Automating WordPress

I recently thought about creating a small website where I would post all the apps that I try and like for the iPhone/ iPod. But then again, I knew, that if it was hard to post and maintain it then I’ll probably end up deleting the whole thing after a few months at best. Then I started thinking how could I simplify the process and make it so easy for me that it would actually be fun to post those apps there. After a lot of consideration and some coding, MyFavApps was created!

The idea is simple. I downloaded the WordPress app. Then I created a small plugin where when I post, it scans for the app name I want to review and my ratings and does the rest. It downloads pics, description, price and the other data from the official app store using the API, parses my rating and updates the post with all these data. So, whenever I want to post an app it takes more or less 5 minutes to do so.

My point is that sky is the limit and WordPress is the means to get there… Get creative and surprise the world!

Intrusion detection with Perl

There has been a lot of hype lately concerning WordPress security and vulnerabilities that are out in the open. This is an open source project so the big advantage is that (and i will quote):

Luckily, the entire WordPress community has our backs.  Several folks in the community dug deeper and discovered areas that were overlooked.  With their help, the remaining issues are fixed in 2.8.3

This is the heart of any open source project. Since the code is out there in the open, many can take a look and, therefore, discover any potential issues.

Now, i know that many users think that, whenever a new version comes out, they should let other people do the upgrade, check it out and then, they will go on with it. This might be the case with major versions (for instance 2.7.1 -> 2.8.3 as we speak) but it is definitely not the case when we have security patches and fixes (for instance 2.8.1 -> 2.8.2). In these situations, if you don’t upgrade, it means that your WordPress installation is compromised to an outside attack and you shouldn’t be surprised if that happens.

But, does being updated to the latest version, mean that you are absolutely exploit-free? Unfortunately, not. You can never be sure. Not with open source, not with closed source. Never. You never know what someone can come up with to bring down your service. Being updated minimizes that to the absolute minimum, but there is still a chance that it may happen.

Focusing back on WordPress, a very popular exploit is that of the hacker adding his own chunk of code to the core of your installation, hiding it fine. The privilege of that is that they can insert anything they want, for instance, an affiliate link of theirs or a link to a site that contains malicious software, thus their code will be downloaded and executed by every visitor of yours. This is not the only thing an attacker can do, of course, but it is a large portion of the consequences (see this example).

(more…)

Search feature on static HTML sites – The smart way

You all must have stumbled on static HTML sites. Either you created them or you found them around. The purpose of those sites today is simplicity. Not everybody needs dynamic content and thus not everybody needs complex CMS’s with huge back end administration panel. So, what is more easy than putting together a few simple HTML pages. But what if you want to incorporate a search feature into that? Well, when a developer first thinks of search, the second thing that hits his mind is “database“. If you fall for that, then there goes simplicity and fast loading. You are already on a war path.

I’ve been challenged to that and here is what i came up with. I created a small PHP script that actually searches the HTML files! The simplicity in the thought is what makes me happy about this. You just get a search term, open the HTML files up, pattern match for it and then echo the results with links back to the original static files. So, you have a dynamic search feature with static content! And what’s even better is that if you make any changes in the HTML files, those will be reflected on your search just like it would happen using the classic database way.

I have created the script and included it with a small example here: Dynamic search for static HTML (482) The only requirements to run this example is a web server with PHP installed. Here is how to check it out:

• Download and extract the folder “search_test” into a place accessible from the web.
• Hit the URL “http://place.of.folder/search_test/search.php?s=ipsum“

As you can see, the above URL will search for “ipsum” in the .htm and .html files and show you the results. If you want to play a little bit with the parameters of the script you can open it and check the global variables on the top (recursive search, highlight etc).

One thing that could be improved is cached search. This would decrease the load on the server for each search. I can help you do it if you need to. I just didn’t go on with it because i didn’t want to over-complex my script.

As you can imagine, this is just the skeleton of the script. You should configure it to fit your needs. If you have any problems or need any help don’t hesitate to leave a comment or contact me!

EDIT: I forgot to mention that this will work for text that is wrapped around a “<p>” (paragraph) tag. In order to make it work with more or be more flexible, you will need to edit the regular expression at the “preg_match_all” call on the script.

Another plugin of mine: YANewsflash

The past couple of days i had a hype for newsflashes. First i wrote this article on how to do a newsflash without any plugin and now i am releasing one! I know, paranoia, but still i figured that it would help people out. For this plugin, i used the options table provided by WordPress. This has a bonus: most of the variables in that table are preloaded when WordPress initializes. So, retrieving data from that table does not cost any extra query. It’s just a few more CPU cycles. I think that people that don’t want to mess around with their theme and get on all this trouble, can spare those.

I will be also entering this plugin to the WordPress plugin competition. I know that i have no chance there since most of the plugins submitted are extraordinary but still i figure i have nothing to lose to let people know about my work.

So, if anyone finds the need for newsflashes this is the way people. Check out the plugin’s page here and the WordPress repository.

Writing a simple web crawler in Perl

A few weeks back i posted on why our mailboxes are full of spam. I mentioned there that i had created a small and very simple perl script to crawl the internet and fish for plain text emails. It was a pretty easy task since Perl is designed for being easy on text manipulation.

The procedure i used was as follows:

1. I had a MySQL database for storing links to visit and emails.
2. I connected to the database.
3. Selected a link to visit.
4. Make sure it’s not an image / pdf / google page / amazon page. If so i jumped back on step 3.
5. Download the page.
6. Pattern match for emails.
7. Get the links within the page.
8. Insert emails and new links on the database.
9. Back to step 3.

This is roughly the idea. You can see below a small flowchart to get the general idea.

I would like to demonstrate how it’s done with perl. In order for you to run it, i’d suggest you have a machine with Perl installed (preferably Linux). If you don’t have Linux then you probably have to download a perl binary for Windows. Check out this page for furhter info.

(more…)