Dealing with hackers and spammers
Having a WordPress site is loads of fun. Being able to create content, make your own edits and upload images and documents without having to contact your web designer is an absolute delight. However, dealing with hackers and spammers is not that great. Granted hackers and spammers do attack non-WordPress sites, but they seem to be targeting these more frequently. There are of course ways to protect yourself.
How do you know if your site has been hacked? If you notice weird spammy words in your website content, in your Google search result or if you’re site redirects to a strange url, then you’ve been hacked. If you’re not 100% sure, try Sucuri SiteCheck. It will scan your site for malware, blacklisting and out-of-date software for free.
How did this happen? Hackers either managed to figure out your FTP password or they used a vulnerability in either the WordPress core files or a plugin.
Here are a few things you can do to prevent this from happening:
- When creating FTP passwords use a generated word that cannot be pronounced, uses a few symbols and a mixture of upper and lowercase letters. Of course these passwords will be more difficult to remember, but using a tool like 1Password or LastPassword can help.
- Make sure to upgrade your WordPress site every time a new version comes out. These updates usually include fixes to vulnerabilities and are very important.
- Make sure you upgrade your plugins as well for the same reason. If you have lots of plugins and aren’t using them all, don’t just deactivate them, delete them.
If you’re site has been hacked, then you’ll need to clean up the files. I normally delete the WordPress core files (everything but the wp-config.php and wp-content folder) and re-install everything. I also do a manual scan of the theme files to make sure that hackers haven’t messed anything up. If this feels a bit intimidating, you might want to contact Sucurri Security. For a small fee they can clean up infected sites and you can also hire them to scan your site and keep an eye on it annually.
If you’ve been blacklisted by Google or spammy words appear in Google search results, you’ll need to log into your Google webmaster tool and submit your site for reconsideration once it’s clean.
Although spammers are less harmful, they are equally as annoying. If you’re site is new and you haven’t publicized your email address, you might want to install the email address encoder plugin. This plugin will simply scramble your email address making it harder for harvesters to grab it. If on the other hand your email is already out there, then I’m afraid that once it’s on a spam list, there’s not much you can do.
Spam comments can also be detrimental with more and more evidence pointing to the fact that these are not simply generated by robots but actual people. The first thing to do is to install Akismet which will do it’s best to trap spam comments. But Akismet alone is insufficient.
Be warned against comments that seem harmless. They might praise your work or congratulate you on your blog and let you know that they are bookmarking it right now. These types of comments are simply tests to see if you will accept them or not. Once you’ve approved them, then they’ll attack your blog much more fiercely.
Finally, one of the most effective ways to reduce spam is simply to close comments after a few weeks. Most readers leave comments on newer posts. Closing off comments automatically after a few weeks is very simple. Log into your WordPress admin, go to settings > Discussion and check the box that says “Automatically close comments on articles older than __ days” and enter the number of days you want to use.
I just did this myself recently and the influx of spam comments has been reduced dramatically.
Custom WordPress sidebars using is_child
A common request by designers is to set up a website with a main top navigation and secondary sub nav based on the page you are on. An example of this can be found on the Out of Chaos website where once you leave the home page, the sidebar displays the different pages belonging to that section.
This can easily by done by updating your sidebar template using conditionals.
For example:
<ul>
<?php if(is_page(2) || is_child(2)) {
wp_list_pages('child_of=2&depth=1&title_li=');
} elseif (is_page(3) || is_child(3)) {
wp_list_pages('child_of=3&depth=1&title_li=');
} elseif (is_page(4) || is_child(4)) {
wp_list_pages('child_of=4&depth=1&title_li=');
} else (!is_page()) {
wp_list_categories('title_li=');
}?>
</ul>Where the # refer to the page id of your page.
Now if you run this code above, you’ll most likely get an error. This is because the is_child() function is NOT part of WordPress core. In order for the code to work we must use c.bavota’s is_child() function.
function is_child($page_id_or_slug) {
global $post;
if(!is_int($page_id_or_slug)) {
$page = get_page_by_path($page_id_or_slug);
$page_id_or_slug = $page->ID;
}
if(is_page() && $post->post_parent == $page_id_or_slug ) {
return true;
} else {
return false;
}
}Once the above code snippet is added to your function file, you can easily add as many sub navigation menus as you need.
Protecting your email address from spam bots
With all the great things that came along with the Internet, spam is probably the worse downside. No one is immune to it and spam is simply part of everyday life. There are of course, a few things you can do to protect yourself.
Keeping your email address private, i.e. never putting it up anywhere is by far the best way to avoid spam, but that’s not always possible.
One way to make it harder for spam bots to harvest your email address is by encoding it. Encoding is simply the process of changing the email into code making it harder to robots to recognize.
A new WordPress plugin was released at the end of 2011 which does just that. Once installed and activated, the email address encoder plugin turns email addresses and mailto links into decimal and hexadecimal entities thus protecting them. The plugin works on email addresses throughout your WordPress site including comments.
Go Organic – Your Marketing New Year’s Resolution
Guest post written by Olivia Lennox
Nobody ever said running a business was easy. And if you represent one of the countless online businesses out there, you’ll likely agree strongly with that statement. There are certain hurdles that can feel like they’re impossible to tackle: securing a steady stream of new customers, for example. Advertising and promotion is one aspect of business that needs constant review and monitoring, and can be one of the most tiresome parts of running a company. As a way to secure a steady income, lots of online companies choose paid solutions like the Google Adwords program to bring new prospects to their website. This is generally a successful tactic; however it can get very pricey – making the line between profit and loss that little bit thinner. Thankfully, there are a few simple tweaks you can make to your website to free yourself of PPC solutions. Give your website an on-site SEO overhaul and you could reap the benefits in a few short weeks – freeing up income for other matters, and bringing new visitors to your site through natural, organic, search results.
Looking forward to 2012 at Bluelime Media
A Mayan god identified by Eberl and Prager (2005) as Bolon Yokte' K'uh on the Vase of Seven Gods.
Whether or not you believe in the 2012 phenomenon and are anxiously (or not) anticipating the cataclysmic or transformative events that will occur on December 21, 2012, it’s hard to ignore that change is among us. Climate change is happening, world economy is unstable and more and more people seem to be asking themselves, “what else is there?”
I bumped into a total stranger last weekend and chatted about his work. Without me probing or making too many inquiries he insisted on telling me that the only thing that’s important is to do work that makes you happy. Throughout the year, we’ve seen this through the Occupy Movement and I’ve had similar conversations with many clients, colleagues and friends.
This year, saw an emergence of new technology and an awareness in the web moving beyond the desktop. Don’t get me wrong, it’s not that I don’t appreciate these new technologies or care for them, but I’ve been working on the web long enough to know what I like and don’t like and I won’t be transitioning to mobile app developer anytime soon.
I’m planning on sticking around for a few more years, but will continue creating basic WordPress sites. I can do these very well and I love working with WordPress. It’s what makes me happy. Building complex jQuery sites that work both on the iPad, iPhone, blackberry and huge digital displays at the airport… not so much.
Being who I am, nothing makes more happy than referring folks who have the skills and the passion I lack. Should you need a software developer or you just want to bounce some ideas about your mobile app, then Denim & Steel are the folks for you. You would like a WordPress site, but need to integrate a shopping cart component, Curtis McHale is way better with e-commerce than I am. I’ve started a list of developers who I trust and recommend. These folks are all very talented and good at what they do.
If you haven’t made any commitments for next year, I hope you join me in looking at your work and deciding what truly makes you happy. Being happy is important and can easily be achieved by making simple changes.
WordPress Documentation
Ask any designer, developer, scientist, teacher, professor, just about anyone and the worse part of the job is the documentation. We all rely on documentation and great documentation is a pleasure to use, while others are just plain nasty… Yes, I’m looking at you JQuery.
As part of any WordPress build, I normally include training which can happen in a number of ways, skype call, phone call, one-on-one meeting. I used to write word documents, then moved to Google docs and more recently, I’ve set up separate websites. Thanks to the folks at Shaken and Stirred, their Easy docs theme makes documentation easy to implement and I’ve put together some general WordPress documentation for everyone to use.
On this website, you’ll find instructions on how to create a new post, add links, pdfs document, image gallery, even crop images inside wordPress.
Screencasts are also another great way to demonstrate how anything works and I’ve put together a few of them using Jing, but then I discovered Micheal Pick. He’s put together 120 videos on WordPress.tv and his voice is way sexier than mine. Some of his videos are for WordPress.com though… so may not be relevant to you. If you need a refresher on the difference between WordPress.com and .org, here’s yet another video.
If you’re a WordPress developer and would like to provide your own documentation, I would encourage you to look at the Easy Docs theme and if you want my content, just let me know and I’ll send you the xml file.
The Power of Words
One of the most important steps when building a website is writing the content. You can have the best brand in the world, the most amazing animated gifs and photos, if your words are crap, your site will be crap.
Here is a great video illustrating the point.
Keeping Your Web Info in Order
For some, building a website can be quite a big undertaking. Once you’ve done it once or twice, like anything, it gets easier. You’ve learned the lingo, understand the difference between domain registrar and hosting and have a good idea what your web designer will need from you.
One of the most crucial part is very simple, yet often overlook and that’s keeping everything about your website info in order. I’ve seen this problem happen many times when taking on new clients who dealt with a previous web designer. Transitioning to a new web designer can be painless or complicated, depending on how well you’re prepared.
All web designers see this and most of us offer similar advice. In this month’s copy of Zoonews, Kathryn Presner shares the following tips:
Domain registration – be sure you are listed as the domain registrant (not your web designer!) and that the email address on file is an active account. If your web designer’s email is listed as a contact instead of yours, make sure you switch it over to your own email address before you cut ties with your old designer. This is extremely important. I’ve heard of business owners who lost control of their domain name because they failed to do it.
Hosting account – keep handy all relevant details, including the name of your hosting company, the URL of your web-based control panel, and its username and password. Know your FTP (file transfer protocol) credentials, including your FTP host name, login and password. This information will allow your new designer to access your web server and website files.
Logo – have an electronic version of your current logo on hand. It should ideally be in a vector format (like Adobe Illustrator or EPS) on a transparent background, to ensure the greatest design flexibility.
Graphics – retain electronic versions of any images such as stock photos that you may wish to reuse.
E-commerce – know the login details of all e-commerce accounts you may have, such as PayPal and shopping cart systems. Be sure you have access to the accounts, and that they’re registered in your name.
Keep on file in an easy-to-remember place all other information and documents related to your website. It’ll simplify your life – and that of your new web designer – more than you can imagine.
Kathryn Presner runs a web design company, Zoonini Web Services in Montreal. She’s also spoken at several WordCamps and is a moderator on the WordPress Support Forums.
Setting up a WordPress site properly
I’ve been WordPress teaching for a few years now and I’ve shown many students what steps to take when setting up a site, but it seems that once out of the classroom, these steps are forgotten. I’ve also noticed this with folks asking for help on the WordPress forum. So many designers try to design their WordPress theme without any content and ensuring their setup is right. These first initial steps aren’t that difficult and will ensure that nothing is forgotten when it’s time to launch. So here is the process I follow with every single wordPress build.
- Install WordPress and log on.
- Navigate to my Post section and rename the Uncategorized category to something more sensible. More often than not, I change it to News. If I know what other categories will be needed, I insert them here as well.
- If I have blog content from the client (99% of the time I don’t), I insert it here. If I don’t have any blog posts content, I like to install the WP Example Content plugin which generates 5 posts and pages.
- Unlike blog posts, most clients do provide page content. So at this stage I would create the various pages and set up my menu via the Appearance > Menus.
- Next I’ll navigate to my settings and ensure that under the general setting, the full site title and tagline are inserted and I’ll change the timezone to the clients’ timezone.
- Under Settings > Writing I make sure that the appropriate category is selected as the default post category.
- Under Settings > Reading I change the front page display to a static page. I usually select Home for my home page and Blog for my post. Again for me, 99% of the time, my clients want a site with a front page and blog posts appearing as a sub page.
- Next we have the comments which are under Settings > discussion I normally don’t change much in here except when clients do not want comments at all.
- The Media section is next and again, I normally leave the default as is.
- During the build of a site, I make sure to check the second radio button on the privacy settings and block search engines.
- Finally the last step and probably the most important one is the permalinks. I usually select the second option. I’m no SEO Guru and really don’t think that one permalink over another is going to make That much difference. I used to opt for custom permalinks and set them to /%category%/%postname%/ but then I read Chris’s post and I stopped that.(I know he didn’t say to stop using /%category%/%postname%/ but still, if that custom permalink is better, wouldn’t WordPress have made it an option? Those folks are smart, so I prefer to go with one of their choices. :-D)
Setting up the permalinks at the beginning of a project can also save you a lot of grief from your client. If you discover that their server doesn’t support mod_rewrite, then finding this out before the launch will give you plenty of time to find an alternative.
Once I have taken care of these 11 steps, then I start building the theme. I’ve seen many designers get caught out when launching a site realizing that they didn’t style the blockquotes or the list items. Ensuring that you have content, even dummy content, during the build will help you release a better theme for your client.
Subtle Patterns
When I started working on the websites for my class material, CSS for graphic designer and WordPress, I questioned why I was doing this. It’s a lot of unpaid work and I have no idea if people appreciate it. But now and again, I’m reminded that people all over the web share their content for Free.
Today, I discovered Subtle Patterns, a web project by Atle Mo. Atle is a Norwegian designer and his subtle patterns projects is both wonderful and Free. You can browse the various patterns, preview them, download the one you wish to use or download them all. How wonderful!
