Category: Resources (Page 15 of 60)

Running Nginx on OS X is becoming a more attractive alternative to running some of the standard stacks that developers use to set up their environments.

That is, I think many of us are used to running something like this following:

• Apache
• MySQL
• PHP
• WordPress

That works because the majority of our hosts have these configurations, and it’s a good practice to have our development environment mirror our staging and production environments.

But Nginx is becoming a popular alternative to Apache and other web servers, so we need to update our local machines accordingly.Getting it set up on OS X takes a little more work.

Getting it set up on OS X takes a little work.

Continue reading

Scaling WordPress is a hot topic among developers.

For some, it’s just something you do through a variety of tools and practices that you learn over time. For others who are involved with development in other languages, it’s a fool’s errand.

As far as I’m concerned, WordPress does scale though it takes some strategies to get it to work (such as a proper use of transients, caching, etc.). But there are varying degrees of what it means “to scale,” right?

That is, depending on how many users you have, the type of content you’re serving, the level of demand your site has based on the interaction of the visitors, and some other factors will all contribute to whether or not your site is going to scale.

But if we’re working on a larger project and we know it’s going to need to scale, how do we know we’re doing everything correctly?

Continue reading

When talking about WordPress security from a developer’s standpoint, it’s inevitable that the topic of nonce fields and nocne values are going to come up. And rightfully so! These are ways to help protect submission information from contaminating our databases.

But are they the way to fully secure our code? Before looking at that, I want to make sure we’re all on the same page as to what a nonce value is. When you look through enough WordPress source code (well, source code in plugins, etc.) then you’re likely to find some developers don’t use them (though they should).

Simply defined:

A nonce is a “number used once” to help protect URLs and forms from certain types of misuse, malicious or otherwise. WordPress nonces aren’t numbers, but are a hash made up of numbers and letters.

Nor are they used only once, but have a limited “lifetime” after which they expire.

During that time period the same nonce will be generated for a given user in a given context. The nonce for that action will remain the same for that user until that nonce life cycle has completed.

Though this is the gist of it, there’s more to it than that, and I highly recommend reading the Codex article as it does a good job of outlining what they are, how to use them, and what their purpose is when working with them.

The question remains, though: Are nonces enough when it comes to WordPress Security?

Continue reading

SSL for WordPress is one of those topics that’s been a bit of a big deal (at least regarding being a point of discussion) ever since Google announced they were going to be using it as a signal for ranking.

For these reasons, over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms.

If you’re not a technical user, then the idea of setting up SSL on your site has to be a pain. Purchasing a domain, pointing nameservers, and hooking everything up to a hosting account is already enough to get people frustrated (and rightly so).

And though this post isn’t necessarily about setting up SSL (perhaps I’ll cover it in the future as I’m a big fan of Let’s Encrypt for some of my latest projects), it is about arguably one of the best plugins I’ve found for quickly making sure your WordPress site is set up once you have a certificate installed.

Continue reading