20 Mar 2012
I just open sourced a quick and dirty way to have feature flags on Codeigniter. Take a look! srtfisher/Codeigniter-Features - GitHub.
When I originally worked on this code for Teens in Tech, I never imagined that I could give it back to the community. Version after version, bugs were crushed and some features were added. With this latest release, one crucial bug was fixed that will allow for proper support of up to 80% of web installations. Some users weren't able to use the plugin before due to their hosting setup, but now that has been fixed for the most part. Lockdown WP Admin 1.8.
In light of a recent blog post about stats that were collected previously with this plugin, I'd like to express a few things.
Several users were having issues with getting the hidden path setup. These were only temporarily put in so we could have an understanding of the issues that user's are having. They were just taken out in 1.7.
Nothing was violated. WordPress sends anonymous stats to the wordpress.org with your version information, plugin information, etc. These were never leaked, even though there was nothing vital that was collected. They just collected a permalink structure, WordPress version and the login base that was used. We never collected the admin's personal information.
But again, these are removed now. Update to 1.7.
You can download 1.7 now, virus free. http://wordpress.org/extend/plugins/lockdown-wp-admin/
This release is coming a great new feature. For a while, people have attempted to change their WordPress login URL (the little http://youdomain.com/wp-login.php URL). But it wasn't easy, you had to massively change file names and the core WordPress (a big no-no!) Well, I have made it simple. Introducing Lockdown WP Admin 1.3.1.
You can change the login URL to whatever URL you want it to be. There is no limit. (Well there is, you can't have wp-admin or wp-content but that's understandable!) And once you enable that part of the plugin, you can no longer access wp-login.php directly. It will return a 404, or a file not found. All the URLs and links to it will be rewritten, and if you don't give the URL out, nobody will know your login URL.
If you change the URL to say "login", your login URL page will be http://yourdomain.com/login/.
You can download the updated plugin at http://wordpress.org/extend/plugins/lockdown-wp-admin/. Enjoy!
UPDATE: I just pushed out 1.3.5. There was an issue with WordPress installs with a non-root location. Thanks!!
I just wanted to let you know that I pushed out Lockdown WP Admin 1.2 yesterday and Istrongly urge you to update. It is a very critical security update and without it, your site may be at risk. I also threw in some code optimizations so it may run a few ms faster! (#nerdlife)
Please, please, please update to Version 1.2 as soon as you can. You can visit the Lockdown WP Admin page on WordPress.org or you can update it straight in WordPress via the Plugin Updater.
Thank you for using this software and I would love to hear feedback from you!
My name is Sean Fisher and I am a software developer and consultant. Coming from years of experience with WordPress and other software, I can help your business in the best way possible. You may view a sample of my work in my portfolio. I would love to hear from you and learn how I can help you today.
WordPress security is often very strong straight out of the box. Though many may say that open-source software is insecure, I beg to differ. Within hours of realizing a security breach in the code, WordPress and mostly @nacin had updated the code and pushed a security update. That's hours, not days like the big corporate companies (cough Adobe).
Nevertheless, I love to make it even more secure. And I think I have done that. Introducing Lockdown WP Admin. It is a neat plugin to help you lock down WordPress's admin interface.
It can do two things, one hide the WordPress admin interface from non logged-in users and provide built in HTTP Authentication. By hiding the WP admin interface, if you access domain.com/wp-admin/, you wouldn't be redirected to the login page if you weren't logged in. Instead, you would recieve a 404 File not Found error.
HTTP Authentication is a secure way to provide security to your WordPress install. You can control this in two ways. It can ask for your WordPress login credentials, or you can create your set of custom user/passwords. This way, you can have a double your chances of an unauthorized user from accessing your WordPress admin interface. Over at @teensintech, we used this when we have out authors login with their own WordPress credentials and then they must login with another set of username/passwords to be twice as secure. That may not be the best practice possible, but I think it decreases my chance of brute force attack.
You can download the latest version at http://wordpress.org/extend/plugins/lockdown-wp-admin/. I'd also love if you can support me and my other plugins by donating!
Technology is a large part of our future and the future of those currently in school. Being a student myself as well as a web developer, I use technology quite a lot. But there is one problem, the American school system restricts it.
The current school system for the United States, for the most part, impedes on our ability to get ready and ready for a technology ridden future. After attending New York City public schools for most of my teenage life, I can say I am very tired of it. Ironically, the NYC Department of Education has a Facebook page that you can "like", but you can't even view in the school building.
Censoring Facebook does make sense, but other websites? Not at all. Twitter is allowed, but not simple websites that have information for my homework? YouTube videos about school topics? The world won't be censored when we graduate or when we move on to post-secondary education, so why try and protect us from what will only be a harsh reality in the future? Students needs to realize that they need to be mature enough to close that Facebook browser and to work on school work. In fact, it only causes the student to waste more time to get around the censorship in school via a proxy site.
Like it or not, the school system needs a wakeup call in a lot of different areas.
Currently, the only technical device you can use in class is a freestanding calculator. This completely removes the option of typing notes (which have proven to be very efficient and helpful!) Cellphones not allowed in school? I can say that I have used my cellphone in school to look up a question that a teacher had. Go ahead, suspend me.
Technology isn't going anywhere; let the students use these amazing tools and help them graduate. You aren't helping anyone.
The internet is growing at a lighthing fast pace. Web Applications come and go each day, and user accounts are often a large part of these applications. Making it easy for a user to signup for your website is often a difficult decision. Make another login for your user or allow your user to connect to your site with a Social Network.
The rise of social network logins have grown tremendiously. Facebook Connect is one option, with the familiar "Login with Facebook" button. Another option is the newer Twitter @Anywhere connect buttons popping up as well.
I for one is very happy to see this. It makes that Facebook connect button very familiar. But I also fear that this dependence upon Facebook Connect can be unsafe. Unless something else comes up, I really will stick with Facebook Connect, rather than just Twitter Anywhere. The Twitter Anywhere doesn't really connect well with the SSI code. The back-end code has to setup to receive the oAuth tokens, while the @Anywhere is just different. Maybe it's a confusion on my end...