I'm a WordPress website designer. I'm not a programmer. I'm trying to fix some security/SEO issues with a website.
I ran a diagnostic test on a website and one of the things I'm trying to fix is a security issue on "protocol-relative resource links". This is how the program tells me to fix it: "Update any resource links to be absolute links including the scheme (HTTPS) to avoid security and performance issues."
I have googled everything I can think of and I think I have found a way to fix it, but it is going to mean going through 177 pages of the websites code and finding the specific links and fixing them each individually. That is because they are not image links or bigger links like that, but they are obscure links like font links. The only way I've been able to find them is through the source code (I think that's what it's called.) As far as I know they all unique links so I can't do search and replace and even if I could I don't know what links need to be replaced.
Here is the description of the problem that was given to me: "URLs that load resources such as images, JavaScript and CSS using protocol-relative links. A protocol-relative link is simply a link to a URL without specifying the scheme (for example, //screamingfrog.co.uk). It helps save developers time from having to specify the protocol and lets the browser determine it based upon the current connection to the resource. However, this technique is now an anti-pattern with HTTPS everywhere, and can expose some sites to 'man in the middle' compromises and performance issues"
I am self-taught and know basically no code or programming languages, so I need basic beginner help if possible. Links to tutorials are welcome. I'm trying to find a quicker way to solve this problem or at least have it confirmed that this is the way I'll have to do it. Thank you for any help you are able to give!
Related
I'd like to code a website where you can find search results from many websites.
So my question is, if this scenario is possible and if yes, if you guys have any suggestions how I would be able to do this.
Here my workflow:
I search for something on my website. For example: "asdf"
My code then executes the search from the other website. for example:
https://www.google.ch/#q=asdf&safe=images
Then there will be shown some results, of course. But how can I directly take the results and show them on my website, without opening the other website?
I have to say, that the websites I'm looking for, haven't got any API for that.
I probably wouldn't recommend to scrap a web page directly in the client.
I'm not even sure if you can achieve it easily without getting some Cross Domain Policy problems anyway.
A solution like APIfy might help you doing what you want:
http://apify.heroku.com/resources
Or you can still make your own server site API "layer" for this particular website?
Keeping in mind that scrapping a web page is always a fragile process where the format can chance at any moment.
I have a simple HTML site with 100+ pages or so. I want to add a search bar at the top so the user can search the site. I know about Google Custom Search, but it shows ads unless you pay at least $100. Obviously I'd like ad-less search on my site for free if at all possible!
I've also heard about Lucene/Solr, but they do not actually crawl the site. For that I would apparently need Nutch.
Anyway, the site I have runs on a Microsoft IIS6 server, but I have basically no knowledge as to how Solr, Nutch, etc. gets "installed" on the server.
Also: I'd like to point out that I do have a local copy of the site. Perhaps I can do one big initial nutch "crawl" locally that will create an .xml for Solr?? That would help me get "up and running", but probably wouldn't be a good long-term solution.
..so should I just use Google Custom Search? or is there a not-extremely-painful-to-implement alternative? The brain hurts folks.
You did not mention how many search requests you want to handle but if you use the json-rest-api of google's custom search you have 100 searchqueries a day for free and you can display them without any ads on your page.
An simple example request can be found here.
Here is an easy way that works pretty well, although you may be looking for something more than this.
http://sitecomber.com/getsitecomber/
You can create code to paste into your site in about 2 minutes. It doesn't get easier than that. Search is powered by Google, but results are isolated to your website.
EDIT: This no longer works.
I was wondering if is it possible to make same thing by myself, or Search Engines does that by themselves?
I want to add some links like here:
Google does this on it's own and all you can do is to (then) remove some of the links through the Google Webmaster Tools.
They are commonly named Site Links and you can google for "How to get Site Links Google SERP" and so forth - there are thousands of tips for helping Google along.
A clear navigational structure and internal link structure help of course, and consistent anchor texts.
As far as I know, Google automagically pics those up - there is no direct way to set them.
Make sure you have a proper site map, and then wait I suppose.
Yes, google will generate that links for you.
What is a (free) technology which requires the least amount of code for creating a website with the following requirements:
Sign-up/login
Form for adding your personal info. which gets databased
Each person can view and edit their own info
Admin can view and edit any
The form needs to be easily customizable and extensible (by the website's owner, not during run-time)
Is there a beginner tutorial for such a thing?
(For me, this question is about a friend who wants me to do this, but I want him to do it himself so I don't have to get roped into maintenance. I also want to keep it more general for the sake of Stack Overflow and future readers.)
Edit: I thought I remembered some ASP.NET tutorials that were mostly drag/drop or things where it was all but made for you from the database schema (which can be made with SSMS's GUI) but I can't seem to find them now.
Responding to posts below requesting specifics: this site will be for potential clients to sign-up and enter their company's info and fill out a form about their advertising needs.
I thought about putting this on SU instead, but since there was likely going to be some coding involved (I assumed no-code was an unreachable goal) SO seemed more appropriate.
Your friend can consider a framework like drupal. It has a bit of a learning code but, you can create a website with everything you ask for without code. You may want to modify it to change the look but there are themes for that.
Also, some hosts like godaddy.com have this installed and you do not have to worry about the complex installation procedures. Just start modifying the content of the site, select a built in template and go...
PhpBB? I think you need to specify what the website is going to be used for before you can get better/more specific answers.
... have a look at Drupal or Joomla, expect a learning curve nevertheless.
Is this friend a programmer as well? If so, I'd suggest building such a site using a PHP framework. Deploying an existing forum/wiki is also an option of course, but will probably have much more features than you describe. But if s/he's not a programmer, I don't see how s/he will be able to develop a site like that in a reasonable amount of time.
Why not using a CMS like wordpress, drupal and co. ?
How exactly do you do this? The reason is my CMS has been breached, well, mainly because the username and password is fairly common (my bad). But I've always thought that it is save, since the directory name is pretty un-common and hard to guess (not the usual /cms/ or /admin/). Brute-forcing from a script? or maybe some Google tricks?
update : my CMS is in PHP and I developed it myself. I don't remember putting the link to it everywhere, except once in email I sent to my friend via gmail.
update 2 : as this could be used by some people to attack a site, please don't put any script in the answer. My intention is just to know the general ways to do it, so that I could prevent further attacks like this.
Thanks in advance.
Did you ever surf somewhere via a link from your CMS? Your browser would have sent a referer (note the misspelling) header, indicating where you came from.
Maybe you had a link to administrative area somewhere?
Or maybe accessing main directory without filename renders directory index?
I.e. you're using mod_autoindex?
My guess is, that somebody linked to your CMS URL and an automated (evil) script found it using Google search results looking for some common patterns.
Search in Google using this query
link:http://www.example.com/myCmsFolder
to verify if your link/pages are contained in Google.