By Jeffro on February 26, 2010
Back in July of 2009, I wrote about my experience of deleting a field within my database that unknowingly, was important for WordPress to have. The field is called comment_karma. At the time, I had no idea why this field was important to WordPress. Today, I stumbled across an article on True/Slant that explains their use of this particular field with AJAX to curate and filter comments. They provide the code snippets along with explanations as to what the code does.
Posted in News | Tagged comments, hacks, karma, tips |
By Jeffro on October 2, 2009
Ever wanted to know how to stream your life using WordPress? Matt Mullenweg does it with his blog, Adii does it with his and now you can to. The idea is to publish snippets along with the usual long form content. The problem is, the snippets and the long form content look the same unless you use some CSS along with a few other techniques. While there are a few different plugins and themes that accomplish this use of WordPress, Jestro explains how to roll your own.
However, Jestro talks about modifying a themes index.php and single.php something that may be a problem for those using a child theme based on a framework. If you follow through with this technique for your own blog, send me a link to take a look at it in the comments.
Posted in News | Tagged jestro, lifestream, tips, wordpress |
By Jeffro on August 9, 2009
This is a guest blog post written by
Brad Williams, author of the blog,
Strangework.com. He’s also a developer for
WebDevStudios.comI recently gave a presentation at WordCamp Montreal on WordPress Security. While doing research for my presentation I came across a bunch of great WordPress Security tips that all WordPress users should use. Surprisingly, a good majority of these tips are not usually followed. Below is a list of the top 5 tips that most WordPress administrators do not do, but should:
1. Don’t use the admin account – The default user account that is created with every installation of WordPress is the admin account. Unfortunately the entire world knows this, including hackers, and can easily launch a dictionary attack on your website to try and guess your password. If a hacker already knows your username that’s half the battle. It’s highly recommended to delete or change the admin account username.
2. Move your wp-config.php file – Did you know since WordPress 2.6 you can move your wp-config.php file outside of your root WordPress directory? Most users don’t know this and the ones that do don’t do it. To do this simply move your wp-config.php file up one directory from your WordPress root. WordPress will automatically look for your config file there if it can’t find it in your root directory.
3. Change the WordPress table prefix – The WordPress table prefix is wp_ by default. You can change this prior to installing WordPress by changing the $table_prefix value in your wp-config.php file. If a hacker is able to exploit your website using SQL Injection, this will make it harder for them to guess your table names and quite possibly keep them from doing SQL Injection at all. If you want to change the table prefix after you have installed WordPress you can use the WP Security Scan plugin to do so. Make sure you take a good backup before doing this though.
4. Use Secret Keys – This is probably the most followed security tip on the list, but still I’m amazed at how many people don’t do this. A secret key is a hashing salt that is used against your password to make it even stronger. Secret keys are set in your wp-config.php file. Simply visit https://api.wordpress.org/secret-key/1.1 to have a set of randomly generated secret keys created for you. Copy the 4 secret keys to your wp-config.php file and save. You can add/change these keys at any time, the only thing that will happen is all current WordPress cookies will be invalidated and your users will have to log in again.
5. htaccess lockdown – This is actually my favorite tip from my presentation. Using a .htaccess file you can lockdown your wp-admin directory by IP address. This means only IP addresses you specify can access your admin dashboard URLs. This makes it impossible for anyone else to try and hack your WordPress backend. To do this simply create a file called .htaccess and add the following code to your file, replacing xxx.xxx.xxx.xxx with your IP address:
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Access Control"
AuthType Basic
order deny,allow
deny from all
#IP address to Whitelist
allow from xxx.xxx.xxx.xxx
You can add multiple “allow from” lines so make sure to add any IP addresses you plan on accessing your site from (ie Home, Office, etc). Remember most ISP use dynamic IPs so your IP address might change on occasion. If you get locked out just update your .htaccess file or delete it all together. This obviously is not a good tip if you allow open registrations as you need to allow your users access to wp-admin.
So, how many of these tips do you follow regularly?
You can view my full WordPress Security Presentation from WordCamp Montreal below and view my slides (Canadian flags and all!) here:
Posted in WordPress | Tagged brad williams, montreal, security, tips, wordcamp |
By Jeffro on August 4, 2009
The folks over at WPBeginner.com have a great list of 15 different hacks for WordPress that they consider to be extremely useful, and I’d tend to agree. Their first hack which enables you to link to an external source from the post title sounds like something Matt Mullenweg could implement on his personal site. One of the useful hacks I found was the ability to use a custom image for the default Gravatar. Simple, but nifty. I’m also starting to see more of this thing called rand which is used to randomize something.
The most useful hack on that post which I’m thinking of implementing myself is the ability to delay the post from being published via RSS for a period of time so that I have a small window in case I need to make a change or edit the post. Couple of other good ones on the list as well so go check them out and bookmark it.
Posted in News | Tagged hacks, tips, tricks, wpbeginner |
By Jeffro on April 27, 2009
Over the course of this past weekend, I migrated content from one domain to another. My biggest concern regarding the migration was all of the backlinks that the site had received plus the Search Engine pointers which would exist for some time to come. Thankfully, I discovered two things which made the migration very easy.
First, I came across a plugin called Update URLs. This plugin created by Velvet Blues is really simple to use. Since I was moving my content from one domain to another and quite a few URLs within the content were hard coded to images, I needed a quick and easy way to simply replace the site URL. That’s exactly what Update URLs enables me to do as it provides a box for the OLD url and then the NEW url. Once I set that up, I click the button and like magic, all hardcoded site url links are changed.
My second tip is an htaccess modifcation that drove me bonkers until community member Mark McWilliams pointed me to an article which contained the exact bit of code I needed. What I wanted to do was make sure that if someone were to visit /articlename it would automatically redirect them to http://jeffc.me/articlename that way, all backlinks are kept in tact until the domain expires. While I’ll eventually lose some link love because not all backlinked sites will update the link, doing this provides me enough time to hopefully have Google change the URL in their search engine result pages
In the article, this is the bit of code which provided what I needed:
Redirect Old domain to New domain (htaccess redirect)
Create a .htaccess file with the below code, it will ensure that all your directories and pages of your old domain will get correctly redirected to your new domain.
The .htaccess file needs to be placed in the root directory of your old website (i.e the same directory where your index file is placed)
Options +FollowSymLinks
RewriteEngine on
RewriteRule (.*) http://www.newdomain.com/$1 [R=301,L]
This code works wonders and will buy the time I need to get my backlinks in order. Thanks Mark for helping me out and I hope this comes in handy for someone else down the road. Thanks to the WXR format or WordPress Extended RSS file which easily exports my comments, file attachments including images, posts, pages, etc, moving the actual content was the easiest part.
Posted in Blogging | Tagged content, domains, migration, rss, tips |
By Jeffro on April 8, 2009
Today, I’ve implemented a Tip Jar also known as donations on the site. On the right hand side under the sponsor block is a text widget with a link to the donations page. Donations is not a requirement or an obligation but I realize some folks would like to contribute to this community monetarily without necessarily purchasing ad space. There are many ways to contribute to the Tavern community that I will cover in a future post, money is only one of these ways.
For anyone that decides to donate $10.00 or more, a URL of your choosing will be displayed on the donations page for up to one month. This is my way of showing a token of appreciation along with a sincere thanks from me. The total amount a person donates will not be displayed because of the social impact that might have.
If you find this site, the forum, the overall community valuable to you in a monetary way and feel that giving a donation is the best way for you to contribute, the opportunity is now there.
If you have any questions, just leave a comment.
Posted in News | Tagged contributions, donations, jar, tips |
By Jeffro on March 28, 2009
Vladimir Prelovac who has been seen all over this site recently has published a pretty cool guide of 10 tips for WordPress plugin developers on Mashable.com The tips range from how to get an idea for a plugin to, using the WordPress plugin directory. Vladimir wrote an entire book dedicated to developing WordPress plugins so I take it, he knows what he’s talking about.
Posted in Plugins | Tagged development, Plugins, tips |
Comment_Karma In Action
By Jeffro on February 26, 2010
Posted in News | Tagged comments, hacks, karma, tips | 6 Responses