Category Archives: Security

Waiting for your web services? Hello JSON Mocking!

When we start a development sprint, as a UI / UX team, we will make sure that as a priority, that we identify all of the web services that we will need to consume. We then, define the parameters needed to call the service and generally, we will create a JSON object that we will expect the service to return us.

This helps us shorten the critical path by making sure that the service developers can prioritize their work efficiently, and also move development of web service stubs to the front of their work queue.  This process doesn’t always work perfectly and we are sometimes (often) in a position where the web service developers are days away from even making us a stub, so rather than postponing our own critical path work until later in our sprint, we can pretend we have a working web service using JSON mocking! Hooray!

The Tool : Mockjax

The library I use to fake a working web service is MockJax.  It is wonderfully simple.

  1. The library seamlessly wraps jQuery’s $.ajax command.
  2. You write your ajax call as you would if your service already existed
  3. In your page setup init function, you just once, setup an override based on the URL (and optionally POST type, etc), which can redirect to a function, or a static JSON text file, or another url
  4. When you call your $.ajax, the wrapper checks it’s override dictionary for a match, and if it finds one, it intercepts the call and serves your alternate mock data.
Admin skull folder

Change your WordPress SuperAdmin User Name for WordPress Multisite

If you are using a Bitnami WordPress (multisite) stack like I am, then your /wp-admin/ login is going to be pre-set to “user”, which:

  • sucks as a name
  • make your login 50% easier to hack
  • can’t be changed in the web UI

If you wanted to login as a custom-named SuperAdmin, you could either

  1. make a new user and make them also a SuperAdmin when setting their role, OR
  2. rename “user” to your desired login

I chose going with route #2 because leaving a SuperAdmin with the login of “user” still leaves a security weakness.

Changing “user” login to “anotheruser” (for example)

admin-user

  1. Connect to your MySQL WordPress Database
  2. In phpMyAdmin, select your wordpress database (mine is named “bitnami_wordpress”)
  3. Navigate to your wp_users table.
    • There will be one row per user.
    • Edit the user_login column for “user” and change it to “anotheruser”
    • Save

Now, this would be ordinarily be enough to just rename your login, but you will lose your SuperAdmin access to your Network Admin if you don’t make one more change.

Making “anotheruser” SuperAdmin to be able to access Network Admin

admin-meta

    1. Count the number of characters in your new login name (eg “anotheruser” has 11 characters)
    2. Navigate to your wp_sitemeta table
    3. Edit the row with a meta-key of “site_admins” and change the meta_value from
      • “a:1:{i:0;s:4:”user“;}” to
      • “a:1:{i:0;s:11:”anotheruser“;}”
      • (the name part is quite obvious, but you also have to manually specify how many characters long the name is)
    4. For me, this change was applied automatically and instantly, but it couldn’t hurt to reboot your server and logout and log in again.