Windows Web Hosting, Web Technologies, etc
Web Applications
The easy way to create your first WordPress Theme.
May 6th
Tired of trying to find just the right wordpress theme? There’s millions of them to choose from afterall. Would love to create your own but have less artistic talent now than you did in Kindergarten with a box of busted chunks of crayolas? (You know what I’m talking about. First week of school you had brand new Crayolas by the second week they were all bits and pieces and nubs)
Well No worries! Artisteer to the the rescue! If you can use word, if you can click a couple buttons you can create your own WordPress theme with ease.
Creating your first wordpress theme is as easy as 1, 2, 3
After you download and install Artisteer you’ll want to run (uh duh, tell me something I didn’t know Jess). You’ll be prompted to pick what kind of theme you want to create and it supports more than just WordPress. In fact today it supports WordPress, Joomla, Drupal, an HTML template, an ASP.NET Application and a CodeCharge Studio Template (CodeCharge is for wannabe programmers just like us wannabe artists, I’ll talk about it in the next series and yeah, I use it too and no real programmers use it too).
Here’s the startup screen:
You’ll select WordPress and then get a screen like this:
Now with absolutely ZERO artistic ability and effort. I could export that theme and have just created my first WordPress theme. Let me show you how.
First you’ll click on the Export Button on the top right. and it will prompt you with a screen:
You’ll give it a name and set a path to where you want it to export to as I did above and then click the OK button to let the magic happen. Open up that folder you had it export to and ta-dah! There it is:
That’s it upload that folder to your wwwroot/wp-content/themes folder and you’ve got your own theme installed and ready to go.
Here’s my blog right now (that uses an artisteer theme)
and Here’s my blog with that new theme we just created selected as the theme to use:
Just as easy as 1, 2, 3 I was able to completely change up my blog’s design.
Making the Artisteer theme, your theme.
Here’s the thing. I don’t really care for the yellow sunburst, the palm trees or general layout of this theme so let’s change it up. By clicking the “Suggest Design” a few times, artisteer will randomly create some suggested designs for me and every time it’s something completely different.
After three clicks I got this:
I like the design, but I don’t care for the colors. So I click the suggest colors button a few times and I get:
Those are colors I can live with but I don’t like the background so guess what, I click suggest background:
Now I can go through and get suggestions for every element of my theme and I can also go in and tweak the particular features of the theme as well. Let’s look at the header. I want to change it up. So at the top I click Header and get a new menu bar at the top:
Now I can change the background image, the text location, add a foreground photo, etc, etc, etc.
With a little playing around (and don’t worry if you goof it up just click the undo button at the very top to roll back) this is what I came up with:
Yeah, I know what’ you’re thinking. That’s one scary clown Jess.. But you get the idea, you can tweak every single element of your theme and if you actually have (unlike me) more artistic talent than you did in kindergarten with those broken bits of crayola, it will look pretty nice.
If you haven’t grabbed artisteer yet, definitely do head over and give it a whirl.
Enabling WP Super Cache for WordPress on Windows Hosting
Feb 10th
PHP on Windows Server is gaining great popularity thanks to Windows Hosts that support PHP like us (Applied Innovations), the work Microsoft and Zend are doing together to make PHP even faster on Windows and the large number of PHP developers that realize Apache represents only a piece of the total website/ webserver market out there and want to really expand their market.
A few months ago I had enabled WP-cache on my site but in order to get it running I needed to make numerous tweaks. WP-SuperCache actually offers many more abilities over wp-cache and it supports Windows by default from install (well, almost).
Why install caching on your WordPress blog (or any blog)
WordPress dynamically generates your pages for you by making calls to the MySQL database server. If your site suddenly sees a HUGE increase in traffic or popularity it’s possible that the MySQL database server you’re using won’t be able to handle the traffic load. What would cause this to happen? Well, one could only be so lucky. Typically if your blog is posted on a site like digg.com or slashdot.org or hey maybe CNN.com even. Chances are your shared MySQL database server isn’t going to be able to handle the load and before long you’ll find either the server crashes or the hosting provider shuts down your DB to allow the other sites on the server to remain online. Not good.
Caching applications like wp-supercache, cache these dynamic requests as static content on your site and pull the content from that static cache instead of making each page that’s called get generated dynamically. Static content can be served EXTREMELY FAST in IIS compared to dynamic content and puts almost no load on the webserver. So by serving static content and limiting the calls to the database server you’re improving the site speed, lowering the load on the server and increasing the number of simultaneous site visitors your blog can handle.
Warning to the faint of heart.
NOTE: Before we go any further it’s important to understand that when we first install this plug-in it’s going to break our blog. We’re going to need to edit one line on one file to fix this. If for some reason after you install this plug-in if you need to manually uninstall it and aren’t able to access the admin interface here’s how to do that:
- Delete the entire folder wp-supercache in the folder wp-content/plugins in your blog directory.
- Delete the files advanced-cache.php and wp-cache-config.php in the folder wp-content in your blog directory.
Once you delete these files and folders the plug-in should be disabled. Go into the plugins menu and verify it’s removed and not listed there.
Remember, this has worked for me on 6 different installs of WordPress 2.7 on Windows 2003 and 2008 based servers but the configuration at Applied Innovations may be different than your host’s configuration.
You make these changes at your own risk and are solely responsible for anything you break.
How to install WP-SuperCache
Within the WordPress Dashboard you’ll select the Plugins option on the left
This will bring up the Manage Plugins page and expand the plugins options in the menu. From here we’ll select ‘Add new’
This will bring up the Install Plugins page with a search box at the top. For term we’ll type “super cache” and click the search button:
The search will run and list several plugins. We’ll select “WP Super Cache’” which as of this writing was at version 0.9 and we’ll click the install link.
This will bring up a pop up and we’ll click the install button to automatically install this plug-in.
Once the plug-in is installed we’re going to activate it but before we do that I need to warn you, that we may start getting errors on our blog. The reason we activate it and enable these errors is that activating the plug-in creates a file we need to edit in order to remove these errors. Without first activating (and/or enabling the plug-in) these files won’t be created and we’re not able to edit them to proceed.
So go ahead and activate it now but understand we’re going to get errors.
Activating the plug-in & editing it for Windows
When we activated this plug-in we probably got an error like this:
Warning: include(D:\Domains\domain.net\wwwroot/wp-contentD:/Domains/domainnet/wwwroot/wp-content/plugins/wp-super-cache/wp-cache-base.php) [function.include]: failed to open stream: Invalid argument in D:\Domains\domain.net\wwwroot\wp-content\plugins\wp-super-cache\wp-cache.php on line 49
Warning: include() [function.include]: Failed opening ‘D:\Domains\domain.net\wwwroot/wp-contentD:/Domains/domain.net/wwwroot/wp-content/plugins/wp-super-cache/wp-cache-base.php’ for inclusion (include_path=’.;C:\php5\pear’) in D:\Domains\domain.net\wwwroot\wp-content\plugins\wp-super-cache\wp-cache.php on line 49
As you recall I said that I had found this plug-in works “almost” out of the box on Windows. I believe each host has a different PHP configuration and at Applied Innovations you have to make a slight tweak to allow this app to work.
NOTE: If for some reason these files don’t exist for you yet. skip ahead and turn on the caching and then open the site again in your FTP client to edit the files. Remember if you need to completely disable this plug-in just delete the folder wp-supercache in wp-content/plugins. If you delete these files and it still doesn’t load you may need to delete the files advanced-cache.php and wp-cache-config.php in the wp-content folder as well.
Open your FTP client and download the file in wwwroot/(yourblogfolder)/wp-content/wp-cache-config.php
and edit the line like this (it should be line #7):
define( ‘WPCACHEHOME’, WP_CONTENT_DIR . "D:/Domains/YOURDOMAIN/wwwroot/wp-content/plugins/wp-super-cache/" ); //Added by WP-Cache Manager
to this:
define( ‘WPCACHEHOME’, "D:/Domains/YOURDOMAIN/wwwroot/wp-content/plugins/wp-super-cache/" ); //Added by WP-Cache Manager
Basically remove the “WP_CACHE_DIR .” portion and reupload the file.
So once we clean this up the paths we should get no more errors displayed.
Enabling WP Super Cache now that we’ve edited it.
From here click on settings and then WP Super Cache to bring up the Super Cache settings menu
Now we’re going to turn on the cache feature:
and click the update status button. WP Super Cache should now be enabled and you should now be caching your dynamic pages as static pages.
Verify caching is enabled.
Now we need to make sure our site loads and is caching. Go to your site in a browser and make sure the page comes up. Hit refresh after it first comes up and it should load faster. Do this on a few different pages and then click “view source” in your browser on one of your pages and scroll to the bottom you should see a couple lines like this at the very bottom:
<!– Dynamic Page Served (once) in 0.429 seconds –>
<!– Cached page generated by WP-Super-Cache on 2009-02-10 12:45:34 –>
You can go back into the WP Super Cache Settings and you’ll see stats on your cached content:
We’re all cached up!
So there you have it. We’ve enabled caching on your site. This article is a work in progress and may be updated or followed up from time to time. Any questions or problems though feel free to comment.
Creating your own Zooming Photo Mosaic
Jan 7th
I was really impressed with the deep zoom version of the Newseum newspaper frontpages from the Obama Election win in my previous blog post. I was so impressed that I had to figure out a way to do this myself. This post will guide you through this process, step by step.
Step 1, creating your Photo Mosaic
Recently Carlos mentioned he wanted to get a Photo Mosaic made by his Photographer from his wedding photos. I figured in this day and age of Information sharing there had to be low cost applications out there that would automate this process for you. (If you haven’t learned yet, everything is on the Internet)
After a quick web search, I found AndreaMosaic, a FREE application for this very purpose. (REALLY AMAZING APPLICATION)
With AndreaMosaic you take a picture you want to be the base of the mosaic:
Select a bunch of pictures you want to use to create your Mosaic (the more pictures the better):
And click a couple buttons and Presto! Photo Mosaic for free:
But you run into a problem. If you zoom into the picture moderately, you get okay photo resolution:
If you try to zoom in a lot though, you start to lose detail:
So what to do?
Step 2, Enter Silverlight Deep Zoom
From my earlier blog posts you know Microsoft’s Silverlight Deep Zoom allows you to take a bunch of high resolution images and stream them as you zoom in providing more detail on just the area you’re viewing.
The good news is that AndreaMosaic will generate a Deep Zoom application for you automatically, the bad news is to do anything with that you’re going to want to import it into a tool like Deep Zoom Composer and and start working with it. I ran into a problem here because my home PC only has 4GB of memory and quickly depleted that and Deep Zoom Composer would crash (let’s chalk it up to beta software). To get around this, I had Andrea Mosaic split my image up into 4 separate images:
I created a new Silverlight project in Deep Zoom Composer (DZC), added my 4 images to the project:
Then I zoomed in to arrange them on the palette in DZC so that they lined up I set the export options in DZC:
and had it create my new Deep Zoom project in an HTML / Silverlight project that was web ready for me. I could now go from:
To this:
All the way to this:
With plenty of detail that I could really enjoy. Best of all, the newly generated project has all the controls for zoom in, zoom out, center and even FULL SCREEN, all created automatically for you!
Step 3, uploading your new project.
Now that you’ve got your project created and tested out the next step is to upload. Now in the “New Microsoft” they’re all about hosting the content and applications for you so you can either host your new project on their site, or be uber-cool and host it on your own website like me:
http://www.jesscoburn.com/coburnchristmas08/
There’s a little massaging to do though to get it to display out of the gate. So here’s what I did:
- In your exported project you’ll find a folder DeepZoomProjectWeb. Let’s assume you’re going to upload your project to a new folder on your site called deepzoom. Within the DeepZoomProjectWeb folder copy the web.config file to your deepzoom folder on your website.
- In the DeepZoomProjectWeb/ClientBin Folder copy all of those files and folders (GeneratedImages, DeepZoomProject.xap, DeepZoomProjectTest.html, Silverlight.js) into your deepzoom folder on your website.
- Finally, rename your DeepZoomProjectTest.html file to default.htm (or index.html) and open your site, domain.com/deepzoom/ and the page should load fine.
That’s all there is to it. Really, just 3 simple steps and you’ll have your own Dynamic Zooming Photo Mosaic, thanks to a couple freeware apps, a little munging of data and a bit of creativity.
Here’s the cool thing. My original 4 files for my mosaic were about 25MB total. The zooming project is about 100MB but you don’t really download that full 100MB only the parts that you’re looking at and zooming into.
Playing with the new Deep Zoom Composer
Aug 6th
Microsoft released another update to Deep Zoom Composer on August 3rd. The latest build of Deep Zoom Composer includes a feature that generators the silverlight code for you and also support photo-stitching. Photo-stitching is where you take multiple pictures and stitch them together to create a panoramic photo. Deep Zoom is the seadragon technology from Microsoft that allows you to pan and zoom in an image and the browser downloads only those pieces of the image in detail that you’re looking.
Add an 8MP Point and shoot and Deep Zoom Composer and what do you get? The cool stuff ofcourse!
So recently I went to San Francisco and found a little time to took a few pictures. If you’re wondering what a Florida boy takes pictures of in California, it should be pretty easy to figure out… Bridges and Mountains ofcourse!
So here’s the good stuff: Deep Zoom from the top of Mount Diablo. Deep Zoom of the Golden Gate Bridge.
You can open those files and if you have the newest Silverlight 2 beta installed you’ll be able to pan and zoom all through the images by either using your mousewheel or doubleclicking on an area. Cool stuff.
So That’s Cool, But How’d I do it?
So here’s the coolest thing about this whole process. The pictures of the golden gate bridge aren’t actually in order and in fact they were taken with the camera at 90 degrees so I could get more landscape in. What’s cool about that? Well deep zoom composer (we’ll call it DZC) figured out the order of the pictures and did the best job I have found yet for photo stitching. I don’t use a tripod or any fancy fish eye lens so it’s got some work to do but it does it faster and with better accuracy than anything else I’ve used yet.
Here’s what the pics looked like in Picasa2 (you can see I went left to right and then back to the left to take two more pics of the fog rolling in)
Here’s another cool thing about these pictures. This effected is created using 770+ different smaller images and it only streams to you in detail the area you’re looking at. So instead of downloading 7 images that are all 3MB each you’re downloading bits and pieces needed for that area you’re viewing. Pretty cool stuff.
Well is that really? Yes it is.
Okay you’re probably thinking right now “big deal it’s just a photo stitching application with some flashy zoomy-zoomy stuff”. But here’s where it really shines. Look at the first Golden Gate Demo app I created. You’ll see this picture:
Yeah it’s a nice picture. But then start to zoom into that little light brown weed bush:
Yeah that’s a little more detail right? But Zoom in some more…
Oh look it’s got some other leaves… But zoom in some more..
Now the details really start to come out… Okay you want to zoom some more don’t you? I don’t know if it’s a good idea but go ahead, indulge yourself..
EEK!! You went too far! But now you get the idea of just what can be done..
What else?
Alright here’s a few more pics:
And one more Deep Zoom of the Golden Gate Bridge (taken from the other 5 images in the screen capture above and it’s 1500+ smaller images).
SQL Injection Help .. Microsoft to the rescue with URLScan 3.0.
Jun 26th
The number of SQL Injection attacks across the Internet continue to rise. I’m seeing regular posting on the SANS RSS feed related to SQL Injection and XSS these days and clients are finding that applications they thought were not vulnerable turn out to be vulnerable because of patches and custom mods they’ve had made to them. For most site owners this meant going back to the developers and getting updates and this is generally costly and time consuming. Fortunately, Microsoft has stepped up to the plate and brought us a little relief in the form of URLScan 3.0 beta/go-live release.
Here’s a few links to get you to good stuff and hopefully save the day:
Microsoft Security Bulletin: http://www.microsoft.com/technet/security/advisory/954462.mspx
Link to download HP’s custom SQL injection scanner and how to use it. They created this for Microsoft to help you identify possible vulnerabilities in your site.
A source code analysis application that can help identify vulnerable code in your application.
UrlScan 3.0 Beta. I’m generally opposed to installing beta software on a production webserver but I think if you’re getting hammered, it’s probably better to just bite the bullet and do it. As you probably know UrlScan was for the most part built into IIS 6 but it doesn’t have querystring filtering, this build does and it works with IIS5.1 and later including our beloved IIS 7.0. Kudos to the IIS Team!
Word of caution
Word of caution, I’ve installed this for a few people and a couple times it wouldn’t load after the initial install (Beta software). My fix for this was to install the ISAPI filter directly on the website in question. I used Filemon to watch for when it triggered and referenced the log files to tweak out false positives from there. Each site is unique so you’ll need to tweak your settings accordingly.
Another useful tool
LogParser is another great tool for reviewing your server logs and searching for information such as hack attempts. Steve Schofield has a nice write up about using LogParser and URLScan.
A few FAQ’s on this subject:
Q: Is it Microsoft’s fault and if not then who’s fault is it?
A: It’s yours and your developer’s fault. As hackers evolve so much our techniques to combat them. Coding methods and ways to access SQL server have changed over the years as a result of this and if you haven’t had your site updated, then it’s your fault.
Q: I just moved my website to a new server and I’m getting hacked now and I wasn’t before. It’s the new server right?
A: No. This is a new type of worm if you will that affecting websites the fact that you changed hosts, websites or applications probably doesn’t have anything to do with it at all. This really started to become a huge problem around late April of this year and we’ve watched it grow into a bigger problem since then.
Q: Is URLScan the answer to my prayers?
A: Consider it a stopgap you’ll be able to employ until you’ve had your web applications updated. You really need to get your application secured.
Q: I haven’t been attacked, how do I know if I’m vulnerable?
A: Use the two tools above and also you might want to hire a service to do website security scans. If you’re hosted with Applied Innovations you can you get free quarterly security scans from scanalert.com.
Q: What kinds of applications are vulnerable? Is it just shopping carts?
A: Every application that accesses a database server of any kind is potentially vulnerable.
Q: My website is written in XXXX language and it’s supposed to be very secure, am I vulnerable?
A: Potentially, YES! Any web application that uses a database can be vulnerable.
