Showing posts with label wordpress. Show all posts
Showing posts with label wordpress. Show all posts

Wednesday, December 10, 2008

Wordpress 2.7 Released

Wordpress 2.7 has been officially released and is available for download. There are many new features added in 2.7 and the first thing you will notice is the re-designed user interface and Dashboard.

Version 2.7 should be a major upgrade into the WordPress software. Here are some of the changes that it brings:

  • new interface to make it easier to perform the admin tasks

  • customization options on the admin screens

  • the ability to reply to comments from the dashboard

  • embed support for comments threading

  • drag and drop support on some sections


The most exciting stuff is the automatic upgrade. From now when new versions get released all you will have to do is one click, and the software will take care of the rest. I am sure this will make WordPress a much more secure software, too.

Saturday, November 29, 2008

Top Ten Wordpress Security Tips

Below are 10 security tips that you can easily implement on your WordPress blog. Please share one or more life-savers you use permanently to help protect yourself from WordPress security issues.

1. Upgrade Wordpress - In general, keeping your Wordpress installation up to date is a great way to avoid known problems. Do note that the lastest version, especially in the case of major upgrades, may cause more problems then it resolves.

2. WordPress Version - The tag in your header.php that displays your current version of wordpress. Since everyone knows your wordpress version this way, your blog is prone to hackers if you have not upgraded to the new version.

3. WordPress Username - Every hacker knows Wordpress has a user “admin” with god-like administration privileges. Slow the hackers down by removing the “admin” user. Create a Wordpress user with admin privileges using the administration interface. Log out of Wordpress and log back in with the new user. Delete the admin user. The new admin user should be different than your normal post author.

4. WordPress Password - Are you still logging into your wp-admin page with the same default password that was emailed to you? If so, CHANGE IT! That password is only 6 characters and just numbers and letters. Make it complex and more than 10 characters if you can. Also, try not to use words, make it a nice jumble of letters, numbers, and symbols.

5. Prevent Directory Listing - In many Wordpress installations it is possible to view a list of installed plugins by navigating to the /wp-content/plugins/ directory. This is not a good idea as known plugin vulnerabilities can than be easily exploited. Add an empty default index file, such as index.html, to the directory. You can also protect it using an .htaccess file assuming you're using Apache.

6. Protect Your WP-Admin Folder - You can protect your Wordpress admin folder by allowing access to it from a defined set of IP addresses. Everything else will bring up a Forbidden error message. So if you only access your blog from one or two places routinely, it’s worth implementing. Also, you’re supposed to create a new .htaccess file inside your wp-admin folder, not replace the one at the root of your blog.

7. Protect From Search Engines - There is no need to have all of your filesWordpress files indexed by Google, so it’s best to block them in your robots.txt file. Add the following line to your list:Disallow: /wp-*

8. Install Login Lockdown WordPress Plugin - This plugin records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range.

9. Install WordPress Database Backup Plugin - You always have to take regular backups of your file directories as well as the database. WordPress Database Backup plugin creates backups of your core WordPress tables as well as other tables of your choice in the same database.

10. Install Wordpress Security Scan Plugin - The WP Security Scan plugin attempts to both to audit your blog security and to implement many of the suggestions mentioned above.

Tuesday, November 25, 2008

Disable WordPress Autosave Plugin

WordPress autosave is the best features which I hate in WordPress. AutoSave will auto save a copy of edited post or page every 60 seconds provided there is a change on the content in the editor. However, there is only ever a maximum of one AutoSave version for any given post. New AutoSaves created will overwrite old AutoSaves. Beside, AutoSaves are stored as a special type of revision so that the auto saved with a more recent version of data does not overwrite actual published content, and is used to restore unsaved work only when necessary.

While each Post Revisions is stored in its own database table, the auto-save is only stored once with previous versions being overwritten by the new auto-saved content. So, if you’re worried about your database growing to massive proportions because of auto-save, you can stop worrying.

These are methods that disable or delay the WordPress autosave functions.  The Most easy way is using plugin. The disabling plugin works with versions 2.3 through 2.7  while the delay configuration works with 2.5 and later.

Copy this text to a text file, name it whatever you want (using the .php extension, of course) and upload it to your WordPress plugin directory. Activate it and it works immediately, but you need to clear your browser cache:

<?php
/*
Plugin Name: Disable autosave
*/
add_action('admin_print_scripts', 'plugin_deregister_autosave');
function plugin_deregister_autosave() {
 wp_deregister_script('autosave');
}
define('WP_POST_REVISIONS',false);
?>

Tuesday, July 15, 2008

Disable Wordpress 2.6 Post Revisions

Post Revisions Tracking is a new features of Wordpress 2.6, Which makes it a lot easier to share writing between people. Since you can save your copy, and the other person can see what you changed. Also you can revert to previous revisions of posts you've made.

But if there is only one author of WordPress blog, Post Revisions will taking too much space as every revision is a new row in wp_post table. It creates a alot of useless database-entries.

To disable Post Revisions, Add:

define('WP_POST_REVISIONS', false);

into wp-config.php, the wordpress 2.6 Post Revisions now disabled.

In my little opinion, there should be an option in general or writing settings to enable/disable the post revision feature.

Saturday, May 24, 2008

Install WordPress MU On IIS With Url Rewrite

I have successfully installed WordPress MU on my Windows Server 2003 running IIS 6. To be honest, I know that WPMU is not full compatible with IIS right out of the box. It relies heavily on apaches mod_rewrite, which IIS isn't capable of. The only IIS fix for permalinks I've seen have either been via a special filter named ISAPI_Rewrite.

ISAPI_Rewrite is Apache mod_rewrite compatible URL rewriter for Microsoft IIS server. It is compatible with Apache mod_rewrite making it possible to move configurations from Apache to IIS and vice versa just by copying .htaccess files. I have tested with Wordpress 2.x or Wordpress MU 1.3.x, it's work. This is also works in IIS Mod-Rewrite Pro, but IIS Mod-Rewrite Pro have no free version.

To enable Clean Permalinks on Wordpress MU on IIS, follow these steps:

  • Install PHP and MySQL following the vendor's instructions.

  • Install ISAPI_Rewrite.

  • Install Wordpress according to the vendor's instructions.

  • Open with a text editor the file wp-settings.php, located in Wordpress root directory. Add the code line



$_SERVER['REQUEST_URI'] = $_SERVER['HTTP_X_ORIGINAL_URL'];

  • Log on to Wordpress as administrator, go to admin panel, open the "Permalinks" settings page, and set the permalink structure of your choice. Apply your changes.

  • Wordpress is supposed to automatically create a file with name ".htaccess" in its root directory. Open with a text editor the file .htaccess, copy it and paste into httpd.conf in ISAPI_Rewrite directory.


Now we have a WordPress MU with clean permalinks on Windows Server 2003 running IIS 6.

Monday, April 28, 2008

Disable Directory Listings in WordPress

By default when accessing any directory which does not contain an index file, a directory listing will be shown displaying a list of the files in that folder. Web servers can be configured to automatically display the listings of the contents of a web site's file directory if no index file (i.e. index.html or index.php) is present. This can expose files and information to visitors.

Simply adding a blank/ 0 byte text file named "index.html" will prevent this directory list from being displayed, however another way to disable directory listing is by adding the following line to the .htaccess file in your public_html folder of your web hosting account :

Options -Indexes

That’s it, with this line in place, folders which do not contain index files will no longer show the default directory list.

Saturday, April 26, 2008

Top Ten Best Wordpress Plugins

WordPress is a simple to use blogging tool. The beauty of WordPress is that it can become so much more with the simple installation of plugins. With a few clicks, WordPress can become a full fledged Content Management System (CMS). Here is a rundown on the top 10 best plugins every blogger should have installed.

Here is a great list that I whipped together of some of the most useful and most popular Wordpress plugins which every blogger should have installed. Enjoy the list.

Akismet - Simply the best Spam protection you can get for handling comments on your blog. Akismet checks your comments against the Akismet web service to see if they are spam or not, also checks the trackbacks for spam.

WP Super Cache - An extremely efficient WordPress page caching system to make your site much faster and responsive. It works by caching Worpress pages and storing them in a static file for serving future requests.

WP-PostViews - Enables you to display how many times a post/page had been viewed. It will not count registered member views, but that can be changed easily.

WP-PageNavi - A WordPress Plugin that adds more advanced page navigation to WordPress. It does this by adding page number links to your different pages. Using this plugin your readers will be able to jump from the first to the last page and other pages of your blog very easily.

Simple Tags - A plugin does everything related with tagging. With this plugin you can generates a list of related posts based on the text of blog entry. The tags can be used to search your blog and are picked up by blog search engines like Technorati and can bring in new users.

All in One SEO Pack - Automatic Search Engine Optimization (SEO) out of the box for your wordpress blog, everything you need to get your site optimized for search engines.

Google XML Sitemaps - Simple tool for auto generating sitemaps every time you make an update to your site. This plugin is the best tool to tell Google how it should crawl your blog and where to find everything you want found.

Wordpress Thread Comment - This Plugin is an enhancement for Wordpress's comment function. It enables users to reply on a exist comment, and the discussion will be displayed threaded or nested.

FeedBurner Feedsmith - Forwards all feed traffic to Feedburner while creating a randomized feed for Feedburner to pull from.

Wordpress Database Backup - Automated or on-demand backup solution for your wordpress database. Don't leave home without it!

Monday, April 14, 2008

WordPress 2.5 Widescreen Version

I have discussed in an article under WordPress 2.5 in widescreen display abnormal. Almost all of the interface of WordPress 2.5 are directed at the design of the 1024 × 768. When I use my 1440 × 900 widescreen monitor will show only the left side of the body. I've finally managed to get my 1440×900 widescreen monitor working with the WordPress 2.5.

Open file wordpress\wp-admin\css\global.css, in line 159, replace:

max-width: 980px;

to:

max-width: 1400px;

In line 166, replace:

max-width: 950px;

to:

max-width: 1400px;

That's it. Before the modification, we can see that the interface of WordPress 2.5 in 1440 × 900 like this:

WordPress 2.5 Widescreen Version

After the modification, we can see that the interface of WordPress 2.5 in 1440 × 900 like that. It's so cool, isn't it.

WordPress 2.5 Widescreen Version

If you are using the 1440 × 900 display resolution, you can changes the code and make a better look in WordPress 2.5 Widescreen Version.

Saturday, March 29, 2008

Wordpress 2.5 Released

WordPress 2.5 has been released and includes a huge number of changes over the WordPress 2.3 series. Rather than list the changes in detail which would probably take me some days to write out I offer the following statistics and information about the WordPress 2.5 release:

  • In development for 185 days (6 months 3 days to be precise).

  • Changes to 364 files with 54008 insertions, and 29136 deletions for more detail you can view the diffstat output.

  • Patches committed from over 110 different contributors.

  • Over 1300 individual changes made for more detail you can view a complete changelog.


As usual you can download wordpress at their site, http://wordpress.org/download/. Btw, check out their new interface. They also changed how the wordpress.org site works.

Sunday, March 9, 2008

WordPress Excerpt Seo Tips

Wordpress blogs have duplicate content issues, and one of them is allowing reading the same content on both the posts, index page, archives and categories pages. To avoid search engine penalty it is important to optimize your Wordpress using Wordpress excerpt so that duplication will be avoided.

Instead of duplicating the whole content, you may use just an excerpt in the index, archives and categories pages. The WordPress displays the excerpt of the current post with [...] at the end, which is not a "read more" link. If you do not provide an explicit excerpt to a post (in the post editor's optional excerpt field), the first 55 words of the post's content are used.

To use Wordpress excerpt function, you may replace the_content() tag with the_excerpt() when on archive (tested by is_archive()) and category (is_category()) pages and index (is_home()) page in WordPress themes.

Now that you are in the correct section, locate the following piece of code:

<div class="entry">
<?php the_content('Read the rest of this entry &raquo;'); ?>
</div>


You are going to replace that entire piece of code with the following:

<div class="entry">
 <?php if(is_category() || is_archive() || is_home() ) {
  the_excerpt();
 } else {
  the_content('Read the rest of this entry &raquo;');
 } ?>
</div>


Of course, this example uses the WordPress default template, but the same code can be used on most any template if you find the index.php or main index page and the spot where <?php the_content(); ?> is in the code.

Wednesday, February 27, 2008

Top Ten WordPress SEO Tips

There is a lot of amazing SEO power built into WordPress. Unfortunately it does not all come by default, and you might not know what is best when it comes to templates and options. Follow these simple rules for search engine optimization and your blog will rank much higher in Search Engines.

1. Optimize WordPress Permalinks

The most search-engine friendly permalink MUST includes the post title (%postname%) in the link,having keywords in your URL is an absolute must, In your WP admin panel, click on the "Options" tab, then the "Permalinks" sub-tab, and choose the option just below the "Default" permalink option. My suggest permalink structure is /%year%/%monthnum%/%postname%/ or /%year%/%monthnum%/%postname%.html .

2. Optimize WordPress Post Titles

The post title is the most important part of the blog post for many reasons. From your reader's perspective, a descriptive and compelling title helps them decide if your post is worth reading or not. From an SEO perspective, think about the keywords or phrases people might type into a search box to find your post, and use those words or phrases in your post title.

3. Optimize WordPress Page Titles

According to most SEO experts, the page title tag is one of the most important tags on your page. In most WP themes, you'll find the page title tag in the Header Template, and the default version ususally looks very poor SEO. I suggest you to use a WordPress plugin so call "All in One SEO Pack" to fix that problem.

4. Optimize WordPress robots.txt

The robots.txt file is used to instruct search engine robots about what pages on your website should be crawled and consequently indexed. Most websites have files and folders that are not relevant for search engines (like images or admin files) therefore creating a robots.txt file can actually improve your website indexation. Here is an SEO optimized WordPress robots.txt file.

User-agent: *
Disallow: /wp-
Disallow: /feed/
Disallow: /comments/feed
Disallow: /trackback/

5. Use Google Sitemaps Plugin

Google Sitemaps is an easy way for you to submit all your URLs to the Google index and get detailed reports about the visibility of your pages on Google. WordPress user Arne Brachold has made the sitemap creation and submission process fairly simple with his Google Sitemap plugin. This plugin will create a sitemap for you and submit it to Google.

6. Use Wordpress Anti-SPAM Plugin

Akismet is the best automated spam killer that actually gets better as it learns from the whole community marking new spam comments as spam.

7. Use Related Posts

Amaury BALMER's Simple Tags plugin is a perfect tool to manage perfeclty your WP 2.3 tags, which can show related posts on your post and rss feed. Not only does it enhance your blog's usability, but it also helps create a dense link structure throughout your site, which makes it easier for the search engine spiders to find and index older blog posts.

8. Use Ping services

Use the Update service function, to inform tracking services that you have updated your weblog. By default, Wordpress pings rpc.pingomatic.com, which is good (if you don’t want to change this, you don’t have to).

9. Make your content searchable

Make sure your navigation bar is present on all pages of your blog. Your previous posts or atleast the popular ones should be linked to all pages so they get spidered easily.

10. Update your blog frequently

Update your blog frequently using all the rules mentioned above and your blog will surely get top rankings in a short time.

If you have further SEO tips for WordPress blogs, I’d love to hear about them in the comments.

Thursday, February 14, 2008

WordPress Mod Rewrite Make Subdirectory 404 Error

Last night, I getting lots of 404 error while using Google to search my own blog index page, I realized there is something wrong about my blog.

My user-created-outside-of-WP folder is throwing a 404 when trying to access it. Now for some details:

Blog www.moon-blog.com : normal WP blog. Permalinks "/%year%/%monthnum%/%postname%.html" through mod_rewrite in the default .htaccess file WP created.

Subdirectory www.moon-blog.com/MySubdirectory/): normal PHP application. User defind permalinks. Located at directory "/MySubdirectory/".

The problem is that the WordPress thinks My Subdirectory is 404, and do not allow Google to index my files.

I Try add some of php code into my php application to resolve this problem:

header("Status: 200 OK");

After adding that code, my PHP application in the subdirectory do not return 404 error again.

Tuesday, February 5, 2008

WordPress 2.3.3 Urgent Security Release

Attention please! WordPress 2.3.3 has release, with an important security update. WordPress 2.3.3 is an urgent security release. If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog. Unless you want registered users to be able to edit your blog posts, you should update your WordPress installation to version 2.3.3. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs. If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php.

You can get the latest version of WordPress here. Download it today, upgrade your previous installation and continue blogging!

Wednesday, January 16, 2008

WordPress MU Optimization Script

WordPress MU will be automatically established more than 10 tables when a new user register, so when a large number of users register will caused a lot of problem. Then I write some performance scripts can delete the WordPress MU inactive users.

The PHP source code as follows:


  $mysql_host = "localhost";
  $mysql_user = "root";
  $mysql_pass = "";
  $mysql_db = "wordpress";
  $mysql_mylink = mysql_connect($mysql_host, $mysql_user, $mysql_pass)
  or die ("Cannot make the connection");
  mysql_select_db($mysql_db, $mysql_mylink)
  or die ("Cannot connect to the database");
  $strsql="select * from wp_blogs where blog_id>2 ";
  $rs_query = mysql_query($strsql);
  $alls=mysql_num_rows($rs_query);
  while (($RS = mysql_fetch_array($rs_query))) {
  extract($RS);
  $blogid=$RS["blog_id"];
  $query2 = "select * from wp_".$blogid."_posts ";
  $result = mysql_query($query2);
  $num= mysql_num_rows($result);
  //print $num;
  if ($num<=2) {
  print "DROP TABLE IF EXISTS wp_".$blogid."_comments;";
  print "DROP TABLE IF EXISTS wp_".$blogid."_links ;";
  print "DROP TABLE IF EXISTS wp_".$blogid."_options ;";
  print "DROP TABLE IF EXISTS wp_".$blogid."_postmeta ;";
  print "DROP TABLE IF EXISTS wp_".$blogid."_posts ;";
  print "DROP TABLE IF EXISTS wp_".$blogid."_terms ;";
  print "DROP TABLE IF EXISTS wp_".$blogid."_term_relationships ;";
  print "DROP TABLE IF EXISTS wp_".$blogid."_term_taxonomy ;";
  print "DELETE from wp_blogs where blog_id=".$blogid.";";
  }
  }
  mysql_close ();

Wednesday, January 9, 2008

Custom WordPress Database Error Page

From what i have mentioned before, we can use a program to monitor the WordPress MySQL server, when the server is down, WordPress will auto send an e-mail and write to a text log file in a recorded. Now, WordPress 2.3.2, the latest version of the popular blogging platform allows you to define a custom database error page.

It is very simple. Just follow the following steps and within a few minutes your custom database error page is ready!

First, upload a file named log.txt to the WordPress root directory, chmod it to 666.

Second, Download the file db-error.php and upload it to WordPress content directory(wp-content/db-error.php).

Finally, replace the e-mail address of the code to your own e-mail.

That's it! From now on this error file will be report the error whenever your WordPress blog has encountered some trouble connecting to the database server.

Saturday, December 29, 2007

WordPress Plugin: Yearly Blog Stats

Yearly Blog Stats is the easy way to display the total year number of blog posts, comments and other stats from anywhere within your blog. One file, easy to use.

With Yearly Blog Stats, you display only the information you want, where you want. This plugin is highly flexible, simple to use, and completely free.

Display any or all of the provided site statistics — customize your own set to provide only the statistics you want.

Features:

1. Total number of posts in this year
2. Total number of comments in this year
3. Most views post each month in this year

Installation and Usage

Unzip wp-stats.zip and copy wp-stats.php to your WordPress root directory.

Download Latest:

Click here to download the latest version of WordPress Yearly Blog Stats Plugin.

Wednesday, December 26, 2007

WordPress Plugin: SimpleTags Modification

WordPress SimpleTags is a WordPress plugin that will allow you to easily manage tags of your blog. However, I found some of bugs of WordPress SimpleTags, here is my modification.

1. Search terms problem:

SimpleTags use of the full text of the search, as long as the article contains the keyword matching, which can lead to large errors match, I modify it only match of the headlines.

Open file simple-tags\inc\simple-tags.admin.php, in line 1466, replace:

$search_sql = "AND ( (post_title LIKE '%{$search}%') OR (post_content LIKE '%{$search}%') )";

to:

$search_sql = "AND ( (post_title LIKE '%{$search}%') OR (post_title LIKE '%{$search}%') )";

2. Untagged only problem:

When blog have large numbers of the article, the untagged only function will return errors, I change some of original code in the SQL statement , greatly improving the efficiency of search and speed.

Open file simple-tags\inc\simple-tags.admin.php, in line 1475, replace:

$p_id_used = $wpdb->get_col("
SELECT DISTINCT term_relationships.object_id
FROM {$wpdb->term_taxonomy} term_taxonomy, {$wpdb->term_relationships} term_relationships, {$wpdb->posts} posts
WHERE term_taxonomy.taxonomy = 'post_tag'
AND term_taxonomy.term_taxonomy_id = term_relationships.term_taxonomy_id
AND term_relationships.object_id = posts.ID
AND posts.post_type = '{$type}'");
$filter_sql = 'AND ID NOT IN ("'.implode( '", "', $p_id_used ).'")';


to:

$p_id_used = "SELECT DISTINCT term_relationships.object_id
FROM {$wpdb->term_taxonomy} term_taxonomy, {$wpdb->term_relationships} term_relationships, {$wpdb->posts} posts
WHERE term_taxonomy.taxonomy = 'post_tag'
AND term_taxonomy.term_taxonomy_id = term_relationships.term_taxonomy_id
AND term_relationships.object_id = posts.ID
AND posts.post_type = '{$type}'";
$filter_sql = 'AND ID NOT IN ('.$p_id_used.')';

Saturday, December 22, 2007

WordPress Plugin: Post2Mail, Send Post to Email

Some of WordPress user needed a plugin to send an e-mail to a mailing list whenever a post was published to the blog. Here is a modified version of the "Post2Mail" plugin which can email the post to a mailing list or email address.

WordPress Post2Mail plugin allows you to automatically e-mail selected people when a post is published on your blog. Also useful for alerting an administrator when a post has been published on the blog. Configuration is done in the post2mail.config.php file which has comments to get you started.

This modified plugin have the following Features:

1. Support Far East Characters (such as Chinese Characters). Use base64 to encode email title to support Chinese Characters.

2. Fix some Security bug.

Installation / Configuration Instructions:

1. Edit post2mail.config.php to add the email address or mailing list address.

2. Upload post2mail.php and post2mail.config.php to your WordPress plugin directory.

3. Activate the plugin.

Download Latest:

Click here to download the latest version of WordPress Post2Mail Plugin.

Monday, December 17, 2007

WordPress Plugin: WP-PostViews JavaScript Edition

Lester Chan develop a greate WordPress plugin - WP-PostViews, can enable user to display how many times a post/page had been viewed. It's base on PHP. But if you active WP-Cache plugin, you will found that  WP-PostViews not working. So I develop a new javascript version of WP-PostViews, that can work fine with WP-Cache or WP Super Cache plugin.

Installation / Configuration Instructions:

1. Install normal version of WP-PostViews 1.20.

2. Upload postviews.php to your WordPress plugin directory(wp-content\plugins\postviews).

3. Upload wp-counter.php to your WordPress root directory.

4. Activate the WP-PostViews plugin.

Download Latest:

Click here to download the latest version of WP-PostViews JavaScript Version plugin.

Saturday, December 15, 2007

How To Turning Off WordPress Autosave

WordPress autosave is the best features which I hate in WordPress. My WordPress hosting is very slow, when I post new article, sometimes I got two saved post. The autosave features almost make me crazy. How can I turn off the autosave?

I finally patched core program post_new.php to disable autosave for a "new" post and the problem went away. Do not know if this will help you or not. My patch for v.2.3.1 follows. Newer versions might be around the same location.

Edit the file wp-admin/post_new.php WP v2.3.1 and insert "//" (without the quotes) at the beginning of this line (currently line 8):

wp_enqueue_script('autosave');

Save and upload the file post_new.php, and the WordPress autosave features is now disable.