Well, the beauty of working in any job is growth, right? A while ago, I wrote an article on 12 Essential WordPress Plugins. But over time I’ve learned about good new plugins, and why some trusted ones, shouldn’t have been trusted. So, I feel it’s important to share some insight into what I’m using in WordPress these days. These WordPress plugins are excellent additions to any WordPress site and all are freely available. The authors have put an enormous amount of time and effort into making them, and I like to recognize that, and lend them some promotion. So whether you are a developer building WordPress sites for clients, or a blogger looking to have a better blog, read on, and download. You won’t regret it. Read More
WordPress Installation Tips
Okay, chances are, this information might be too late for a lot of you. You might be reading already having a blog set-up and running. The good news is, all these tips can be implemented on a running blog. It is easier, it is true, to set up the blog properly in the first place, but still, better late then never.
So here’s the deal: WordPress is super-easy to set-up. Like, wicked easy. And it runs very well out of the box. But, like anything online, it is open to attack from folks who would like to use your blog for their own purposes, or at least, make your work and efforts for naught. WordPress does a lot to protect itself, but not everything. And of course, there is no definitive “everything”. Security is an ongoing process, growing and changing as hackers learn how to exploit other weak points in the system.
That being said, here is a list of things you can do during or after installation, to help secure your blog from attacks. No promises, no guarantees, but be assured, you are setting your defenses well by following these steps.
1. Change your database prefix
During installation, you will run through a few screens, perhaps setting up a configuration file, and getting warned what you will need to actually do the set-up. Then you will arrive here:
It looks so darn friendly and easy, and for the most part it is. One thing they don’t mention, though, is the database table prefix. It defaults to “wp_”. They point out that you might want to change this, if you want to run two blogs on one database. You might also want to change it, as every hacker knows that most WordPress installs use the wp_ prefix, so they can use javascript attacks to insert or change information in your database. Change this to something else, think in terms of passwords, but keep it alphanumeric. Remember to leave the “_” on the end. Keep on installing. If you have already set-up a wordpress install using the wp_ prefix, there are options. You can use a plug-in, if you have the correct permissions on the database. If not, you can do it manually (not fun). This is basically going into your database, and updating every “wp_” prefix to something else, then updating your config.php file. There is numerous guides on the web talking about this process. Google it.
2. Change your log-in name
Want to know what else every hacker knows? That every WordPress installation defaults the primary user as “admin”. So if they want to use a brute-force attack (namely, running a script that just keeps guessing at log-ins/passwords until it hits), they already are half-way there. They know your log-in. So now you need to change it. This might sound scary, but it’s actually pretty easy. Most server-providers have a web-based interface that will let you get into you mySQL. The table you’re looking for is “yourprefix_users”, edit the “admin” one, and change the name to something else. If you do this while logged-in to your WordPress admin panel, you will be logged-out. Just log-in with your new info, and she-bang, you’re there.
3. Prevent people from browsing your wp-admin file
Ever click a link, and instead of getting a sharp looking web page, you get a listing of all the files in the directory? That is because there was no index.html file in the directory in question. So the server presented you with all the files for you to choose from. You can see why this would be a problem with your wp-admin file. So here is what you do: Check your wp-admin folder, and see if there is a file there called “index.html”. If so, good you’re done this step. Consider making a donation to your template designer, unless you payed for it. If not, here’s the deal: Open up good old notepad, or texteditor or whatever plain-text program you like. Look at the blank screen for a while. Okay, now “save as”. Yeah, just that blank screen. But here’s what you need to do, make sure you’re not saving it as a .txt file. In notepad, change the drop-down to “all files”, and save the file as index.html . Save it somewhere obvious. Now upload it to your wp-admin folder, either via FTP or web-interface or whatever. Just get it in there. Once you’ve done that, stick one in your wp-content folder as well, just for good measure. Cool?
4. Remove version information from your header (?)
Okay, do some reading. Lots of people will tell you to remove the code from your header that displays what version of WordPress you are running. Sounds smart, right? A hacker could see that you were running an old version with known security breaks. Then they could exploit your set-up. Except that this is a bit like saying “Throw away your weight-scale and mirror, and you will never know you are getting fat, so you won’t die of heart-attack”. Why not just make every effort to stay healthy? So, instead of hiding your version information, display it proudly, because you keep your blog up to date. WordPress is currently at version 2.9.2. It will update itself, if only you let it. A box appears at the top of your admin screens telling you it’s time to update, and click here to do it. Pretty easy, right? So do it. If you want to be extra thorough, check out the WordPress Development Blog feed, and subscribe to it. Regular security patches, software updates and other helpful information.
http://wordpress.org/development/feed/
5. Be ready to fix your blog when all this fails
Okay, remember what I said about security being ongoing? The way we good folks learn when the bad dudes have figured out a new way to exploit your site, is when it happens. And it happens more often then you might think. So here’s the deal:
- BACK-UP YOUR DATABASE. The files on your server as well, at least your template files. If somebody adds content maliciously, you can simply restore the database to before they made the additions. If they corrupt your template, you can restore it. There are DB back-up plug-ins available, but doing a mySQL export is not rocket-science. Just do it regularly, and you’ll be good. This also protects you from server problems as well.
- Keep an installation .zip handy on your computer. If you need to, you can always delete your entire install and re-install it, then use your DB and template back-ups to restore your blog to it’s original grandeur.
- Make sure you have your log-in and password for your *server* somewhere, preferably encrypted (if you haven’t started using truecrypt, it’s time. Google it), and keep your information (both digital and physical) with your service provider up to date. You’ll need this in a worst-case, if somebody blocks you out of your own server.
Follow these steps, and while you will not be immune to security threats, you will be well-protected, and will be ready if you find yourself hacked. And as always, let me know if you know any good steps to help protect your blog. Let’s all help each other out.
Coming Soon: Video Tutorials!
So, later today I’m going to start playing with a new toy: Jing. Jing is a screencast software, and I intend to use it to create a variety of tutorials on using both Joomla! and WordPress. These tutorials are going to be aimed at my clients, to use as a resource after I have done my training with them. They will outline how to do basic to medium-complex tasks. From logging-in, to posting new content, using images, audio and video, and even tweaking your widgets.
I plan on hosting the videos on YouTube.com, and just embedding them into my site. This saves me a heap on disk space and bandwidth, and also means that other people can access the videos and use them. If you’re already regularly using either or both CMS, you probably won’t find too much new in them, but if you want to use them for your own clients, go ahead. If you are new to using a CMS, these might just be what you need to really get going.
I can’t wait to get some done and posted. I hope you find them useful.
Posted in Development Tools, Joomla!, Software, Tutorials, WordPress Leave a comment
12 Essential WordPress Plug-ins
Okay, I know, I know. Everybody does this. I’ve read blogs on the 3 essential plug-ins, and 57 essential plug-ins. Personally, I feel there are more then three, to be sure. I also think that fifty seven is probably a bit on the high-side. 57 useful WordPress plug-ins, I would take, but essential?
So, to add the sound of my keyboard clacking to the cacophony, here goes.
First off, the usual preamble: This is for people running installs of the World Famous WordPress Blogging Platform. This is not for people who have a myblogname.wordpress.com blog. Okay? If you have a myblogname.wordpress.com blog, and you are interested in migrating to your own set-up, go figure that out, then come here and I’ll tell you all about the sexy wonderful things you’ve got access to now.
So, here’s the deal, no particular order, just the order I think you should prioritize them (as in, the first one is “totally super useful and you might as well go back to your myblogname.wordpress.com if you don’t use it”, through to “this is a cool plug-in, but is not for everybody”). I don’t claim to have “discovered” any of these myself, I’m just culling all those blogs on your behalf (thankful?):
1. WP Spam-Free
A great plug-in to keep your blog vegetarian. My blog is still fairly young and low-key, but WP Spam-Free has already blocked 340 spam comments. I don’t know much about the technical side of it, but I know it works. You would be foolish not to use it, or something like it.
http://www.polepositionmarketing.com/library/wp-spamfree/
2. WP Security-Scan
A cool plug-in that adds a security scan for known weaknesses. If you’ve really done your homework, you probably don’t need this, but seriously, even if you have, your clients probably haven’t, and it’s quite comforting seeing a bunch of green “safe” lines in the report. The best part, not only does it tell you if there is a problem, but it provides you a link to the solution.
3. All-in-one SEO
Also by Semper Fi (see above), this is a great SEO package. If you never want fresh faces around your blog, STAY AWAY. If, however, you are interested in seeing traffic come in from Google, Bing, Yahoo, etc, you’ll want to fire this up. A great simple plug-in that works well.
4. Google XML Sitemaps Generator
If you don’t know why you need a Google XML sitemap, go to Google and search SEO. Or Search Engine Optimization. In a few hours or weeks, when you’re done, come back here and believe me, you need this plug-in. You can set how often you want it to rescan and recreate the file, where to scan and even configure how thorough it is. If you’re unsure, the defaults work well. If you need a bit more control, it’s there.
http://www.arnebrachhold.de/projects/wordpress-plugins/google-xml-sitemaps-generator/
5. Google Analytics for WordPress
Assuming you’re still reading and agreeing, now you’ll need this, to measure how well the above two plug-ins are working. You’ll also need a Google account and an Analytics account number (or more specifically, your client will). If you’re not already using GA heavily in assessing the effectiveness of your SEO efforts and marketing, give your head a shake, and get on it. This plug-in is pretty simple; it allows you to drop in your number and you’re off to the races. No bothering adding code to your template. So easy an adult could do it.
6. Sociable
This is one of those things that is so damn obvious, and yet you see blogs that *still* don’t have social bookmarking links. Even if you don’t use the variety of tools available for you to promote yourself (by the way, it’s time. Get on it, okay?), you will generate hits by providing your users with an easy way for them to share your thought-provoking prose and scathing wit across their networks. Think about this, by just providing a link for Twitter, many of your users will click it, and post a link on their Twitter, which automatically adds a post in their blog and also in their Facebook status. Hey-presto, you’ve just generated three links with one click of a mouse. Sociable happens to be a very thorough social bookmarking tool. Easy to configure, just be careful. There is such a thing as too many options. Many of the bookmarking options provided are very niche specific. Twitter, Facebook, .rss, LinkedIn, del.ici.ous, Digg and StumbledUpon are all good starting points.
7. Twitter for WordPress
Remember when I mentioned above that users can set-up so that their Twitter updates automatically become blog posts? If you’re not already doing that, here’s how. Pretty straight-forward. Use this, and link to related blogs lots. This is an easy way to see big traffic increases.
http://rick.jinlabs.com/code/twitter/
8. Mobilepress
Got a really killer sexy flashy theme for your blog? Ever look at it on a Blackberry, iPhone or mobile phone. Bet it wasn’t so sexy anymore. Just kind of busy. Here’s your solution. An out-of-the-box mobile browser detection script and theme for your blog. Totally customizable. Get it, use it. Your hand-held users will thank you.
9. Contact Form 7
This is a funny old one. It’s so simple. It’s just a customizable contact form. The usual name/email/subject/message. But you can do so much with it. Now, if I’m building a Joomla! site for a client and they are having a WordPress blog run seamlessly next to it, I”ll use the WP contact 7 plug-in for their site’s contact. This interface is *way* better then most out there. Love it.
10. Subscribe to comments
Does what it says on the box. Adds a tick-box for a user posting a comment on your blog with the option to be notified of new comments on the post. Seems pretty obvious, right? So use it.
http://txfx.net/wordpress-plugins/subscribe-to-comments/
11. Widget Context
A neat little plug-in that lets you define, widget by widget, specifically which pages the widget in question will appear on. Very handy for advertising widgets.
http://www.wordpress.org/extend/plugins/widget-context/
12. Breukie’s Categories
If you know WordPress, you know what your categories are. Breukie’s Categories is just a far better interface then what WordPress comes with. Certainly not necessary, but empowering when used correctly.
http://www.arnoldbreukhoven.nl/2007/05/breukies-categories-widget-for-wordpress/
And just like when you were a kid (or earlier today, for my younger readers), here’s the prize in the cereal box:
Skeleton Template.
I used to take an existing template/theme, and just strip it down, change some stuff, add some stuff, and call it new. This could lead to problems in a variety of ways. Then I learned about the killer skeleton template for Joomla!, by Sir Waseem Sadiq. Life Changing. Turns out there’s skeleton templates for pretty well every CMS, you’ve just got to poke around and find the one that fits you well. I’m currently a fan of the one from ThemeHybrid. Get it here:
So go, pimp your blog out with all the bells and whistles you want, just make sure these are some of them okay? And please, share in the comments which plug-ins you’ve found to be the most useful or essential.
Posted in Development Tools, Software, Templates, WordPress, Wordpress Plug-ins Tagged plug-ins, security, WordPress 1 Comment
3 Really really good peices of advice
Okay, so like I keep banging on about: I have received a lot of opinions and advice over the years. Some good, some not so good. But these are three real gems.
1. Never offer a Blue website.
While this rule was much more true a few years ago, it still has application, and is also scalable. True, the tendency towards blue websites has certainly diminished, but you will probably still find more blue-coloured sites then anything else. So why add to that? Be creative. Look to other examles for inspiration (nature, art, non-web design). I am not saying don’t use the colour blue in any site, nor am I saying don’t build blue sites ever (a company’s brand might demand it). But when you present a comp to a client, generally stay away from blue sites. The scalability I mentioned is obvious: What other things make “blue” websites? When I first started this game, animated .gifs and use of the <blink> tag were big time blue sites. To some extent, 3 column/big header web 2.0 style sites are even getting blue. Try for something fresh and new. Sometimes you are going to have to bite the bullet and make blue sites, but wouldn’t it be way cooler to be an innovator, rather then a follower?
2. Stop. Using. Tables.
The exception to this is of course, when you need to present tabular data (charts, invoices, I can even handle forms). But having a cell with nothing in it except for an image, and having the margin/padding both set to 0px is totally unacceptable. Especially when it is sandwiched in with 70 other cells just like it. The subheading of this advice would be “Learn .css”. If you’ve taken them time to learn html, learning .css is not that big a deal. Get yourself a book out of the library, or head over to w3schools.com and do the .css tutorials. Then practice. A good way would be to retro-fit a table-based site you designed.
So the why: A site cannot be html/xhtml valid if it uses tables for layout. This means you have built a site that is not up to current standards. You can do better. Also, sites that use tables for layout are very very hard for screen-readers to understand. For visually impaired people, a table-based site is a confusing nightmare. Because search-engines use robots that interpret things the same way a screen-reader does, tables also screw up your SE ranking. Your main body content gets so buried in cells with images in them, the robots have trouble accurately categorizing it.
So just stop, okay? Stopping using tables is as important as stopping using IE. It’s probably time.
3. Charge more money.
If you have done the above two things, and you have a decent portfolio of work, it may well be time to up your rates. A decent designer here in Toronto goes for $40-75/hour depending on what they do (html/cms/flash etc). Even if you are in this range, but have been charging the same rate for years, it is probably time to pay yourself more. I assume that you are a better designer now then 3 years ago? You deserve a raise. Get on it.
Posted in Business, Tutorials Leave a comment
Textures – The New Gradients?
So it’s pretty widely accepted that gradients make for sexy, rich looking colour schemes on your website. You know it, I know it, even my dogs are catching on (if you haven’t yet, get there. They make things look better). Throw in some rounded corners and you’re screaming “I made this site sometime between 2004-2009!!!” Invariably, your design is going to have some elements that date it. How many is up to you. I am currently redisgning a site that screams “I made this site in 1998!!!” While most users can’t guess the vintage of the site based on design elements, you will find that many are aware that one site looks “newer” or “better” then another. Fresh, interesting design elements could well be the difference between a fairly medicore site, and a really hot one. Some of the things that are starting to pop up are fresh use of div borders, nonlinear design elements in the background of divs, and alternate fonts (how many people have jumped on the Trebuchet MS train? You might notice if you look up this page a bit, I have…..)
So what will be the next hot thing? We can only guess. Well, actually we can do two things really: guess and try to pioneer the next thing.
Hence, textures.
I’ve started trying to add a bit of interest and depth in my backgrounds using textures. They range from very subtle, only giving a sort of “fabric” feel to the colour, to very agressive plaids. But they all are built exactly the same way. Basically, you make a small tile (6-40 px is the range I usually use), then save it for web, and use it in a div as a repeated background. I’ll give a bit more detail in a minute, for now, here are 4 examples I just banged off in Photoshop.
Texture 1
This first one has a neat little dark spot in it.
Texture 1 Tile
Here is the zoomed in tile I used to make it.
Texture 2
This one means business. It’s similar to my Twitter background.
Texture 2 Tile
And the large (33px x 33px) tile that makes it.
Texture 3
Depending on your monitor and resolution, this one might even be hard to discern.
Texture 3 Tile
Notice how much less subtle the difference between the two colours is, close up.
Texture 4
Kind of ugly public-swimming pool, but it demonstrates that these can be non-linear too.
Texture 4 Tile
Not too much to this one, some tweaking and it could be much cooler.
So, how *exactly* did I make those? It’s as simple as it seems. In your image editor of choice, create a new image. I like using odd numbers, like 11px x 11px, as it gives you a good working centre, but even works too. And they don’t even have to be square, rectangles are fine too. Then zoom way in on the canvas, on a small one (<20px) I’ll be at full zoom in Photoshop, 3200%. Select your pencil tool and set it to 1 px hard. Then decide what it is you want: a subtle texture, or a crazy design. Try to keep the craziness limited. This is a much better technique for adding warmth and depth to your backgrounds (like examples 1 and 3). I’ll touch on this again in a moment.
Now just start drawing. It’s super easy. Mess around with it. Save for web, and visually check it in your design. The more you do it, the better you will get at knowing what a pattern will look like when you are viewing a tile at over 3000% magnification. Yes, it’s just that easy.
Your first project: Choose a site (either your own or one you’re working one). Identify a div that has a solid coloured background (even if it’s white). Create a tile for it, just to see how you can lightly tweak the appearance. Hint, avoid plaid. Go with a quilt-like pattern, and keep the colour differences subtle. You will probably be surprised at the outcome.
Back to subtlety: Seriously, the web is littered with the bodies of websites that went for BIGGER BRIGHTER BETTER sorts of approaches. Less is definitely more. Your site should have an important message. It should be important enough that you (or your client) spent time and money putting it there. That message should be “loud” enough that you don’t need to boost it with wildy coloured designs. This isn’t to say that all sites should be drab plain affairs (a look at my portfolio should prove that is not what I believe). Bright colourful designs that support the brand and message are fine. Just be wary of trying to boost the value of a weak-content site by jazzing-up the backgrounds, okay?
And again, less is generally more.
Toolbox Series #2 – Two Monitors
Okay, I’ll be honest here for a second. This is really not such a big deal anymore. Finding dual-head graphics cards is about as hard as finding up (it’s just above you, by the way). But when I first set-up a dual display, people thought I was crazy. How did I do it? How does it work? Why?
The good news is, the first two questions are quite easily answered. The third I will explain in a moment.
How you do it is, you simply plug in a second monitor. This, of course, requires a second place to plug one in. Many notebooks have a video out, which will do the trick. If you’re using a desktop, you will either need a compatible second card, or a dual-headed card (one that has two DVI outs on it). It also requires a second monitor. Matching ones make life easier, but it’s not toally necessary (just don’t expect to get the colours to match on each one). If you need to buy any of this, I would reccomend a place like TigerDirect.ca (.com for all you yanks). Check their clearance listings, you can generally get pretty sweet deals.
Okay, I assume you now have two monitors plugged into two DVI inputs (or VGA if you’re old-school). Power up. If you’re using a Mac or Vista computer then (Mac) Must be nice but I can’t help you from here (Vista) I am so sorry. Also, I can’t help you out as well. If you’re a sensible MS consumer like me, you’re using XP and when you start up it will ask you to install any missing drivers for the new card/monitors. Once that is done (and probably a reboot), you can navigate to your display properties (easiest way is to right click on your desktop and select “Properties”, though the control panel works too). Go to the Settings tab, click on the greyed-out screen, and click the checkbox that says “Extend my Windows desktop onto this monitor”. Then it’s just a matter of selecting what screen resolution you want, and where you want the monitors to be in relation to each other (My #1 is on the right, #2 on the left). Pretty easy stuff.
But why? Why spend money on having two? Simply this: Space. Not just because it’s the final frontier, but because you can never have too much of it. Having two monitors just for Photoshop is brilliant. You can have all your clutter, tool bar, layers, history, etc on your secondary monitor, and a nice big open space to edit images. You can have Dreamweaver on your primary, and two seperate file windows to move stuff around on your seconardy. Yes, you could have all three one one monitor, but you would have to keep clicking between them. I know that perhaps this might sound a bit trival, but trust me, once you use two, you will hate only having one. If you are talking a client through an issue via some sort of chat software, have that on your secondary, while you are navigating the problem on your primary. See? It’s some darn useful.
To be fair, when I was first told to get two monitors, I was skeptical. But I saved up my pennies, and bought myself a shinny OEM Matrox Millenium G550. I haven’t looked back since. Perhaps I’ve looked left and right a lot, but not back.
So do it. Go find yourself a cheap dual-headed card and give it a whirl. In not too long, you will be just like me. Saving up for a pair of widescreen 22″s.
Posted in Development Tools, Hardware, Toolbox Series Leave a comment
RT @joomlablogger Very useful:…
RT @joomlablogger Very useful: How to update a #rockettheme template, even after customizations: http://bit.ly/2VHz1G #joomla
RT @joomlablogger Beginner Tip…
RT @joomlablogger Beginner Tip: How to Set an Alternative #Joomla Text Editor as Default – http://shar.es/DHFb
New Post, Joomla! Tutorial – A…
New Post, Joomla! Tutorial – Adding New Positions to your template. http://bit.ly/16Vnmz
