I’m very pleased for one of my very good clients, David McWilliams, who has just recently been selected as a Young Global Leader by the World Economic Forum. The only Paddy on the list!

I’ve been involved in the McWilliams web project since it’s start in 2003. It has only recently switched over to a WordPress powered site.

The WEF selection means that David will have access to some very interesting individuals in the coming years and hopefully we can utilise this in our Podcasting experiment which is still in it’s infancy.

Since I no longer manage servers directly, I have removed the GSM phone attached to my office server, sending me text alerts whenever a server or service is down.

I do wish to keep an eye on client websites of course though, as well as this one (which has had some small downtime issues in the past month due to some capacity issues with it’s host).

There are a plethora of website monitoring services out there, but the one I decided to take for a test drive was Site24×7.com. It offers the usual monitoring of a website and sends email and text alerts when a site is down. Best of all, it is free!

I had my concerns about the quality of the service given it is free – it is the kind of thing I would happily pay 10-15 euro a month for. I have checked the logs a few times and there are plenty of visits from the monitoring bot and it has reported downtimes on the sites it is monitoring within a minute or two. All in all, it seems a quality service.

One element which I am just about to take a look at in more detail is it’s ability to monitor transactions. This would allow you to not only ensure a site is up, but that it is functioning correctly by say, performing a search or adding something to the website’s shopping cart.

In doing so, you can ensure that the database server is running ok too, or nobody has made a change to your code that has broken the site!

Jason Roe has pointed out a potential security issue for Wordpress which I picked up on via boards.ie.

The issue can allow someone to scrape email addresses and other contact details from a wordpress site that allows user registration on it.

In the grand scale of things, it isn’t the worst, but it certainly is not kosher to allow someone’s email address to be seen when you have assured them it will be private.

This was of concern to me as I recently completed a project that is powered by Wordpress and there are several hundred registered users. I zipped on over and sure enough, it was vulnerable (it was running Wordpress 2.04).

I immediately went about upgrading to the latest version of Wordpress 2.0x, version 2.06. This is not affected, but there is a mistake in the related code. Line 60 of the file /wp-admin/user-edit.php has the following:

die__('You do not have permission to edit this user.');

It should be

die(__('You do not have permission to edit this user.'));

It isn’t a biggie, it just throws a php error rather than telling the nosey parker to mind their own beeswax. I will report it to Wordpress now if someone hasn’t already.

Wordpress is an increasingly popular web publishing tool and with popularity comes security holes, from simple bugs like this one not being spotted through to people running versions that should have been upgraded a year ago. On the whole, I’m comfortable with it’s standard of coding and security.

I’m quite sure other, less popular applications have as many issues, but they go unnoticed without as many users poking and prodding the software.

It is sometimes easy to be lazy and leave that upgrade to another day, but issues like this highlight the importance of keeping up to date with the latest developments of your chosen web applications.

I’m forever doing web searches for little snippets I know I should have kept a note of somewhere, and I’ve decided to add them to the blog from now on as if I find them useful, someone else might too.

The MySQL replace function is one such thing that I use every so often to save myself time:

REPLACE(str,from_str,to_str)

It is great for replacing text strings in a table, saving you time. For example, I have a table called “security_pages” where a directory has been renamed and all entries in the page field (there are about 120 of them) need to be edited from “/olddirectory/page.php” to “/newdirectory/page.php”.

This would be tedious by hand, but the following code will do it quickly (Query took 0.0007 sec):

UPDATE security_pages
SET page =  REPLACE ( page, "/olddirectory/", "/newdirectory/" )
WHERE 1=1

Just replace the variables accordingly. If, like me, you have learnt that playing it fast and loose means the occasional “doh!”, you may want to grab a backup of the table before running a command like this.

ADVERT: If you are scratching your head, I am a certified MySQL professional and available for hire. Email talk@cuplaweb.com.