Monday, January 25, 2016
Experience Economy Study
by Rob Hope via One Page Love
Integrate Jasmine into Rails for Solid Javascript Testing
Jasmine is a framework to create tests for javascript code in the behavior-driven development style. In this article, you will learn how to integrate Jasmine into a Ruby on Rails application.
Jasmine has a clean syntax with the aim to provide descriptive behavior about the code being tested. People that use RSpec or Minitest::Spec will be familiar with Jasmine. Even if you haven't used either of those frameworkes, you'll have no difficulties in creating tests for Jasmine.
After reading this article, you'll be able to integrate Jasmine into your Rails application, create tests for your javascript files, test your Rails UJS functionality inside your app, and be able to run Jasmine as a part of your existing (right??) Continuous Integration existing build system.
Continue reading %Integrate Jasmine into Rails for Solid Javascript Testing%
by Hendra Uzia via SitePoint
Pay What You Want to Supercharge Your Mac with 12 Apps
You trust it with some of your most sensitive data. You store your favorite music and treasured photos on it. Sometimes you fall asleep spooning it. So it wouldn't kill you to show your laptop some appreciation once in a while, would it? Pay what you want for the 2016 Mac Bundle at SitePoint Shop, a 12-app deal worth $429. Bonus: 10% of proceeds will go to charity! Here's what's included in the 2016 Mac Bundle:
- Flip PDF: Designers, publishers, and entrepreneurs, this one's for you. Use this tool to turn PDFs into mobile-friendly flipbooks with help from 100+ templates.
- RapidWeaver 6: You don't need coding experience to design sleek websites. This app makes it easy with a huge library of themes and plug-ins.
- Mac Blu-Ray Player: Hey, remember those Blu-rays you haven't played in forever? This app lets you play those and other media files with awesome 1080p HD quality.
- Elite Keylogger Pro: Want to monitor how others are using your computer? Use this to discreetly record chats, emails, screenshots, and more.
- Focused: A simple, distraction-free interface will help you focus on writing without procrastinating. You can even use it to generate HTML to write for the web without coding.
- Hear: Enhance your Mac's sound quality for music, movies, and games—and even independently control volume for all of your open apps.
- Airy YouTube Downloader: Instead of totally losing it while you wait for that YouTube video to load every time you want to watch it, just download it. This app saves videos and playlists alike.
- Elmedia Player Pro: Watch your favorite web videos and this app will improve the quality and block noisy ads.
- Boom 2: Get louder, crystal-clear sound from you Mac, apply special sound effects, and remotely control it all with the accompanying iOS app.
- Disk Expert: Your Mac looks like an episode of Hoarders. Clear out the junk with this app—it'll help you remove the space-hogging files you don't need and speed up your computer.
- CleanExit: Discard or sell your device without worrying about the data you're leaving behind. CleanExit permanently erases it all better than a reformat, helping you safeguard your private info.
- Unclutter for Mac: The bulletin board goes digital with this productivity-boosting app. Store notes and files, sync them across all of your devices, track what you copy and paste, and jot down notes all in one place.
Pay what you want for the 2016 Mac Bundle at SitePoint Shop!
Continue reading %Pay What You Want to Supercharge Your Mac with 12 Apps%
by SitePoint Offers via SitePoint
Fortifying Security in WordPress, Part 1
It's a dreaded nightmare: One day you open up your website and see that you've been hacked. If you're running a simple personal blog, it might be just an annoying incident. If you're hosting a website of a client, your day might turn into a rough, stressful day. If you're running a high-selling e-commerce website, it might trigger a panic attack. Whatever the case might be, you won't be using happy emojis to share the news. So, you need a game plan to prevent the attacks before they happen.
And you're in the right place. In this two-part mini-series, I'm going to show you the way to make your WordPress projects as secure as possible.
A Word on WordPress Security
Do you think WordPress is secure? It's OK if you don't, because many people think WordPress is an insecure content management system, yet it's very far from the truth... at least today.
What do Microsoft Windows, Android, Google Chrome and WordPress have in common? They all are extremely popular software, and people find security holes in them all the time. Even though they're all patched regularly against bugs and security flaws, does having security holes make them insecure?
I'm sorry if you think the other way, but it doesn't. Frequent patches don't necessarily mean that a piece of software is poorly coded against security threats. The game of cat and mouse between developers and hackers will always go on, and hackers will always find a way to hack software. And if the software is extensible, as WordPress is, the chances of hackers will rise as well.
The important thing here is to be responsive and preemptive, and that's something that WordPress excels at. You'll have to wait a few days for Google Chrome to plug a security hole, or even weeks for Microsoft to release a security fix, but the huge community of WordPress developers will be able to fix zero-day security flaws before the end of day one. Plus, there's a whole team working on securing WordPress core, so we're in good hands on that one too. As far as themes and plugins are concerned, it might be a bit easier to find bugs and flaws and it might take more time to fix them, but the community's got developers' backs.
Yet, nothing is a hundred percent secure. We're living in times in which scientists are about to crack the code in our brains! Nothing is impenetrable, including our brains apparently, and WordPress is no exception. But the impossibility of 100% security doesn't mean we shouldn't go for 99.999%.
Ramping Up Security in WordPress
From personal experience and some further research, I've put together several security measures that you should take, if you haven't already. Without further ado, let's get to know them right now!
Securing the .htaccess File
Let's start off easy.
If your WordPress website is hosted in a web server powered by Apache, and you've enabled "pretty permalinks" in Settings, WordPress will generate a file named .htaccess to store the basic WordPress permalink instructions. If you don't enable pretty permalinks, the .htaccess file won't be generated by the core, but the tips I'm going to show are still applicable—you just need to create the file yourself.
Nano-tip: If you're going to create the .htaccess file on your own, but are having a hard time creating a file without any name but with the .htaccess extension, simply upload an empty file with any name (like Untitled.txt) and change the name and the extension within your FTP client.
The first thing that comes to my mind is to protect the htaccess file. And it's the easiest thing to do among the tips and tricks I'm going to show you. All you have to do is add the following lines to the file:
# protect .htaccess <Files .htaccess> order allow,deny deny from all </Files>
It's a harmless trick to protect the htaccess file from anyone (or anything) that wants to access it.
Next, let's disable showing the contents of folders:
# disable directory browsing Options All -Indexes
This will prevent strangers from seeing the contents of your folders when they want to access, for example, http://ift.tt/1OJrrr1. Normally, they would have been able to see the uploaded files or navigate through the subfolders in the /uploads/ directory, but with this little trick, they will see a 403 Forbidden response from the server.
My next trick involves shutting down the administration panel against everyone except you—or your IP address, to be exact. But you have to be sure that you have a static IP address assigned to your modem. (For example, in my country (Turkey), dynamic IP addresses are assigned to internet users by default; that's why I can't use this trick without paying for a static IP address.) If you're sure that you have a static IP address, paste the following lines into a new htaccess file in your /wp-admin/ directory:
# Limit logins and admin by IP <Limit GET POST PUT> order deny,allow deny from all # don't forget to change the 321s with your own IP address below allow from 321.321.321.321 # duplicate the line above to grant access to more than one IP address </Limit>
And finally, I want to refer to a great "blacklist" from Perishable Press: The 5G Blacklist. This blacklist protects your website against many kinds of malicious activities, from harmful query strings to bad user agents.
That's it for the htaccess tricks. Now, let's move on to wp-config.php tricks.
Security Tricks for the wp-config.php File and Its Contents
The wp-config.php file is probably the most important file in your whole WordPress installation, in terms of security. And there's a lot you can do with it to harden your website.
Let's start with an interesting trick: Did you know that you can place your wp-config.php file up one level in your WordPress root? If it's not going to confuse you, go ahead and do it right now. Most of the time, I install WordPress in public_html directories and I like placing the wp-config.php file inside the user root directory. Not sure if it's a snake-oil recipe or not, but at least it feels more secure. Some folks over at Stack Exchange had a good debate on this topic.
By the way, let's get back to the root .htacccess file and add the following lines to deny access to the wp-config.php file:
# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>
Here's an interesting idea: How about removing the permission to edit theme and plugin files? All it takes is to add the following line to the wp-config.php file:
define( 'DISALLOW_FILE_EDIT', true );
Feeling even more paranoid? Paste the following line beneath the one above to disable theme and plugin installations and removals altogether:
define( 'DISALLOW_FILE_MODS', true );
Two more tips on hardening WordPress: Change the database prefix, and add security keys (or salt keys) in the wp-config.php file.
The first one is easy: Check if you set the database prefix as the default value by finding this line:
$table_prefix = 'wp_';
If it's set to wp_, you should change it to something other than this default value. You won't need to remember it, so you can type anything. I like using combinations like wp_fd884vg_ to keep it both safe and readable.
Changing the security keys is also very easy. See if the keys are empty by locating the following lines:
/**#@+
* Authentication Unique Keys and Salts.
*
* Change these to different unique phrases!
* You can generate these using the {@link http://ift.tt/PYZFVq WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
*
* @since 2.6.0
*/
define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
define('AUTH_SALT', 'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT', 'put your unique phrase here');
define('NONCE_SALT', 'put your unique phrase here');
If they're all saying 'put your unique phrase here', it means that they're not set yet. In that case, simply head over to this URL (that's also referenced in the code comments) and change the lines generated in that page with the lines above.
Nano-tip: If you're wondering about what these "salt keys" are, WPBeginner has a great article on the benefits of this security measure.
That's it for the wp-config.php tricks! Let's call it a day today.
Wrapping Up for Today
I hope you enjoyed these .htaccess and wp-config.php tricks today. In the next part of this mini-series, we'll be looking at some security plugins and other crucial tips on hardening WordPress. If you have any questions or comments, feel free to shoot them in the Comments section below.
See you in the next part!
by Barış Ünver via Envato Tuts+ Code
The Revenant: 200 Miles
by via Awwwards - Sites of the day