The pay to write the tutorial lists

Introduction

In this article, it’s just the lists to present how to get the pay to write the tutorials.

Table of Contents

  1. Lists
  2. Conclusion

Lists

  1. DigitalOcean
  2. SitePoint
  3. instantshift
  4. spyrestudios
  5. Envato+
  6. SmashingMagazine
  7. Envato
  8. EnvaoMarket
  9. Appcelerator
  10. ProgrammableWeb
  11. ServerGrove(It’s not sure to pay to write articles.)
  12. TecMint(It’s no pay to write the articles.)

Conclusion

In the previous section, we present the available website which provide the Paid to write tutorials.

I try to use sumit the unique and original tutorials for these websites.

In the next article, we will present the tutorials how to submit the tutorials for these websites.

Install the Shield security plugin to protect your WordPress(1)

Introduction

Nowadays, someone choose the WordPress to build their own blog or their small business.However, people usually forget the security for their WordPress.In this tutorial, we present the Shield Security plugin and you will learn how to use them to protect your WordPress.

Table of Contents

  1. What’s WordPress plugin?
  2. The Shield security plugin
  3. Conclusion

What’s WordPress plugin?

We can imagine that the plugin is the extend library of WordPress.They work together with WordPress and make the WordPress functionality powerful.

Prerequisiste

Before starting the next article, we have to let you check out the following things:

  1. You already have the WordPress website.
  2. You should have the basic concepts about WordPress website.
  3. You should know how to find and install the WordPress plugins.

The Shield security plugin

In this article, you will learn how to install and set the Shield security plugins.

Step1 -Install the plugin

Firstly, we have to login the WordPress admin panel then checkout the link: https://yourdomain.com/wp-admin/plugin-install.php.

Step2 -Set the plugin

Secondly, find the plugin name: Shield security plugin then we can see this searching result of screenshot:

Then you can see the first result is the targeted plugin.we install and activate plugin.After activating the plugin, we will see the link named Shield Security is existed in left panel.We click this link then enter the Dashboard tab.After clicking the admin page, you will see the admin interface like the following screenshot.

We click the Dashboard icon and will see the three tabs: Global options, General options and Google.In Global options, we have to make sure the Global Plugin On/Off Switch is checked.In General options,the Display Plugin Specific Notices have to be checked.In Google tab, we consider whether the reCAPTCHA is enabled during logging the WordPress admin page.

In Security Admin option,it restricts the access to this plugin to preventing unauthorized change to your security settings.The plugin recommend this feature should be enabled.

You have to consider the following screenshot to understand how to set the Security Admin.

We enable the Security Admin plugin and fill the Security Admin Access Key filed.Remember that admin key because the plugin will request the access key before modifing the WordPress options.

This setting is setted the timeout which the admin access key is expired.The default value is 30 minutes is fine so you don’t have to change this value.

In Access Restriction zone tab, it let you choose the options which is restrictd.The WordPress options should be restricted. The Admin users or Plugins is up to you to be restricted.After checking the options, you have to click the Save All Seetings so that the feature you check will be worked.

In Firewall feature, you can consider the following recommendations.

We enable this plugin.

If possible, check all the features in Firewall Blocking tab. It will be blocked the illegal behavior by the Firewall plugin.

Select the “Die With Message” option is fine and it’s up to you to check the Send Email Report option.

You should not check any featue in the Whitelist tab because there’re not any feature can bypass the firewall.

After checking the required features, you have to click the Save All Settings button to make sure your features you check is worked successfully.

Once you notice that you get the “Die With Message” after modifing the Admin options, you should temporarily disable the Firewall plugin until the admin user will be modified successfully.

Conclusion

The first part is ended here and we will introduce the Login Protection, User Management and Comments SPAM in next part.

Using the Guzzle5 to access the web service in PHP

[Abstract]

Nowadays, we usually use the curl to access the web service in PHP. However, the curl does not have the useful features during accessing the web services. For example, set the timeout to restart requesting services, use the flexible parameters to build the url queries and so on.

In this article, you will learn how to use the Guzzle to make the HTTP request and access the web services in PHP. You will also learn some samples to access the mailing service and Image service.

[Introduction]

The Guzzle(https://github.com/guzzle/guzzle). It’s the PHP HTTP client and it’s on top of the PHP curl.It implements some missing features in PHP curl. You can see more details about the following link lists:

  1. The GitHub project: https://github.com/guzzle/guzzle
  2. The official documentation: http://docs.guzzlephp.org/en/stable/
  3. The Guzzle 5.3 documentation: http://docs.guzzlephp.org/en/5.3

[Prerequisite]

  • PHP Requirements: PHP 5.4+
  • To use the PHP stream handler, allow_url_fopen must be enabled in your system’s php.ini. allow_url_fopen.
  • To use the cURL handler, you must have a recent version of cURL >= 7.16.2 compiled with OpenSSL and zlib. cURL.

[Installation]

In this article, we introduce how to install the Guzzle5.3 via Composer(http://getcomposer.org/) and the steps are as follows:

  1. Download the composer.phar from the follwoing command:
    curl -sS https://getcomposer.org/installer | php
    

    Or you can download the latest composer.phar manually and check out the download section in this link: https://getcomposer.org/download.

  2. We create a project named guzzle-demo and create a composer.json in project root folder. Add the required Guzzle version in composer.json.The contents are as follows:
    {
       "require": {
           "guzzlehttp/guzzle":"5.*.*"
       }
    }
    

[Access the 3rd party web services]

In this article, we present some samples to access the MailGun and Imgur API via the Guzzle 5.

[MailGun]

MailGun is a mailing service which help us to be convenient to send the e-mail. And it also helps us to be flexible for sending e-mails.web present the curl and Guzzle5 sample code of sending e-mail are as follows:

CURL:


function send_simple_message() {
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
    curl_setopt($ch, CURLOPT_USERPWD, 'api:key-your-key');
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
    curl_setopt($ch, CURLOPT_URL, 'https://api.mailgun.net/v3/your-domain.mailgun.org/messages');
    curl_setopt($ch, CURLOPT_POSTFIELDS, array('from' => 'peter <peter279k@gmail.com>',
           'to' => 'peter <peter279k@gmail.com>',
           'subject' => 'Hello', 'text' => 'Hello World'));
    $result = curl_exec($ch);
    curl_close($ch);
    return $result;
}

Guzzle5:

require "vendor/autoload.php";

$client = new GuzzleHttp\Client([
    'defaults' => [
    'auth' => ['api', 'key-your-api-key'],
    ]
]);

$res = $client->post('https://api.mailgun.net/v3/your-domain.mailgun.org/messages', [
    'body'=>[
        'from' => 'peter <peter279k@gmail.com>',
        'to' => 'peter <peter279k@gmail.com>',
        'subject' => 'Hello',
        'text' => 'Hello World'
    ]
]);
var_dump($res->json());

We can notice that the CURL is more completed than the Guzzle5 because the most of options are setted by Guzzle5. We will foucus on the parameters for the requesting queries.

[Imgur]

The Imgur is the famous Image service. It provides the Good space to store the own images. The sample code which is about the uploading image via CURL and Guzzle5 are as follows:

CURL:


$client_id = "your-imgur-client-id";
$image = file_get_contents("/path/to/image.png");

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://api.imgur.com/3/image.json');
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Authorization: Client-ID ' . $client_id));
curl_setopt($ch, CURLOPT_POSTFIELDS, array('image' => base64_encode($image)));

$reply = curl_exec($ch);
curl_close($ch);

$reply = json_decode($reply, true);

var_dump($reply);

Guzzle5:


$imageFile = file_get_contents("../imgur_result.png");

$client = new GuzzleHttp\Client([
    'defaults' => [
        'headers' => ['Authorization' => 'Client-ID 3aa5c24753e1656'],
    ]
]);

$res = $client->post('https://api.imgur.com/3/image.json', [
    'body'=>[
        'image' => base64_encode($imageFile)
    ]
]);

var_dump($res->json());

[Summary]

In this tutorial, we present the steps to let you learn how to use the Guzzle5 to access the web services.If you get the certification error during the HTTP request, you should fix the certification bundle error by yourself.

We also present the sample code to make you compare the difference of using CURL and Guzzle5.We hope the readers can replace the Guzzle with CURL for the next web application project.And using the Guzzle to access the web service easily.

[References]

  1. MailGun user manual: https://documentation.mailgun.com/en/latest/user_manual.html
  2. Imgur API documentation: https://apidocs.imgur.com

 

 

在Ubuntu 上安裝PHPMyAdmin 的要點與設定

[前言]

因為在Ubuntu 上面安裝很多次的PHPMyAdmin 了。因此想要統一紀錄安裝的過程。

以及所需要注意的事項與設定。

[安裝過程]

[前置條件]

  • 已經有一台VPS 並上面搭載Ubuntu 14.04/16.04 的版本
  • 已經初始化過Ubuntu 作業系統,請參照此篇文章
  • 已經安裝好LAMP server
  • 該升級的套件都已經升級(可選選項,可做或可不做)參考文章

[安裝步驟]


sudo apt-get update

sudo apt-get install phpmyadmin

在安裝的過程中會詢問是要設定哪一種 HTTP server ,選擇Apache 即可

[安全性設定]

  1. Change Default PhpMyAdmin Login URL 改變預設的登入網址
    預設是:domain.com/phpmyadmin
    要更改的話,只需要去:/etc/phpmyadmin/apache.conf 更改即可。
    更改的地方如下圖所示。改成 Alias /customadminname /usr/share/phpmyadmin
  2. Enable HTTPS on PhpMyAdmin 在PHPMyAdmin 下啟用HTTPS
    通常HTTP/HTTPS 下拜訪 PHPMyAdmin都是允許的。
    為了防止密碼被有心人士監聽看光光,所以啟動HTTPS 是有必要的。
    主要是有兩種方式可以啟用HTTPS。
    使用 Let’sencrypt, 自行簽章, 購買有效的憑證以及使用DNS 代管(Cloudflare 的中介 HTTPS)。
    本章節主要是使用Cloudflare 的 HTTPS。因此只需要改動 /etc/phpmyadmin/config.inc.php 檔。
    更改的方式如下圖,加入 $cfg[‘ForceSSL’] = true;
  3. Password Protect on PhpMyAdmin 使用http-basic auth 保護 PHPMyAdmin
    這裡需要用到:htpasswd 這個指令,需要用到 apache2-utils。
    需要額外安裝,使用 sudo apt-get install apache2-utils 來安裝。
    在/etc/apache2/sites-available/000-default.conf 加入使用HTTP-Basic-Auth 的設定

    <Directory /usr/share/phpmyadmin>
    AuthType Basic
    AuthName "Restricted Content"
    AuthUserFile /etc/apache2/.htpasswd
    Require valid-user
    </Directory>
    

    接著設定帳號, 密碼以及相關檔案的權限

    sudo htpasswd -c /etc/apache2/.htpasswd yourusername
    # specify user/group permissions
    sudo chmod 640 /etc/apache2/.htpasswd
    sudo chgrp www-data /etc/apache2/.htpasswd</pre>
    <pre>

    設定完成後,再去拜訪網站就會要輸入帳號與密碼了。(如下示意圖)

  4. Disable root Login to PhpMyAdmin 停用使用者 root 方式登入 PHPMyAdmin
    修改 /etc/phpmyadmin/config.inc.php 檔案在如下圖的位置中加入:
    $cfg[‘Servers’][$i][‘auth_type’] = ‘cookie’;
    $cfg[‘Servers’][$i][‘AllowRoot’] = false;
    這兩行。

設定完之後,都需要記得將Apache 服務重啟:sudo service apache2 restart

安全性設定——Apache VirtualHost 的搭配使用

這是我參考的資料中所沒有提到的,算是自己額外加上去的。

使用VirtualHost 目的是可以使用子網域方式存取。

除了比較好記住之外,也多一層防護。

 

[參考資料]

NAT-based VPS 的建置與設定心得

[前言]

最近跟大學同學一起合作開發一些開源專案,因為需要有一個比較彈性的空間。

因此傾向使用VPS 作為部署專案的地方。想找看看一年加上網域可以低於1000台幣的。

因此就找上使用NAT-based VPS。跟一般不同的是:NAT-based 的IPv4 是共享的,因此多台機器會在童一個區域網段內。對外IP 是好幾台共用一組,SSH分別對應到不同的port number。

在SSH 連線時需要使用此對外IP,設定網域名稱會比較麻煩,因為對外IP只有一個,並不是將此對外IP 設定到DNS 的 A record 即可,因為一台機器80 port 只有一個,所以不可能這樣做。

這時需要借助proxy 功能將AAAA紀錄設定成IPv6 address 即可。IPv6 每個人是不一樣的。讓server 自動導向到正確的網址以及呈現出正確的網頁內容。

以下即是設定方法與使用的主機供應商介紹。

[設定方法]

[主機供應商介紹]

名稱:i-83

簡介:IPv4 NAT & IPv6 based OpenVZ VPS Provider with over 11 locations worldwide

機房分佈:亞洲,歐洲,美洲都有。最近的是在亞洲(新加坡)

使用心得:NAT-based VPS 好處就是比較便宜,但是設定會比較複雜。

[NAT-based 額外教學]

從此篇文章的第5與6開始講解。前面的1~4步驟則是和安裝LAMP server 有關。我們假設已經在機器上面已經安裝好了。(詳細安裝與初始化Ubuntu 的教學請參照先前我寫的文章

第5 步驟:Adding the domain record

假設已經註冊好網域並交給Cloudflare 代管了。這步則是需要新增IPv6 到AAAA record上。

新增的方式為如文章中的截圖所示。

第6 步驟:Binding Apache to the IPv6 address

本步驟是依照Debian 上Apache 所在的設定檔去做設定。

而Apache 的設定是在:/etc/apache2/ports.conf

把它改成IPv6 的形式,如下圖所示:

 

[參考資料]

 

初始化VPS上的Ubuntu作業系統[不定期更新]

[前言]

租用VPS跟本地端上所使用的機器一定會有些不一樣的地方。

像是少很多套件,需要自己安裝,有些設定不會有,要自己手動在設定等。

本文是在紀錄所有VPS上剛安裝好一個新的Ubuntu 之後,所要處理的問題。

整理在這裡方便日後碰到問題以便查詢。

同時本文章會不定期的更新,因為碰到的問題,只會多,不會減少。

下列是初始化的腳本,腳本使用方法如下:


chmod 700 initial_ubuntu.sh

./initial_ubuntu.sh your_user_name

[腳本內容]

[腳本說明]

分成幾個部份:

  1. 調整locale語系與編碼
  2. 調整時區(timezone: Asia/Taipei)
  3. 調整防火牆
  4. 新增一個使用者,並自行設定密碼
  5. 調整ssh 設定,禁止root 使用者登入。延長ssh 連線時間
  6. 安裝所需要的套件,更新所需要的套件
  7. 自行新增.bashrc 與 .bash_profile 至使用者家目錄下(參考49~55行,60~61行)

因為hosting provider 為了能夠快速的把作業系統安裝好,通常所使用的鏡像基本上都是最小化的安裝。

因此多少都會遺漏部份的套件,因此這部份需要自己安裝,另外,因為國際的關係,所以語系通常都是使用en_US.utf-8 作為locale。因此在腳本特別針對這一部份,進行語系的修正。在server 上面的中文網頁不會有問題的窘境。

[參考資料]

Ubuntu 14.04 LTS 升級套件須知

[前言]

本文章適用於Ubuntu 14.04的版本。目前收錄:PHP, MySQL 等升級要領。

[前置條件]

已經使用:tasksel 套件安裝好LAMP stack。(相關指令如下)

已經安裝好相關的套件供安裝需要的套件的時候所使用。

預設的PHP 版本為:5.5.9, MySQL版本為:5.5。


# Prerequisite
# You should run the initial_ubuntu.sh script before running this bash script file.
sudo apt-get update
sudo apt-get install dialog tasksel software-properties-common
sudo tasksel install lamp-server

[本文]

本章節主要是展示:

  • PHP 5.5 升級到PHP 7.0
  • MySQL5.5 升級到MySQL 5.6

[PHP5.5 升級]


# upgrade the PHP 5.5.9 to PHP 7
sudo add-apt-repository ppa:ondrej/php

[MySQL5.5升級]


# upgrade the MySQL 5.5 to MySQL 5.7
wget http://dev.mysql.com/get/mysql-apt-config_0.8.0-1_all.deb

# The following command will ask for input:
# see more details: https://askubuntu.com/questions/750498/mysql-5-5-update-to-mysql-5-7
# Notice: I choose the MySQL 5.6 because the MySQL 5.7 encounter some unexpected problems.
sudo dpkg -i mysql-apt-config_0.8.0-1_all.deb

MySQL 在安裝設定檔時,會有選項要選擇升級的MySQL版本。(如下示意圖)

動第一個選項就好,選完選『ok』

接下來是兩者都需要做的事情:更新repo 站點網址,安裝新版的套件以及重新啟動服務


# update the packages repo url
sudo apt-get update

# intall the required packages
sudo apt-get install php7.0
sudo apt-get install php7.0-mysql
sudo apt-get install mysql-server
sudo mysql_upgrade -u root -p
sudo service mysql restart

[MySQL 升級相關問題]


# MySQL server need the logger package during starting the MySQL service.
# If not, it will encounter: " mysqld_safe --syslog requested, but no 'logger' program found. Please ensure that 'logger' is in your PATH, or do not specify the --syslog option to mysqld_safe" error.
sudo apt-get install bsdutils

# solve the MySQL server error: MySQL 5.6 No directory, logging in with HOME=/
sudo service mysql stop
sudo chown mysql /var/run/mysqld
sudo usermod -d /var/lib/mysql/ mysql
sudo service mysql start

[PHP 升級相關問題]

下面列了幾個範例,當要額外安裝PHP extensions時,所做的動作以及啟動這些extensions

供 Apache server 以及 PHP CLI(command line interface) 所使用。


# If you use the Apache server
# Disable php5 Apache module then enable php7 Apache module
sudo a2dismod php5
sudo service apache2 restart
sudo a2enmod php7.0

# If you want to install additional extension for the PHP 7
# You have to refer the following commands.
sudo apt-get update
sudo apt-get install php7.0-curl php7.0-mbstring php7.0-mcrypt

# enable the module in PHP cli
sudo phpenmod mcrypt
sudo phpenmod mbstring
sudo phpenmod curl

# After installing the required PHP extensions, you should restart the Apache service.
# Then the PHP module will successfully load in PHP Apache modules.
sudo service apache2 restart

[參考資料]

  1. PHP, MySQL 升級相關bash script
  2. https://askubuntu.com/questions/750498/mysql-5-5-update-to-mysql-5-7
  3. https://www.digitalocean.com/community/tutorials/how-to-upgrade-to-php-7-on-ubuntu-14-04
  4. https://stackoverflow.com/questions/35988990/how-to-enable-php7-module-in-apache