We need to provide access to a certain part of our website on another website via an iframe. Our website is static so there is no need to arrange server feeing of content via protected sessions. we have these two objectives:
1) only allow certain pages to be accessible via an iframe. There will be a link to our website on this frame - but it should not be possible for anyone to access content directly from our website
2) We need to make sure our files can only be accessed via iframes only from specific domains (which purchased the subscription).
I wonder if the above two objectives can be accomplished with minimum probability of being broken into?
Related
Is it possible to use folders within our WordPress site for the content organization? Any issue in doing this?
We would like to use the folders to group related pages & content, so that we can set up tools (live chat, website forms, etc...) to route inquires to the appropriate groups based on which folder the inquiry was generated from, or being able to analyze the data in google analytics by folder.
I've been told this is not possible or creates problems with themes and other site management tools within WordPress, which doesn't seem correct to me.
Currently, all pages are located after the root domain such as acme.com/....
Ideally, we would like to organize our site like the example below.
acme.com/products/...
acme.com/services/...
acme.com/jobs/...
acme.com/about us/...
acme.com/blog/...
Currently, we are running 2 web pages based on WordPress, custom application built in JS (Hapi, Angular, Mongo), as well as self-hosted GitLab repository and hosting based on ISP Config. Currently, user which want to use more than 1 service is forced to create multiple accounts.
What would be the best approach to centralize it assuming that we want:
a user to use same credentials on each page
allow a user to log in using social login (Facebook, Google, Twitter) and still keep his single profile
centralize information about user services, usage and billing information (invoices)
We do not want overcomplicate the solution, therefore, we don't want to centralize access management and obtain them from centralized server, each page/service will maintain it's on it own (i.e. when user makes a purchase in on of the WP sites (woocommerce) wordpress itself will maintain order and we will write custom code to report sale to centralized system for billing purpose)
We are currently considering using LDAP or Kerberos, what would suit better?
Secondly - how to cover part regarding social login? I assume that we should still allow user register using OAuth2 and somehow synchronise the data between each service and centralized system. Is there another way?
Your desires [correct me if I'm wrong]:
You have two apps that are essentially separate things.
These apps can be served from a web page via HTTP, and either don't
have an auth system or need one revamped.
You want a centralized login system with social auth.
You have a single business entity.
You want a single, combined source of data for e-commerce.
You are essentially setting this up from scratch on the WordPress
backend side, there is no current mixed ecosystem of users.
My thoughts:
You DO NOT want LDAP or Kerberos. Those solutions are much too complex for this situation.
You want a SINGLE WordPress install. You can easily setup the backend to answer to multiple domains. In other words a single wordpress install can handle pages at "domain1.com" and "domain2.com" and render the pages with compleately different headers and text to make them APPEAR as two sites. There is no reason to maintain two separate lists of users, because you want a single system to login. Differentiate the users based on their business data, i.e. user1 has data "registered on SiteA", user2 had data "registered on SiteB" etc.
You can place your app into a WordPress page, then use is_user_logged_in() to firewall it behind WordPress. This is an industry standard method of auth and extremely secure if setup correctly. Or if it's a data api, you can place it as an endpoint and leverage the exact same auth system.
Any of the major social auth plugins that are popular in the free .org repo should work out the box with this method.
If you are going to associate blogging, that is, many "posts" about the products, and you want those blogs to be different ecosystems, with different sets of users, you are looking for WordPress Multi-Site. I don't think this is what you want. You don't sound like you are going to "blog". Or at least every page is going to be meticulously curated on these combined sites. So you're probably looking for just a single install to serve content to two domains. NOT MULTISITE.
You should use WooCommerce, simply because it is the most widely supported platform. Setup is 100% free.
You can easily serve pages that are branded totally differently, even in one install. For instance, one WordPress site can serve pages to two domains, and put different logos and headers on the top of the page to make them appear different. One physical machine can serve two domains.
Bottom line: You want a single WordPress setup on a single machine, serving two domains. The content and appearance on the domains can be different at will. Use any popular social auth plugins in the .org repo to firewall the apps.
My question is quite similar to this question. However my concerns are not fully answered there, so I am posting a separate question.
I will try to be as detailed as possible here.
I have to build a website (SAAS), say abc.com wherein registered users would get a subdomain on the website, like abc.com/def or pqr.abc.com.
Now some of those users might want to have their own domains in use. for eg. 123.com or xyz.com.
All of these websites need to have identical backend (dashboard). But most importantly a visitor should be able to type a search term on the main website (abc.com), and the search should contain results from ALL websites including the subdomains (abc.com/def or pqr.abc.com) and custom domains (xyz.com).
I am not versed with other frameworks, so I figured out that WordPress could be a good solution.
My approach was that every registered user would be assigned role of an author, with them being able to create/edit their own content. I would then add custom post type for the exact type of content they can add. I would then use dashboard customizing plugins (like Adminimize) to configure what admin menus can the editors see. THis way I would be able to define/force the fields they can use for adding content, and I can also restrict the custom taxonomoies and terms they can use. And also be able to search through the content created by any user.
The only issue here is to create domains for the users.
The I heard of domain mapping. So, is it possible that map domains like xyz.com to abc.com in such a way that whenever a user types 123.com (or xyz.com) in address-bar, they are served the content of abc.com, but still see 123.com (or xyz.com) in their address bar.
I believe this is called masked domain forwarding. I tried a bit of it, and succeeded partially in that whenever a visitor types 123.com (or xyz.com) in address-bar, they are served the content of abc.com, but still see 123.com (or xyz.com) in their address bar. The problem is that whenever users type 123.com/wp-admin/ then instead of getting to the login screen, they see blank screen.
Not sure if the setup is corret, or if it is even acievable using WordPress.
Another alternative could be using WordPress multisite. But it has limitations for my caase:
1. Search across all sites in network is going to be a very expensive operation
2. I would not be able to force identical terms of custom taxonomies across all sites. I can create the taxonmies and terms using code and put it in a plugin and network activate it. It would work for new terms. But when I decide to delete/edit a term, I will have to login to each site's dashboard to sync the terms.
So, is there a way with WordPress to achieve what i am trying to do :custom domain names and identical dashboards, that can be controlled/dictated by admin (me) , and the facility to search through all the sites/domains.
If not with WordPress, then is there any other framework with which I can do this?
I have forum directory on my website. That sub directory is located on http://www.mobilestore.pk/forum I was wondering that how can I track forum traffic only as a separate property in Google Analytics without filtering it from the whole traffic of the website. So I can show the trends of forum to Moderators or Editors.
I don't recommend using a property to break out traffic on the same domain. It's better to use a new view with a filter. Be sure to keep a view that is unfiltered.
If you do decide to use a separate property, you will need to modify the code in all the page templates used in the /forum path to use a different UA tracking ID.
You can add a 2nd tracker for just the forum.
As per Google:
"In some cases you might want to send data to multiple web properties from a single page. This is useful for sites that have multiple owners overseeing sections of a site; each owner could view their own web property."
This exactly fits your scenario
See https://developers.google.com/analytics/devguides/collection/analyticsjs/advanced#multipletrackers
Here at our company we are trying to figure out how to create one single page and share it across domains in ASP.NET.
We would like to create a simple "cart" page that is the same for all of our clients websites, so that we can include the page from a central location (such as http://ourwebsite.com/thecart.aspx) without duplicating code, and still be able to apply the CSS styles and branding for each client to the page.
How can we share a single page across websites in ASP.NET?
Each of our client's websites are on a different domain, and in some cases may also be on different servers as well.
I think what you want to do is manage one page and have it automatically update the other pages on your client's sites, ideally the same thing as "sharing a resource" no? For that you don't necessarily need to "share" a page, you need an easy process for multiple site deployment of just the single page, errr....I think? In any case, without loading the page via an iframe, or creating a central spot like "cart.somedomain.net" and then pushing the info back and fourth (I assume you'll have shopping cart items), you'd need a way to automate the publish of the page on different sites.
Even if you were to make the "cart" page it's own solution and then just include it in the individual sites, you'd still have the deployment issue. I think you have a few options, some of them previously mentioned:
Create an iframe that loads the page from an external source.
Create a central location for all the domains to push information to for their checkout process (store.somedomain.net or somdomain.net/cart.aspx) and handle it accordingly.
Create an application or script that automates the deployment of the updated resource to multiple sites (I don't know of a tool that does this or I would offer up the name to you, I apologize).
Anyway, I hope that helps, best of luck.
Inherit from and create the page as just another server control in a custom library. You'll of course have it in source control.
In fact, it doesn't need to be a "page", rather a custom server shopping cart control.