How to enable phpMyAdmin’s Designer in 3 steps

I recently discovered a neat feature in phpMyAdmin called designer. Designer is a great tool for viewing databases and managing the relationships between them.

I recently needed designer for another handy feature but the first thing I had to tackle, how do I get this to appear? If you have designer enabled, then when you open your database in phpMyAdmin, you should see something like this

phpMyAdmin Designer Menu

If this isn’t visible, then you need to do some legwork. Read on to quickly enable this feature. Continue reading How to enable phpMyAdmin’s Designer in 3 steps

GREP a list of files for multiple strings on multiple lines

Grep is most definitely not the most exciting tool to talk about. One of the challenges that I recently faced was to list a bunch of text files only with a specific phrase.

For the sake of context, I was looking through emails of course bookings. Luckily, I know that the courses are prefixed with the word COURSE: and the names. After saving all of the files in a directory it was a case of running this command:

grep -l "COURSE: Course 1" *

Nice and simple. I could then find out which ones were booking Course 2:

grep -l "COURSE: Course 2" *

So far so good. The problem I now had was that I wanted to know exactly how many had booked BOTH courses. The courses aren’t on the same line so it’s not so straight forward but there’s a very simple way to find those pesky files.

grep -l "COURSE: Course 1" * | xargs grep -l "COURSE: Course 2"

By piping the file names from the first result into the argument of the next grep – it was easy to find the files that had both courses booked. You can chain this with the pipe as many times as you need to.

Finally, if you’re feeling really swish, then you might want to know how many matches there are rather than list the files:

grep -l "COURSE: Course 1" * | xargs grep -l "COURSE: Course 2" | wc -l

If you’re looking for some tricks to using grep to match (or not match!) strings, then you should check out this article over at The Geek Stuff.

Authorising WordPress Users From Another Script

Sometimes you might want to add additional pages or some extra functionality outside of WordPress. I needed to do this and only allow singed in users to access the page.

There’s a pretty straight forward way to check visitors to the page simply by including the WordPress header file and then checking for an appropriate permission.

Read on for the script. Continue reading Authorising WordPress Users From Another Script

Time To Say “When”

This last year or two has been a pretty crazy one in my life. Some of you know a bit more than others,  but there have been a huge number of things going on. And until recently, I was blissfully unaware of the impact of them.

There comes a time when we have to look around and take stock of what we have, and responsibility for what we have and don’t have.

Vague? You betcha! But I’ll get to all that. First of all, I wanted to let you all know that I’m stepping down as Editor of BlackBerryOS and Gadgism this weekend. It’s a decision I’ve been wrestling with for some time and I hate to go out this way but I believe that it’s for the best.

If you care for the full story then read on.

Continue reading Time To Say “When”

My Hate/Hate Relationship With Arrows

When talking about design – in any sense – there are so many conventions that we take for granted and assume that everyone else understands.

Take the tick (✓) for example – that usually means “yes” or something is correct doesn’t it?

Well, no actually. The issue with the seemingly ubiquitous tick is that it isn’t recognised universally in that respect. As Separated by Common Language points out – there have been systems where a checkmark or tick can indicate a wrong answer. Continue reading My Hate/Hate Relationship With Arrows

2 Simple Tips To Secure Your WordPress Installation And Uploads Directory

Lately, I’ve seen a flurry of WordPress attacks that uploads files or alters the WordPress core files to make your sites do things that they really shouldn’t do.

This nefarious tasks can range from using your site to email spam to making your site a billboard for online drugs sales and injecting visitors’ browsers with malware. You can imagine that it can be quite tricky to hunt these things down – or even be aware that they are happening if you’re not careful.

So here’s a few steps that you can take to ensure that your WordPress site is secure from these attacks. If you manage the server, then you might want to update your httpd.conf and add the following configuration.

<locationmatch "wp-content/uploads/.*\.(php\d?|phtml)$">
 AllowOverride None
 Order Deny,Allow
 Deny from All

What this does is prevent PHP files from being accessed from a browser. Our server is configured to allow PHP extensions with .php2 through to .php5 as well as .phtml. To prevent this from being accessed – I’m using a regular expression to find all of these file types. The AllowOverride directive will prevent any .htaccess files being used as well. If a script has managed to upload files to your server, there’s nothing to stop them allowing access back to the php files so this is necessary to prevent this.

This configuration applies to any location that is matched, which applies to all of your websites, rather than using the Directory method, which is based on the local file system.

Another security measure to consider is making the WordPress site read-only. I know that it’s a chore to manually update your site and plugins – but I have seen WordPress core files modified to inject headers and redirect certain requests. This is a complete pain to find, so save yourself the bother.

If you do find that your site is hacked – the first thing that you should try is to reinstall the WordPress core files. If you haven’t made the files read-only, then you can do this by clicking on the Dashboard > Updates link in WordPress and then click ‘Re-install Now’. This downloads and installs a fresh version of WordPress over your current core files with no configuration changes.

If you’re still noticing unusual behaviour, then you should try removing unnecessary plugins and themes and check the wp-config.php file in in your site.

If you at least use the above two tips, then the chances of your site being exploited are greatly reduced.