Tag Archives: WordPress

Operating Systems

How to Set File Permissions for WordPress on Ubuntu

Leave a comment

Motivation:

  • You have a WordPress instance on Ubuntu Nginx.
  • You want to ensure that only the Nginx process can access WordPress files.

Procedure:

  1. View current file owner and group:
ls -l /var/html

The root folder should be owned by www-data user. www-data is the user that web servers like Apache and Nginx on Ubuntu use by default for their normal operation.

2. Change file owner and group to www-data if necessary:

sudo chown -R www-data:www-data /var/html

3. Set minimum permissions for folders:

cd /var/html
sudo find . -type d -exec chmod 755 {} \; # directory permissions rwxr-xr-x

4. Set minimum permissions for files:

cd /var/html
sudo find . -type f -exec chmod 644 {} \; # file permissions rw-r--r--

5. Verify the changes:

ls -l /var/html
Software Project Management

Should We Rebuild or Renovate an Outdated System?

Leave a comment

Motivation

You have an outdated system and want to rebuild or renovate it. You do not know which path is best for you.

Guidelines

Typically you have 2 main options for an outdated system.

Option 1 – Replacement: You can rebuild the whole system and migrate the existing data to the new system.

If you follow this approach then you may consider WordPress if your system is just a brochure website. WordPress is very suitable for building a brochure website.

If you system is a simple software supporting few business processes then you may consider EspoCRM. EspoCRM is very suitable for building simple business processes.

If your system is a sophisticated software supporting specific business then there may be several things you may need to consider when deciding to rebuild your system.

1. The effort to migrate the existing data to the new platform. A deep analysis of the existing data is required to create a reasonable estimate for this task.

2. The effort to integrate the new system with other systems that are integrated with the existing system. An analysis of the existing source code is required to create a reasonable estimate for this task.

3. The effort to implement all the existing business processes in the new system. A list of all business processes with their concrete steps is required to create a reasonable estimate for this task.

4. The possible mismatches of the new platform and the existing code base and data. These may require changes of business processes or removal of some existing features or considerable effort for migration.

5. Are the source code, database and files of the existing website fully available? Some websites might suffer vendor lock-in issue. It may be true that any exported data is unusable without the source code. Therefore no migration tool can help data migration due to specific data structures and constrains.

For example no one-way encrypted user passwords can be migrated to a new system. The best data that might be available for you is just Excel or CSV files. The contents of these files may be imported to the new system manually or automatically but no business logic can be transferred. In this case, rebuilding the whole system (preferably using WordPress) will require manually copying the contents to the new system and partially importing few tables (e.g. emails, first names, last names, page titles) to the new system.

Option 2 – Renovation: You may choose to renovate your system if the existing technology stack is not too outdated.

When choosing this option you may need to consider several things below.

1. The life cycle of the existing technology stack. The existing technology stack should not be deprecated and is still in active support.

2. The ecosystem of the existing technology stack. Most of 3rd party components for the existing technology stack should still be in development and support.

3. The capabilities of the existing technology stack. The existing technology stack should still support your new requirements although the solutions may not be perfect for performance or user experience.

4. The cost of the existing technology stack. You should still be able to afford the cost of the existing technology stack.

 

Software Project Management

WordPress Lessons Learned

Leave a comment

Lessons learned 1: Maintenance creep.

Problem:

The cost of updating the core, updating plug-ins, and updating integration code for a system built with WordPress is much higher than expected.

Context:

WordPress core, its themes and plug-ins can provide a very fast solution by integrating their features. It works best for used for achieving a general solution (for example corporate websites with predefined business processes).

However their very frequent updates are painful too.

If we do not apply the updates to the system then we may have risk of potential security issues.

Therefore the maintenance of a WordPress based system usually takes more effort than systems built using other web frameworks that do not require very frequent updates.

The problem become worse when we apply the updates to the system and the integration may be broken because of incompatibility among the plug-ins owned by different software providers and WordPress.

Solution:

If you have have opportunity of building a system for a client using WordPress and its plug-ins then you should plan a considerable maintenance budget for updating WordPress, specific plug-ins and integration code.

This lesson learned applies to any system built with a plug-in based architecture (i.e. microkernel architecture) in which the core and plug-ins owned by different software providers.

Lessons learned 2: Customization creep.

Problem:

The cost of integrating a theme with various COTS plugins and integration code for building a system using WordPress is much higher than you expected.

Context:

Customizing a WordPress solution for specific business processes takes more effort than using other general web frameworks because we do not have full control of the themes and plug-ins.

Even we can modify the themes and plug-ins or build new specific plug-ins using PHP and mySQL the solution still depends on WordPress core the architecture of which is not good for domain-specific enterprise systems which often rely much on domain-specific rules that should be isolated from specific infrastructure.

Solution:

If you have have opportunity of building a domain-specific system using WordPress and its plug-ins then you should

  • refine business requirements into appropriate user stories or use cases.
  • create an architecture first and evaluate it carefully using various scenarios, and
  • create a poof of concept.

Lessons learned 3: WordPress and Salesforce integration decision.

Motivation:

You need to evaluate options for integrating WordPress with Salesforce so that development and maintenance cost is acceptable.

Solution:

IMO an enterprise solution based on Salesforce and WordPress integration may be proposed based on a client’s needs and budget.

I define a long term project as a project many big enhancements of which will be required after the solution is deployed.

I define a short term project as a project only some small enhancements of which will be required after the solution is deployed.

I define an important project as a project the requirements of which must be satisfied exactly as the Client requires.

I define a flexible project is a project the requirements of which may be implemented not exactly as the Client requires due to constraints of tools.

If the client needs Salesforce CRM (a must requirement) and they have a big budget then I would recommend that they use Salesforce for file storage and all Salesforce tools (i.e. LWC, community portals) for implementing their own business processes for a long term and important project.

If the client needs Salesforce CRM (a must requirement) and they have medium budget then I would recommend that they use BOX or DropBox or Sharepoint for file storage and all Salesforce tools (i.e. LWC, community portals) for implementing their own business processes for a long term and important project.

If the client needs Salesforce CRM (a must requirement) and they have low budget then I would recommend that they use WordPress for file storage and Commercial off-the-shelf (COTS) plug-ins for implementing their own business processes for a short term or “flexible” project.
In this case, the development effort may be reduced much but the maintenance/enhancement effort may be increased much.

If the client does NOT really need Salesforce CRM and they have medium budget then I would recommend that they use general frameworks and tools (including WordPress and custom plug-ins) for implementing their own business processes for a long term and important project.
File storage can be local server or any service.

If the client  does NOT really need Salesforce CRM and they have low budget then I would recommend that they use WordPress for file storage and WordPress COTS plug-ins for implementing their own business processes for a short term or flexible project.

 

 

 

      Web Application Development

      How to Fix a Hacked WordPress Website

      Leave a comment
      Problem:

      When you visit your WordPress website you are randomly redirected to unwanted websites.

      Verification:
      • Log in your website as an Administrator.
      • Go to Appearance >> Theme File Editor.
      • Click on the Theme Functions link on the right side.
      • Verify if malicious code was injected into the functions.php file. Example of malicious code: 
        <?php @ini_set('display_errors', '0'); 
error_reporting(0); 
global $zeeta;
      • Download the wp-config.php file to your machine via FTP or SSH.
      • Verify if malicious code was injected into the wp-config.php file. Example of malicious code: 
        include_once(ABSPATH . WPINC . '/header.php');
      Solution:
      • Stop the website.
      • Download the whole website to your local machine. 
        cd /var/hosting/huybien.com
ls
sudo zip -r huybien.zip /var/hosting/huybien.com/html
      Configuration:
      • Log in your website as an Administrator.
      • Change your Administrator’s password.
      • Change file owner and group to www-data: 
        sudo chown -R www-data:www-data /var/hosting/huybien.com/html
      • IMPORTANT STEP – Set minimum permissions for folders and files: 
        cd /var/hosting/huybien.com/html
sudo find . -type d -exec chmod 755 {} \; # directory permissions rwxr-xr-x
sudo find . -type f -exec chmod 644 {} \; # file permissions rw-r--r--
      • Remove all the unused plug-ins or themes.
      • Install, activate and configure a CAPTCHA plug-in to protect Login Form, Registration Form, Lost Password Form, Reset Password Form and Comment Form if there is no one.
      • Disable insecure FTP access if there is one.
      • Install and activate the Simple History plugin to review access to your website. After 1 or 2 days, review the access information, and possibly block the malicious IP addresses using the Windows Firewall.
      • Install, activate and configure Cerber Security plug-in to automatically detect and block the malicious IP addresses.
      • Back up database. 
        cd /home/ubuntu
ls
mysqldump -u root -p -h localhost huybiencomwp > huybiencomwp.sql
      • Back up files. 
        cd /home/ubuntu
ls
sudo zip -r /home/ubuntu/huybien.zip /var/hosting/huybien.com/html
      • Download database and files backup.
      • Remove the backups. 
        sudo rm -rf /home/ubuntu/huybiencomwp.sql
sudo rm -rf /home/ubuntu/huybien.zip
ls

       

      Operating Systems, Web Application Development

      How to move a WordPress instance from one server to another Linux server

      Leave a comment
      Motivation:

      You want to move a WordPress instance from one server to another to consolidate your websites to reduce cost.

      Solution:

      Install and use below Duplicator plugin to achieve your goal.

      https://wordpress.org/plugins/duplicator/

      User guide: https://snapcreek.com/duplicator/docs/quick-start/

      If everything goes well for you then congratulation!

      Otherwise, please review below possible problems and corresponding solutions.

      Problem 1:

      You don’t have a website on the new server.

      Solution 1:

      1. Create a new virtual host in the /etc/httpd/conf/httpd.conf

      <VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot "/var/www/www.example.com"
</VirtualHost>

      2. Set 775 permission for /var/www/www.example.com

      3. Restart httpd service

      sudo systemctl restart httpd
      Problem 2:

      You are using Amazon Linux 2 server.

      You are logged in as ec2-user.

      You use WinSCP to upload files and edit configuration files.

      You cannot modify /etc/httpd/conf/httpd.conf and /etc/php.ini.

      Solution 2:

      1 View permission settings for the file

      ls -ld /etc/httpd/conf/httpd.conf

      The result indicates that the file owner is root user and root group, not ec2-user.

      2. View groups of a user

      groups ec2-user

      The result indicates that the ec2-user does not belong to root group.

      3. Add a user to root group

      sudo usermod -a -G root ec2-user

      4. Grant Read-Write permission against a file to root group

      sudo chmod g+rwx /etc/httpd/conf/httpd.conf
sudo chmod g+rwx /etc/php.ini

      5. Logout and login to the server again.

      Problem 3:

      You are using Amazon Linux 2 server. The ZipArchive feature is missing.

      Solution 3:

      1. Execute below commands:

      sudo amazon-linux-extras install php7.2
sudo yum install php-pear php-devel gcc libzip-devel zlib-devel
sudo pecl install zip-1.13.5 # we must specify a slightly older version due due to compatibility

      2. Add “extension=zip.so” to /etc/php.ini

      3. Restart the server

      sudo reboot
      Problem 4:

      You don’t have a WordPress database on the new Linux server.

      Solution 4:

      Execute below MySQL commands:

      CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';
CREATE DATABASE `wp_database`;
GRANT ALL PRIVILEGES ON `wp_database`.* TO "username"@"localhost";
FLUSH PRIVILEGES;
      Problem 5:

      An database error occurs while restoring a website.

      Solution 5:

      1. Execute below commands to remove the website:

      sudo chown -R ec2-user:apache /var/www/example.com
sudo chmod 2775 /var/www/example.com && find /var/www/example.com -type d -exec sudo chmod 2775 {} \;
find /var/www/example.com -type f -exec sudo chmod 0664 {} \;
rm -r /var/www/example.com

      2. Upload the Duplicator files again, and restore the website again.

      Problem 6:

      No write access against /var/www/example.com is available for Duplicator.

      Solution 6:

      1. Execute below commands:

      sudo chown -R ec2-user:apache /var/www/example.com
sudo chmod 2775 /var/www/example.com && find /var/www/example.com -type d -exec sudo chmod 2775 {} \;
find /var/www/example.com -type f -exec sudo chmod 0664 {} \;

      2. Run http://example.com/installer.php again.

      Operating Systems

      How to Set File Permissions for WordPress on Windows IIS

      Leave a comment

      Motivation:

      • You have a WordPress instance on Windows IIS.
      • You upload a file. Its thumbnail is not shown in Media Library.
      • You change the file permission. Its thumbnail now is shown correctly in Media Library.
      • You upload another file and have to change the file permission manually again.
      • How can we make WordPress automatically set the correct permission for new uploaded files?

      Procedure:

      1. Ensure that the the Identity of Application pool that the website is running under is ApplicationPoolIdentity.
      2. Execute below commands as Administrator
      icacls "C:\inetpub\wwwroot\domain.com" /grant "IUSR":(OI)(CI)F /T 
icacls "C:\inetpub\wwwroot\domain.com" /grant "IIS_IUSRS":(OI)(CI)F /T

      3. Set up IIS.

      • Open IIS Manager.
      • Click on your website.
      • Click Authentication.
      • Click Anonymous Authentication (which should be the only one enabled).
      • Click Edit.
      • Select Application pool identity if it is not selected.
      • Click OK.

       

       

      Software Engineering Curriculum, Web Application Development

      Topic 8 – Introduction to Web Application Development

      Leave a comment

      Why do I need to learn about web application development?

      Desktop applications are very powerful and convenient but their development, deployment and maintenance are daunting.

      The reason is that the platform dependency makes it very expensive to create a desktop application working on different versions of different operating systems, such as Windows, Linux and Mac OSX.

      Deployment and updates of desktop application typically require high privileges access to a computer machine, causing a problem for companies requiring high security.

      Fortunately, you can overcome these limitations by creating a web application running on a browser. To create a web application you need to learn about web application development.

      What can I do after finishing learning web application development?

      You will be able to create web applications like The BBC News, The WordPress Blog or The White House Website.

      This is exactly what I want to learn! What should I do now?

      Web application development requires a lot of reading. You have to master networking concepts, HTML, CSS, JavaScript, a programming language and a database management system for web. Please read
      – this Semmy Purewal (2014). Learning Web App Development. O’Reilly Media book, and
      – this Jon Duckett (2011). HTML & CSS – Design and Build Websites. John Wiley & Sons book first to get familiar with web application development.

      After that please read
      – this Stephen Greig (2013). CSS3 – Pushing the Limits. John Wiley & Sons book and
      – this Anne Boehm and Zak Ruvalcaba (2018). Murach’s HTML5 and CSS3. Mike Murach and Associates book to learn in-depth about HTML and CSS.

      JavaScript is the language for web development because it is implemented in most of the web browsers.
      Please read
      – this David Flanagan (2020). JavaScript: The Definitive Guide. O’Reilly Media book, and
      – this Kyle Simpson (2015). You Don’t Know JS. O’Reilly Media book, and
      – this Jon Duckett (2014). JavaScript and JQuery. Interactive Front-End Web Development. John Wiley & Sons book to master it.
      Strong knowledge of JavaScript will ease your web development learning very much.

      Single page application is the default front-end choice for most of new web development projects.
      Please read
      – this Kirupa Chinnathambi (2018). Learning React. Addison-Wesley Professional book, and
      – this Alex Banks and Eve Porcello (2020). Learning React Modern Patterns for Developing React Apps. O’Reilly book to learn how to create a single page application (SPA).

      After that you will have 4 main options. You can choose one of them. We STRONGLY recommend that you choose only ONE option.

      You should NOT learn all of them at the beginning. You could save your time by digging into only one option. After mastering the selected technology, you will realize that all of them are very similar in the sense of use.

      One note is that although their concepts are similar to one another but it still takes us much time to learn how to apply an approach to real world web application.

      When developing a real world web application, you often use only one or two of these 4 approaches. If you cannot make your own selection then we recommend you
      – a combination of the first and second option, or
      – a combination of the first and third option, or
      – a combination of the first and fourth option.

      The first option is PHP world.  Please read
      – this Luke Welling and Laura Thomson (2016). PHP and MySQL Web Development. Addison-Wesley Professional book or
      – this Robin Nixon (2021). Learning PHP, MySQL & JavaScript. O’Reilly book.
      After that depending on your projects you may need to read the books below
      Brad Williams et al. (2015). Professional WordPress: Design and Development. Wrox.

      The second option is ASP.NET.
      Please read
      – this Adam Freeman (2020). Pro ASP.NET Core 3: Develop Cloud-Ready Web Applications Using MVC, Blazor, and Razor Pages. Apress book and
      – this Andrew Lock (2021). ASP.NET Core in Action. Manning book.

      A complementary part for this option is ASP.NET Web Forms that is a technology that you need to master if you are maintaining a legacy project.
      Please read this Imar Spaanjaars (2014). Beginning ASP.NET 4.5.1 in C# and VB. Wrox book to learn about ASP.NET Web Forms.

      The third option is Java world.
      If you are not familiar with Java language then please read
      – this Cay S. Horstmann (2019). Core Java. Volume I – Fundamentals. Pearson book, and
      – this Cay S. Horstmann (2019). Core Java. Volume II – Advanced Features. Pearson book first.

      Then please read
      – this Tim Downey (2021). Guide to Web Development with Java – Understanding Website Creation. Springer book or
      – this Nicholas S. Williams (2014). Professional Java for Web Applications. John Wiley & Sons book.

      After that please read this Mark Heckler (2021). Spring Boot – Up and Running – Building Cloud Native Java and Kotlin Applications. O’Reilly Media book.

      The 4th option is Node.js world.
      Please read
      – this Jonathan Wexler (2019). Get Programming with Node.js. Manning Publications book, and
      – this Bruno Joseph D’mello et al. (2017). Web Development with MongoDB and Node. Packt Publishing book.

      There are also several other options that you may consider if you are required to learn them for a maintenance project.
      These options include
      Ruby on Rails, please read this Michael Hartl (2020). The Ruby on Rails Tutorial. Addison-Wesley Professional book,
      Flask, please read this Miguel Grinberg (2018). Flask Web Development: Developing Web Applications with Python. O’Reilly Media book, and
      Django      .

      If you need to convert a web application from one platform to another or create a web application framework then please read
      – this Leon Shklar and Richard Rosen (2009). Web Application Architecture. John Wiley & Sons book, and
      – this Leonard Richardson and Mike Amundsen (2013). RESTful Web APIs. O’Reilly Media book.

      Terminology Review:

      • Networking
      • HTTP
      • HTML
      • Cascading Style Sheets (CSS)
      • CGI
      • Web Applications
      • Multiple Page Application
      • Single-Page Application (SPA)
      • RESTful APIs
      • gRPC APIs
      • GraphQL APIs
      • XML
      • SOAP APIs
      • Web Application Frameworks
      • Portal Frameworks
      • Content Management System (CMS)
      • Payment Gateways

      After finishing learning about web application development please click Topic 9 – Introduction to Mobile Application Development to continue.