Forem: Haseeb A. Basil

A Basic Guide on How to Deploy An Application to Alibaba Cloud Container Service from Bitbucket…

Haseeb A. Basil — Mon, 11 Mar 2019 04:58:27 +0000

A Basic Guide on How to Deploy An Application to Alibaba Cloud Container Service from Bitbucket and Securing it with Let’s Encrypt SSL/ TLS 2019

When you are working with micro-services, you always want to make sure that all instances of the same service are always the same and all the micro-services can easily communicate with each other, and that’s where containerization comes in, and Docker is one of the most popular containerization technology out there. And in this article we will learn how to deploy a simple Node.js Application to Alibaba Cloud Container Service from our Bitbucket Repo, and then we will secure the domain we will be using for it with Let’s Encrypt SSL/TLS.

So, here is a list of services that we will be using:

Docker
Bitbucket
Alibaba Cloud Container Registry
Alibaba Cloud Container Service
Node.js
Let’s Encrypt SSL/TLS

Docker

Docker is an open source software designed to create, deploy, and run applications by using containers. Containers allow a developer to package up an application with all of the parts it needs, such as libraries and other dependencies, and ship it all out as one package. By doing so, thanks to the container, the developer can rest assured that the application will run on any other Linux machine regardless of any customized settings that machine might have that could differ from the machine used for writing and testing the code.

Containers are a bit like a virtual machines. But unlike a virtual machine, rather than creating a whole virtual operating system, Docker allows applications to use the same Linux kernel as the system that they’re running on and only requires applications be shipped with things not already running on the host computer. This gives a significant performance boost and reduces the size of the application. Learn More >>

In this tutorial we will be using Docker to containerize our Application, so we can deploy and run it on Alibaba Cloud Container Service.

Bitbucket

Bitbucket is a Git version control repository management solution designed for professional teams. It gives you a central place to manage git repositories, collaborate on your source code and guide you through the development flow. It allows you to create unlimited private free Repositories with up to 5 collaborators. Which makes it an optimal place to host proprietary code. Learn More>>

Some of its main features are:

Access control to restrict access to your source code.
Workflow control to enforce a project or team workflow.
Pull requests with in-line commenting for collaboration on code review.
Jira integration for full development traceability.
Full Rest API to build features custom to your workflow if they are not already available from their Marketplace

In this tutorial we will be using Bitbucket to host the Repository for our Application’s code and we will be creating a CI/CD pipeline through it to deploy the application to Alibaba Cloud Container Service.

Alibaba Cloud Container Registry

Alibaba Cloud Container Registry (ACR) is a secure image hosting platform that provides containerized image lifecycle management. With ACR, you have full control over your stored images. ACR has a number of features, including integration with GitHub, Bitbucket etc. It can also automatically build new images after the compile and test from source code to applications. This service simplifies the creation and maintenance of the image registry and supports image management in multiple regions. Combined with other cloud services such as Container Service, Container Registry provides an optimized solution for using Docker in the cloud. Learn More>>

In this tutorial, we will be using ACR for hosting our Docker images, which we can later use to deploy our Application on Alibaba Cloud Container Service.

Alibaba Cloud Container Service

Alibaba Cloud Container Service(ACS) is a high-performance and scalable container application management service that enables you to use Docker and Kubernetes to manage the lifecycle of containerized applications.

Container Service offers a variety of application publishing methods and continuous delivery capabilities and supports micro-service architectures.

Container Service simplifies establishment of container management clusters and integrates Alibaba Cloud virtualization, storage, network, and security capabilities to create the optimal container running environment on the cloud. Learn More >>

In this tutorial, we will be using Alibaba Cloud Container Service to host and deploy our micro-services.

Node.js

Node.js is an asynchronous event driven JavaScript runtime environment. It is designed to build scalable network applications. The Node run-time environment includes everything you need to execute a program written in JavaScript on your machine as a standalone application. Node.js run on the V8 JavaScript runtime engine. This engine takes your JavaScript code and converts it into a faster machine code. Machine code is low-level code which the computer can run without needing to first interpret it. Learn More >>

In this tutorial, we will be using Node.js to create a simple “Hello World” application that we will try to deploy ACS.

Let’s Encrypt SSL/TLS

Let’s Encrypt is a global Certificate Authority (CA). They let people and organizations around the world obtain, renew, and manage SSL/TLS certificates. These certificates can be used by websites to enable secure HTTPS connections. Let’s Encrypt only offers Domain Validation (DV) certificates. They do not charge a fee for these certificates. Let’s Encrypt is a nonprofit, with a mission to create a more secure and privacy-respecting Web by promoting the widespread adoption of HTTPS. Their services are free and easy to use so that any website can deploy HTTPS. Learn More >>

In this tutorial, we will be using Let’s Encrypt SSL/TLS to secure our application.

Now Lets Get Started

To begin with, we will be creating a private repository for our Application’s code on Bitbucket, so for that you must have a Bitbucket account, if you don’t have one then you can sign up for an account. Then we will be using Alibaba Cloud Services to create Docker images and deploy our Containerized Application. So, you must also have an Alibaba Cloud account set up. If you don’t have one, you can sign up for an account.

Part I: Creating the Bitbucket Git Repository And Adding our Application and Docker Configurations in it

Step 1: Creating the Bitbucket Repository

First, login to your Bitbucket account and click on the “+” button located in the left menu bar, and then from the options select “Repository”, and then in the “Create a new repository” form, provide the name for the Repository. And then press the “Create Repository button”.

Step 2: Adding the Application and Docker files into the Repository

Now that we have successfully created the Repository, we start by adding the files for our Application and Docker into that Repository.

So, to start, we will initialize git in a local directory. First, create an empty directory on your local machine, lets call it “sample-app-for-alibaba-cloud” and open it in “Git Bash” or your preferred CLI. And run the git init command inside it.

Now, we will add the files in that directory. First we will add our Application file “app.js”, with the following contents:

const http = require('http');

const hostname = '127.0.0.1';
const port = 3000;

const server = http.createServer((req, res) => {
  res.statusCode = 200;
  res.setHeader('Content-Type', 'text/plain');
  res.end('Hello World\n');
});

server.listen(port, hostname, () => {
  console.log(`Server running at [http://${hostname}:${port}/`](http://%24%7Bhostname%7D:%24%7Bport%7D/%60));
});

This will create a simple “Hello World” Application that will run on Node.js’ built’in server on port 3000.

Now, we will be adding the Docker configuration file “Dockerfile”, with the following contents:

# Use Node version 10.15.1
FROM node:10.15.1

# Create a directory where our app will be placed
RUN mkdir -p /usr/src/app

# Change directory so that our commands run inside this new directory
WORKDIR /usr/src/app

# Get all the code needed to run the app
COPY . /usr/src/app

# Expose the port the app runs in
EXPOSE 3000

# Serve the app
CMD node app.js

The comments in the file should explain what each line does. The configurations inside this file will be used to determine how the container image for our Application will be created.

Now, you should be ready to push these files to the Bitbucket repository we created earlier, it can be done using these git commands:

git add .

git commit -m "app.js and dockerfile added"

git remote add origin https://your-username@bitbucket.org/your-username/the-repo-name.git

git push -u origin master

Part II: Integrating Bitbucket with ACR

The first thing you need to do is to activate the Alibaba Cloud Container Registry. It can be found under the “Elastic Computing” section on your Alibaba Cloud Console.

It will take you to the Container Registry Console where you can configure and deploy the service. At that time It might ask you to enter the Password for the docker client, and remember “When logging into docker, use your Alibaba Cloud account for the user name and password you set just now”.

Now, we will Create a new ACR Namespace. Usually the containers are used to create micro-services. Although we are using only single service in our application, this will not usually be the case in the real world. So, that is where ACR Namespaces comes in, a Namespace is a collection of Repositories and Repository is a collection of images. It is recommended to create one Namespace for each Application and one Repository for each service image.

So, to create a new Namespace, go to the Namespaces tab in the ACR console and then click on “Create Namespace” button on the top right corner. Then enter the name for the Namespace and click the “Confirm” button.

Now we will bind our Bitbucket account with the ACR. To do that go to the “Code Source” tab on the main ACR console, from there you should click on the “Bind Account” button next to Bitbucket, which will prompt a little dialog and now you should click on “Go to the source code repository to bind account” link.

Which will take you to Bitbucket, requesting you to grant access to Alibaba Cloud. There you should click on “Grant Access” button to continue.

Now you should be ready to create an ACR Repository, to do that, just go to the “Repositories” tab on the ACR console and click on the “Create Repository” button on the top right corner. It will present you with a form where you will have to enter the details for the Repository, such as Region, Namespace, Repository Name, Summary etc.

After filling that part out click on the “Next” button. ON the next page it will present you with a form to select the “Code Source” options. And on this page, we will be integrating our Bitbucket Repository with our ACR Repository. From the “Code Source” tabs select “Bitbucket” and click on the the Bitbucket Repository we created earlier.

To help configure continuous Integration be sure to check the “Automatically Build Image”. With this selected the image can be automatically built after you submit the code, without requiring you to manually trigger the build. Now finally click on the “Create Repository” button to create the ACR Repository and Integrating the Bitbucket Repository with it.

Part III: Deploying The Application

To begin, we will need to create a VPC, to do that simply navigate to the Virtual Private Cloud under Networking. This will take you to the VPC console, where you click on the “Create VPC” button to create the VPC and VSwitch. After clicking the button you will be presented with a small form to select the options for your new VPC, we will use the default settings for the most part and just enter names, and then click “OK” button to continue.

To get started with the Alibaba Cloud Cloud Service, the first thing we need to do is navigate to the Container Service dashboard. This dashboard can be found under the Elastic Computing section on your Alibaba Cloud Console.

On first try, it might present you with a warning “Container service needs to create default roles”. That is because once you request a cluster, Alibaba Cloud will go about provisioning the resources necessary to run it. This includes load balancers, virtual machines, routers etc. Basically everything required to run your own Docker cluster. And the load balancer requires the Resource Access Management (RAM) service to be set up before it will work.. To deal with that just click on the “Go to RAM console” button, and once redirected, click on the “Confirm Authorization Policy” button.

This will finally take you to the Container Service Overview page, from there select the “Container Service-Swarm” on the top left corner and then click on the “Create Cluster” button.

This will take you to the Cluster Creation Wizard. It will present you with all the options required to configure the Cluster e.g. Name, Region, Zone, VPC etc.

We will be using the default values for the most part, but we will be changing “Instance Type” under “Instance Configuration” to “ 1 Core(s) 1 G ( ecs.n1.tiny )” for the purpose of this demo. We will also need to setup login for the ECS instances that will be created for this cluster, you will have 2 options “Key Pair” or “Password”, choose whichever you prefer. After configuring this click on the “Create” button to continue. Then you will be prompted with a dialog with all the details of the cluster that was just created, make sure everything is correct and click on “OK” button to continue.

Now we will create a Tag(release) for our source code on Bitbucket, this will automatically build an image in ACR. To do this, first navigate to the commits page of the Bitbucket Repository we created earlier and select the latest commit we pushed into it. On that page you will see a “Tags” option on the right side of the page with “+” button next to it, click it to open the dialog to create a new tag, in the dialog there will be two fields Name and Description, enter the name in the format of “ release-v*” e.g. “ release-v1.0.0” and then click the “Create Tag” button.

Next, navigate back to the Repositories on the ACR console and click on the “manage” button next to the ACR Repository that we created earlier.

This will take you to the Details page for that Repository, there you will find all the details for your repository e.g. Name, Region, Type, Code Repository Link, Internet Address, VPC Address etc. From there navigate to the “Build” tab, there under the “Build Log” you will find the build for the tag that we created earlier. Once the status for the build is “Successful”, click on the “Deploy Application” button on the top right corner, it will present you with a small dialog where you can configure the deployment options like “Repository Address” and “Container Cluster”. For the “Container Cluster” option select “Swarm” and then click on the “Deploy” Button.

This will take you to the ACS Application creation wizard. There, on the “ Basic Information” tab, you will be provided with the options like Name, Version, Cluster, Update and Description etc. Enter the name and select the cluster we created earlier, then check the “Pull Docker Image” and click “Next” button to continue.

This will take you to the “Configuration” tab of the creation wizard. There you should select the “Image Name” and “Image Version”of our Docker container and use “3000” as the “host Port” under “Port Mapping”. Then proceed to add Port and Domain under “Web routing”. You will also find a lot of other configuration options on that page, but we will use their default values for the purposes of this article. Now click on the “Create” button to finally create the Application.

Then on the Done page click on the “View Application List” link to continue to to the Applications List page, there you will find the application that we just created, click on it to go to the Application’s overview page. Then click on the “Routes” tab to get the Access Endpoint for our Application.

And there you go, we have successfully deployed our Containerized Application. Now, on to the final part.

Part IV: Securing our Application with Let’s Encrypt SSL/TLS

To get Started with this, you should first go through this guide by John Hanley on configuring Let’s Encrypt ACME on Alibaba Cloud. Now once you have configured everything and have created the Certificate files, proceed to follow the aforementioned steps.

As HTTPS is supported at the Server Load Balancer layer. To support HTTPS, we will need to create a Server Load Balancer certificate. To do that navigate to the Server Load Balancer console under Networking, and then proceed onto the “Certificates” page by clicking the “Certificates” link in the left panel. Once there then click on “Create Certificate” button and then select the “ Upload Third-Party Certificate” option and click the “Next” button.

That will take you to “Upload Third-Party Certificate”, fill in the information required and click the “Next” button.

After the certificate is successfully created, Navigate to the Server Load Balancer page and locate and click on the Server Load Balancer instance that was assigned during cluster creation. Once in, click on the “Add Listener” button under the “Listeners” tab.

That will open the Wizard for adding Listeners, from there you should follow this guide changing HTTP to HTTPS to fill out the wizard. Once done with that you are all set with your Containerized Application that is secured with Let’s Encrypt SSL/TLS.

LambdaTest Selenium Testing Tool Tutorial with Examples in 2022

Haseeb A. Basil — Thu, 07 Mar 2019 14:57:14 +0000

What is Website Test Automation and Why is it Necessary?

2. What is Selenium Grid and How it Works with LambdaTest?

3. Why use Selenium Grid and What Are the Benefits of cloud-based Solution?

4. LambdaTest Features And Services

5. LambdaTest Languages and Frameworks Support

6. Usage

7. How Can I Use Lambda Test’s Selenium Grid for Free?

1. What is Website Test Automation and Why is it Necessary?

Tests help identifying whether a particular application communicates effectively and is able to access its functions correctly.

Tests also help in confirming how a particular application behaves in different situations. In other words, tests are an effective way to verify whether the application meets the terms of business logic and also deliver the desired output at the user’s end.

And test automation is the best way to increase the effectiveness, efficiency and coverage of your software testing.

Manually testing requires a person sitting in front of a computer carefully going through application’s screens, trying various usage and input combinations, comparing the results to the expected behavior and recording their observations.

Manual tests are repeated often during development cycles for source code changes and other situations like multiple operating environments and hardware configurations.

But by using a test automation tool you can prerecord and predefine those actions and compare the results of these tests to the expected behavior and report the success or failure status of these tests.

These automated tests can easily be extended according to needs to perform tasks that would be impossible with manual testing. And with the increasing need to provide a product with least defects as possible, it is easy to see why automated software testing is an essential component of successful development projects.

2. What is Selenium Grid and How it Works with LambdaTest?

LambdaTest Selenium Grid is a scalable, secure, and reliable cloud based Selenium grid. It lets you perform automated cross browser testing across all major browsers and various browser versions, latest and legacy and across operating systems.

It also lets you run your multiple selenium automated tests in parallel which allows you to cut down on your build time. It also provides you with screenshots from over 2000 mobile and desktop browsers, so you can perform visual cross browser compatibility testing and there is no need to test for each browser manually as you get full paged screenshots by just selecting the configurations.

3. Why use Selenium Grid and What Are the Benefits of cloud-based Solution?

Selenium Grid helps you run your tests in parallel on multiple different nodes which are to be registered to central hub.

You create your driver object by sending the request to the hub which finds a matching node based on the desired capability you have set, and executes the test on that node. A node can be any device running any particular browser and operating system.

The main reasons to use Selenium Grid is to be able to run your tests:

Against various browsers, operating systems, and devices. This ensures compatibility of the application under test across multiple combinations of web browsers, operating system, and hardware architecture.
In parallel. For example, if you have 10 nodes and need to execute a test suite of 50 tests, then it will be able to run those tests in parallel on all 10 of those nodes.
Which will help minimize the test execution time, as it is going to take 5 times as less time than a single machine that runs this test suit without Selenium Grid.

This provides you with an all around idea of how your application will behave on various browsers on various machines, which can help you enhance and improve your application accordingly, if need be.

Benefits of cloud-based Selenium Grid

The thing about Selenium Grid is that it can be expensive to setup additional machines as Nodes, and this is where an Online Selenium Grid (SaaS) can truly shine. They offer various packages from entry level pricing to enterprise packages.

And usually the price for cloud solutions often scale linear with the number of tests and the concurrency of tests. Which means that you can scale according to your needs and can keep the cost under control accordingly as well.

Another thing about Selenium Grid is that it is terribly difficult to set them up. To setup Selenium Grid on virtual machines(VMs), Here is a list of things you would need to do:

Download the operating systems and install them on different VMs
Set up their network configuration, install Java and Selenium
Download and install the browsers you need
Make Selenium automatically start on boot
Configure the grid to accept the nodes together with timeout settings and other settings
Create a mechanism to automatically start and destroy VMs for each test, since you want clean VMs for every single test run
Install a screenshot program depending on the OS and platform
Upload the screenshots and store them so you can view them later
Keep your VMs up to date: install OS updates, update your browser versions, install patches etc
Debug flaky connections to the VMs, issues with browsers failing to start

So, the benefit of using such a cloud service is that the provider takes care of all this time consuming development and maintenance of the Selenium Grid infrastructure. Cloud providers boast a large range of browser / OS / combinations and support mobile testing.

4. LambdaTest Features And Services

Scalable Selenium Grid

LambdaTest provides a scalable Selenium Grid that is specifically built for speed, it drastically reduces your build times and speed up your goto market.

Run your selenium automated tests in parallel on their on-demand scalable selenium infrastructure and cut down on your build times multiple folds. Run tons of tests at once in parallel to speed up your testing time on their selenium grid.

Browser Compatibility Testing

LambdaTest Selenium Grid lets you perform browser compatibility testing with full flexibility to prepare a live interactive cross browser compatibility testing environment with your choice of desired desktop and mobile browsers, browser versions, operating systems, and resolutions.

All remote browsers come with pre-installed RIA software and developer tools. You can also record testing session or take screenshots during your real time browser compatibility testing sessions on the go!

Automated Screenshots

LambdaTest’s automated screenshots feature lets you perform visual cross browser compatibility testing across 2000+ mobile and desktop browsers by just selecting the configurations. There is no need to test for each combination manually as you get full paged screenshots within seconds.

Debug Test Cases in Details

LambdaTest Selenium Grid also lets you analyze and debug your Selenium tests with multiple types of test logs e.g. meta data logs, network logs, command logs, exception logs, visual logs, and raw selenium logs.

You can also take automated video recording of the whole test run and take screenshots of pages at various entry points to analyze the visual bugs and check possible fixes.

Test on Latest and Legacy Browsers

LambdaTest Selenium Grid comes with many different browsers to run your tests on. From ancient versions to latest beta versions, they provide all versions of Chrome, Safari, Firefox, Opera, Edge, and Internet Explorer, which give you the capability to cover your every edge test case.

Integrations

LambdaTest provides support for continuous testing with Continuous Integration tools, through their plugins for Jenkins, Teamcity, Travis CI and Bamboo, you can configure selenium capabilities and run your automated scripts at LambdaTest’s Selenium grid.

And it also provides integration support for One-click Bug logging, which lets you with just a single click, directly push Issues from LambdaTest to third party project management or communication tools e.g. JIRA, Asana, Slack, Trello, BitBucket, GitLab, GitHub, Clubhouse, VSTS, BugHerd, Mantis, and many more.

24*7 Support

If you face any problem whilst using LambdaTest, they have you covered. Their tech experts are available on support 24*7.

You can get in touch with them by filling up the contact form, messaging in-app, or through call. You can also write to them at support@lambdatest.com and they’ll get back to you in no time.

Inbuilt Issue Tracker

If you do not use any third part project management tool, then you can use LambdaTest’s inbuilt issue tracker, you can manage your bugs directly from LambdaTest platform while performing Selenium testing. You can assign, track, export to PDF, share bugs and take a complete control using their inbuilt issue tracker. It is easy and flexible to use.

5. LambdaTest Languages and Frameworks Support

Here are all the frameworks with respect to languages supported by LambdaTest Selenium Grid.

6. Usage

In this part you will find out how to configure and use LambdaTest’s Selenium Automation Grid and how their services work and how the entire platform comes together. In this tutorial we will be setting up a simple PHP application which will utilize the PHPUnit Testing framework to run Selenium scripts.

How to setup

To run PHP scripts, you will need to have both PHP and Composer installed on your machine. If you don’t have PHP installed then you can get it from here or you can use a solution stack such as Xampp, Mamp, Wamp etc. And to get Composer you can simply follow the instructions from here https://getcomposer.org/.

Now that you have got that sorted out, you can start installing Selenium dependencies. To do that, first create a directory for your app and navigate into that directory from terminal and run the following command:

composer require phpunit/phpunit-selenium facebook/webdriver

Or you may have to use “php composer.phar require phpunit/phpunit-selenium facebook/webdriver”, depending on how your Composer is configured.

Once you have installed and setup PHP and Selenium and its dependencies, you can now start running PHP automation scripts on LambdaTest Selenium Grid.

You can fork this sample code from their Github page. This is a simple PHP and Selenium automation script that opens up google.com, search LambdaTest in google search and outputs the title of the resulting google search page.

This script will be using the node with these configurations by default, Chrome 63.0 on Windows 10. You can change these its capabilities as you desire, you can even use their Selenium Desired Capabilities Generatorto generate configurations easily.

Now in order to run that you will need to add your username which can be found at Automation Dashboard and AccessKey, which you can be generated from your Automation dashboard. As shown in screenshots below:

Once you have gotten your username and AccessKey, you should replace them with values of these variables in the code $LT_USERNAME and $LT_APPKEY respectively. After that you can save the file and execute the test from your terminal through this command.

"./vendor/bin/phpunit" lambdatest.php

Once the script has run, you will be able to see it in your Automation Dashboard under the title “Php Build”. You can click on it to get the details e.g. video recording, logs, metadata etc.

How to use the built-in Issue Tracker

Now, as I mentioned before that if you do not have a third-party issue tracker, you can easily use LambdaTest’s built-in Issue tracker.

So, in order to do that just go to “Automation Logs” tab in your Automation Dashboard then select the test from the list on the left and then click on “Create Issue” button on the far right side of the screen. This will show a modal, from where you can add the details of the issue, such as:

Assignee: Who this issue should be assigned to.
Issue Type: Whether its a bug or a task.
Priority: How severe the importance of this issue is.
Summary: A simple phrase to explain that explains the issue.
Description: Details as to what this issue is about and what end result is required.

Once you have added the data, just click on the “Create Issue” button that is below the form and the issue will be created, which you can check by going to the Issue Tracker page from the menu.

There you will be able to view and change its status to e.g. “In Progress”, “Resolved”, “Rejected” etc, and even change the assignee, issue type and priority. You will also be able to view other details as Browser, OS, Resolution etc.

Automation

Here we will discuss all the options on the Automation Dashboard and what their purposes.

In the Automation Dashboard you can view the Timelines, Analytics, and Automation Log of all the tests and builds you have ran on the LambdaTest’s Grid. In these you can use advance filters and get detailed information of all your tests.

Timeline

In Timeline you can see the list of all the tests that you have ran on LambdaTest’s Grid, you can filter them based on Date, User, Build Name and Status. In Timeline there are 2 types of views:

Build View(Default): All tests sharing common build name are merged into one, and you can click on any of the build to see all their tests under Automation Logs page.
Test View: This shows all tests individually and you can click on any of the tests to go to its Automation Logs page, where you view all their details.
Summary: This contains the most basic details of your tests, like video, status, date it ran on, name of the person who ran it, the node it ran on and its unique id.
Exception: This shows the list of any and all exceptions that occurred during the execution of the tests.
Command: This shows the list of commands that were ran in the execution of the test, and whether those commands were successful or not.
Network: In this you can see the list of all the web resources that were loaded during the execution of the test e.g. JS, CSS, image files etc.
Logs: In this you can see all the logs that you had configured to be captured when the selenium script would run e.g. Selenium Logs, Console Logs etc
Metadata: This is where you can see all the details of test’s configuration e.g. Browser Config and Input Config etc. Also, you can download all the screenshots and the video from here.

Automation Logs

In Automation Logs you can see the complete details of your tests, like:

Analytics

This page will give you the in-depth understanding and analytics of all your builds and tests. Like timeline, this also provides both Build View and Test View.

On this page you can see how many tests/builds ran and how much time it took, how many tests/builds passed and how many failed. You can also filter these results by, Browser, OS, User and Date(Day, Week and Month) and Status, which will provide you with more specific results.

Visual UI Testing

LambdaTest provides amazing some amazing features for Visual UI Testing, the main ones being:

Screenshot Test

This provides you with a simple UI to select the Browsers you want to test on and the Operating Systems you want to test on, for both Mobile and Desktop. After your selection, simply add the URL for the page you want to test, it also provides you with some advance features, such as using Basic Authentication and configuration for the screenshots, which can be seen in screenshot below:

After you are done configuring your test, you can click on the “Capture” button to start the test. Which will take you the the results page, where you can view and download screenshot for each and every browser you selected. You can also download the zip archive of all the screenshots and you can even share those screenshots, via a shareable link.

Now, if you find any bugs in any of the screenshots, you can use the following steps to record that into the issue tracker:

Above the screenshots you will find a camera icon, click that icon.
Image editor will pop up where you can comment about the screenshot and then click the “Mark as Bug” button on the bottom right of the modal.
Finally, click save and then fill in the “Create Issue” form on the pop up to record the issue.

Responsive Test

This feature provides you the ability to perform Responsive screen testing across many devices and resolutions. This kind of testing helps a website to render its content in a flexible yet appropriate manner on the basis of the devices & OS you select. To use this feature, simply follow the following steps:

Click ‘Responsive Test’ sub menu under Visual UI Testing menu in menu bar.
Insert the URL for which you want to test responsiveness in the url input bar.
Select your monitor size (diagonal length in inches).
Click ‘Generate’ to generate screenshots.
On right side of the page, you will find various mobile and desktop combinations. On clicking them you can test the responsiveness for those particular devices.

Now, if you find any bugs in any of the screenshots, you can use the following steps to record that into the issue tracker:

Above the screenshots you will find a camera icon, click that icon.
Image editor will pop up where you can comment about the screenshot and then click the “Mark as Bug” button on the bottom right of the modal.
Finally, click save and then fill in the “Create Issue” form on the pop up to record the issue.

Smart Testing

Smart Visual Testing feature works by allowing you to test and compare two image layouts to quickly find out the differences between them. With that you will be able to view visual bugs easily such as Icon Size, Padding, Color, Layout, Text, Element Placement and much more. In order to use this feature, try the following steps:

First, you will have to upload a baseline image(s), to do that, you will have to:
Click on the + icon next to Base Line Images header
Select baseline image(s) from your computer. And upload them.
Once uploaded and they can be viewed under the Baseline Image gallery
Now, to be able to upload comparison images, you will first have to upload the baseline images, so, make sure you follow the above steps first. Now, in order to upload the comparison image(s), you will have to:
Click on the baseline image you want to run comparison with.
Then you will find Upload Comparison Image button on the right side of the page, click on it to upload image(s).
Select the image you want to compare and upload it.
Now, you should be able to see the thumbnails for the baseline and comparison image(s), and “Run” buttons on top of the comparison image(s). You should also see either a green tick mark or a red warning sign next to the comparison images, depending on whether they are similar or not.
Now, to run comparison, simply click on the “Run” button atop the comparison image you want to compare or click on “Compare All” on the top left of the button to compare all images.
Once the comparison has been ran, you can click on the “View Issues” button that should have now appeared atop the comparison images.
This will open a new window with image comparison, where you can view and compare the differences and can zoom-in or Zoom out the images, change the image difference color, switch to slider mode, switch to side-by-side mode, or mark the image as bug.

Test Logs

Test Logs is a feature that works as a library, where you can find all the tests that you have ran on LambdaTest’s platform. By clicking on a test on the Test Logs page, you can see all of its contents and details e.g. screenshots, name, date, tester’s name, the url that test was ran on etc.

Also, on the left side of the page you can see a list of all your projects and a button for creating new projects, which you can use create a new project by simply adding the project name and version. You can also move tests from one project to another, which is great, because this way you can keep all the tests for the same project in that project, to do that, simply follow:

From the Test Logs, select the project from where you want to move the test.
Open the test you want to move.
Click on the three-dots button in the test details.
Select “Move to Project” and then the project and project version where you want to move the test.
Once you select , the test is moved to your that project.

Supported Integrations

This is the feature that you can use to setup One-click Bug logging. By integrating a third-party issue tracker with LambdaTest Platform. Here is the list of the supported third party tools and links to tutorials of how to integrate them:

LambdaTest also provides a plugin for WordPress, which can be used to generate automated screenshots of your web pages, directly from your WordPress platform. The WordPress plugin can be found here.

There is also a Chrome Extension that can be used to generate automated screenshots of your web pages directly from your browser. This Chrome Extension can be found here.

7. How Can I Use Lambda Test’s Selenium Grid for Free?

As you can see from the examples above how easy it is to setup and run test suites on LambdaTest Selenium Grid.

From the configuration of Grid to using the individual services and using the the platform overall.

But you do not need to take my word for this as you can try LambdaTest Selenium Grid for FREE here. Go ahead try LambdaTest Selenium Grid and comeback here to tell your opinion about it. If you like it and want to upgrade to the paid version, you can use the discount coupon SOCIAL20 to get 20% discount on LambdaTest services.

Agile & Lean. A brief Comparison.

Haseeb A. Basil — Thu, 07 Mar 2019 14:49:11 +0000

Lean

Lean says to relentlessly eliminate anything that isn’t adding value and only work on what we absolutely need to be doing at this moment in time. Eliminating waste means eliminating useless meetings, tasks and documentation. But it also means eliminating time spent building what “we know” we’ll need in the future (things are constantly changing so we often end up not needing them — or if we do, we have to rework them because conditions and our understanding has changed by then). It also means eliminating inefficient ways of working — like multitasking (!) — so we can deliver fast.

“Organizations that are truly lean have a strong competitive advantage because they respond very rapidly and in a highly disciplined manner to market demand, rather than try to predict the future.” — Mary Poppendieck

Agile

Agile is a time-focused, iterative philosophy that allows to build a product step-by-step (incrementally), delivering it by smaller pieces. One of its main benefits is the ability to adapt and change at any step (depending on feedback, market conditions, corporate obstacles, etc.) and to supply only relevant products to the market. Scrum

A good agile team picks and choses the management & technical practices that best work for them. (a bad one just picks a couple of practices and falsely believes that somehow “makes them agile” — see: Are We Agile Yet?).

So, what are the differences?

Agile Philosophy

Is aimed at executing tasks faster, adapting to changes easier

Makes the developing process flexible

Was initially designed for Software Development, then expanded to Marketing, and is currently applied in other areas

Action loop: product backlog — sprint backlog — iteration (sprints) — potentially shippable result

Method for demonstrating progress — definition of ‘done’

Methodologies: Scrum, XP, FDD, DSDM, Crystal Methods etc.

Toolkit: sprints, boards, Scrum Master, acceptance tests, user story mapping etc.

Lean Philosophy

Is about Smart development, when you improve virtually everything you do by eliminating anything that doesn’t bring value to the customer

Makes the developing process sustainable

Started from traditional manufacturing and expanded to all existing industries

Action loop: build-measure-learn

Method for demonstrating progress — validated learning

Methodologies: Kanban, Kaizen etc.

Toolkit: hypotheses, split (A/B) tests, customer interviews, funnel and cohort analysis, Customer Success Manager etc.

The term Lean is wider than Agile because its smart approach influences all types of losses (not only time loss) such as money, labour, energy, etc.

Scrum

Scrum is about Teams producing Results in an agile way. Scrum Teams achieve results anyway they can by using a simple set of rules to guide effort. We will describe Scrum as a simple applied model so that a central understanding of Scrum can be built. Other complexities of applied Scrum such as scaling, distribution, etc. will be explored elsewhere.

Kanban

Kanban is a scheduling system of visual management aimed at just-in-time delivery excluding team overloading. As a part of Lean, initially the methodology supported Japanese automotive industry. Similarly to Scrum, Kanban tracks ‘to do — in progress — done’ activities, but it limits them by the number of ‘work in progress’ activities (the number is defined by the team manager and cannot be exceeded).

For more info please visit:

How to choose between Agile and Lean, Scrum and Kanban — which methodology is the best?

Kanban Vs Scrum

MySQL vs MySQLi vs PDO Performance Benchmark, Difference and Security Comparison - 2022

Haseeb A. Basil — Thu, 07 Mar 2019 14:41:57 +0000

1. PDO vs MySQLi vs MySQL

2. Difference to Connect Using MySQLi and PDO

3. PDO vs MySQLi vs MySQL Performance Benchmark

4. PDO vs MysQLi Security using Prepared Statements

5. Comparison between PDO and MySQLi Terms of Usage

6. Converting MySQL Applications to Use PDO or MySQLi

7. Package Recommendations for use with PDO and MySQLi

8. What to Use in a New Project: PDO or MySQLi?

1. PDO vs MySQLi vs MySQL

As we all know, MySQL is an Open Source Relational Database Management System (RDBMS) that uses Structured Query Language (SQL). MySQL is a central component of the LAMP Open Source Web application software stack (and other “AMP” stacks): Apache MySQL and PHP.

MySQL is an essential part of almost every Open Source PHP application. Good examples for PHP and MySQL based scripts are phpBB, osCommerce and Joomla.

PHP used to come with the original MySQL extension built-in which supports with older MySQL versions. However this extension was deprecated in favor of MySQLi (i for improved). At the same time PHP continued to evolve and the PDO (PHP Data Objects) extension was introduced to become a common interface for accessing many types of database.

MySQLi is another one of three ways to access a MySQL database server. Like the MySQL extension, the new MySQLi was designed to take better advantage of more recent MySQL server features.

The PHP Data Objects (PDO) extension defines a lightweight, common interface for accessing databases in PHP. Each database driver that is supported by PDO interface can expose database specific features, as well common functions.

PDO provides a data access abstraction layer, which means that, regardless of which database type you use, the same functions are available to perform queries and fetch results. PDO does not provide a full database abstraction. i.e. it does not rewrite SQL queries or emulate missing features. You should use a full-blown abstraction layer package if you need that capability.

2. Difference to Connect Using MySQLi and PDO

Either PDO and MySQLi offer an Object Oriented interface to the extension functions but MySQLi also offers a procedural API, which makes it easier for newcomers to understand. If you are familiar with the original PHP MySQL extension, you will find migration to the procedural MySQLi interface easier. Below is an example:



// PDO 
$pdo = new PDO( "mysql:" . "host=localhost;" . "dbname=database",
    'username', 'password');

// mysqli, procedural way 
$mysqli = mysqli_connect( 'localhost', 'username', 'password', 'database');

// mysqli, object oriented way 
$mysqli = new mysqli( 'localhost', 'username', 'password', 'database');

The main advantage of PDO over MySQLi is in the database support. PDO supports 12 different database types, in opposition to MySQLi, which supports MySQL only.

When you have to switch your project to use another database, PDO makes the process simpler. So all you have to do is change the connection string and at most a few queries if they use any syntax which is not supported by your new database.

3. PDO vs MysQLi Security using Prepared Statements

Both PDO and MySQLi provide support for prepared queries. This helps preventing SQL injection security issues, as long as you only use prepared queries to insert dynamic parameters in the queries.

For example, consider a hacker that tries to inject malicious SQL passing a forged value to the parameter code of a HTTP POST request that could be emulated like this:



$_POST['code'] = "'; DELETE FROM products; /*";

If you do not escape this value, it will be inserted in query as is, and so it would delete all rows from the products table.

One way to make queries more secure avoiding SQL injection is to quote string parameter values to insert escape characters.



// PDO, “manual” escaping

$name = PDO::quote( $_POST['code'] );
$pdo->query( "SELECT id, name FROM products WHERE code = $code" );

// mysqli, “manual” escaping

$name = mysqli_real_escape_string( $_POST['code'] );
$mysqli->query( "SELECT id, name FROM products WHERE name = '$code'" );

PDO::quote() not only escapes the string, but it also adds quotes. mysqli_real_escape_string() will only escape the string, so you will need to add the quotes manually.



// PDO, prepared statement

$pdo->prepare( 'SELECT id, name FROM products WHERE code = :code' );
$pdo->execute( array( ':code' => $_POST['code'] ) );

// mysqli, prepared statements

$query = $mysqli->prepare('SELECT id, name FROM users WHERE code = ?');
$query->bind_param('s', $_POST['code']);
$query->execute();

PDO also supports client side queries. This means that when it prepares a query, it does not have to communicate with the server.

Since MySQLi uses native prepared statements, it will may actually be faster to use mysqli_real_escape_string instead of using prepared statements, while it is still a secure solution.

4. PDO vs MySQLi vs MySQL Performance Benchmark

There were some PHP MySQL performance benchmark tests several years ago by Jonathan Robson as well by Radu Potop. Even though these tests were performed with PHP 5.3 and nowadays we are using PHP 7 or later, let’s consider these results as reference.

Basically they show that for SELECT queries using prepared statements MySQLi runs a bit faster. Still it may not be significant depending on your purposes.

Keep in mind that PDO by default uses client side prepared statements emulation. When using native prepared statements, there is an additional round trip to the server to prepare the statement, so the overall query execution time may be actually greater than when using native prepared statements for running a query only once.

As mentioned above, you can use mysqli_real_escape_string function to quote dynamic parameters like you would do when using the original MySQL extension. This is like emulating prepared queries the way it is done with PDO because you would not need to perform an additional round trip to the server to prepare the statement.

5. Comparison between PDO and MySQLi Terms of Usage

While MySQLi has its advantages accessing MySQL server features, PDO sometimes has a leg up and may be a better fit for the user, depending on personal preferences and convenience. Like most things, the option that works best depends on whom you ask and what situation you need MySQLi or PDO for.

MySQLi only works with MySQL databases, whereas PDO is flexible and able to work with multiple database systems, including IBM, Oracle and MySQL. If you ever have to switch databases or provide a database independent solution, using MySQLi directly is not the best option. You may still use MySQLi in database independent solutions using an abstraction layer.

Binding parameters with MySQLi is not as easy or flexible as with PDO. MySQLi uses a numbered parameter system and does no’t support named parameters like PDO. MySQLi has good support and maintenance, making the transition to and use the new system safe and secure.

You will be able to utilize new features available in the newer versions of MySQL servers. This is one of the biggest advantages of MySQLi. PDO may not have extensive support to take full advantage of MySQL’ newer capabilities.

The installation process with MySQLi is not only easy, but is automatic when the PHP 5 MySQL extension that comes built-in Windows or Linux distributions.

6. Converting MySQL Applications to Use PDO or MySQLi

If you have a project using the old MySQL extension and you need to convert it to use MySQLi or PDO, it may take you a while to rewrite it if you were not using a database abstraction layer.

If you need a quick a easy solution that does not require to change much your code, you can try either the package PDO or the MySQLi to use each of these extensions by the means of MySQL wrapper functions that call mysql_* functions using PDO by Aziz S. Hussain or PHP MySQL to MySQLi by Dave Smith for PDO and MySQLi extension functions respectively.

This will allow you to make your code run on PHP 7 while you do a real migration of code that does not require a wrapper.

Dave Smith also has written a tutorial on how to migrate mysql code to mysqli considering the differences between those extensions.

Tutorial on Sending Postcards, Letters and Checks by Postal Mail Using LOB REST API using PHP - 2022

Haseeb A. Basil — Thu, 07 Mar 2019 14:39:39 +0000

What is Lob?

Why use Lob?

Services

Why use Lob?

Programmer Friendly

Integration Support

Conclusion

What is Lob?

Lob is a venture backed startup company based in San Francisco, CA and has over 6000 customers including Amazon, Square, and Counsyl.

They provide a cloud based printing and mailing solution. Founded with mission to provide more affordable and simpler service than building an in-house printing solution.

Lob is built for developers to provide them with tools to build powerful applications and help scale physical mailing for their companies.

Lob’s plan is to eliminate the complexities of direct mail and provide you with a more innovative system, where you can easily track your mail, reach your customers without having to deal with hurdles of paper jams or trips to the post office.

Why use Lob?

Lob’s customer base consists of more than 6000 companies, which ranges from fortune 500 hundred companies (e.g. Amazon) to startups and individual developers. If you have Lob integrated in your system, you can focus on your customers instead of having to deal with pains of printing and mailing.

Lob is based on pay as you consume model. So, you can easily send 1 mailing or 1 million at a time.

Physical mail has higher open rates than email. You may not see it now, but more and more startups are now moving towards physical mail as their primary method of marketing.

One of the findings by Epsilon shows that “for every 1,000 existing customers receiving a direct-mail piece, 34 will respond on average. For email, the average response is 0.12%.”

Now if you are going to be adapting physical mail as your marketing method, what better way to go than Lob, a simple, rich and affordable printing/mailing solution?

Services

Lob provides a number of services, to help you grow your business and reach your customers better. The following are the main services provided by Lob.

Postcards

By using the Lob API, you can easily design a fully customizable HTML postcard template. Then you can send the customized postcards for testing the templates or for any specific actions your users take or specific events you define. Or to reactivate relapsed users.

Letters

Send letters to your users, as easily as sending an email campaign. You can generate each email on demand. You can easily customize the letter for events you define or actions your users take.

You can send the letters securely and quickly. You can use Lob API to send each document accurately by ensuring each document is for intended recipient’s eyes only.

Checks

With Lob you can deliver checks, with various customizations to support, logo, invoice information, instructions and memos, and much more to make payments as clear as possible.

Now with sending checks, security is a must have and nobody provides a more secure delivery system than Lob.

With Lob API, each check is sent with a colored background, watermarks, micro-printed borders, thermal ink that disappears when rubbed, and Magnetic Ink Character Recognition (MICR) encoding to facilitate bank processing and reduce errors.

And just as importantly, you can make sure that your checks are delivered, by tracking their progress, throughout the mailing process.

Simple Area Mail

With Lob API, you can easily target entire zip codes with postcards. This service is especially beneficial to startups, to make their presence known to future customers.

With Lob API you can easily get the zip-code based demographics to make your campaign even more specific to point of age, income as well as residential versus business split. And you can do all this without having to pay for any setup fee, you only pay for what you send.

Address Verification

You can easily validate mailing addresses instantly by using Lob API, you can also standardize the addresses to help ensure that your mail reaches the desired recipient. The API uses data directly from USPS to correct the missing information. And on top of all that it is free for all domestic addresses, and very affordable for international addresses.

Couchsurfing, a vibrant travel community uses Lob to automate everything from making sure the user provides deliverable addresses to ending address verification postcards on-demand.

Easy to use

The Lob API is incredibly easy to use, providing you with powerful and scalable mailing solution. Lob have made sending a physical mail as easy as sending an email.

You can easily track all your mails.You can target specific regions and demographics for your campaign. Lob’s API service is very similar to that of Sendgrid or Twilio. The Lob API takes all the pain out of sending mail and it can be integrated with many internal applications.

Programmer Friendly

The Lob API is extremely programmer friendly, it provides pre-built wrappers for multiple programming languages like: Java, PHP, Node, Python, and Ruby. It also provides documentation for all these wrappers, with example code.

The complete documentation is also available for raw API requests. But here we will be discussing PHP wrapper. You can easily install the PHP wrapper using composer or you can get it directly from Github.

Now, to start you must authenticate all of your requests, and to properly authenticate with the Lob API, the API key should be sent in each request. Below is an example for how to initiate the wrapper with authorization:

$apiKey = 'test_0dc8d51e0acffcb1880e0f19c79b2f5b0cc';
    $lob = new \Lob\Lob($apiKey);

As you can see, it is pretty simple and easy, to use the PHP wrapper.

Errors

Below is the list of errors HTTP response code errors and what the mean:

In general, 2xx indicates success, 4xx indicate an input error, and 5xx indicates an error on Lob’s end.

Webhooks

Webhooks, is a really good feature to track event based notifications, like whenever an event is fired Lob will immediately send that event to any URL specified for that event, on the Lob dashboard.

But first you have to be sure that you are subscribed to the event in the environment (test or live).

Metadata

When sending a request to Lob’s API, you can attach metadata to it so, you can easily filter the requests out later. Below is an example for how to attach metadata to a request:

$lob->postcards()->create(array(
        'description' => 'Demo Postcard job',
        'metadata[campaign]' => 'NEWYORK2015',
        'to' => 'adr_78c304d54912c502',
        'from' => 'adr_61a0865c8c573139',
        'front' => '<html style="margin: 130px; font-size: 50;">Front HTML for {{name}}</html>',
        'back' => '<html style="margin: 130px; font-size: 50;">Back HTML</html>',
        'data[name]' => 'Harry'
    ));

As you can see, that the above request contains metadata with key “campaign”. Now, to filter out the request with containing specific metadata you will do something like this:

$lob->postcards()->all(array(
        'metadata[campaign]' => 'NEWYORK2015',
        'limit' => 2,
        'offset' => 0
    ));

Usage

Below is a example code to verify mailing addresses using Lob API PHP wrapper:

$lob->addresses()->verify(array(
        'address_line1' => '185 Berry Street',
        'address_city' => 'San Francisco',
        'address_state' => 'CA',
        'address_zip' => '94107'
    ));

Below is an another example of code which shows how you can design postcards using Lob API PHP wrapper:

$lob->postcards()->create(array(
        'description' => 'Demo Postcard job',
        'to' => 'adr_78c304d54912c502',
        'from' => 'adr_61a0865c8c573139',
        'front' => '<html style="padding: 1in; font-size: 50;">Front HTML for {{name}}</html>',
        'back' => '<html style="padding: 1in; font-size: 20;">Back HTML for {{name}}</html>',
        'data[name]' => 'Harry'
    ));

The value for array keys “to” and “from” are address IDs that you can get from the API.

You can get a list of addresses from this simple request:

$lob->addresses()->all(array(
        'limit' => 2,
        'offset' => 1
    ));

The above mentioned request will bring all data related to addresses, including address ID. You can, use metadata in this request to get more specific results.

Lob’s API also provides some other resources for example:

$lob->countries()->all();

By using this request, you can get the list of all countries, which you can use later to add addresses etc..

Now by looking at the above code examples you can clearly see, how easy it really is to use this API.

Track the Mail

With Lob’s API you can track your mail pieces along the way. You can easily monitor your postcards, letters, checks and documents on their way to the intended recipients.

You can keep track using tracking events or by adding unique promo codes, URLs, or phone numbers. You can use webhooks to follow your mail through the mailstream with live tracking events and PDF proofs.

Below is a breakdown of each scan event label and description:

In Transit

The mailpiece is being processed at the entry/origin facility.

In Local Area

The mailpiece is being processed at the destination facility.

Processed for Delivery

The mailpiece has been greenlit for delivery at the recipient’s nearest postal facility. The mailpiece should reach the mailbox within 1 to 2 business days of this scan event.

Re-routed

The mailpiece is re-routed due to recipient change of address, address errors, or USPS relabeling of barcode/ID tag area.

Returned to Sender

The mailpiece is being returned to sender due to barcode, ID tag area, or address errors.

Integration Support

Various wrappers are available for integrating the Lob API into your application including PHP. If you want to use another language and a wrapper is not available for that language, you can create a custom SDK easily for your app.

Lob also offers integration through its integration partners that offer various services of their own. If you have an account on their site, you can integrate those accounts with your account on Lob, using API keys.

Lob also has some partner apps that offer direct mailing solutions powered by Lob. You can get started with these on apps by going to the integration page on Lob’s site.

Conclusion

Lob provides several interesting services that are unusual because they make the bridge between the online world with services that have to be provided in the physical world like printed mailings to be delivered via via postal mail.

I hope this article is a good start for you to create very interesting applications based on services that you have not been aware that could be implemented using REST APIs.

If you liked this article, please share it with other developer colleagues. If you have questions, post a comment below.

Best WordPress Security Plugin 2022 and 2021 — Review and Comparison of Top Free and Premium…

Haseeb A. Basil — Thu, 07 Mar 2019 14:38:03 +0000

Best WordPress Security Plugin 2018 and 2017 — Review and Comparison of Top Free and Premium Versions of New Plugins and Support Services from Several Companies

This article covers WordPress Plugins to Secure Sites providing Malware Protection, Firewall, AntiVirus, Injection Attack Holes, Vulnerability Issues Scanner and Backup of data.

Live Article Notice

Why WordPress Needs Security Plugins?

Important WordPress Security Practices

Top List of the Best WordPress Security Plugins 2018 and 2017

WordPress Security Plugin Comparison Side by Side

What WordPress Security Plugin should I Choose?

What if I still Have Security Problems Despite using a Security plugin?

Do Not Wait for a Security Attack to Happen

Other WordPress Security Plugins and Support Services

WordPress Security News

Live Article Notice

This is a live article that will be updated over time to include more plugins and list more relevant security features that may help you to decide what plugin suits better your needs.

If you found some inaccurate information or know of another interesting security plugin not listed here, please post a comment or use the site contact link at the bottom of this page to let me know about the information you have.

Why WordPress Needs Security Plugins?

WordPress is the most popular and widely used blogging platform. It is being used by millions of people around the world. 27% of all Web sites globally uses WordPress. Therefore hackers and spammers have also taken interest in breaking the security of the WordPress blogs.

WordPress security plugins are one of the easiest ways to improve security on a WordPress site. WordPress is very secure by itself and is frequently updated to fix any vulnerabilities that are found. But it is never too much have plugins that can detect security problems as soon as possible.

Security plugins can address some important vulnerabilities or at least harden the aspects of your WordPress site that are prone to manipulation by hackers.

Important WordPress Security Practices

In this post I am reviewing and comparing some of the most popular WordPress security plugins either free and commercial.

Keep in mind that even with all the best plugins installed, common security practices for keeping the WordPress site secure should be used. Your WordPress installation should be updated on regular basis to assure you are not using versions that have known vulnerabilities.

Top List of the Best WordPress Security Plugins 2018 and 2017

Here follows a list of some of the well-known WordPress security plugins that I have tried with a description of their most relevant features.

BulletProof Security

The BulletProof Security plugin secures your WordPress directories with a single click. It provides protection against CSRF, Base64, XSS, RFI, SQL injections. It also provides login security firewalls, database security and backup services.

It is available as a free and Pro version of the that offers BulletProof Security plugin service with more advanced features.

Sucuri Security plugin

The Sucuri Security plugin provides several security services like malware scanning, security activity auditing, blacklist monitoring, effective security hardening, file integrity monitoring, and a Web site firewall.

It is a free plugin and they do offer some premium services. Visit the Sucuri Security Web site for more information.

iThemes security plugin

The iThemes Security Plugin plugin supposedly provides more than 30 ways to secure WordPress site. It enhances user credentials by fixing common vulnerabilities and automated attacks. iThemes Security Pluginplugin offers both Free and Pro versions of the plugin.

Acunetix Security plugin

Acunetix Security plugin is a good fit for securing file permissions, security of the database, version hiding, WordPress admin protection, etc.. It checks the WordPress site for vulnerabilities and suggests the actions needed to be performed to correct those vulnerabilities.

The Acunetix Security WordPress plugin is available for free and they do provide other security services, you can check those out at their web site.

All In One WP Security and Firewall

The All In One WP Security & Firewall plugin checks for security vulnerabilities. It implements and enforces the latest recommended WordPress security practices and techniques.

One if its useful features is a meter on your dashboard that gives your site a score of how secure it is. It can detect malicious code in your WordPress site.

It is free plugin but they offer paid consultancy for your site’s security, you can learn more about it from their website.

6Scan Security

The 6Scan Security plugin security scanner goes beyond the simple rule-based protection of other WordPress security plugins. It employs sophisticated algorithms to find and automatically fix security vulnerabilities.

This plugin is available for free version but they do offer some paid services too. Check the 6Scan Security Web site for more information.

Notice that the version of this plugin that is available in WordPress plugin repository has not been updated in 2 years.

WordFence plugin

The WordFence plugin provides user login security, IP blocking, security scanning, and Web firewall and monitoring.

This plugin allows mobile sign in that saves your WordPress site from brute force hacks. It provides real time threat defense feed. Wordfence Scan leverages the same proprietary feed, alerting you in the event your site is compromised. This plugin is offered in both free and pro version.

AntiVirus for WordPress

The AntiVirus for WordPress plugin is a very lightweight plugin. It can strengthen the protection of your site against exploits, malware and spam injections. This plugin monitors malicious injections and also warns you about any possible attacks.This plugin works to fix common holes, stop automated attacks and strengthen user credentials.

WPBuffs Security Support Service

WPBuffs is not exactly a plugin but rather a support service that you can hire to help you fixing many types of problems with your WordPress site, including dealing with security issues using a suite of tools of their own.

They have a team of people that can provide several support services with plans that may include services like:

Integrating your site with Google Search Console and Google Analytics
Update themes and plugins
Perform backup
Monitor the site to check if it is up
Provide traffic, maintenance and security reports
Optimize sites for mobile
Test and optimize site page speed
Scan and remove malware
Protect against brute force login
Install SSL certificates
Detect malicious file changes
Migration to a dedicated server

WordPress Security Plugin Comparison Side by Side

To understand how WordPress security plugins compare, it is better to show you the features they support or not side by side. So here follow several types of comparisons of their security features.

User Login Security

The user login security features are about what aspects for protecting the process login and after the users are logged. Here is a description of the features compared between all plugins.

Brute Force Protection

Brute force is a trial and error method used by program that attack the login pages by trying different passwords until the find one that works for the attacked account.

Strong Password Enforcement

Require that the user uses strong passwords login in the WordPress account.

Block User by IP or by Country

Block users based on their IP addresses or their Country.

User Monitoring

Monitor the actions of logged users and guests.

ReCAPTCHA Integration

Integrate Google ReCaptcha in the login and registration page and any other forms to prevent the access using robot scripts.

Here follows the side by side comparison of the User Login security aspects.

Database Security

The database is where the dynamically created content and user information is stored. Protecting this information is important to avoid damages that may prevent WordPress to work properly.

Backups

Regularly take backups of database and store them on the server and make them available for download.

Errors Turned Off

Ability to turn off the database related PHP errors.

DB Status and Information

Get the information for the DB in your admin panel and live status of the DB server.

SQL Injection Protection

SQL Injection is a way to add a malicious SQL to database queries from data entered by users the user input field.

Change Table Prefix

Change the table prefix for WordPress tables at any time, not just when installing the script for the first time.

Here follows the side by side comparison of the Database security aspects.

File System Security

WordPress uses files to store its source code of course. Source code files must not be changed by any attacker. WordPress may also generate log files. Logs may be watched to understand what happened.

Disable File Editing

Disable the plugin file editor and the template file editor for administrative accounts, so nohacker with access to the admin account can edit the source files.

Monitor System Logs

Monitor system’s error logs and access logs and others through the WordPress administration panel.

Manage File Permissions

Manage file and directory permissions from admin panel and password protect the wp- directories.

Repair Files

Repair altered files that may contain malicious code.

Here follows the side by side comparison of the File System security aspects.

External Access Features

Threats that may compromise the security of Web site based on WordPress usually come from the outside. Some of the most important security features exist to prevent that malicious external accesses compromise WordPress security.

XSS Protection

Cross-site scripting (XSS) is a way to inject JavaScript code in HTML that is displayed on Web pages and be used to steal user data or othet type of sensitive information.

WAF (Web Application Firewall)

Web Application Firewall (WAF) filters, monitors and blocks HTTP requests sent to pages that supposedly should not exist in a Web site but may have been installed by code that exploited a vulnerability.

DDOS Protection

DDOS stands for Distributed Denial Of Service attack. This is a kind of a security attack for compromising the ability of a server to handle requests due to many computers that are used from different world locations to perform attacks at the same time.

DDOS protection is needed to detect when an attack is going on and prevent that it causes the WordPress site be unusable by regular users.

Here follows the side by side comparison of the File System security aspects.

Best Free WordPress Security Plugins

All the plugins mentioned in this article have free versions apart from premium versions that may provide better system.

If you compare all the listed plugins on the criterion that matter most to you, you can find out which is the best free WordPress security plugin.

What WordPress Security Plugin should I Choose?

All the plug-ins mentioned in this article provide good support to the most important security matters that you should be concerned when detecting and mitigating security problems that may arise.

So rather than recommending a specific plugin, let me list the features I think are more important when it comes to security services that a WordPress plugin may provide.

Take a look at these features, look at the side by side comparisons above and see which plugins provide those features and at the same time provide them at price and support level that you desire.

Some of the plugins only support certain features in the premium versions. But at the time of despair when something bad already happened the money that the premium version costs may be well worth compensated by the possibility to get support from qualified professionals.

Brute Force Protection and Strong Password Enforcement because you do not want an attacker to simply access your administration panel due to weak passwords
Automated backups sent to secure places , preferrable to a different server because if something bad happens you do not want to be unable to recover your WordPress site at least partially.
Monitor changes in files such as source code, templates, JavaScript and repair from secure backups because many site defacements are basically that, files that were changed by attackers to make it look different or look the same but spread malware in a way that you cannot notice looking at the pages.
A good Web application firewall because even if plugins can protect from some kinds of exploits, other exploits may still be performed on the server and new malware files may be installed on the system to make it act in a way that is not intended. A Web Application Firewall will block the access to those new malware files , so their code cannot be executed.

What if I still Have Security Problems Despite using a Security plugin?

Well these security plugins are great but there may always be cases that they did not anticipate. Most newer security exploits were created by people that was smarter than the developers and abused from holes that were foreseen.

So, when the security attacks happen, you will need the help of a security expert. Some plugin developers provide additional services that you may contract to have people solving your specific problem.

Hiring on demand may often be more expensive than hiring an ongoing support service that is ready to act by the time you find about a security incident.

This is why this article lists also one (one for now, more be listed later) support service, in the case called WPBuffs. They provide several plans of subscription based WordPress support service. It includes security services but it also includes other non-security related services such as maintenance.

WPBuffs services are affordable and it may bring you some piece of mind and less headaches when the incidents happen. They have a free trial service for 30 days that you can try to evaluate them without having to commit any payment.

Do Not Wait for a Security Attack to Happen

Security is a very sensitive topic. Many developers wished they never had to deai with security issues but every project will have their own set of security problems, especially large projects like WordPress that is a very visible target due to its popularity.

So, if your WordPress site is very important to you and you must not lose time, money and effort with eventual security problems, do not wait until you have those problems to start acting. Spend some time now and install any plugins you feel that are necessary to keep you more protected.

Other WordPress Security Plugins and Support Services

There are more WordPress Security Plugins out there. Some may be old and not be updated for a while. Others may be new and were not covered in this article yet.

If you know about any other relevant plugins or support services dedicated to WordPress security, please post a comment below or use the contact link at the bottom of the page.

If you liked this article share it with your developer or WordPress site owner friends so they can also be aware of how to protect their sites from security issues.

WordPress Security News

If you want to know all about the releases that implement or fix security aspects of WordPress, the best place to find about that is the WordPress news blog Security category.

There you can file the list of the latest releases of WordPress that reference security features or fixes.

How Can PHP Import Excel to MySQL using an PHP XLSX Reader and Excel XLSX Converter - 2022

Haseeb A. Basil — Thu, 07 Mar 2019 14:06:40 +0000

What is XLSX

XLSX is a file format used to create an Excel spreadsheet. It was first introduced by Microsoft in Excel 2007. It is XML-based, which makes it easier to transfer data between applications.

A XLSX file stores data in worksheets in the form of cells. Cell are contained in rows and columns which can have multiple properties of the cell data like styles, formatting, alignment, etc..

XLSX is in reality a simple ZIP archive. It contains multiple XML files, which have all the information of the spreadsheet properties.

Parsing XLSX in PHP

There are multiple ways to parse XLSX with PHP. As it is was mentioned above, a XLSX file is a XML-based ZIP archive.

You just need to extract the ZIP file content files and parse them using any XML parser. But it is easier to use a ready-made XLSX parser as it might contain more functionality. There are few popular packages available to parse XLSX using PHP:

Spreadsheet_Excel_Reader
PHPExcel
SimpleXLSX

In this article I focus more on the SimpleXLSX package and how to use it to parse XLSX files and importing its data into a MySQL database.

Using the SimpleXLSX package you can get data from the spreadsheet in form of rows. You can use that information for your own purposes.

Ways to Import XLSX in MySQL

Since a XLSX file contains multiple files, it cannot be imported directly into MySQL. So the recommended way is to convert the XLSX file into a CSV and then import that to the DB.

There is also an online tool that can be used for that. You just upload the XLSX file and it creates the insert statements for it.

There is also plenty of desktop software like e.g. Excel2MySQL, Navicat, MySQL for Excel, Mr. Data Converter etc.. You can use the XLSX parsers in PHP to do this too. In the next section I will be going into more details about that approach.

Importing XLSX in MySQL via PHP

As I mentioned above, you can use XLSX parsers written in PHP to import XLSX file data into a MySQL database. You might wonder why go to all the trouble of using parsers when there are other easier ways of importing XLSX into a MySQL database.

Well there can be many uses for this approach including, importing given user provided XLSX files into a database automatically. This can be done using SimpleXLSX in a couple of ways.

The first method is to parse the XLSX file in PHP and then change it to CSV and import that in MySQL, it can be done using a code similar to the one below:

<?php

    include 'simplexlsx.class.php';

    $xlsx = new SimpleXLSX( 'countries_and_population.xlsx' );
    $fp = fopen( 'file.csv', 'w');
    foreach( $xlsx->rows() as $fields ) {
        fputcsv( $fp, $fields);
    }
    fclose($fp);

Using the above code you can parse an XLSX file in to a CSV file and then you can easily import the CSV file into the MySQL database.

Now the other method to do this is to parse the XLSX file into an array and import it into the db using the mysqli or PDO extensions. You can do this by using a code similar to the following:

<?php

    include 'simplexlsx.class.php';

    $xlsx = new SimpleXLSX( 'countries_and_population.xlsx' );
    try {
       $conn = new PDO( "mysql:host=localhost;dbname=mydb", "user", "pass");
       $conn->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    }
    catch(PDOException $e)
    {
        echo $sql . "<br>" . $e->getMessage();
    }
    $stmt = $conn->prepare( "INSERT INTO countries_and_population (rank, country, population, date_of_estimate, powp) VALUES (?, ?, ?, ?, ?)");
    $stmt->bindParam( 1, $rank);
    $stmt->bindParam( 2, $country);
    $stmt->bindParam( 3, $population);
    $stmt->bindParam( 4, $date_of_estimate);
    $stmt->bindParam( 5, $powp);
    foreach ($xlsx->rows() as $fields)
    {
        $rank = $fields[0];
        $country = $fields[1];
        $population = $fields[2];
        $date_of_estimate = $fields[3];
        $powp = $fields[4];
        $stmt->execute();
    }

Download the SimpleXLSX Package

It is fairly easy to parse an XLSX file. The SimpleXLSX package provides an easy way to read and convert any XLSX file so it can be processed in any way your PHP application needs or even insert the data into a MySQL database for instance.

You can download the SimpleXLSX package in the ZIP format or install it using the composer tool with instructions presented in the download page.

Share this article with other colleague PHP developers that can benefit from this information. If you have questions post a comment below