The Caveena Solutions Blog

You’re not a real website designer or developer until you learn to hate GoDaddy. I joke but GoDaddy doesn’t have the rosiest of reputations among seasoned designers & developers. Recent news of GoDaddy acquiring ManageWP (a popular service to manage multiple WordPress websites) has kicked up #WPdrama dust and once again stirred the GoDaddy hate.

Read more »

Local Small-and-Medium Enterprises (SMEs) now have an affordable Brunei Online Payment Solution courtesy of Baiduri Bank. This means Brunei SMEs can now accept Credit Card payments (Visa, Master Card & American Express) online! Hooray! Read more »

In this tutorial I will show you how to use DreamHosts Let’s Encrypt with CloudFlare on your website. This will encrypt the connection between CloudFlare and your website visitors as well as the connection between CloudFlare and Dreamhost. CloudFlare calls this Full SSL (Strict) and is available under their free plan. We will also set up a CloudFlare Page Rule to redirect all HTTP requests to HTTPS.

If you’re a DreamHost user you probably know that you now have access to a free SSL certificate courtesy of Let’s Encrypt. This allows you to serve your website over HTTPS (as opposed to plain old HTTP) encrypting the connection and boosting your Google page rank.

You probably also know about CloudFlare and their free plan which provides caching, optimization and security boosts. So why not use both, eh?

Read more »

Now this was a head-scratcher: the BackupBuddy settings on 5 of my client websites simply reset for no apparent reason. And that means the websites were not being automatically backed up. Not good.

After chatting with iThemes Support (the people who make BackupBuddy), I learned that connectivity issues between the website and database can fool BackupBuddy into thinking there are no settings causing the plugin to revert to defaults. Connectivity issues could be due to DDoS attacks or a problem with the hardware. iThemes said they are aware of this issue and have built in more checks but as is life they can’t account for every single scenario.

Fortunately I caught the problem during a routine maintenance check on a client’s website. BackupBuddy now comes with a way to export the plugin settings so it’s a good idea to save a copy just in case.

File this one under “Silly Workarounds that work”. This is an ever-so-slight variation of CSS-Trick’s method.

There was some text that needed to be placed over an image. The problem was that while the text-color was fixed, the image colour wasn’t so there was a chance that you could have poor contrast between the text and the image.

The quick CSS workaround I used was to use text-shadow to add an outline (or stroke) like so:

.text-to-outline {
  text-shadow: 0 0 2px #000, 0 0 2px #000, 0 0 2px #000, 0 0 2px #000, 0 0 2px #000, 0 0 2px #000, 0 0 2px #000, 0 0 2px #000, 0 0 2px #000, 0 0 2px #000;
}

Hey, don’t judge me because it works. Play around with the value of the blur radius (set to 2px in the example) and the number of text-shadows applied.

Chrome’s Network tab alerted that a client’s website was downloading Roboto from Google Fonts. The problem was that we weren’t using Roboto for this project. After some troubleshooting we discovered Roboto was being downloaded on pages displaying an embedded Google Map. Why, Google?

Thankfully, Stack Overflow has a pretty simple solution.

It took me a while to really grasp the power of WordPress’ Actions and Filters. Now I love using them and have recently discovered how they can be used to generate the correct Schema data depending on what the WordPress Loop is generating.

Read more »

The Dreamweaver blog takes a brief look at the evolution of buttons on the Internet.

Every year the Brunei Darussalam Department of Labour releases a census that all local businesses must fill in. It’s a legal requirement and every year they don’t mind reminding you of the fines for neglecting to do so.

Well this year they’re trying something new: they’re doing it online via their newly released Labour Control System. I applaud the Department of Labour for taking real action in converting actual processes into an online workflow.

Like with any new system, there are bound to be bugs. And I found a rather embarrassing oversight. When asked for my country of origin, I could not select Brunei.

Under Country of Origin, Brunei was conspicuously missing

Erm, yeah. And I had to fill in a value or it wouldn’t allow me to proceed.

This wasn’t the only issue I cam across. Initially the system could not even retrieve my Company Registration Number and simply returned the value null.

Teething problems. It happens to the best of us. I hope the Department of Labour isn’t discouraged because bugs or not this is a step in the right direction!

Edit (19th October 2015): We now have a more complete list of countries which includes Brunei!

You’ve probably heard the news already that WordPress websites are facing an XML-RPC Brute Force Amplification Attacks. But did you also know that Sucuri, iThemes and Wordfence already have you protected?

If you use Sucuri’s Website Application Firewall (WAF), the company has you covered:

Note that users of our WAF are already protected against this attack, so if you are on CloudProxy you are safe.

Similarly, the Wordfence Security Plugin has login protection that takes into account XML-RPC. Just remember to enable Login Security in the Wordfence Options.

Yes we do protect against brute force via XML-RPC and we have for some time now. We also protect against multiple attempts via a single XML-RPC call

Finally, the iThemes Security Plugin protects against XML-RPC Brute Force attacks (even the free version):

Brute Force Protection in iThemes Security just got more robust. Now when you enable Brute Force Protection this feature includes protection from XML-RPC attacks

Make sure your websites are protected!

Edit (16th October 2015): iThemes Security v5.1.0 and iThemes Security Pro v2.0.0 protect against the XML-RPC Brute Force Amplification Attacks.

New Feature: Added “Multiple Authentication Attempts per XML-RPC Request” setting to the WordPress Tweaks section. When this setting is set to “Block”, iThemes Security will block brute force login attacks against XML-RPC

Edit (15th October 2015): If you have Jetpack installed, the Protect Module also stops XML-RPC attacks.