Sal Aguilar's Adventures in IT

computers are easier to deal with than people

Introduction to WordPress Security by Sucuri — February 14, 2018

Introduction to WordPress Security by Sucuri


Security on websites and mostly on WordPress which is on more than 29% of the entire internet, its crucial, preventive security is 10 times cheaper than proactive security.

Below is an amazing and easy to follow infographic about WordPress Security by my favorite Website Security provider: Sucuri

See the full infographic here: https://sucuri.net/infographics/intro-to-wordpress-security

 

Advertisements
Understanding HTTP Headers — January 29, 2018

Understanding HTTP Headers


If you do not know what HTTP Headers are, let me run a quick introduction, and if you do, then it would be just a refreshment.

What is HTTP anyways?

HTTP stands for Hyper Text Transfer Protocol, which is the protocol that we use on our browsers and to visit web pages and similar services. Since HTTP is part of the TCP, stack than it means that the flow works just like PING PONG. Below a simple graphic to explain it:
howthewebworks
More about HTTP

HTTP is a protocol and it has several methods. The most used methods are:

GET

The HTTP GET method is used to request a specific URL or file, some examples below:

HTTP GET http://domain.com/file.txt 

HTTP GET domain.com/contact-form/

HTTP GET https://www.domain.com/secure-file.html

This is basically what happens when you put a domain on the browser bar and click enter, or when you click on a link within a website. Your browser then generates an HTTP GET request to the server asking for that URL.

Its basically a request from the visitor to a server asking the server to send information.

POST

The HTTP POST method is used on the opposite way. The POST is used when the visitor sends information to the server to process. Some examples can be:

  • Filling out a contact form and clicking SEND. The POST method that the visitor sends, it will contain all the information of the contact form, and the server will receive the info and process it accordingly.
  • Filling out any form.
  • Adding products to shopping cart.
  • Doing a checkout process on any e-commerce website.
HTTP POST www.domain.com/contact-form/?filled=yes&name=John%20Doe&email=test@test.com&phone=1234567&comments=no

We do not usually see the POST contents on the browsers unless you use your browser’s Developer Tools to check on what is happening on the background.

Now that we’ve covered the basics, let’s talk about HTTP HEADERS!

What are the HTTP HEADERS?

HTTP Headers is all the extra values that are added to the HTTP GET & POST requests. Below a quick example:

First we do the request

HTTP GET salrocks.com

Then the server answered this:

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 27 Jan 2018 01:08:18 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://salrocks.com/

What does that mean?

Let’s break it down shall we?

HTTP/1.1 301 Moved Permanently

The HTTP 301, is a what is called a permanent redirect. This will tell your browser to load a different page, it will get the value from the LOCATION header.

Server: nginx

The SERVER header, it will tell you what software is the web server using to serve websites. On this case the web server used is NGINX. Other values could be Apache, LiteSpeed, ISS, etc.

Date: Sat, 27 Jan 2018 01:08:18 GMT

The DATE header provides a timestamp of the time the request was served.

Content-Type: text/html

The CONTENT header will tell you what type of media file is, if its a text, media file or binary file. It will depend on the MIME TYPES setup on the server.

Content-Length: 178

This one, the CONTENT-LENGTH header will simply tell you the size of the file requested.

Location: https://salrocks.com/

As discussed on the HTTP 301 header, the Location will tell the server what URL it should load instead of the http://salrocks.com that was requested initially.

Ok so that’s simple right? Let’s move on. Let’s now try to load the https://salrocks.com to see what happens. Let’s go!

HTTP GET https://salrocks.com

And now the server answer was this:

HTTP/2 200
server: nginx
date: Sat, 27 Jan 2018 00:18:39 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=86400
vary: Accept-Encoding
vary: Cookie
link: <https://wp.me/5zKS6>; rel=shortlink

Let’s break the answer now, since there are new values and new headers there. We are just getting started.

content-type: text/html; charset=UTF-8

As you can see the CONTENT-TYPE header now included a charset setting besides the MIME TYPE.

strict-transport-security: max-age=86400

The STRICT-TRANSPORT-SECURITY header is related to HSTS and the policy that tells your browser how long to cache the request.

vary: Accept-Encoding
vary: Cookie

The VARY header tells the other proxies if they should cache a similar request or if they should request a new one..

link: <https://wp.me/5zKS6>; rel=shortlink

The LINK header provides a relationship of the present request to the link provided on this header and the relationship. On this case it tells you that https://wp.me/5zKS6 is a SHORTLINK to https://salrocks.com 

How do you use HTTP HEADERS to troubleshoot issues?

Checking the HTTP Headers of your website it can help you solve all of the following issues:

  • Too Many Redirects.
  • Failure in forms. The POST event might have gotten a HTTP 404, 403 or 500 error.
  • SEO issues with 302 or 301 redirects.
  • Caching issues (if an URL is cached, missed or expired).
  • Media expiration status.
  • CDN cluster from which the asset is served.

Soon I will be writing about HTTP HEADERS for Sucuri, CloudFlare and Kinsta.

Stay tuned!

FREE Apps that I NEED on my MacOS computers — January 26, 2018

FREE Apps that I NEED on my MacOS computers


Chrome

Google ChromeIt’s my go-to browser. I can publicly confirm that I don’t have love for Safari (#DieSafariDie) or Opera (#OperaWho?). I use Google’s Chrome as my personal browser and I use Firefox for work. Yes I keep my personal and work life separate and you should too. However Chrome is far from perfect, so I always add the following extensions:

  • UBlock Origin – To get rid of all the ads on all pages including ads on YouTube.
  • Ghostery – disable trackers, analytics, chats and other stuff and be ghost online.

>> DOWNLOAD CHROME NOW <<

KeePass

keepassx

As an IT Professional & SysAdmin, I do have to login to several services, servers, and its not SECURE to use the same password for EVERYTHING, nor to write them down on notepads or post-its.

I use KeePass as my centralized password manager, it allows you to create groups with icons, and it can help you generate secure passwords and even copy them securely and remove it from the clipboard as soon as you used them. And yes its FREE!

>> DOWNLOAD KEEPASS NOW <<

MonoSnap

Working on support you are in constant need of sharing screenshots or capture part of your screen to point out specific parts either by highlighting. It also includes a useful feature to record a video of the your screen or partial regions of it.

It also comes with keys shortcuts for easier use and it comes with a free service that uploads them to a website and creates a short URL that you can share via email or social media.

>> DOWNLOAD MONOSNAP NOW <<

Spectacle

One of the things I was missing from Windows & Gnome when I migrated to MacOS a few years back, was the ability to resize the windows of the apps and move them either to the sides or the top or even doing a maximize screen which MacOS was lacking. I found Spectacle and it solved my problem right away.

Managing the windows becomes as easy as if you were using Windows or Gnome. Try it out TODAY!

>> DOWNLOAD SPECTACLE NOW <<

DropBox

Keeping my documents and important information backed up and available on any computer makes me able to work from any computer or any place in the world. That is what I love about Dropbox.

>> DOWNLOAD DROPBOX NOW <<

iTerm2

The built-in terminal app that comes with MacOS is not bad, however iTerm2 brings many features that will make it way better, you will love the split panes, the search, paste history and much more.

Try it out  and you will never go back to the default terminal app.

>> DOWNLOAD ITERM2 NOW <<

FileZilla

Its a vital part if you work on the web, a FTP/sFTP client. The most used client in the world and that is FREE.

Saving different sites, credentials and different authentication methods. It’s a no brainer!

>> DOWNLOAD FILEZILLA NOW <<

 

VLC

Resultado de imagen para vlcThe multimedia swiss knife app that you need to have to be able to see almost any video format and other types of media. It can even allow you to change media formats.

VLC is the the only video player and media player that you will ever need.

>> DOWNLOAD VLC NOW <<

SublimeText

The last text editor you’ll ever need. It just… works. It has support for several programming languages and has tons of plugins that can enhances the functions of the site, such as git and other features.

It’s FREE so give it a try right away!

>> DOWNLOAD SUBLIMETEXT NOW <<

Caffeine

If you want to prevent your computer from going into screensaver mode or prevent the monitor from shutting down when you are away from it, then Caffeine is your solution.

It runs on the top bar of your MacOS and is ready to help you when you need!

>> DOWNLOAD CAFFEINE NOW <<

Typinator

In support jobs that I’ve held in KOM-1, Site5.com, Sucuri.net & Kinsta.com you need to share the same instructions to customers or same greetings. This is where Typinator comes into play. 

It’s a text expander that optimizes the time you spend repeating similar replies to customers. You set short codes for sentences or paragraphs and avoid typing and Typinator replaces them with the entire values that you previously setup.

>> DOWNLOAD TYPINATOR NOW <<

Slack

Resultado de imagen para slackThe modern communication tool to get rid of 200 emails a day. Slack is a super powered IRC platform, with tons of integration into the most popular platform like DropBox, Google Drive, New Relic, GitHub, BitBucket, etc.

It has clients that can run on web, Windows, Mac, Linux, iOS & Android. They do have a FREE TIER and other PAID plans that offer extra options.

>> DOWNLOAD SLACK NOW <<

What about you guys? What app am I missing from this list?

El Trabajo Remoto y yo — December 27, 2017

El Trabajo Remoto y yo


Ayer me decidí escribir algo corto que resulto crecer mucho más de lo que pensé. Quería escribir sobre trabajo remoto en Nicaragua pero terminé contando mi historia, mis obstáculos y mi motivación.

Decidí también probar escribir en LinkedIN Pulse para probar el reach del mismo. Fue una bonita experiencia y escribir es algo que ayuda a quitarme estress e ideas locas de la cabeza para poder andar más liviano por la vida.

Lean mi historia aquí: https://www.linkedin.com/pulse/el-trabajo-remoto-y-yo-salvador-aguilar-l-i-o-n-/

También está este video de un conversatorio que hicimos sobre trabajo remoto hace algunos meses:

 

En WPNicaragua estamos buscando como hacer más charlas al respecto, incluso para el WordCamp Managua 2018, es posible que metamos una al respecto. 

¿Qué les parece?

MacOS Improvements: Homebrew — November 13, 2017

MacOS Improvements: Homebrew


For those who have used any Linux distro like Debian or CentOS, you are pretty familiar with packet managers. But this is also for all those Mac newbies out there, basically a packet manager is:

… a collection of software tools that automates the process of installing, upgrading, configuring, and removing computer programs for a computer‘s operating system in a consistent manner.

On Debian has APT and CentOS comes with YUM. Every IT Pro, SysAdmin or Dev knows how lovely packet managers are, and well since Apple never made one for MacOS, some one did and its amazing.

It’s called HOMEBREW and it brings the sweetness and ease of installing packages just like APT or YUM does on Linux.

How do you install HOMEBREW?

Open your favorite terminal app, either the one that comes with MacOS or my favorite iTerm2 and execute this command:

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
 And that’s it. YES, IT’S THAT SIMPLE!

Now What?

Now you should update Homebrew and you do it with this command:

brew update

And you can install any program/software. On this example I’m going to install Apache, PHP 7, MySQL:

brew install apache2 php70 mysql

This will proceed to install all the required dependencies for each of the software we are installing and that are NOT currently installed on the server.

After it is installed all software is saved the following directory:

/usr/local/Cellar

Below is a snapshot of how my HomeBrew directory is currently:

1. salvador@RipeR81-MBP: :usr:local:Cellar (zsh) 2017-11-09 21-27-20

So start experimenting with HomeBrew today, and let me know if you need a hand!

Tweet at me @RipeR81

Festival Break the 7 – El Salvador — November 9, 2017

Festival Break the 7 – El Salvador


BT7 no es una conferencia tradicional y tampoco es un típico evento de tecnología: es un Festival Digital. La tecnología estará presente en cada extensión del mismo.

El nombre significa Break the Seven porque será el lugar donde los conferencistas internacionales y los asistentes romperán siete elementos: the Process, the Content, the Metrics, the Code, the Algorithm, the System y para finalizar, the Web. Será tan explosivo que será impresionante.

Salvador Aguilar | BT7 2017-11-09 21-02-41

Mi papel como panelista es de representar a Nicaragua, GoDaddy & Sucuri, en esta ocasión como es la primera instancia de este evento, voy a participar en dos modalidades:

Charla Magistral:
Seguridad para Agencias & Freelancers de Desarrollo Web

BT7 Digital Festival 2017-11-09 21-07-16

Taller Especializado:
WordPress & Seguridad.

BT7 Digital Festival 2017-11-09 21-07-32

Si van a asistir no duden en contactarme para poder platicar en el evento.

Saludos!

 

Zac Gordon in WordCamp San José, Costa Rica 2017 — September 8, 2017

Zac Gordon in WordCamp San José, Costa Rica 2017


¡Pura Vida! Is the best way to start my review of attending WordCamp San José (formally WordCamp Costa Rica). Organizers Roberto Remedios and Alfredo “El Puas” invited me to do a workshop at WordCamp San José 2017 earlier this year while we were all hanging out at WordCamp Miami (also a great camp to attend). What started as a JavaScript […]

via Teaching JavaScript Deeply at WordCamp San José 2017 — WordPress Educator Zac Gordon

Matt writes about Gutenberg & WordPress — August 28, 2017

Matt writes about Gutenberg & WordPress


TinyMCE seems to be counted, a few months ago, we were presented with the future editor of WordPress, this editor will replaced the TinyMCE editor and will help define the web moving forward. This editor is called Gutenberg.

The editor is not like your classic WYSIWYG (what you see is what you get) editor, but it is built out of the user experience and the increase of Page Builders like Visual Composer, Beaver Builder, BoldGrid, etc. It has received several criticism, but be aware that everything that is different will always find some contrary reactions and its fine.

I am honestly excited for what is to come because I do believe on Matt Mullenweg’s work as he has been vital to making WordPress so popular that is on 28% of all websites (that is amazing btw). So you can read the full thread below:

https://ma.tt/2017/08/we-called-it-gutenberg-for-a-reason/

Conversatorio sobre Trabajo Remoto (VIDEO) — July 15, 2017

Conversatorio sobre Trabajo Remoto (VIDEO)


Esta fue una sesión improvisada nacida de un post publicado en Facebook en el Grupo de Desarrolladores de Nicaragua

Le comparto la grabación de lo que hablamos!

Oh-My-ZSH on MacOS Sierra — June 22, 2017

Oh-My-ZSH on MacOS Sierra


If you are a developer, coder, sysadmin or IT Pro I assume that you have used the terminal either on your Unix, Linux, Mac o Windows. And the shell that usually comes as default is the good old faithful BASH shell, which is nice but not cool.

What is Oh-My-Zsh?

Oh-My-Zsh is an open source, community-driven framework for managing your ZSH configuration. It comes bundled with a ton of helpful functions, helpers, plugins, themes, and a other cool things.

Below are some facts about it:

  • More than 200 plugins. Enhance your productivity with plugins that integrate into git, google, youtube, sublime and much more.
  • More than 1000 contributors.  Since its Open Source, the code is available for free on GitHub and you can add your modifications, plugins and themes. Just submit your pull request!
  • More than 140. Don’t be a dull bird using the old BASH simple theme. Add colors and other functionalities by using any of the themes.

Still not convinced?

Check this screen captures:

And these are just some of the ways your terminal or console can look like. Pretty awesome right?

Now, how do I install Oh My ZSH on my Mac?

Dude, its a piece of cake. Just go to your Terminal or iTerm2

mac-terminal-1

And type:

sh -c "$(curl -fsSL https://raw.github.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"

This will do the entire process of installing all the required pieces to make it work. Once it finishes you can go ahead and customize the themes & plugins.

Picking a different theme

As default, Oh-My-ZSH comes with the theme default which is robbyrussell. But if you want to choose a different please go to the Themes page in GitHub. Choose the one you like the most and then use your favorite text editor (nano, vim, emacs, sublimetext or even textedit) to edit the file .zshrc located on your home folder. Below are the commands to open such file on nano & vim:

nano ~/.zshrc
vim ~/.zshrc

Then you will have to locate the string:

ZSH_THEME=robbyrussell

And change it to the theme that you selected, on this case I chose the theme called Blinks, so I went ahead and edited the .zshrc file and put this string instead of the one above:

ZSH_THEME=blinks

Then save the file and exit the editor. Please note that you will NOT see an immediate change on your current session. You would have to start a new terminal session to see the new theme applied there.

Now if you are a free soul like me, then you might want to set the value to random, that way each time you open the terminal you will experience a new theme until you find the one that you love the most. To enable this awesomeness simply use this string instead of the two previous ones:

ZSH_THEME="random"

Cool? Dude you know it is cool!

So, what about plugins?

Just like Themes, enabling and disabling plugins is done thru a text editor and your file .zshrc. You will need to look for the string:

plugins=(xxxx)

Where xxxx can be anything.

Since you are on Mac, I suggest all these plugins to be enabled:

plugins=(brew rails git ruby terminalapp sublime screen rvm perms osx history github encode64)

But there are several more, just go to the Plugins page on GitHub to learn about them all.

Please note that the same rule of the themes applies here, you will need to save the file and open a new session to see the plugins enabled.

So that is all folks. Start experimenting with Oh-My-ZSH and help the creator of this awesome shell by buying some swag for you and your friends!

Comment below if I missed anything! Thanks!

%d bloggers like this: