plugins

WordPress

How to prevent CSRF vulnerability in WordPress plugins and themes

Recently the folks at Secunia contacted me regarding a vulnerability in my plugin Contextual Related Posts.

Contextual Related Posts is a powerful plugin for WordPress that allows you to display a list of related posts on your website and in your feed. The plugin comes with a tonne of options and inbuilt caching that can possibly increase user retention.

This vulnerability was on the settings page of the plugin and opened up the blog to a potential cross site request forgery (CSRF)

The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to change plugin settings and e.g. insert malicious script to pages or posts when a logged-in administrator visits a specially crafted web page.

Since then, I’ve been scouring the web for material on this and you might also want to take a look this article on crunchify for a solution. In this post, I’ll tell you what I did to fix the vulnerability. But first, let’s understand what’s CSRF.

Read More »How to prevent CSRF vulnerability in WordPress plugins and themes

Advertisements
Delete Tags

How to delete unused or less used post tags in WordPress

If you’ve been running a multi-author blog like us, over a period of time, you’ll see your list of tags growing exponentially. When I reviewed the number of tags on Techtites today, I noticed that this was well over 1,100 tags!

So, I went into the Tags interface and immediately realised that I’m going to spend an hour just deleting and cleaning up tags.

There are a few WordPress plugins available that allow you to manage tags and categories, including Term Management Tools. However, there isn’t a good free plugin to delete and clean up tags.

So, with a bit of googling, I came across SumTips post. If you have access to your database via phpMyAdmin or a similar tool then it will take you less than a minute to delete unused or unpopular tags.

If you proceed beyond this step, please be extremely careful. Playing with your database table is risky and can break your entire site!

Read More »How to delete unused or less used post tags in WordPress

WordPress

5 lesser known Contact Form plugins for WordPress

Everybody has heard of Contact Form 7 (we use it here on Techtites) as well as many of you might have got your hands on Gravity Forms. Besides these, there are several other lesser known contact form plugins that make it easy to collect information from your visitors. I’ve highlighted five of these below.

CloudFlare

How to speed up your site with CloudFlare

Many weeks back after much deliberation, I decided to give CloudFlare a shot. As they describe themselves…

CloudFlare protects and accelerates any website online. Once your website is a part of the CloudFlare community, its web traffic is routed through our intelligent global network. We automatically optimize the delivery of your web pages so your visitors get the fastest page load times and best performance. We also block threats and limit abusive bots and crawlers from wasting your bandwidth and server resources. The result: CloudFlare-powered websites see a significant improvement in performance and a decrease in spam and other attacks.

CloudFlare

CloudFlare offers both free and paid plans. You can check out a comparison between the various plans as well as see all that you have for offer. If you’re running a huge site, getting a paid plan is definitely a great option. It definitely works out cheaper than running your own server.

If you’ve decided to take the plunge, here is how you can go about speeding up your website. Note that you’ll need to be able to have access to change the nameservers for your domains, as well as add and activate a WordPress plugin (optional).

Follow my guide below to add your website to CloudFlare. I’ll walk you through how I added my site on Sir Arthur Conan Doyle to CloudFlare.

Read More »How to speed up your site with CloudFlare

Send to Kindle

Amazon adds Send to Kindle button

Ever since I bought a Kindle around a year back, I’ve rediscovered my love for books. The various apps available for desktop and mobile make reading a breeze. However, I am yet to use the Kindle to browser websites, because the browser is just not built for this.

DX Plugin Base

Begin coding your first WordPress Plugin with DX Plugin Base

If you’re thinking of getting into WordPress plugin development, I suggest reading this article on webdesigner depot. It gives you a basic idea on creating the directory structure and adding in your first snippets of code. When you’re ready to take it to the next stage, you might want to consider Mario’s DX Plugin Base.