Are you tired of searching the web for the best wordpress plugins for your wordpress blog? If so then today is your lucky day because what I have you here is what I think to be the best wordpress plugins every wordpress blogger should be using for there blog or blogs period.
Read more on Best Wordpress Plugins Every Wordpress Blogger Should Be Using On There Blogs…
WordPress, the premier free open-source blogging utility, has gone through several upgrades in its life. Today it’s one of the most popular blogging tools on the Internet; it’s easy to use, powerful, and very versatile. It also has a very active base of skilled users who are eager to improve the product and to help out those who haven’t tried it before.
Though the Strayhorn 1.5 version is the favorite for many, it is not as stable or as secure as the newest version 2.0.3. The best part of the new version is the security patch; the new “nonce” security key reduces the chances of a malicious hacker finding a way into your admin panel. Besides the security patch, though, several minor bugs have been squashed with this version. Though a major upgrade to 2.1 is due out soon, the 2.0.3 is something you should definitely download and install if only because of the security fixes, which were actually backported from the major upgrade files.
In addition to the 2.0.3 install, you should be aware that some bugs have already been found, and that a plugin will need to be installed to repair those bugs. If you modify any of the files that this patch plugin fixes, you’ll need to either merge the changes with the new files or make those changes manually once again. You can find these issues by running a diff to locate changes; if the only changes you find are your own, then you’re fine, and otherwise you’ll need to merge them manually into the new files.
The short list of what WordPress 2.0.3 fixes includes:
•Small performance enhancements
•Movable Type / Typepad importer fix
•Enclosure (podcasting) fix
•The aforementioned security enhancements (nonces)
One mostly annoying bug shipped with 2.0.3 as well. It gives you an “Are You Sure?” dialog when you edit comments, and adds a backslash before each quotation mark in the post you’re editing. Make certain to download the patch.
What’s Up With The Security Problem?
The security problem seems minor, but the WordPress team is fixing it before it grows into something major. It’s a bug that takes advantage of the cookie you download when you sign into WordPress. The cookie in question prevents anyone unauthorized from accessing your admin panel. It’s tied to your user account, and verifies that you are the authorized administrator of the account you’re working on.
The bug that’s being fixed is one that takes advantage of a sociological trick. If someone created a link or a form pointing to your WordPress admin account, they might possibly be able to trick you into clicking the link. In the case of the one here, you delete a post. This sounds both minor and highly unlikely; but a small crack in the door can be exploited later by a dedicated hacker. And this is also the kind of bug that, a few years ago, allowed a hacker access to the Microsoft databases, from which he stole portions of the Longhorn and other codes. So yes, you do need to take it seriously.
WordPress had ensured you were safe from this kind of hacking by using a utility called HTTPREFERER. But this utility has some issues. For instance, with JavaScript in Internet Explorer, it can be spoofed. In addition, certain firewalls and proxies can strip the information it’s supposed to carry out, causing some people to be unable to use their WordPress admin accounts the way they’re supposed to be able to.
Now, instead of the HTTPREFERER, a nonce is used; this is a number used once. It’s like a password that changes every twelve hours, and is valid for twenty-four hours. The nonce is unique to the specific WordPress install being used, the WordPress user logged in, the action, the object of the action, and the 24-hour time of the action. When any of these is changed, the nonce is no longer valid. All plugin authors will have to ensure the nonce is added to their forms and other interactive capabilities that may be affected.
Upgrading from WordPress 2.0.2 to 2.0.3
As with any upgrade, the first thing you should do is back up everything: the files in your WordPress directory, the database plugin with any changes, and any data you have added should be backed up as well. In addition, it might be a good idea to do a second backup of your entire WordPress directory just in case something goes wrong with your install.
Now remove the wp-admin directory entirely. Also remove the wp-includes directory, except for any translation and language files or directories you may have added; add these files to the backup files you created earlier. Finally, remove all the files where WordPress is installed with the exception of the file http://wp-config.php.
Now you’re ready to start your install. Download and unpack the 2.0.3 version in a separate install directory. You want to make sure you can control files and directories you copy over. Now install the new wp-admin and wp-includes directories.
Install the rest of the files of the top directory, with the exception of the http://wp-config-sample.php file.
Now enter the admin panel. You should see the following message: “Your database is out of date. Please upgrade.” Follow the link provided to update the database, and follow the directions there. Now remove the files wp-admin/upgrade.php and wp-admin/install.php. Download the plugin fix; add it and activate it. Replace your backup files where they need to be, and do the comparisons if you’ve modified any of your earlier files. This should take care of the whole thing.
For geeks, there is also an upgrade package that only includes the changed files. Look for it under Changes Diff (2.0.2 > 2.0.3). It consists of a zip file that is much quicker to install, but you should be certain you can handle it before using it.
Read more on Wordpress Version 2.0.3 Review…
Today i want to share, how to migrate our wordpress blog into another host. I do not know why you will you do this, maybe you choose bad host services (oftenly down) or you have short off your space or bandwith. No more way to fix it except move your web into another host. What ever is your problem is, i will show you how to move your wordpress blog into new host. In this case, i want to transfer my Precast Concrete Technology web into new host.
Read more on How to move our Wordpress to Another Host via Database…
Moving a blog can make it unreachable for 24 – 72 hours, unless the new domain name has fully propagated around the Internet. It is just the way it is and WordPress doesn’t have anything to do with such limitation. Moving is best done when you have the time or have planned ahead.
Moving Towards a New Domain Name
The first thing to do is create a database back-up. The entire WordPress installation needs to be downloaded with no exceptions. This is not the time to tidy up your install or to upgrade/change anything. That would have to wait after the blog has been moved and is shown to be working. Your computer should now have these items: one or more database backups plus all your wpfiles, folders and images directories. The backups should be copied again to somewhere safe on your machine so that the next stage can be done on a copy.
Alterations are needed to be made. The details of your new mysql connection have to be changed by opening the file “wp-config.php” on your WordPress install. The file: SCR 1.0.002 Freeware Edition (13KB) should be downloaded to search and replace your website URL with your Xampp url. This is because your blog address inside the database has to be changed. Database files can be very large, thus opening them can be excruciatingly slow. It could even crash your machine. By replacing the old address with your new address, the URLs within your site will still work.
Moving hosts will mean changes in your passwords. You can double check your new passwords for your mysql connection as well as other passwords that you have in use. After which, it is now time to upload all your files to your new web space and restore your database. From the website cpanel, select the database you are using. You should still need to look inside the “wp – options” table to check that the values in “site – url” and “home” are correct. Clear your cache and cookies before checking your new site.
It is possible that you will get a blank page when looking at your blog right after moving. In this case, the themes should be checked. A faulty theme file causes a blank page. You can try changing themes or uploading a new theme then changing to it. Should this step not help, you should check whether all the WordPress files are present and are of the correct size. You can use your ftp client to download a new set of WordPress files, if needed.
There may be instances where you would need to move WordPress around within your server. WordPress is flexible enough to handle this situation. Moving WordPress from one server to another is also possible.
Moving Within
WordPress files can be moved from one location on your server to another. Start by creating the new location using any of these methods: create the new directory when you will be moving your WordPress core files to a new directory, or move the WordPress to your root directory by making sure all index, php, .htaccess and other files that might be copied over are backed-up and/or moved. This will then make the root directory ready for the new WordPress files. It is crucial that you set the URL locations before you move the file.
When done, test your site to confirm that it works right. Make sure that you let people know the new address when the change involves a new address to your blog. Consider adding some redirection instructions in your .htaccess file to serve as a guide to visitors towards the new location.
Handling Redirects after Moving a WordPress Blog
Concerns should not be limited to the moving of the actual WordPress program files but also on finding a way to redirect visitors that may be following outdated links to an old content. It is possible that redirects can mess up RSS feeds and search engine results thus an ideal redirect option that preserves both past and current search results is the key. After moving your WordPress blog, look into how 301 redirects can be properly handled.
A suggested way goes like this: open your .htaccess file in the directory that houses your newly moved WordPress file and edit in either your host’s file manager interface or by downloading to your local machine. Insert a line at the top that reads: redirect301/blog/http://www.yoursite.com/. You have to make sure to insert the opening and trailing / at the end of the destination path. Save your .htaccess file. Reupload it if you’re editing on your local machine rather than on the server. Load your old WordPress URL to make this work.
Moving Several Posts from One Blog to Another
When you decide to move over all your WordPress related posts from another blog, the task is basically to extract a few posts and their comments and to insert them into the database of the new blog. This can be accomplished by following these steps: click on the wp-posts table name in the left panel when you are in the proper database. It should be noticed that other tables might have a different prefix. Click browse on the top in the next panel. Select the checkbox at the beginning of the rows that you want to extract or export. Select “Export” at the bottom of the rows where it says “with selected”. Deselect structure on the next panel, leave selected Data, check Save As file, then Go. You will then get a prefix – posts.sqlfile.
Open the file in your chosen text editor such as Notepad. Change the wp-part everywhere to target_ -, depending on the prefix of the tables where you want to move the post using Search/Research. You are ready to go if you move the post to a new, empty database. However, if the target blog has posts in the database, there is some more work to do. You have to check in the database what the ID number of your last post is in the target blog. You should also go back to the .sqlfile and take a look at the first line below Dumping data for table…
Moving a WordPress Blog to Your Own WordPress Installation
WordPress is a platform you install on your own/hosted server and maintain the installation yourself. However, attempting to make the move should only be done if you’re comfortable with ftp, basic work in the UNIX shell, basic SQL and a little bit of general hacking. Expertise is not really required but possessing the basic skills and the willingness to give it a go are.
The first thing to do is to install WordPress and get a hosting service. Choose one that does an automatic install of WordPress to do away with fiddling. Of course, you would need http://mysql.php, some form of ftp access and a shell account. The challenge lies on setting up your blog on a new place while finding the theme and the plugins you want. The themes on http://WordPress.com normally have links to places you can download them from.
Read more on Moving Your WordPress Blog…
WordPress bloggers beware because you can be attacked and hacked due to vulnerabilities in the WordPress platform. This article covers what’s happening and then gives you 12 ways to avoid it from happening to you.
That’s right my friends WordPress blogs are being attacked, hacked and redirected to other websites without the owners of the blogs being aware. Sounds scary doesn’t it? Imagine if you had a blog or website earning you hundreds of dollars daily!
Let me back up for a moment for those that aren’t in the know:
It all started for me on June 11, 2009 when I received a desperate call from one of my friends that runs a very successful, well-known and profitable wordpress blog.
They were almost in tears because the wordpress attack and hacker used a loophole in their self hosted blogging platform to accomplish two tasks:
1) Re-direct the traffic away from his wordpress blog to another website that was full of links to different affiliate products
2) Replaced all of his static websites using Iframe redirection to erectile dysfunction drugs and other pharmacy type websites.
How did the blog owner find out? One of their readers clicked on a link in the blog to read a post they were interested in and they were taken to an affiliate website that had nothing to do with the topics being discussed on the blog.
Thinking it was just an error they tried again and was taken to a completely different website than they were directed to the first time. That sent up red flags for the reader and they contacted the owners of the blog.
The really sad part is that by the time the owners of the blog were able to correct the wordpress attack and hack they had lost approximately $700 in sale that day alone. What’s worse is that here we are exactly a week later and they are still working on repairing the damage done to their static websites.
What can you do to protect you name, brand, reputation, revenue and WordPress blog from being attacked and hacked?
1. Secure Your WordPress Database -
Create a database for WordPress. WP uses only a few tables but creating a whole database just for the blog is more likely to limit its access.
Create and grant limited access to a database user. Create a user to access this database only and grant limited access to SQL commands in the database (select, insert, delete, update, create, drop and alter).
Pick a strong database password. Make it as random as possible since you don’t have to remember it.
2. Populate wp-config.php Properly – Use WordPress secret key generation tool to generate random WordPress cookies. These keys are used to insure better encryption of information stored in WordPress user’s cookies.
You also want to modify the WordPress table prefix to something other than wp_ by adding random characters and numbers to the end of wp, such as wp64mlm_manual.
3. Replace the Default “admin” Username – Fantastico users are able to pick admin user and password as part of the installation process. Replace the default so that “admin” user name is now myadm instead of admin.
4. Pick Secure WordPress Password for “Admin” – Your password should combine uppercase and lowercase characters and include numbers.
5. Use Secure Login via Encrypted Channel – WordPress bloggers who have SSL enabled for their domain should use that encrypted channel to access their WordPress Dashboard. You can force admin sessions over HTTPS by setting the FORCE_SSL_ADMIN variable in wp-config.php file to TRUE.
6. Upgrade as New Version Becomes Available – WordPress bloggers should upgrade once newer versions are issued because the upgrades address know security vulnerability issues.
7. Update Word Press Plug-in’s – It only makes sense to do so once you upgrade to a newer version of WP.
8. Backup Your Database and Files – Install a plug-in or use cronjob to create backups of your wordpress blog database and files on a regular basis.
9. Disable Directory Browsing – By default in most hosting, indexes of directories are shown in web browsers revealing any content of a directory that has no index.html or index.php. You can modify this behavior with Apache by adding a line of code into the .htaccess file in the root directory.
10. Protect WordPress Administration Files – WordPress administration files reside in wp-admin directory of your WordPress blog. You may use .htaccess to restrict access or allow only specific IP addresses to enter this directory and file. You may also allow access from a range of IPs by way of mod_access.
11. Restrict File Access to wp-content Directory – The wp-content directory contains your theme files, uploaded images and plug-ins. WordPress blogs don’t access the .PHP files in the plug-ins and themes directories via HTTP. Restrict wp-content by way of .htaccess so only the following files can be accessed image files, javascripts, and CSS preventing people from accessing any other files directly.
12. Hide The WordPress Version in the Header Tag.
These practices are nothing new and Wordpress has been telling their self hosted bloggers that they should be implementing these tactics since day one.
Now the wordpress attack and hack is in full effect and millions of bloggers are going to wake up one day and find that all their hard work, efforts and revenue is gone.
I beg all Wordpress users to take emergency steps to protect themselves starting today! While I have listed what can be done in this article there is so much more that wasn’t covered so I highly recommend that you take the time to research the resource I will mention in my bio below because it is how my friend and I are now protecting ourselves from the Wordpress attack and hack.
Read more on WordPress Blogs Attack and Hack…
Last month my WordPress blog was the victim of a spam injection attack. I am the art director for a highly rated graphic design and website design company. I have years of experience in website design, WordPress Blog Design and I am security minded in my approach to web development — I was still a victim of clever hacking. It can happen to anyone and it is happening at an increasingly alarming rate. The worst part about this experience was that not only my WordPress blog was attacked – my entire corporate website was removed from Google SERPS. We were ranked in the Google Top 10 for several coveted spots such as; graphic design company, packaging design companies, brand identity company, and many more. Our site was completely out of Google search results for two weeks in which time we lost countless leads. This experience absolutely sickened me! It also created way too many hours of work dedicated to repairing the hackers damage and recovering our website’s Google Rankings. During my research into fixing the spam injection hackers damage I discovered that this is a widespread problem with WordPress blogs. It’s happening to thousands of people and it is not limited to people using older versions of WordPress.
Recovering from a WordPress Spam Injection attack is not fun, but you can regain your Google Search Results after being hacked by a spam injection attack. If you’ve been compromised, hopefully you have your website and WordPress blog backed up. It can be a pretty tedious process to go through every file and folder on your server locating and deleting spam files. I recommend backing up your WordPress posts and completely removing all files and databases from your server. Then do a complete fresh upload of your website and a complete reinstall of WordPress.
If you have already been removed from Google Search Results then you will want to notify Google immediately of what has happened. The best policy with Google is to be specific in your explanations. You will need to make sure that you have removed all bad files from your server and then contact Google again explaining what actions you have taken to resolve the situation and submit your “request for reconsideration”. In most cases where a valid site has been hacked Google will restore their sites rankings within two weeks. However, don’t expect any notifications from Google on their progress of reevaluating your website or WordPress blog. I am writing this article in hopes that it will help anyone from having to go through that processs.
What should you look for if you suspect a WordPress Spam Injection Attack?
The first thing you should look for is a list of spammy keywords showing up in your list of keywords located in your Google Webmasters Tools. If you aren’t using Google Webmaster Tools then you should definitely look into this. When your site starts showing up in weird looking search results, which can also be seen in Google Webmaster Tools under search results for your site, you need to act fast because at this point Google will act fast to remove your site from SERPS in order to protect others who may be at risk from visiting your website.
The key to detection is awareness. Be vigilant in monitoring your website and your website’s stats. Spam injections are a clever, effective form of hacking and show no outward signs of infection. However, If you do a Google Site Search for spammy key words like; {site:yoursite.com spamword} you will be able to see if your site is referencing spam keywords. You will not be able to see spam showing up on your site. In order to physically see spam tags in your site you must go to the “cached” version of your web pages and view them in “text mode”. If you’ve been infected you will now be able to see spam keywords, usually appearing as a footer.
What does a Spam Injection Do?
Spam Injection software hides spam keyword links in code that is usually encoded with a PHP function that effectively scrambles html to be decoded once safely embedded on your server, database, etc. You won’t see these files decoded, but the Google Bot and other bots will when crawling your site! Once the Bots access the code the spam injection software has done it’s work, effectively stealing your search index to improve their own pagerank.
These spam injection hacks are very hard to detect software injections inserted into your site, usually on a database level, via templates or plugins. This is part of the reason WordPress is such a target for these attacks. Plugins are what make WordPress so dynamic and cool, but they are an open doorway for spam injection software. For obvious reasons we should all focus our attention on prevention so that you don’t have to deal with detection.
What can I do to prevent a WordPress Spam Injection Attack?
I’ll start with the simplest things you can do to protect your WordPress blog or site from spam attacks first. . .
First: Update WordPress
Updating WordPress is the easiest thing to do, so why not do it? I usually wait a short period of time after a new release to make sure the bug fixes have been worked out. Please be aware that simply updating WordPress is NOT enough!
Second: Pick a good password
Pick a good password. Don’t use the same password on every site. If you’re really diligent you can also change your password regularly.
Third: Change the admin user name
The default WordPress user name is “admin”. This is just a guess, but I suspect that the majority of people never change this. Don’t give any information away. Hackers are clever, but like burglars they would rather move on to the easy score. You can change your admin by creating a new user and then deleting the admin user. You’ll be given the option to migrate posts to another user.
Fourth: Hide your WordPress Version Number
David Kierznowski of blogsecurity.net lately released a simple plugin to hide your wordpress installation version number.
The no version plugin is a simple plugin that will replace the version number with blanks, so anyone doing a view “page source” from the browser on your site will not be able to see your wordpress version.
Fifth: Protect your plugins
Plugins are the easy gateway way for hackers to access your blog. All WordPress files begin with (wp-) by default so, hackers can quickly discover which plugins you’re using by going to /wp-content/plugins/, if you haven’t renamed your database files. A quick remedy to block a blank index.html file in the wp-content/plugins/ folder.
More Complex Procedures:
First: Protecting your WP-Config file.
This file contains your database name, database username and database password. Obviously, you don’t want anyone to have access to something this valuable. If you don’t feel comfortable making changes to your config you may want to contact your hosting company for help otherwise you can add the following code to your .htaccess file:
PHP:
1. # protect wpconfig.php
2. <files wp-config.php>
3. order allow,deny
4. deny from all
5. </files>
Second: Change your database names
Note: do not attempt this unless you are comfortable with PHPMyAdmin and making changes to MySQL. If you are not comfortable with this you should hire a professional to assist you.
Begin by backing up your database!
Many people have problems with the database table name prefix changing functionality of WP Security Scan. You can manually change your database names following the instructions below.
1. BACKUP your WordPress database to a sql file – you can do this in “phpmyadmin”.
2. You should Deactivate your plugins as a precaution before proceeding. You can reactivate them after you have finished.
3. Make a copy of the .sql file you created, then you can open the .sql file and use a text editor to find and replace all “wp_” prefix to “rename_”.
4. Now, drop all tables of your WordPress databases, but DO NOT drop the database.
5. import the (.sql) file that you have just edited into your wordpress databases.
6. Finish by editing your wp-config.php file and change the $table_prefix = ‘wp_’; to $table_prefix = ’something_’;
I hope that this article will help someone avoid the fallout associated with a spam injection hack. I love the functionality of WordPress, but unfortunately, this experience has left me so cautious that my company no longer uses a WordPress Blog along with our corporate website. Maybe someday.
Read more on How to Detect and Prevent a WordPress Spam Injection Attack…
