caffeine, ramblings, and tech

WordPress Security

April 3, 2012 By Leave a Comment

Source: http://wordpress.org/extend/plugins/better-wp-security/

Symptoms of Malware

Over the past few weeks I’ve noticed a few WordPress sites that I host (on Dreamhost) and manage were magically infected with some malware. In my case there were a few signs that this happened.

  • Random redirects while watching the files load in the browser.
  • The WP dashboard lost all of its styling
  • Google Chrome would not load the site because it contained malware
  • SLOW

Manual Remediation

  • Changed the FTP owner for all files.  You could take this one step further and create an FTP user for each one of your domains.
  • Changed the WP database password.  This has to be changed on my host and wp-config file.
  • Created new Authentication Unique Keys and Salts.
  • Changed the permissions of certain directories and files.  The .htaccess is a must change!
  • Enabled SFTP for editing and transfering files.  You could always get an SSL certificate for an additional layer of security.

Activated the Following Plugins

  • Exploit Scanner - Scans your WordPress site for possible exploits.
  • Password Reset Removed - [...] want to remove the password reset/change option from WordPress, then this is what you have to do.
  • WordPress Firewall 2 - This plugin intelligently whitelists and blacklists pathological-looking phrases, based on which field they appear within, in a page request (unknown/numeric parameters vs. known post bodies, comment bodies, etc.).
  • Limit Login Attempts - Does what it says.

After writing the draft of this post I found another blog post from wplift recommending Better WP Security and coincidentally, it does everything that the above plugins do  (with the exception of Password Reset Removed) and more!

Better WP Security – My Favorite Features

  • Scheduled database backups.  Backups can also be emailed!
  • Email notifications for file changes.
  • System status dashboard.
  • Easily activate new features with a simple check of a check box.
  • Intrusion detection and email notification.

Better WP Security – My Least Favorite Features

  • Tons of options – this can be overwhelming at first.
  • A lot of red text warning you that activating a certain feature could impact your theme or other plugins.
  •  I wasn’t able to get the “Hide Backend” feature to work, oh well.

Additional References and Resources

Filed Under: Wordpress Tagged With: , ,

How to Add Multiple Galleries in a Single WordPress Post

August 15, 2011 By Leave a Comment

WordPress doesn’t have this option by default but it’s very easy to implement and use…

Process if you don’t have the images uploaded

  1. Install the “Multiple Galleries” plugin
  2. Create/open the respective post
  3. Upload/Insert an Image (icon above the unordered list button)
    • Select your images
    • Save changes
  4. Choose your Gallery Settings,  select (using checkboxes) the new pictures you just uploaded, and Insert Gallery
  5. Repeat

Backyard Photos

Chicago Photos

Process if your images are already uploaded

If your images are already uploaded you can follow the same steps as above with one exception:  you don’t need to upload your pictures :)  Simply create your galleries and use the checkboxes to define which pictures you want in each gallery.

Done!

 

Filed Under: How To, Wordpress Tagged With: ,

#WordCampMSP – Session Recaps and Slides

November 14, 2010 By Leave a Comment

For those of you that followed my twitter stream this may be a little redundant but here are all of the notes I took at WordCampMSP (11.13.2010).

Customizing WordPress from the Inside Out

Speaker:  Josh Byers
Website:  http://redlettersstudio.com/
Twitter:  @joshbyers
Session Notes:  Google Doc
Session Slides:  Slideshare

Advanced SEO

Speaker:  Mert Sahinoglu
Website:  http://mertsahinoglu.com/
Twitter:  @mertsahinoglu
Session Notes:  Google Doc
Session Slides:  Not available at this time.

Extending Functionality Through Custom Fields

Speaker:  Tim Shoffelman
Website:  http://schoffelman.com/
Twitter:  @silentgap
Session Notes – None, this session was all demonstration.
Session Slides – Not available at this time.

Rapid Theme Development using a Theme Framework

Speaker:  Ptah Dunbar
Website:  http://ptahdunbar.com/
Twitter:  @ptahdunbar
Session Notes:  Google Doc
Session Slides:  Slideshare

Understanding WordPress Multisite

Speaker:  Ryan Imel
Website:  http://wpcandy.com/
Twitter:  @ryanimel
Session Notes:  Google Doc
Session Slides:  Slideshare

WP E-Commerce & Getting Started w/-E Commerce

Speaker:  Justin Sainton
Website:  http://zaowebdesign.com/
Twitter:  @js_zao
Session Notes:  Google Doc
Session Slides:  Not available at this time.

WordPress Off Road

Speaker:  Sam Parsons
Website:  http://sjparsons.com/
Twitter: @sparsons
Session Notes:  Google Doc
Session Slides:  .pdf

A special thanks to all of the event coordinators, sponsors, speakers, and attendees.  This was my first WordCamp and I can’t wait for the next one!

Filed Under: Wordpress Tagged With:

Twitter Integration via Twitter Tools (Testing)

August 24, 2010 By Leave a Comment

There have been a few changes on how Twitter Tools integrates with twitter.  As a result, here is a test post.

I will admit that it was a bit tricky to follow the instructions from Twitter Tools and then interpret them to twitter’s online form…

What you need to input:

  1. Application Name – Enter in what your normally publish to twitter.  i.e. “shealaughlin.com new blog post”
  2. Description: “twitter integration will wordpress, twitter, and shealaughlin.com”
  3. Application Website: “http://wordpress.org/extend/plugins/twitter-tools/”
  4. Organization: “shealaughlin.com”
  5. Application Type: “browser”
  6. Callback URL: “http://www.blog.shealaughlin.com”
  7. Default Access Type: “Read & Write”
  8. DONE!

It should be noted… Until I publish this, I have no idea if it works or not…

Filed Under: Social, Wordpress

MSP WordPress User Group #7 – @mitchellhislop, @tobycryns, @raychampagne

July 23, 2010 By 1 Comment

WordPress Basics by Mitchell Hislop (twitter / website)

What is a theme? A theme is basically a skin or template for your content. Themes will contain different styles, layout options, and some other customizable features. Some of these features include: multiple column support, customizable headers, icons, and more.

Two themes that Mitchell recommend are:

  • Atahualpa “is a good theme to start with and there are a ton of options.
  • P2 “is another good theme – focuses on microblogging”

There was great discussion around canned themes vs. customizing vs. creating one from scratch. This decision will likely depend on the purpose of your blog, the desired branding, and the required functionality. Note: if a theme doesn’t have the functionality you desire there is probably a plugin for it.

If you choose to customize themes there are different ways to go about it. You can choose themes that are easy to customize, this might include child themes, or you can get dirty and edit the HTML, CSS, and PHP.  Child themes are fairly easy to edit as the code is usually separated. As in, all the core PHP, JavaScript, and etc are in different files than the customizable code. This helps distinguish what is the customizable items vs. the “don’t touch this or your site will break” stuff.  Note:  If you ever need help looking up a WordPress function, variable, or code snippet refer to the Codex.  It has all the information you need to get help from installation to customization.

Hint:  If your WordPress site is “broken” try disabling all of your plugins, test the site, and enable your plugins one by one. If you’re a little savvy with your FTP client you can easily rename your plugin folder to disable all of your plugins at once.

Pushing Content to Twitter – Two popular plugins are Twitter Tools and Twitter Feed

Documents / Attachments – Is there a way to show the file size of a document? Mitch’s recommendation, use a thirdparty site like Scribd, Dropbox, Flickr, etc.  A comment from the audience was, “more often than not, clients will want to stay within WordPress and not have to use/learn another service.”  With that said, you can manually add the file size as part of the file name and then add the file URL manually through the WordPress interface.

BuddyPress by Toby Cryns (twitter / website)

Installing – In order to use the BuddyPress feature you must Install the BuddyPress Plugin. This can be done by going to the Plugins –> Add New –> Search for “BuddyPress”.  Note: The plugin is named “BuddyPress”.

BuddyPress Forums – To use forums you’ll need to create a forum by creating a bbpress forum.

Notes:

  • Currently BuddyPress is not available on WordPress.com
  • You cannot combine themes.  You need to use the BuddyPress theme or a BuddyPress compatible theme.
  • If you don’t know what you’re doing, go with the default theme.
  • Toby’s tutorial can be found here.

How to move WordPress to a different server by Ray Champagne (twitter / website)

- Long story short, use Ray’s tutorial. – Note: There are some references to WordPress MU… The doco will be updated with WordPress 3.0 information in the coming weeks.

Filed Under: Wordpress Tagged With:

WordPress 3.0 Installed! – Test Post

June 19, 2010 By Leave a Comment

Testing – Check
Integration Issues – Unknown
Theme 2010 – Awesome!
Nothing else report at this time.

Welcome to WordPress 3.0.  So far I’m digging it and some of the features from the 2010 theme are awesome!  More to come…

Filed Under: Wordpress

MSP WordPress User Group #4

February 6, 2010 By Leave a Comment

This past Thursday (2/4) I attended my first MSP WordPress (WP) user group meeting at The Nerdery. There were four panel sessions but I could only go to two.  The four to choose from were:

  1. Intro to HTML
  2. Intro to CSS
  3. WP Widgets
  4. WP 3.0

WP Widgets

The WP Widgets coding demonstration was instructed by Ray Champagne (@raychampage) who did an awesome job “dumbing it down”, at least for me.  Ray showed us some professional examples of how WP can be used in lieu of traditional print media but how to transform that print media into an online web presence.  He broke the presentation down into smaller parts:

  • What are widgets?
  • What does the code look like?
  • Coding a simple widget.
  • Implementing your widget.

WP 3.0

The WP 3.0 presentation was very enlightening in that I didn’t even know there was a new version of WP coming out and that some of the features will be changing, hopefully for the better :) .

In short, this presentation was more about what changes are going to happen with WP 3.0 but also how anyone can help contribute to the development.  Here are some useful links and insight that Mitchell Hislop (@mitchellhislop) provided:

  • WordPress Foundation.org -”…founded by Matt Mullenweg to further the mission of the WordPress open source project: to democratize publishing through Open Source, GPL software.” – Also debuting the 2010 WP theme.
  • Example of the P2 Theme – A theme for threaded discussion instead of using the standard WP blogging or email.
  • The single user version WP and WPμ will be merged.  Within the WP settings you will now see a “network” section.  This will be the multi-user part of WP.
  • WP Mailing lists – Use these mailing lists if you want to stay informed or help out with the various functions of WP.
  • Mitchell’s Ultimate WP Starter Pack

In Conclusion…I’m super excited to go to the next one to meet even more people and to learn more about WP!

MPS User Group Info:

Google Group
Twitter

Filed Under: Wordpress Tagged With: , , ,

twitter Widget

December 16, 2009 By 2 Comments

JTwitter Widgetust added the twitter widget to the blog.  Very simple and can be done in less than 5 minutes!

  1. Go to http://twitter.com/goodies/widgets
  2. Select “My Website”
  3. Select “Profile Widget”
  4. Enter your twitter username
  5. Change the preferences, appearance, and dimensions to your liking
  6. When you’re done tweaking click “Finish & Grab Code”
  7. Copy your code
  8. Paste it into a WordPress “Text” widget
  9. Save
  10. Check it out!

And by no means is this the best option.  Just another way that simple and can be added to any site.  There are numerous WordPress plugins that also work well.

Filed Under: Social, Wordpress Tagged With: ,

WordPress Plugin for iPhone Users

November 23, 2009 By Leave a Comment

Tonight I found an awesome plugin for WordPress that will optimize your blog for mobile users. Specifically, readers that are using an iPhone. Take a look at the following screenshots.

Features:

  • Optimized loading compared to loading a “standard” theme.
  • Apple-esque icons (comments indicator).
  • Clean interface.
  • Easy to install (just like any other plugin).
  • FREE!

For more info please refer to the plugin website: http://www.bravenewcode.com/wptouch/

Filed Under: Mobile, Wordpress Tagged With: , ,

WordPress/Twitter Tools/Bit.ly Integration Test

August 13, 2009 By Leave a Comment

Hola,

Please ignore this post as it is a test for the integration of WordPress, Twitter Tools, and Bit.ly.

Update: Didn’t work at first.. Note to self:  Don’t have a space at the end of you API key.

Filed Under: Social, Wordpress