I think there are a number of things we bloggers all have in common, and for the readers of this website, I hope that a love for WordPress is probably the biggest one. Have you ever wondered what you can do to help WordPress grow?
Here are a few ideas of things that just about anyone can do to help:
- WordPress Plugin – This one requires you to be pretty fluent with PHP. If you know coding well, though, this is probably the best thing you can do to improve WordPress.
- WordPress Theme – Releasing a theme for the WordPress community to use is another great thing most people can do for WordPress. If you look around, many of the more popular themes are fairly simplistic and don’t require an advanced design or a lot of features to be popular.
- WordPress Blog – Building a WordPress niche blog seems to be the popular thing to do these days. It is a lot of hard work, but if your passion runs deep the interaction with the WordPress community can be very rewarding.
- WordPress Forums – Lorelle recently wrote a great post over at Blog Herald about helping out at the WordPress forums and how rewarding this can be. If you don’t want to do any of the three above, give this one a shot. I can quickly become addictive!
Anything else you would add to the list?
I talked a couple of weeks ago about the importance of always upgrading your WordPress install, as old WordPress installations are often vulnerable. One thing I don’t think people realize is that a hacker can easily find vulnerable WordPress blogs because most standard WordPress themes will actually tell them what version you are using.
If you open up the header.php file of your theme, you should notice some code that looks something like this:
<meta name="generator" content="WordPress <?php bloginfo('version'); ?>" /><!-- leave this for stats -->
In order to protect your WordPress installation, I recommend people completely remove this code from their header.php file for all of their WordPress blogs.
Now, this obviously isn’t going to make your WordPress blog hack proof, but what it will do is make it so hackers can’t easily locate your blog if it is using a vulnerable WordPress installation.
Update: Thanks to a tip from Leland, it looks like WordPress 2.5+ now generates the meta link anyway via the wp_head hook, which is something you can’t remove. With that said, if you care about your security, you can still remove the meta generator. It looks like Ian of ThemeShaper has provided a couple methods, including a WordPress plugin to remove the meta generator information from your WordPress blog.
If you follow the underground world of domain names, you’ve probably noticed that this past week, a lot of coverage has been focusing on hackers who managed to take over a few domains owned by the Internet Corporation for Assigned Names and Numbers (ICANN), which is the company who regulates the world’s domain names. What you may not have heard about, however, is that in what appears to be an unrelated incident, ICANN also had their WordPress blog hacked about the same time.
In another unrelated incident, ICANN’s official blog was attacked using a recent exploit in the blogging software WordPress. This attack is believed to have been automated and not done with any motivation regarding ICANN itself. The effects were limited to the blog being taken offline for a short while while updates and repairs took place.
ICANN getting their blog hacked was a direct result of failing to upgrade their WordPress installation. Now obviously ICANN has a fairly high profile blog, but this appeared to be a random attack and can truly happen to anyone.
I’ve actually written in the past a few times about the importance of always upgrading your WordPress installation, but what most of you probably don’t know is that I preach this out of personal experience. About a year and a half ago my original WordPress blog was hacked simply because I hadn’t upgraded my WordPress installation. WordPress had released a fix and I didn’t upgrade right away.
I was actually very fortunate that the person who gained access to my site seemed to have good intentions, as he simply warned me to upgrade my WordPress installation. Unfortunately, though, it is something I will never forget. Not only do you feel personally violated when this happens, but I was dumb and used similar passwords for many of my other accounts. Someone with bad intentions could have easily guessed my similar password I used for my email account, then had access to all my accounts and other personal information.
Since that time, I have always upgraded my websites/blogs that use WordPress the day the upgrade is available, and I have always been outspoken to others about upgrading their WordPress installations. The WordPress team has really been doing a great job of lately of testing their software, so we aren’t usually seeing more than 3-4 upgrades within each WordPress branch (2.3.x, 2.5.x, etc.). For those new to WordPress, I remember it often going up to 7 or sometimes more in the WordPress 1.5 and WordPress 2.0 days.
In case you weren’t aware, you have a number of options when upgrading your WordPress installation. Obviously there is the manual upgrade, which many people dread. Other upgrade options include upgrading via Fantastico, or upgrading using a WordPress plugin such as WordPress Automatic Upgrade.
Would you say that you usually upgrade your WordPress installation right away?
Last month I wrote a couple of posts titled When Has Content Theft Gone to Far? and Tips to Deal With Content Theft where I chronicled a website that was stealing a couple of our posts. A couple of days ago I actually noticed a website that has attempted to completely replicate our site, going as far as to buy the same theme and attempt to hack it similarly, was using each of our WordPress pages (even left references to Hack WordPress on accident in the pages), and has been going through and manually republishing our posts individually and adjusting links to their internal copied posts.
Obviously this not only goes well beyond the syndicated blogs that steal content or at least post excerpts, but it even goes well beyond stealing a couple of our posts. In this situation, this blogger is attempting to replicate the entire identity of this website.
I have to admit, when I first saw this, I was a little heartbroken. I can’t even describe the amount of work put into not only writing the posts you see, but researching and testing plugins, updating old posts so they stay current, etc. Is it even worth it when stuff like this can happen?
Fortunately, this blogger had a contact form, so after I cooled down, I contacted him and requested that all of our copyrighted content be removed. Here was his response:
I am the author of xxxxxxx.com. I think i don’t need a license to use your copyrighted work because the copied work is a factual work rather than a creative one.
However, I am planning to give credit to all authors whose works i copy, so i can give you a credit.
Please contact to me about credit you want!
Obviously this was not going anywhere, so I responded and asked again, but I also began researching because there has to be more we can do to protect ourselves from content theft. That is when I ran across some posts explaining How to File a DMCA Complaint.
Unfortunately this requires a little work on our part because you have to draft a letter and send it to the blogs advertisers, web hosts, etc. to get their accounts banned. Based on a few posts I’ve seen on it, it seems to be a fairly successful method, so I will be filing a few of these complaints here shortly. I will also be notifying Google if the site becomes indexed to make sure they are banned from Google, and I hope to write a follow up post once I hopefully get some results.
Have any of you filed one of these complaints before? Did it work?
Sometimes it is fun to look back, and today I want to take a quick look back at the early stages of blogging, and examine the relevance of a term that many of you are probably familiar with…trackbacks. Flash back six years ago when blogging was a very new idea and had yet to develop into what we have today.
Before comments really caught on, it was common for a blog post’s conversation to spill over to several blogs, because bloggers would post their “comment” on their own weblog and give their takes. The problem was, this often made it difficult for a reader to follow conversations. As a result, the trackback was invented by the team over at Six Apart for their Movable Type software (and eventually Typepad, etc.). Eventually, other blogging software (include WordPress) adopted this method so readers could see a post, then see who was talking about it.
In the years since then, pingbacks were created to be easier to send are less vulnerable to spam. People that don’t have a blog will usually leave comments. To me, this begs the question…do we really need trackbacks any longer? When was the last time you received one that wasn’t spam? In my opinion, blogging has outgrown the trackback and the pingback has made it irrelevant.
As for the pingback, I think it is great for now. I do think, however, that we are headed towards blogs using something like a Google Blog Search or Technorati to display on each individual blog page a “who is talking about this post” module, which would make the pingback fairly irrelevant as well. All it would take is for Google to put a little more focus in improving their Google Blog Search or Technorati to narrow their focus in this type of area so that page load times wouldn’t take a drastic hit.
Anyway, sorry for the ramble, but I figured I would throw it out there and get your thoughts on trackbacks and where blogging is headed in the future.
If you aren’t very technology-savvy, or just prefer to easily setup/upgrade your WordPress installations, there are a number of web hosting services that now support one-click installation of WordPress via Fantastico.
I’ve yet to find a good list, so I figured that it was time someone put one together to help these people know which web hosts they can choose from. Here are a list of web hosts that I have managed to confirm support WordPress installation via Fantastico:
- A Small Orange
- Ace Net
- Total Choice Hosting
Does your web host support Fantastico? If they aren’t on the above list, let me know in the comments below!
Matt Cutts is most commonly known for his job as the head of the Google Search team, but the guy also appears to know a lot about being a webmaster. A couple of days ago Matt wrote a post titled Three Tips to Protect Your WordPress Installation where he details three things you can do to help avoid having your WordPress blog get hacked.
Here is the first tip:
Secure your /wp-admin/ directory. What I’ve done is lock down /wp-admin/ so that only certain IP addresses can access that directory. I use an .htaccess file, which you can place directly at /wp-admin/.htaccess . This is what mine looks like:
AuthName “Access Control”
deny from all
# whitelist home IP address
allow from 22.214.171.124
# whitelist work IP address
allow from 126.96.36.199
allow from 188.8.131.52
# IP while in Kentucky; delete when back
allow from 184.108.40.206
I’ve changed the IP addresses, but otherwise that’s what I use. This file says that the IP address 220.127.116.11 (and the other IP addresses that I’ve whitelisted) are allowed to access /wp-admin/, but all other IP addresses are denied access. Has this saved me from being hacked before? Yes.
Most themes typically come with a 404.php page that shows up by default whenever an invalid URL is visited on your blog. Depending on how often you change the URL of existing posts or delete old posts, it may or may not be a high traffic page for your blog.
Either way, when a typical web surfer finds your blog and is greeted with the lovely 404 page, they will most commonly just click the “Back” button on their browser and continue browsing through the other search results. If your 404 page is setup correctly, you can often retain that traffic by either offering something funny to grab the readers attention or by offering a variety of methods for them to find the post they are looking for. Over at Theme Playground I ran across a great post about customizing your 404 page, which includes a bunch of suggestions for retaining that traffic.
I personally prefer to provide useful resources on my 404 pages, so I will typically use something like the following code to help search engine traffic hopefully find what they are looking for:
<h1>Not Found, Error 404</h1>
<p>The page you are looking for no longer exists.</p>
<p>Perhaps you can find what you are looking for by searching the site archives!</p>
<b>Search by Page:</b>
<?php wp_list_pages('title_li='); ?>
<b>Search by Month:</b>
<?php wp_get_archives('type=monthly'); ?>
<b>Search by Category:</b>
<?php wp_list_cats('sort_column=name'); ?>
I will also sometimes call the search box (usually searchform.php) and the popular posts plugin as well to help retain that traffic, depending on the type of blog the 404 page is being built for. How do you have your 404 page setup?
There is no doubt that their combination of WordPress themes and WordPress plugins gives WordPress.org users a variety of options, but WordPress.com does not give its users nearly as much functionality. That is where Greasemonkey steps in, allowing users to control WordPress’ behavior locally within your web browser.Below you will find a list of what I consider to be the best and most useful WordPress Greasemonkey scripts. Most are for WordPress.com users, but some work for both. In order to use them, you will first need to install the Greasemonkey Extension in your Firefox Web Browser.
WordPress Greasemonkey Scripts
- Akismet Auntie Spam – This script re-skins the Akismet spambox page for WordPress admins. Download all spam at once, compress spam to make it more scanable and completely compresses obvious spam. Turns checking spam into a 10 minute per week activity.
- Find Images That Are Wide – This script scans your blog for images that are to big in Firefox, IE6, and IE7. Great for checking IE6 image compatibility and for blogs using fixed width templates.
- WordPress.com: Add Technorati Tags – This is not for the self-hosted version of WordPress, but it is to good not to list! This script adds a Tag button to allow users to easily add Technorati Tags to their posts.
- WordPress.com Stats Pages – Adds the missing stats links to the WordPress.com edit pages admin panel.
- WordPress Category Resizer – Ideal for people with 25+ categories on their blog. This script moves the category checkbox list from the right sidebar to underneath the edit post windows and makes it three columns wide instead of one column wide. Works with any version of WordPress or WordPress Multi-User (including WordPress.com).
- WordPress Comment Ninja – Respond to comments directly by post and/or email from inside your WordPress dashboard.
- Yahoo Pipe Cleaner – Removes most of the HTML markup from Yahoo Pipe run output so that it can be cut-and-pasted into WordPress blogs.
Unfortunately, this list is a little shorter than most of my Greasemonkey lists due to the lack of scripts available. If you know of some really useful ones I missed, please let me know in the comments below!
If you aren’t a person that is fairly concious of search engine optimization when blogging, you probably having given much thought to the Post Slug field in your WordPress write panel.
Creating a post slug basically allows you to create the post URL of your choice after your blog’s name, depending on the permalink structure that your blog uses. By default, the post slug will be the blog post’s title. For example, by default, this would post having the following URL:
Unfortunately, this is not a very search engine friendly URL, as many of the keywords are at the end of the URL. By setting my own custom post slug, I am able to create a better URL for my post:
In this case, my post title focuses on the keywords for this post, creating more emphasis on them. The great thing about this tip is it takes a very minimal amount of time to do and will become second nature once you’ve turned it into a habit.