Security on websites and mostly on WordPress which is on more than 29% of the entire internet, its crucial, preventive security is 10 times cheaper than proactive security.
Below is an amazing and easy to follow infographic about WordPress Security by my favorite Website Security provider: Sucuri
See the full infographic here: https://sucuri.net/infographics/intro-to-wordpress-security
If you do not know what HTTP Headers are, let me run a quick introduction, and if you do, then it would be just a refreshment.
What is HTTP anyways?
HTTP stands for Hyper Text Transfer Protocol, which is the protocol that we use on our browsers and to visit web pages and similar services. Since HTTP is part of the TCP, stack than it means that the flow works just like PING PONG. Below a simple graphic to explain it:
More about HTTP
HTTP is a protocol and it has several methods. The most used methods are:
The HTTP GET method is used to request a specific URL or file, some examples below:
HTTP GET http://domain.com/file.txt HTTP GET domain.com/contact-form/ HTTP GET https://www.domain.com/secure-file.html
This is basically what happens when you put a domain on the browser bar and click enter, or when you click on a link within a website. Your browser then generates an HTTP GET request to the server asking for that URL.
Its basically a request from the visitor to a server asking the server to send information.
The HTTP POST method is used on the opposite way. The POST is used when the visitor sends information to the server to process. Some examples can be:
- Filling out a contact form and clicking SEND. The POST method that the visitor sends, it will contain all the information of the contact form, and the server will receive the info and process it accordingly.
- Filling out any form.
- Adding products to shopping cart.
- Doing a checkout process on any e-commerce website.
HTTP POST www.domain.com/contact-form/?filled=yes&name=John%20Doefirstname.lastname@example.org&phone=1234567&comments=no
We do not usually see the POST contents on the browsers unless you use your browser’s Developer Tools to check on what is happening on the background.
Now that we’ve covered the basics, let’s talk about HTTP HEADERS!
What are the HTTP HEADERS?
HTTP Headers is all the extra values that are added to the HTTP GET & POST requests. Below a quick example:
First we do the request
HTTP GET salrocks.com
Then the server answered this:
HTTP/1.1 301 Moved Permanently Server: nginx Date: Sat, 27 Jan 2018 01:08:18 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: https://salrocks.com/
What does that mean?
Let’s break it down shall we?
HTTP/1.1 301 Moved Permanently
The HTTP 301, is a what is called a permanent redirect. This will tell your browser to load a different page, it will get the value from the LOCATION header.
The SERVER header, it will tell you what software is the web server using to serve websites. On this case the web server used is NGINX. Other values could be Apache, LiteSpeed, ISS, etc.
Date: Sat, 27 Jan 2018 01:08:18 GMT
The DATE header provides a timestamp of the time the request was served.
The CONTENT header will tell you what type of media file is, if its a text, media file or binary file. It will depend on the MIME TYPES setup on the server.
This one, the CONTENT-LENGTH header will simply tell you the size of the file requested.
As discussed on the HTTP 301 header, the Location will tell the server what URL it should load instead of the http://salrocks.com that was requested initially.
Ok so that’s simple right? Let’s move on. Let’s now try to load the https://salrocks.com to see what happens. Let’s go!
HTTP GET https://salrocks.com
And now the server answer was this:
HTTP/2 200 server: nginx date: Sat, 27 Jan 2018 00:18:39 GMT content-type: text/html; charset=UTF-8 strict-transport-security: max-age=86400 vary: Accept-Encoding vary: Cookie link: <https://wp.me/5zKS6>; rel=shortlink
Let’s break the answer now, since there are new values and new headers there. We are just getting started.
content-type: text/html; charset=UTF-8
As you can see the CONTENT-TYPE header now included a charset setting besides the MIME TYPE.
The STRICT-TRANSPORT-SECURITY header is related to HSTS and the policy that tells your browser how long to cache the request.
vary: Accept-Encoding vary: Cookie
The VARY header tells the other proxies if they should cache a similar request or if they should request a new one..
link: <https://wp.me/5zKS6>; rel=shortlink
The LINK header provides a relationship of the present request to the link provided on this header and the relationship. On this case it tells you that https://wp.me/5zKS6 is a SHORTLINK to https://salrocks.com
How do you use HTTP HEADERS to troubleshoot issues?
Checking the HTTP Headers of your website it can help you solve all of the following issues:
- Too Many Redirects.
- Failure in forms. The POST event might have gotten a HTTP 404, 403 or 500 error.
- SEO issues with 302 or 301 redirects.
- Caching issues (if an URL is cached, missed or expired).
- Media expiration status.
- CDN cluster from which the asset is served.
Soon I will be writing about HTTP HEADERS for Sucuri, CloudFlare and Kinsta.
It’s my go-to browser. I can publicly confirm that I don’t have love for Safari (#DieSafariDie) or Opera (#OperaWho?). I use Google’s Chrome as my personal browser and I use Firefox for work. Yes I keep my personal and work life separate and you should too. However Chrome is far from perfect, so I always add the following extensions:
- UBlock Origin – To get rid of all the ads on all pages including ads on YouTube.
- Ghostery – disable trackers, analytics, chats and other stuff and be ghost online.
As an IT Professional & SysAdmin, I do have to login to several services, servers, and its not SECURE to use the same password for EVERYTHING, nor to write them down on notepads or post-its.
I use KeePass as my centralized password manager, it allows you to create groups with icons, and it can help you generate secure passwords and even copy them securely and remove it from the clipboard as soon as you used them. And yes its FREE!
Working on support you are in constant need of sharing screenshots or capture part of your screen to point out specific parts either by highlighting. It also includes a useful feature to record a video of the your screen or partial regions of it.
It also comes with keys shortcuts for easier use and it comes with a free service that uploads them to a website and creates a short URL that you can share via email or social media.
One of the things I was missing from Windows & Gnome when I migrated to MacOS a few years back, was the ability to resize the windows of the apps and move them either to the sides or the top or even doing a maximize screen which MacOS was lacking. I found Spectacle and it solved my problem right away.
Managing the windows becomes as easy as if you were using Windows or Gnome. Try it out TODAY!
Keeping my documents and important information backed up and available on any computer makes me able to work from any computer or any place in the world. That is what I love about Dropbox.
The built-in terminal app that comes with MacOS is not bad, however iTerm2 brings many features that will make it way better, you will love the split panes, the search, paste history and much more.
Try it out and you will never go back to the default terminal app.
Its a vital part if you work on the web, a FTP/sFTP client. The most used client in the world and that is FREE.
Saving different sites, credentials and different authentication methods. It’s a no brainer!
VLC is the the only video player and media player that you will ever need.
The last text editor you’ll ever need. It just… works. It has support for several programming languages and has tons of plugins that can enhances the functions of the site, such as git and other features.
It’s FREE so give it a try right away!
If you want to prevent your computer from going into screensaver mode or prevent the monitor from shutting down when you are away from it, then Caffeine is your solution.
It runs on the top bar of your MacOS and is ready to help you when you need!
It’s a text expander that optimizes the time you spend repeating similar replies to customers. You set short codes for sentences or paragraphs and avoid typing and Typinator replaces them with the entire values that you previously setup.
The modern communication tool to get rid of 200 emails a day. Slack is a super powered IRC platform, with tons of integration into the most popular platform like DropBox, Google Drive, New Relic, GitHub, BitBucket, etc.
It has clients that can run on web, Windows, Mac, Linux, iOS & Android. They do have a FREE TIER and other PAID plans that offer extra options.
What about you guys? What app am I missing from this list?
Ayer me decidí escribir algo corto que resulto crecer mucho más de lo que pensé. Quería escribir sobre trabajo remoto en Nicaragua pero terminé contando mi historia, mis obstáculos y mi motivación.
Decidí también probar escribir en LinkedIN Pulse para probar el reach del mismo. Fue una bonita experiencia y escribir es algo que ayuda a quitarme estress e ideas locas de la cabeza para poder andar más liviano por la vida.
Lean mi historia aquí: https://www.linkedin.com/pulse/el-trabajo-remoto-y-yo-salvador-aguilar-l-i-o-n-/
También está este video de un conversatorio que hicimos sobre trabajo remoto hace algunos meses:
¿Qué les parece?
It’s called HOMEBREW and it brings the sweetness and ease of installing packages just like APT or YUM does on Linux.
How do you install HOMEBREW?
Open your favorite terminal app, either the one that comes with MacOS or my favorite iTerm2 and execute this command:
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
Now you should update Homebrew and you do it with this command:
And you can install any program/software. On this example I’m going to install Apache, PHP 7, MySQL:
brew install apache2 php70 mysql
This will proceed to install all the required dependencies for each of the software we are installing and that are NOT currently installed on the server.
After it is installed all software is saved the following directory:
Below is a snapshot of how my HomeBrew directory is currently:
So start experimenting with HomeBrew today, and let me know if you need a hand!
Tweet at me @RipeR81
BT7 no es una conferencia tradicional y tampoco es un típico evento de tecnología: es un Festival Digital. La tecnología estará presente en cada extensión del mismo.
El nombre significa Break the Seven porque será el lugar donde los conferencistas internacionales y los asistentes romperán siete elementos: the Process, the Content, the Metrics, the Code, the Algorithm, the System y para finalizar, the Web. Será tan explosivo que será impresionante.
Mi papel como panelista es de representar a Nicaragua, GoDaddy & Sucuri, en esta ocasión como es la primera instancia de este evento, voy a participar en dos modalidades:
Seguridad para Agencias & Freelancers de Desarrollo Web
WordPress & Seguridad.
Si van a asistir no duden en contactarme para poder platicar en el evento.
TinyMCE seems to be counted, a few months ago, we were presented with the future editor of WordPress, this editor will replaced the TinyMCE editor and will help define the web moving forward. This editor is called Gutenberg.
The editor is not like your classic WYSIWYG (what you see is what you get) editor, but it is built out of the user experience and the increase of Page Builders like Visual Composer, Beaver Builder, BoldGrid, etc. It has received several criticism, but be aware that everything that is different will always find some contrary reactions and its fine.
I am honestly excited for what is to come because I do believe on Matt Mullenweg’s work as he has been vital to making WordPress so popular that is on 28% of all websites (that is amazing btw). So you can read the full thread below:
Esta fue una sesión improvisada nacida de un post publicado en Facebook en el Grupo de Desarrolladores de Nicaragua
Le comparto la grabación de lo que hablamos!