WordPress Quick Tips

20130115-225128.jpg

Plugin Recommendations

My list of plugins that I recommend. I have divided them into two categories: Highly Recommended, Recommended, and No Longer Recommended. The highly recommended plugins can be used successfully by most WordPress based websites. The recommended plugins provide additional functionality which may be useful in in your site.

Highly Recommended

404 Error Monitor
Captures 404 errors. This is useful if you have changed your permalink structure, so you can redirect your visitors to pages they are looking for.
Akismet
Akismet protects your site from comment, and trackback spam. It is one of the best solutions for spam prevention.

  1. Click the “Activate” link
  2. Sign up for an Akismet API key
  3. Go to your Akismet configuration page, and save your API key.
Jetpack by WordPress.com
Provides functionality found on WordPress.com to your WordPress site. This has several features, and is worth using.
Page Comments Off Please
This plugin is installed on all new WordPress sites.
Quick Cache
WordPress advanced cache plugin; speed without compromise!
Quick Cache comment garbagecollector
Add-on for Quick Cache. Will regenerate single page/post caches if a comment has been placed
Web Ninja Auto Tagging System
This plugin will automatically make tags.
WordPress SEO
This is my favorite SEO plugin.
WP Smush.it
Reduce image file sizes and improve performance.
BulletProof Security
Website Security Protection. This is my current perferred security plugin.

Recommended

Blogroll to Page
Create pages of links using the WordPress blogroll functionality.
MailPoet Newsletters
Create and send newsletters. Import and manage your lists. Add subscription forms in widgets, articles and pages.
Syndicate Out
Syndicates posts made in any specified category to another WP blog using WordPress’ built in XML-RPC functionality.
Easy Digital Downloads
Serve Digital Downloads Through WordPress.
Easy Digital Downloads – Bitcoin Currency
Adds Bitcoin (BTC) currency in Easy Digital Downloads
Easy Digital Downloads – Free Download
Bypass Checkout Mechanism For Free Download
Layered Pop
Create multi-layers animated popup.
Syntax Highlighter ComPress
Syntax Highlighter lets you add different highlights to text.
Ultimate Tag Cloud Widget
This plugin aims to be the most configurable tag cloud widget out there.
MailPoet Newsletters
Manage mailing lists, and send mass emails, like newsletters.
Meteor Slides
Create Slideshows.
Summary: Excerpt Extraction
Creates summaries of your posts.
Ultimate Noindex Nofollow Tool II
Allows you to set noindex and nofollow on specific pages, posts, and archives.
WP Post Series
Adds a new taxonomy of a series of posts.

Theme Recommendations

  • Weaver II
  • Yoko
  • Twentyfourteen
  • zeeBizzCard

 

Helpful Links

General WordPress Links

(Education, Tutorials, Documentation, Support)
learn.wordpress.com – Tutorials
codex.wordpress.com – Documentation
wordpress.tv – WordPress Related Videos
wordpress.com/support – Support Forums

Links to Specific Help Pages

http://codex.wordpress.org/WordPress_Lessons

http://codex.wordpress.org/Combating_Comment_Spam

http://codex.wordpress.org/Hardening_WordPress – How to Secure a WordPress based Website
http://thematosoup.com/tips/wordpress-security-htaccess – Securing WordPress
http://searchenginejournal.com/just-say-no-to-hackers-how-to-harden-your-wordpress-security/63685 –

Securing WordPress

http://www.gtmetrix.com – Test website for optimization of site
http://sitecheck.sucuri.net/scanner/ – Online malware scanner
http://www.ip2location.com/blockvisitorsbycountry.aspx – Tool to Allow you to create .htaccess code to block based on country

https://codex.wordpress.org/Combating_Comment_Spam/FAQ

https://managewp.com/wordpress-categories-tags-seo

Security Advice

Securing a WordPress site can be complicated, but there are two items which can help dramatically each day:

Change the Admin Username away from admin
Change the database table prefix to something other than wp_

This is one of the first things I do when I make a brand new site, but if you have an established WordPress site you can make use of Better WP Security to do this.

WordPress like all database driven websites is vulnerable to attack through vulnerabilities in the code. Since WordPress will always have vulnerabilities it is important to keep WordPress, the plugins you use, and themes updated, and your passwords secure. One part of securing a password is to use a strong password (8-12 characters long with at least 1 uppercase letter, lowercase letter, number, and symbol).
Steps to Secure a Site

Remove files you are not familiar with.
Keep code updated
Remove unused scripts
Monitor file permissions
Hide configuration files
In the php.ini file make the following changes:
Set ‘register_globals’ to Off.
Set ‘display_error’ to 0 or Off.

Remember to confirm all user inputs. Items on Forms, in URLS and so on. Remember to make use of access Control. Keep users away from admin areas, and other places they do not need to be.

Make use of .htaccess to block known bad users, or the IP ranges of countries that you do not want accessing your website. Better WP Security is able to add some black list ips to your .htaccess. You can also make use of some free services create code for the .htaccess file to block access to certain countries. This may be useful if you see attacks coming mostly from certain countries and you do not need traffic from those countries this can be a useful tool to protect your site.

Increase Speed and Efficiency of WordPress

Occasionally when your site gets a large number of simultaneous visitors the site could appear down due to the overwhelming number of php processes running on the server. There are a couple of ways that you can combat this. You can install a caching plugin, like Hyper Cache or Quick Cache. You can also use CloudFlare with or with out a caching plugin to improve the loading speed of your site.
Securing WordPress

Using a pre-existing subdirectory install

If you already have WordPress installed in its own folder (e.g., http://example.com/wordpress), then the steps are as follows:

Go to the General panel.
In the box for Site address (URL): change the address to the root directory’s URL. Example: http://example.com
Click Save Changes. (Do not worry about the error message and do not try to see your blog at this point! You will probably get a message about file not found.)
Copy (NOT MOVE!) the index.php and .htaccess files from the WordPress (wordpress in our example) directory into the root directory of your site—the latter is probably named something like www or public_html. The .htaccess file is invisible, so you may have to set your FTP client to show hidden files. If you are not using pretty permalinks, then you may not have a .htaccess file. If you are running WordPress on a Windows (IIS) server and are using pretty permalinks, you’ll have a web.config rather than a .htaccess file in your WordPress directory.
Move (DON’T COPY) the wp-config.php file to your root directory.
Edit your root directory’s index.php.
Open your root directory’s index.php file in a text editor
Change the line that says:

Countries with Lots of Hackers

  • Hungary
  • Italy
  • India
  • Romania
  • Brazil
  • Taiwan
  • Russia
  • Turkey
  • China
  • USA

Source (http://www.abcnetspace.com/2013/05/top-10-countries-with-most-hackers.html)

WordPress Database Information

The options table will tell you the SiteURL, the template and stylesheet used. You can change the theme by changing the stylesheet and template line.

What are your WordPress tips?

Making Art with Text – ASCII and ANSI Art

Many people who have used Bulletin Board Systems, have seen ANSI, ASCII, and RIP Art.
I recently revamped my website to feel more like an old school BBS.  To set the tone, I needed an image that looked like it could have been made back then.
Here are two examples of what ANSI art in the BBS world looked like.  The first is from Tradewars 2002.  The second, is from Legend of the Red Dragon.
Tradewars 2002
L.O.R.D.

In the days of Dial up modems, the time to send an actual image file would have been a long time.  To circumvent this limitation ASCII graphics were created.

ASCII and ANSI Art
ASCII graphics used keyboard characters to display a picture.  My earliest memories of ASCII art are my father brining Snoopy home for my brother and I when we were littler.  These images are usually monochrome in color.  An example of ASCII Art is the following:
                  XXXX
                 X    XX
                X  ***  X                XXXXX
               X  *****  X            XXX     XX
            XXXX ******* XXX      XXXX          XX
          XX   X ******  XXXXXXXXX                XX XXX
        XX      X ****  X                           X** X
       X        XX    XX     X                      X***X
      X         //XXXX       X                      XXXX
     X         //   X                             XX
    X         //    X          XXXXXXXXXXXXXXXXXX/
    X     XXX//    X          X
    X    X   X     X         X
    X    X    X    X        X
     X   X    X    X        X                    XX
     X    X   X    X        X                 XXX  XX
      X    XXX      X        X               X  X X  X
      X             X         X              XX X  XXXX
       X             X         XXXXXXXX\     XX   XX  X
        XX            XX              X     X    X  XX
          XX            XXXX   XXXXXX/     X     XXXX
            XXX             XX***         X     X
               XXXXXXXXXXXXX *   *       X     X
                            *---* X     X     X
                           *-* *   XXX X     X
                           *- *       XXX   X
                          *- *X          XXX
                          *- *X  X          XXX
                         *- *X    X            XX
                         *- *XX    X             X
                        *  *X* X    X             X
                        *  *X * X    X             X
                       *  * X**  X   XXXX          X
                       *  * X**  XX     X          X
                      *  ** X** X     XX          X
                      *  **  X*  XXX   X         X
                     *  **    XX   XXXX       XXX
                    *  * *      XXXX      X     X
                   *   * *          X     X     X
     =======*******   * *           X     X      XXXXXXXX\
            *         * *      /XXXXX      XXXXXXXX\      )
       =====**********  *     X                     )  \  )
         ====*         *     X               \  \   )XXXXX
    =========**********       XXXXXXXXXXXXXXXXXXXXXX
1978 by Douglas A. Wright
ANSI Art uses IBM’s extended character set, and escape codes to create colored Works of art.  ANSI art was widely used for BBS interfaces, and logos.  There have been artists who can use the 16 color limitations, and the few different texture types available to create really neat works of art.  My Header image started out as an ANSI image, but because ANSI images today have to be viewed through a special interpreter, I converted it to a graphic.
I found that there are tools, which can convert images to ANSI or ASCII art.  This appears to be one of the most common ways to create both ANSI and ASCII art today.  I found that the results of these generators did not give the same results as art made by hand in an editor.
Creating ANSI Art

To create my Excalibur’s Sheath Header image I went looking for examples of creating Text.  In my searches I came across a person who had taken a font package for an old software for creating ANSI art, and converted the fonts to Figlet. 
 
Creating the Text
 
I used the patorjk.com figlet generator to create the Excalibur’s Sheath text for my image.
  I was able to preview multiple “fonts” before I decided upon ANSI Shadow, as the font to use.
 
The font I selected did not have the apostrophe symbol, so I left a blank between the r and s in Excalibur’s.  I later used a comma to place the apostrophe to create the image.
 
Drawing the Sword
 
I then needed a way to draw a sheathed sword using ANSI art.  I used the sixteen colors ANSI editor to create and color my sword image.  This editor allowed me to save a PNG image of my text art, which was perfect for my uses.
 
Putting it all together
 
Once I had the text for the image, and the sword drawn, it was a matter of grabbing a reference of the 16 colors available to the ANSI artist.  I used GIMP to put it all together.  With GIMP I selected the Monospace font, and pasted in Excalibur s, Sheath, and ‘ as 3 different text blocks.  I renamed the layers so that I could identify what they were.  I colored them #XXXXXX.  I made copies of all three text blocks.  Then I removed the drop shadow from all three original text blocks.  I placed them so that they looked their best.  I colored the second set of text blocks #XXXXXX, and placed them so that they were under the first blocks with only the shadow area showing.
 
The last piece I did was place the sword as a separate layer.  I rotated it, and shrunk the layer to fit.
 
Conclusion
 

I feel that I made use of several techniques I learned from looking at existing ANSI art made during the BBS era, and while I used a modern image manipulation tool, and techniques it was the best tool I had available for this project.  There are not many examples of ANSI art on the web, and the tutorials, and documentation left sometimes presume a skill level, or tools I did not have access to.

The Ultimate Linux Cheat Sheet

A while back I wrote a post of BASH or SSH Commands. In this post I add several other useful Linux commands.

BASH Commands

ls -alh – list directory
history – lists a history of commands run
cat – Display file on screen
grep – keyword search
less – read a file and format for pages
host – displays server name
clear – clears the terminal screen
exit – exits terminal log in
kill – kills processes
rm – remove file
cp – copy a file
mv – move a file
vi – advanced text editor
nano – text editor
strings – Interprets Binary files and shows what can be printed on the screen
cd – change working directory
pwd – print working directory
tail – displays the last 10 lines of the file unless -n is used to tell it how many lines to go up -c is how many bytes you want. -f to follow the log.
touch – creates an empty text file and updates the modified
date – outputs the current date of the system
which – gives full binary path to commands

Vi and Vim Commands

In the Linux community there seems to be no conflict greater than the Emacs vs vi/vim editor, with others, like Pico/Nano/Joe with vocal minorities. I started with Pico as my first editor. I have since used many systems, and I find vi or vim most likely installed by default.

Vim has many commands. Whole books cover it. Here are some basic commands to get you started.
dd – Delete Line. You can also type a number and dd to delete multiple lines.
wq – Save and quit.
q! – Quit without saving.
set nu – Show line numbers.
i – Insert text.

Links to helpful resources

BASH Oneliners

100 vim commands every programmer should know

HTML Sitemaps 404 Error pages

sitemapRecently I read a couple of articles about HTML Sitemaps. The first one on HTML Sitemaps the second one on Custom 404 Error Pages, and the last was about an effective Archive page.

I use the Weaver II theme, and so I delved into creating a child theme for it, that would give me a 404 error page, and an HTML sitemap page. In reading the article about useful archive pages I came to see that an archive page isuseful to the visitors to my site.

Custom 404 Page

I have created a custom 404 page that attempts to find the content the visitor came for, then it gives the visitor a way to search my site quickly, or scroll through a sitemap for my site, and lastly they can go to the homepage quickly. The goal of this page is to keep my visitors on the page longer. I am also trying out a plugin to capture 404 errors, so that I can decide how to permanently handle them.

Sitemap Page

I followed Yoast’s example and created a template that will list content from several ways to find what a visitor is looking for. One thing that Yoast suggests is that you do away with dated archives, so this page does not include the dated archives.

Archive Page

I found the article about how to make a useful archive page, and then created one. It includes dated archives as well as the sitemap categories, and a tag cloud.

Sitemap vs Archive

In the end I realized that I did not need both a sitemap and an archive page. I decided on the Archive, as my HTML sitemap. My reasoning for that is that this page is designed to help visitors, including bots, and the more ways to the content the better, as long as only one URL is being indexed. So be sure to make your archive/sitemap page follow, noindex.

Conclusion

You can use the articles to generate your own child theme or feel free to download a copy of my child theme, with sitemap and archive page templates, as well as a custom 404 error page.

Download the file Here (File is tar.gz archive).

Website Scope

image

I have thought about website security lately.  One underused way of securing a website is to look at the scope of your website.  Most websites have a purpose, it may be a website for small local businesses, an e-commerce website, which servers a niche market.  In most cases not every country needs access to view your site.  With the correct tools it is possible to block countries based on IP Addresses.  This can allow you to maximize your possible audience, while blocking populations of hackers.

Where  are Hackers Located

The top ten countries for hackers as of May of 2013 according to abcnetspace.com

  1. Hungary
  2. Italy
  3. India
  4. Romania
  5. Brazil
  6. Taiwan
  7. Russia
  8. Turkey
  9. USA
  10. China

How to Use the List

I suggest that you first decide what countries your website does not need to be seen in.  For example if you have a local website, then you may want to block all countries on the list, except for your own, if it is listed.  You can also look at where your traffic comes from, and determine countries that do not have a lot of traffic to your site, and decide to block them.

Creating the List

You know what countries to allow or block as the case may be, with the .htaccess file you can either explicitly allow or block based on IP Address.  This means that if you only want one to a few countries to have access be ready to only allow traffic from those countries.  On the other hand if you are just going to block some countries then be ready to block them.

Now that you know what countries to keep or block, you will need a tool to help you in generating the .htaccess code.

Country IP Blocks will generate code you can just paste into your .htaccess file.  And like that you have secured your website a little more.

Limitations

This is not the only way to secure a site.  In fact this is a tool that must be part of a comprehensive  plan for security.  Those hackers you blocked can always hack a computer that is let into your site and still hack you if you are not careful.  The last imitation of this method is that it only works with web servers, like Apache that support .htaccess files.

Conclusion

Blocking countries intelligently based on your need for traffic,  can be a strong part of web security.  It should not be the only piece of the security puzzle.  Also you will need to make sure your server allows that kind of security before you can use it.

Security of Scripts vs Security of Software

security

WordPress is a great tool for creating websites.  Some people believe that they do not need to keep their scripts updated.

The most common reasons for this are:

  • Forgotten Scripts
  • Custom Coding
  • Waiting For Code to Mature

Continue reading

Why Update Scripts

When websites have security issues there is one cause of the problem which I see more than any other. Scripts that are not updated. When I ask people why they do not keep the scripts updated to the newest version I am told a few different reasons. In general they boil down to the site being abandoned, or to people using custom coding. Sometimes I’ve heard that people want to wait for a certain period of time until the scripts are “Mature enough.” The problem is that while this strategy can work for software, and operating systems scripts are a little different. We need to update scripts so that security holes.  ograms and operating systems are compiled. Compiling means that the code is changed into code that the computer natively understands. A script, like the many used to run websites are not compiled. Each time it is loaded the software that is compiled is the result of constant coding, and as it matures bugs, and other problems are removed and it functions better. Scripts also have bugs, every time a script releases an update it has fixes for the previous bugs that hackers may be able to use to place malicious code into the web hosting account. Keeping your scripts updated is a way to make sure that hackers do not have as much of a chance to compromise your account. Many scripts in use today are mature products, and are not prone to major changes, which cause performance to degrade.

WordPress Security and Information

Cracked Baseball, like a hacked WordPress site

In my job doing technical support for web hosting I have assisted many people in getting their WordPress websites going. There tend to be people with two sets of issues that call.

  1. People who do not know where to begin with using WordPress
  2. People who have security issues

I want to discuss these problems with some information to aid in getting your WordPress site started, and to help you secure it.

WordPress is a great “Personal Publishing” platform. It started life a just another blogging platform, but has evolved into a very powerful CMS (Content Management System) capable of being used by sites that do not have a blog.

One of the advantages of WordPress are the resources in themes, plugins, and documentation.

Recommended Themes

  • Weaver II
  • Yoko

Recommended Plugins

These are the plugins I use in all of my sites. I believe they give the best bang for the resources.

  • Akismet
  • All in one Favicon
  • Better WP Security
  • Blog Copyright (by BTE)
  • Google XML Sitemaps
  • Jetpack
  • Page Comments Off Please
  • Send From
  • Strictly Auto Tags
  • Sucuri Security – SiteCheck Malware Scanner
  • TentBlogger 404 Repair
  • Theme My Login
  • WordPress SEO by Yoast
  • WP Smush.it

Increase Speed and Efficiency of WordPress

Occasionally when your site gets a large number of simultaneous visitors the site could appear down due to the overwhelming number of php processes running on the server. There are a couple of ways that you can combat this. You can install a caching plugin, like W3 Total Cache, or Super Cache. I have found these to sometimes slow a WordPress Site down even more, and when I have gone to remove them I have found that I had to rebuild my websites. Another option is to make use of a service like CloudFlare. My sites have access to CloudFlare through my hosting at HostMonster. CloudFlare provides the same type of caching as the caching plugins.

Securing WordPress

Securing a WordPress site can be complicated, but there are two items which can help dramatically each day:

  • Change the Admin Username away from admin
  • Change the database table prefix to something other than wp_

This is one of the first things I do when I make a brand new site, but if you have an established WordPress site you can make use of Better WP Security to do this.

WordPress like all database driven websites is vulnerable to attack through vulnerabilities in the code. Since WordPress will always have vulnerabilities it is important to keep WordPress, the plugins you use, and themes updated, and your passwords secure. One part of securing a password is to use a strong password (8-12 characters long with at least 1 uppercase letter, lowercase letter, number, and symbol).

Steps to Secure a Site

    1. Remove files you are not familiar with.
    2. Keep code updated
    3. Remove unused scripts
    4. Monitor file permissions
    5. Hide configuration files
    6. In the php.ini file make the following changes:
      • Set ‘register_globals’ to Off.
      • Set ‘display_error’ to 0 or Off.

      Remember to confirm all user inputs. Items on Forms, in URLS and so on. Remember to make use of access Control. Keep users away from admin areas, and other places they do not need to be.

      Make use of .htaccess to block known bad users, or the IP ranges of countries that you do not want accessing your website. Better WP Security is able to add some black list ips to your .htaccess. You can also make use of some free services Like this one to block access to certain countries. This may be useful if you see attacks coming mostly from certain countries and you do not need traffic from those countries this can be a useful tool to protect your site.

Common Pitfalls of WordPress Websites

20130115-225128.jpg

WordPress is a great resource for creating and administering many types of websites. With WordPress you get a highly polished system to create content with. Thousands of free themes, and plugins to expand your sites functionality and to get that look that is perfect.

WordPress is great at

Along with all that also comes some issues, which often get people into trouble:

The Great WordPress 3.5 Migration

20130109-201609.jpgI recently made the effort to upgrade multiple sites from WordPress 3.4.2 to WordPress 3.5. Unfortunately, along the way I encountered some difficulties.

I use Hostmonster as my web host. Hostmonster has integrated with the SimpleScripts service, which is similar to Fantastico. SimpleScripts usually does a great job of keeping things up to date, but it does not update plugins. The problem is WordPress 3.5 is incompatible with the version of the Jetpack plugin installed with version 3.4.2.

My solution is to go in and delete the old Jetpack plugin from the plugins directory, and then log into my dashboard and reinstall the Jetpack plugin.

The second major problem was that I had some sites using the W3Total Cache plugin, and I kept having problems getting the sites up again. I have seen the caching plugins on my WordPress sites cause these kinds of problems before. They seem to cause the performance of the site to become fickle. A little change in the settings can crash the site.

My solution is to install a new WordPress, and configure it to match the old one, which had been using the caching plugin. The next step is to link ye new site to the old database. Finally I move the new WordPress install into the old URL and I have generally removed unused plugins, and streamlined the site along the way.