wordpress.org/plugins/wp-my-team/

Features:

You can display the entries in 4 different main ways

  1. Grid view.
  2. Grid view with Information on hover.
  3. Table list view.
  4. Number of Columns.
  5. Image Shapes and effects.
  6. Text Align.
  7. Special Settings.
  8. Image Sizes.
  9. Email Settings.
  10. Single Page Settings.
  11. Auto Generation Shortcode & PHP Function.

screenshot

How to avoid being one of the “73%” of WordPress sites vulnerable to attack

December 18, 2013 3 comments

A recent investigation has concluded that 73% of the 40,000 most popular websites that use WordPress software are vulnerable to attack.

The research, carried out by vulnerability researchers EnableSecurity and reported by WordPress security outfit WP WhiteSecurity, was conducted between Sept 12 and Sept 15 shortly after the release of the WordPress 3.6.1Maintenance and Security Release.

WordPress is the most popular blogging and Content Management System (CMS) in the world and, according to WordPress founder Matt Mullenweg, it powers one in five of all the world’s websites.

As with any research of this kind we should apply a big pinch of salt.

In fact in this case we don’t need to supply our own salt because the research actually comes self-salted thanks to this hilarious rider at the bottom of the article:

The tools used for this research are still being developed therefore some statistics might not be accurate.

You have been warned.

So if the numbers might be wrong why am I bothering to reproduce them here? Because (in my opinion) they are probably true (well true-ish) and even if they aren’t they still highlight an important security issue which isn’t diminished one iota by their sketchiness.

As long as we go into this with our eyes open we’ll be fine.

The research did no more than set out to discover what versions of the popular CMS are in use by the top 1 million websites.

This singular focus is with good reason: the first rule of WordPress security is always run the latest version of WordPress.

If you aren’t running the very latest version of WordPress then the chances are you are running a version with multiple known vulnerabilities – bugs that criminals can use to gain a foothold on your system.

EnableSecurity’s scan of Alexa’s Top 1,000,000 discovered that 41,106 websites were running WordPress, a little over 4%.

They then determined that of those websites at least 30,823 were running versions of WordPress that have known vulnerabilities. From this they concluded that

73.2% of the most popular WordPress installations are vulnerable to vulnerabilities which can be detected using free automated tools.

Add your salt now.

Even if we take it as read that 73% of the sites are running vulnerable versions of WordPress we still can’t conclude that 73% are in fact vulnerable. There are common security strategies that the researchers didn’t test for, not least using a Web Application Firewall (WAF) that can put up a protective shield in front of vulnerable websites.

By the way, the first rule of WordPress security, always run the latest version of WordPress, holds true even for sites running behind a WAF. They are not mutually exclusive and should be considered as separate parts of a strategy of defence in depth.

In addition to skipping over reasons why the 73% might be a little on the high side the study also leaps acrobatically past a totally different set of reasons why it might be a bit on the low side.

The limited scope of the research meant that it didn’t account for other forms of automated attacks against WordPress installs such as targeting weak passwords or flaws in popular plugins.

As diaphanous as the study’s precision might be, the broad thrust is correct and it contains a useful message; users of WordPress need to be diligent about security because they are using software that is popular enough to be of interest to criminals who conduct large-scale automated attacks.

10 ways to keep your WordPress site secure

If you are running a website that uses WordPress here are 10 suggestions to help you avoid ending up in the 70% (or whatever large number it is) of vulnerable sites.

  • Always run the very latest version of WordPress
  • Always run the very latest versions of your plugins and themes
  • Be conservative in your selection of plugins and themes
  • Delete the admin user and remove unused plugins, themes and users
  • Make sure every user has their own strong password
  • Enable two factor authentication for all your users
  • Force both logins and admin access to use HTTPS
  • Generate complex secret keys for your wp-config.php file
  • Consider hosting with a dedicated WordPress hosting company
  • Put a Web Application Firewall in front of your website

For more on the subject of patching WordPress have a listen to Sophos Security Chet Chat 117, the latest 15 minute installment in our regular podcast series.

 

%d bloggers like this: