Recently I read a couple of articles about HTML Sitemaps. The first one on HTML Sitemaps the second one on Custom 404 Error Pages, and the last was about an effective Archive page.
I use the Weaver II theme, and so I delved into creating a child theme for it, that would give me a 404 error page, and an HTML sitemap page. In reading the article about useful archive pages I came to see that an archive page isuseful to the visitors to my site.
Custom 404 Page
I have created a custom 404 page that attempts to find the content the visitor came for, then it gives the visitor a way to search my site quickly, or scroll through a sitemap for my site, and lastly they can go to the homepage quickly. The goal of this page is to keep my visitors on the page longer. I am also trying out a plugin to capture 404 errors, so that I can decide how to permanently handle them.
I followed Yoast’s example and created a template that will list content from several ways to find what a visitor is looking for. One thing that Yoast suggests is that you do away with dated archives, so this page does not include the dated archives.
I found the article about how to make a useful archive page, and then created one. It includes dated archives as well as the sitemap categories, and a tag cloud.
Sitemap vs Archive
In the end I realized that I did not need both a sitemap and an archive page. I decided on the Archive, as my HTML sitemap. My reasoning for that is that this page is designed to help visitors, including bots, and the more ways to the content the better, as long as only one URL is being indexed. So be sure to make your archive/sitemap page follow, noindex.
You can use the articles to generate your own child theme or feel free to download a copy of my child theme, with sitemap and archive page templates, as well as a custom 404 error page.
Download the file Here (File is tar.gz archive).
I have thought about website security lately. One underused way of securing a website is to look at the scope of your website. Most websites have a purpose, it may be a website for small local businesses, an e-commerce website, which servers a niche market. In most cases not every country needs access to view your site. With the correct tools it is possible to block countries based on IP Addresses. This can allow you to maximize your possible audience, while blocking populations of hackers.
Where are Hackers Located
The top ten countries for hackers as of May of 2013 according to abcnetspace.com
How to Use the List
I suggest that you first decide what countries your website does not need to be seen in. For example if you have a local website, then you may want to block all countries on the list, except for your own, if it is listed. You can also look at where your traffic comes from, and determine countries that do not have a lot of traffic to your site, and decide to block them.
Creating the List
You know what countries to allow or block as the case may be, with the .htaccess file you can either explicitly allow or block based on IP Address. This means that if you only want one to a few countries to have access be ready to only allow traffic from those countries. On the other hand if you are just going to block some countries then be ready to block them.
Now that you know what countries to keep or block, you will need a tool to help you in generating the .htaccess code.
Country IP Blocks will generate code you can just paste into your .htaccess file. And like that you have secured your website a little more.
This is not the only way to secure a site. In fact this is a tool that must be part of a comprehensive plan for security. Those hackers you blocked can always hack a computer that is let into your site and still hack you if you are not careful. The last imitation of this method is that it only works with web servers, like Apache that support .htaccess files.
Blocking countries intelligently based on your need for traffic, can be a strong part of web security. It should not be the only piece of the security puzzle. Also you will need to make sure your server allows that kind of security before you can use it.
WordPress is a great tool for creating websites. Some people believe that they do not need to keep their scripts updated.
The most common reasons for this are:
- Forgotten Scripts
- Custom Coding
- Waiting For Code to Mature
When websites have security issues there is one cause of the problem which I see more than any other. Scripts that are not updated. When I ask people why they do not keep the scripts updated to the newest version I am told a few different reasons. In general they boil down to the site being abandoned, or to people using custom coding. Sometimes I’ve heard that people want to wait for a certain period of time until the scripts are “Mature enough.” The problem is that while this strategy can work for software, and operating systems scripts are a little different. We need to update scripts so that security holes. ograms and operating systems are compiled. Compiling means that the code is changed into code that the computer natively understands. A script, like the many used to run websites are not compiled. Each time it is loaded the software that is compiled is the result of constant coding, and as it matures bugs, and other problems are removed and it functions better. Scripts also have bugs, every time a script releases an update it has fixes for the previous bugs that hackers may be able to use to place malicious code into the web hosting account. Keeping your scripts updated is a way to make sure that hackers do not have as much of a chance to compromise your account. Many scripts in use today are mature products, and are not prone to major changes, which cause performance to degrade.
In my job doing technical support for web hosting I have assisted many people in getting their WordPress websites going. There tend to be people with two sets of issues that call.
- People who do not know where to begin with using WordPress
- People who have security issues
I want to discuss these problems with some information to aid in getting your WordPress site started, and to help you secure it.
WordPress is a great “Personal Publishing” platform. It started life a just another blogging platform, but has evolved into a very powerful CMS (Content Management System) capable of being used by sites that do not have a blog.
One of the advantages of WordPress are the resources in themes, plugins, and documentation.
These are the plugins I use in all of my sites. I believe they give the best bang for the resources.
- All in one Favicon
- Better WP Security
- Blog Copyright (by BTE)
- Google XML Sitemaps
- Page Comments Off Please
- Send From
- Strictly Auto Tags
- Sucuri Security – SiteCheck Malware Scanner
- TentBlogger 404 Repair
- Theme My Login
- WordPress SEO by Yoast
- WP Smush.it
Increase Speed and Efficiency of WordPress
Occasionally when your site gets a large number of simultaneous visitors the site could appear down due to the overwhelming number of php processes running on the server. There are a couple of ways that you can combat this. You can install a caching plugin, like W3 Total Cache, or Super Cache. I have found these to sometimes slow a WordPress Site down even more, and when I have gone to remove them I have found that I had to rebuild my websites. Another option is to make use of a service like CloudFlare. My sites have access to CloudFlare through my hosting at HostMonster. CloudFlare provides the same type of caching as the caching plugins.
Securing a WordPress site can be complicated, but there are two items which can help dramatically each day:
- Change the Admin Username away from admin
- Change the database table prefix to something other than wp_
This is one of the first things I do when I make a brand new site, but if you have an established WordPress site you can make use of Better WP Security to do this.
WordPress like all database driven websites is vulnerable to attack through vulnerabilities in the code. Since WordPress will always have vulnerabilities it is important to keep WordPress, the plugins you use, and themes updated, and your passwords secure. One part of securing a password is to use a strong password (8-12 characters long with at least 1 uppercase letter, lowercase letter, number, and symbol).
Steps to Secure a Site
- Remove files you are not familiar with.
- Keep code updated
- Remove unused scripts
- Monitor file permissions
- Hide configuration files
- In the php.ini file make the following changes:
- Set ‘register_globals’ to Off.
- Set ‘display_error’ to 0 or Off.
Remember to confirm all user inputs. Items on Forms, in URLS and so on. Remember to make use of access Control. Keep users away from admin areas, and other places they do not need to be.
Make use of .htaccess to block known bad users, or the IP ranges of countries that you do not want accessing your website. Better WP Security is able to add some black list ips to your .htaccess. You can also make use of some free services Like this one to block access to certain countries. This may be useful if you see attacks coming mostly from certain countries and you do not need traffic from those countries this can be a useful tool to protect your site.
WordPress is a great resource for creating and administering many types of websites. With WordPress you get a highly polished system to create content with. Thousands of free themes, and plugins to expand your sites functionality and to get that look that is perfect.
WordPress is great at
Along with all that also comes some issues, which often get people into trouble:
- Not Keeping WordPress, themes or plugins up to date
- Not verifying plugins and themes before using
- Forgetting about old installations
Out of Dated
The biggest problem I have seen is WordPress, it’s plugins, and themes are not updated regularly. When new code is released one of the first things that bad people do is look for ways to compromise WordPress, plugins, or themes.
Fortunately good people also notice these issues and correct them. After the code is corrected an update is prepared, and sent out. After the updates people who wish to be malicious look for these out of date scripts to make use of the known vulnerabilities.
Another problem that can be found is that plugins and themes are used without verifying their source. It is possible to slip malicious code into themes and plugins. There is no checking of the code which is submitted to these plugins and theme directories.
While checking the code directly is the only way to be absolutely sure what a plugin is doing. If you examine the number of downloads and ratings of the plugins will help you find high quality plugins.
Forgetting About Old Site
The last item that I see where people have problems is not specific to WordPress, but when you forget you have installed stuff on your web server, and then forget about it you will have problems from outdated scripts,which may lead to all sorts of issues.
Keep your scrips updated, and you will see fewer issues with compromised scripts, because as soon as the compromises are found they are fixed. Watching how often and how highly rated a plugin will help in always using reputable code in your WordPress site. Lastly, don’t forget about your code; keep your hosting account clean.
I recently made the effort to upgrade multiple sites from WordPress 3.4.2 to WordPress 3.5. Unfortunately, along the way I encountered some difficulties.
I use Hostmonster as my web host. Hostmonster has integrated with the SimpleScripts service, which is similar to Fantastico. SimpleScripts usually does a great job of keeping things up to date, but it does not update plugins. The problem is WordPress 3.5 is incompatible with the version of the Jetpack plugin installed with version 3.4.2.
My solution is to go in and delete the old Jetpack plugin from the plugins directory, and then log into my dashboard and reinstall the Jetpack plugin.
The second major problem was that I had some sites using the W3Total Cache plugin, and I kept having problems getting the sites up again. I have seen the caching plugins on my WordPress sites cause these kinds of problems before. They seem to cause the performance of the site to become fickle. A little change in the settings can crash the site.
My solution is to install a new WordPress, and configure it to match the old one, which had been using the caching plugin. The next step is to link ye new site to the old database. Finally I move the new WordPress install into the old URL and I have generally removed unused plugins, and streamlined the site along the way.
I have read about optimizing WordPress to make www.excalibursheath.com load faster. My goals are:
- Improve the site’s Gtetrix score
- Not change the appearance too much
One of item I recently noticed was that my hosting provider (Bluehost.com
) has partnered with Cloudflare
to provide a free level of service to customers. I decided to make use of this service at this time.
The site was not scored very badly for not optimization having been done.
The jump from the caching plugin, and Cloudflare was remarkable.
Optimizing the images resulted in a nice bump in performance.
If you follow the steps below your site will see a huge decrease in loading time. There are more advanced features you can do, but I think these few steps are where you see the most bang for the buck.
- Turn on the free Cloudflare service
- Install and configure W3 Total Cache
- Install WP Smush.it Plugin
- Run Smush.it on all previously updated images
To migrate a site from WordPress to Drupal is a fairly straight forward process.
- Export your WordPress Site using tools and export.
- Install Drupal
- Install the WordPress Migration module in Drupal.
- Import your site into Drupal using either the Export file or the URL of the WordPress install.
You can roll back the import if it does not go well,
I have put together a list of useful commands for Unixes and Linux. These are Linux variants of the commands.
ls -alh – list directory
history – lists a history of commands run
cat – Display file on screen
grep – keyword search
less – read a file and format for pages
host – displays server name
clear – clears the terminal screen
exit – exits terminal log in
kill – kills processes
rm – remove file
cp – copy a file
mv – move a file
vi – advanced text editor
nano – text editor
strings – Interprets Binary files and shows what can be printed on the screen
cd – change working directory
pwd – print working directory
tail – displays the last 10 lines of the file unless -n is used to tell it how many lines to go up -c is how many bytes you want. -f to follow the log.
touch – creates an empty text file and updates the modified
date – outputs the current date of the system
which – gives full binary path to commands