Ok, I’m in love with the new WordPress dashboard. Seriously, it’s sexy. Well as sexy as UI can be.
In honour of a new WordPress release (even though it is beta) there’s a new theme up too… which I hate already. Good times.
WordPress Pumpkin, originally uploaded by Eric M Martin.
Smiley pumpkin, originally uploaded by Mini Pixel
Originally uploaded by Kristofor808
Since I’ve not got any skills whatsoever in carving pumpkins, I thought I’d just post about the best ones that I’ve found on various blogs that I visit
The WordPress one wins by far, though.
I’ve just logged into WordPress for the first time in quite a while to be confronted by over 100 spam comments. That has never, ever happened to me before - I’m lucky if I get one comment at all. It also takes away from my theory that installing plugins like Askimet and SpamKarma actually increase your likely hood of getting more spam. I don’t have any spam busting plugins on this blog at all, as I was fed up ‘marking comments as spam’ on the previous installation of WordPress here.
So, looks like I’m going to have to find a good spam fighting plugin that does exactly what it says on the tin - other than the two big names in WordPress plugins. Any recommendations?
Last night I spent around 6 hours writing up answers for my Management Training Program, and tonight I’m supposed to be typing it all up, but I’ve not started yet. Considering I’m up at 5am (it’s currently 9.30pm) I need to get a move on. I’m taking my laptop with me to Head Office tomorrow to sit in the office and type my little heart out so I don’t need to finish tonight but I have so much work to do. It completely and utterly serves me right, I’ve had two months to finish these two modules and yet I’ve left it until the last week as per usual. I think this one has taken me so long because it’s the most boring thing about running a shop - Newspaper & Magazines. I deal with our supplier in work a lot and they’re incompetent idiots, which makes me resent doing anything to do with them. Funny considering they’ve got the monopoly in paper distribution in the UK they can’t seem to get the basics right.
The good news is that the course must be finished for January 2009 as this is when the awards ceremony is. I think I’ll need to be on holiday that week, I don’t much fancy that and having my picture in the quarterly magazine sent to all staff members. Eh, no. I don’t do photographs.
I suppose I should get on with it really, although with my will power at the moment I’ll have to unplug the cable for the router and get my brother to hide it as I’ve got so much catching up to do online too.
I’m so geeky, I really am. When I heard about WordPress 2.6 beta being released I actually said ‘Yes’ outloud rather loudly.
I’ve updated both my blogs to WordPress 2.6 Beta and have run into no problems whatsoever. The function for previewing past versions of entries and posts is great as sometimes I do edit them a bit too much and have to remember what I’ve taken out when I didn’t mean to.
The word count function on the Write page is excellent too, because some of my paid-to-post entries require a minimum word count, so I’ve been able to delete the plugin that I usually used for this function.
If you aren’t too keen on upgrading your WordPress installation until the release is out of beta testing stage, never fear. WordPress 2.6 should be out around July.
Everything I’ve done today seems to have broken or screwed up. I’m not a very happy bunny.
For a start this site went berzerk. Totally and utterly broken. And the best bit? I didn’t do anything. Hadn’t touched it, or logged on, in days. After reinstalling WordPress 15 times in an hour, finally everything is back on track except the fact barely any of my posts or pages have tags anymore, or if they do it’s the wrong ones. But I’m working on that as we speak.
What I really should be doing is finishing off my work for the Management Training Program since our next meeting is on Wednesday. Seriously thought I was finished but I’m no where near completion. I can see an all nighter on Tuesday happening.
I went shopping earlier for a few things for T In The Park which is 3 weeks away. So excited. I bought a waterproof jacket (it’s Scotland. That means rain), a pair of brown army-style shorts, bag to keep my tickets, camera and purse in, a million pairs of socks and a new top which is white and lime green with swallows and polka dots. It sounds horrendous, but it really is lovely. Spent more than I meant to, but hey what’s new?
The one good thing that happened today was RTDOBE’s Doctor Who episode. It made me *squee* outloud. A lot. And cry, laugh..generally become a hysterical fangirl again. I knew Bad Wolf before Donna said it, because I am the Bad Wolf queen. I just can’t believe that A) I need to wait til next Saturday to see part two and B) I’ll miss part three because I’ll be at T In The Park.
Expect a full review once I rewatch it…and have some sleep.
Over the course of the last few weeks I’ve come to the conclusion that I am absolutely terribly bad at designing websites. Which is a problem, because it’s one of my great loves. I spend a great deal of time reading about great web design and think ‘Oh, that’s so obvious. What an easy way to do that’. I am full of ideas but when it comes to mocking them in PhotoShop I fall dead.
I’m not artistic. I’m creative, yes. But arty in anyway? I failed S1 art and design for goodness sakes! I can see in my head exactly how I want a layout (I’m old skool, layout is better than theme) to end up but I just cant turn that thought into graphics.
What I can do however, is code. I can code my heart out for hours on end and my limits are valid XHTML, CSS and basic WordPress template tags. I don’t do other languages, I’ve never learned. Which seems silly now, I’d love to be able to write plugins and things for WordPress but I’ll admit that PHP goes over my head a bit.
So, in a round about way - I know this theme sucks. But I’m working on it.
Last night I found out the hard way why WordPress security is so important. My site got hacked/hijacked and the result was that every single internal link autoforwarded to a pornsite that tried to install toolbars, trojans..the lot.
I know that this has happened to at least one other blog that I visit, and probably lots more. The reasoning is probably down to unsecure file permissions within the wordpress files on my server. (Possibly something to do with the fact that WordPress have released version 2.5.1 with ultra important security fixes?)
So after deleting everything from the server and installing WordPress afresh (which of course came with it’s own problems of trying to remember all the plugins that I had installed etc) and importing a backup I took control of my blog again.
But it got me thinking. I’ve been online for half my life. I’ve had a website of some description for a decade. I should know about and implement security features. I shouldn’t have had to find out the hard way how important it is to keep my files safe from attack.
I’ve compiled a list of all the steps that you should take to protect your WordPress installation from malicious hijacking, after all I’ve been researching it for the past couple of hours to make sure that it never happens again.
Probably the biggest one on the list, and the one that can cause the most problems if you’re used to editing themes and plugins through the WordPress dashboard.
None of your files should be set to 777 (all users read, write and execute). By using the WP Security Scan plugin you can automatically see which folder do not have the correct permissions and fix them with a click. The plugin also points out any other security issues on your site. It’s an essential plugin for your site, and if you ask me it should be included with WordPress rather than Hello Dolly.
Your default user in WordPress is more than likely ‘Admin’. The same goes for the thousands of other WordPress blogs out there. So it’s not that difficult to guess, is it? So the obvious answer is to delete the user ‘Admin’. But WordPress won’t let you delete the default user, so what can you do about it?
This is where phpMyAdmin comes in to play. Don’t worry too much if you’ve never used it before, it’s quite simple as long as you follow these steps.
The robots.txt file on your server gives instructions to search engine robots (like GoogleBot). Remember that however not all search engine robots are good ones that play by the book, some will completly ignore your robots.txt file. But you can still add the following code to yours to stop all of your wp- folders being indexed by search engines.
Disallow: /wp-*
Ok, this one’s a giver. We all know that passwords should be long and contain numbers, letters and symbols. But that’s hard to remember. But the amount of people who use the word ‘password’ as their password is incredible, and again it’s not that hard to guess, is it? Remember the MySpace password exploit? It threw up some interesting data on how people pick passwords, including the word ‘password’.
The easiest thing to remember is that you should keep your FTP and WordPress login password completely different and try and choose a password which is really hard to work out, but means something to you - like an acronym of you and your partners names plus your anniversary date. You could use a random password generator online to create a password, although you’ll probably have to get your browser to remember it for you!
Ok, so the geeks among us get excited when a new version of WordPress is in the pipeline and upgrade straight away, but some people wait a few weeks to ensure that any problems are ironed out amongst other reasons. It may be personal choice, but upgrading to the newest version of WordPress straight
away also protects your blog as there’s always security updates included in the upgrade. Try installing the WordPress Automatic Update Plugin to make upgrading your installation easy as pie.
Similarly, publishing what version of WordPress you are running is a danger in itself. You won’t realise that you’re letting the whole world know which version of WordPress you are running until you yourself check your page source. If there’s a Meta tag showing which version of WordPress you’re running from, remove it from your header.
Login LockDown records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Admisitrators can release locked out IP ranges manually from the panel.
Login Lockdown plugin
That says it all really, doesn’t it?
By default anybody can access your plugins by going to www.yourblog.com/wp-content/plugins/ and viewing every plugin that you currently have installed. By either including a blank html file in your /plugins/ directory or switching off directory listings via your cPanel users will not be able to view these folders and files, and possibly any security risks that they have.
Use SSH/Shell Access instead. It’s possibly not the easiest thing to do in the world but it’s one of the best moves you can make. If you can, disable FTP completely.
If you’ve got anything else to add, please feel free to leave a comment.
Since Mari is moving from nightmare DreamHost to HoldFire I obviously had to backup my WordPress installation, backup all the files on the server that I needed and keep it safe for a few days until the switch was done. At some point during this very long and boring process, I did most of it manually, I decided that since I had about $50 in my PayPal account I would look for a good host / register and finally buy my own domain again.
It took me quite a while to track one down that was a great price and had positive reviews. I ended up going with VoNetwork.net’s S-200 plan for a mere $20.00 per year for 200MB of space with 4GB of bandwidth. I really, really don’t need any more space than that but if I do then I’ll just upgrade in the future. I came across VoNetwork.net via Jenn’s post about them on Lavish.
Anyway, within 20 minutes my site was live and I was searching for a decent theme to put up while I created my own. Something happened to my installation (uh, it went..nasty!) and by the time I’d fixed it the lovely people over at WordPress.org had released version 2.5 so I wiped my site and started over with a new install of this fabulous new version of WordPress.
So, ladies and gents, welcome to my new home - AshesFromStars.com
WordPress 2.3.2 is an urgent security release that fixes a bug that can be used to expose your draft posts. 2.3.2 also suppresses some error messages that can give away information about your database table structure and limits and stops some information leaks in the XML-RPC and APP implementations. Get 2.3.2 now to protect your blog from these disclosures.
As a little bonus, 2.3.2 allows you to define a custom DB error page. Place your custom template at wp-content/db-error.php. If WP has a problem connecting to your database, this page will displayed rather than the default error message.
For more detail on what’s new in 2.3.2, view the list of fixed bugs and see the changes between 2.3.1 and 2.3.2.
Special thanks to Alex Concha for his help on this release.
From WordPress.org
Latest Comments