Topics:

• What’s New With ActiveBlogging.
• Easy Text Tweaking With Regular Expressions! Continuing last month’s article on Regular Expressions, we look into using them to solve many common problems. If you’ve spent hours replacing line breaks, or grabbing every sixth item in a list, you’ll be glad to use these steps – and get the job done much faster.
• How To Convert Your Website Over To a WordPress Blog. You’ve decided your old site needs to be converted into a WordPress blog – here’s how you can easily transfer it over fast. And as a bonus, you’ll preserve your search engine listings so you won’t miss any of that valuable traffic!
• Scary! Plugin Security Leaks. We’ve talked about the security problems involved in Themes. Time now for plugins – and an overview of how hackers can split wide open your blog and website if you let them.
• This Month’s “Best of ActiveBlogging.com” The past month in writing: a summary of some of the best posts from the ActiveBlogging.com site.
• Internet Offers And Current Deals

Check the ActiveBlogging Reports Section for this issue.

As a WordPress user, we’re familiar with theming and changing our blog look, so this is no surprise.

However, as reported on WordPress.org, one surprise mashup has come about : a fellow named Chad Pugh has designed some WordPress-inspired Firefox personas, featuring the W and snazzy looks.

They are free, and you can get them at the FireFox Persona site.

And perhaps you’d like to create your own? Their site explains the details, but it’s basically two long, thin images, one for the top of FireFox (3,000 x 200 pixels) and one for the footer (3,000 x 100 pixels).

So theme up your browser with WordPress today – ideal for when you’ve tried that 30th Sailor Moon theme, and want something new for when you blog…

I admit it – I bored my way through the Oscars on Sunday like far too many world wide. And I actually was surprised when Kathryn Bigelow won for best director – not because she isn’t talented, but because James Cameron seemed poised to win and win and win.

But it was when they mentioned the people who had died that I was disturbed the most – not because Bea Arthur and Farah Fawcett were left out (I didn’t find this out until later), but that some of the people who did die this year had a very strange connection – Kathryn Bigelow herself:

• Ron Silver passed away in 2009. Among his many movies was a co-starring role opposite Jamie Lee Curtis in Blue Steel, directed by Kathryn Bigelow
• Patrick Swayze succumbed to cancer as well in 2009. Known for Dirty Dancing, he was also known for a movie called Point Break, along with Keanu Reeves, and directed by Kathryn Bigelow
• Natasha Richardson died from a freak head injury n March of 2009, leaving behind her husband, actor Liam Neeson. And along with Harrison Ford, he starred in K-19: The Widowmaker, directed by (you guessed it), Kathryn Bigelow

Now of course it’s just random (freak) coincidence – but I’m curious if there were other projects Kathryn was on that had people pass away in 2009. Anyone know anything? And while on the topic, has this occurred any other time to any other Oscar award winner?

I’ve talked in the past of the dangers of using ‘just any’ theme out there, and of course you should always update your blog as soon as a new security problem is fixed.

But are plugins an issue?

Now I’m not reporting about a specific plugin here, one that is doing bad things. However, the potential IS there, and here’s some reasons why:

• A plugin, when activated, has access to all of WordPress, and to your site. MYSQL info, Admin passwords (encrypted, although it’s not hard to replace it with one of your own choosing via their plugin – or even add a new user), user lists, and even files on your site.
• Even a deactivated plugin still can be called on your site. At the very least, you can call a plugin directly via a URL and get an error message which reveals a bit about your site; at worst, the plugin will actually do something independent of WordPress.
• Open source does not mean ethical, legal, honest. I can conceive of a plugin that has buried in it is some nasty code. And to add insult to injury, by calling it Open Source, this bombshell can appear on the WordPress plugins site, ready to automatically download and install.
• Even a ‘good’ plugin may have problems due to security (after all, look how often bugs crop up in WordPress itself). For example, if the plugin author doesn’t follow strict security rules when writing the plugin, there can be leaks. Combined with it being Open Source, someone may read the source code and use those leaks to crack open a site.

So with so many potential issues, what should you do?

• Go for trusted. If a plugin has been in use for months, and the programmer is respected, that’s a plus. If the plugin is brand new and unknown, that’s a minus. Not that new plugins can’t be good – but unless you know about plugins in general, you might have a problem, which leads to our next point.
• Ask your tech person. Someone who knows PHP and WordPress tech can tell you if the plugin is odd or not. It’s time consuming to go through a plugin line by line (I know, I do my fair share when vetting them for my ActiveBlogging members), but essential.
• Use few plugins. The fewer you use, the fewer security issues you have to check over.
• If you program your own plugins, program securely. Learn about PHP security. Read all you can on the topic. And make your plugins bullet-proof. Even a line like this at the top helps:

  if (!defined('WPLANG')) exit();

  This call checks if the WPLANG value is defined, which it is in WordPress; but if you call this plugin directly, it isn’t, and fails silently.

• Delete unused plugins. Log into your site and remove any you aren’t using if at all possible.

The issue of security is a huge one – and like anything on your website you need to be on guard against broken ones. It’s a real shame, but that unfortunately is the price you pay to be on the ‘wild west’ of the Internet.

They are the comments like ‘like your blog’, or ‘bookmarked it’, or the more obvious ones with a quick comment before a page of links: ‘enjoyed your site (link to viagra) (link to porn) (link to cialis) (link to porn) etc’,

Your definition of spam comments may vary, but mine is very simple:

If they didn’t write something relevant to the blog post they commented on, it’s spam.

If I’m talking about a plugin, it doesn’t matter if they are having problems finding places for government grants – no relevancy, it’s gone.

Ask me about permission to use my feed? They can contact me directly (the link labeled ‘contact’ does wonders). And if it’s a real person, then I pity them: if they can’t figure out how to borrow a free-for-all feed, giving them permission won’t help.

However, I make fun because all of these are spammed comments from real machines, not real people. And I know because I’ve tried a fun little plugin that takes care of all my spam woes and deleted all of these (at least until spammers get wise and improve their systems).

The plugin, Cookies for Comments, by the talented Donncha Caoimh (of WP Super Cache fame) checks to see if a spammer is automated; if so, the comment is lost. Otherwise, it’s passed through.

The plugin is easy to use: download from his site, install, and activate (of course, you can get it directly and install it from WP Central via the Plugin’s Add New tab in Admin – search on ‘cookies comments’.

The only thing I would mention is to change the settings (in the Admin Settings; Comments for Cookies section) to delete comments instead of placing them in the spam section. While it might be fun to get them blacklisted as spammers, deleting them directly means you don’t have to fuss with any cleanup.

The plugin so far works like a charm; instead of monitoring my comments and deleting a few dozen a day, now I only login for a ‘real, live’ person. It’s a great change.

In fact, the plugin is so good I’m more or less retiring my member’s comment killer plugin from active duty, and now am recommending this to everyone. One exception: when WordPress is used for a static site (ie, no comments at all), my plugin can vacuum up ALL comments without a trace.

Grab the plugin – install it – and sit back and avoid one more chore online: comment cleanup…

In the end, it was because of old wp-cache-config.php and advanced-cache.php files in my /wp-content/ directory. Briefly, these files caused a cache issue that was not needed on this blog. Remove them, and the blog was AOK.

The reason for mentioning this? I thought I’d explain how I troubleshooted (troubleshot?) the issue. Perhaps you’ve encountered a similar problem, but even not, here’s how you can narrow down many WordPress blog problems and troubleshoot your blogs:

• View the source. Just because a page is blank doesn’t mean it is blank. For example, a white page could still include HTML head and body tags. If part of them are missing, this might be a clue to where the program broke.
• Try to log in. If the main page is gone but the admin page works, start with theme/plugin issues. In this case, every link into the blog failed, so I knew it was a bit bigger.
• Try elsewhere on the site. I checked other blogs, other sections (such as a forum). No problems there, but if there was, I’d focus on site issues (server problems, htaccess issues, bandwidth/space constraints, etc).
• Try the site basics. Via FTP, I could confirm all the files were there and appeared complete. I logged into cPanel and confirmed the database was there and was fine.
• Tweak. For instance, with my FTP tool, I could change file names. Rename htaccess to something else, and then reload the page. Do the same for wp-config.php. I even downloaded, edited, and uploaded a modified wp-config.php, with a bad password, hoping it would complain. Nothing, which led me to realize the blog startup was not even getting to the database access section.
• Upgrade. I was planning to do this anyways, but I wanted to wait until I solved the problem, since this often adds problem on top of problem. However, it seemed it was not going to be solved anytime soon. I uploaded the new files directly, but keeping the current files safe by moving them to a separate location (I wanted them for later checking). I also DID NOT reuse the /wp-content/ directory (with my plugins and theme) yet.

My reason for this was simple: I wanted a pristine installation to see if it could start up. In fact, it did, and I was relieved. Yet when I started adding my /wp-content/ back in I encountered problems. The reason, as I said was those files, which triggered caching where they shouldn’t.

If it appeared I just did divide and conquer, you’re right – breaking things up into smaller sections makes for easier checking, and eventually caught up with the problem. Look to breaking up a WordPress issue like this, and you might find troubleshooting easier and problem-solving faster.