I admit it – I bored my way through the Oscars on Sunday like far too many world wide. And I actually was surprised when Kathryn Bigelow won for best director – not because she isn’t talented, but because James Cameron seemed poised to win and win and win.

But it was when they mentioned the people who had died that I was disturbed the most – not because Bea Arthur and Farah Fawcett were left out (I didn’t find this out until later), but that some of the people who did die this year had a very strange connection – Kathryn Bigelow herself:

• Ron Silver passed away in 2009. Among his many movies was a co-starring role opposite Jamie Lee Curtis in Blue Steel, directed by Kathryn Bigelow
• Patrick Swayze succumbed to cancer as well in 2009. Known for Dirty Dancing, he was also known for a movie called Point Break, along with Keanu Reeves, and directed by Kathryn Bigelow
• Natasha Richardson died from a freak head injury n March of 2009, leaving behind her husband, actor Liam Neeson. And along with Harrison Ford, he starred in K-19: The Widowmaker, directed by (you guessed it), Kathryn Bigelow

Now of course it’s just random (freak) coincidence – but I’m curious if there were other projects Kathryn was on that had people pass away in 2009. Anyone know anything? And while on the topic, has this occurred any other time to any other Oscar award winner?

I’ve talked in the past of the dangers of using ‘just any’ theme out there, and of course you should always update your blog as soon as a new security problem is fixed.

But are plugins an issue?

Now I’m not reporting about a specific plugin here, one that is doing bad things. However, the potential IS there, and here’s some reasons why:

• A plugin, when activated, has access to all of WordPress, and to your site. MYSQL info, Admin passwords (encrypted, although it’s not hard to replace it with one of your own choosing via their plugin – or even add a new user), user lists, and even files on your site.
• Even a deactivated plugin still can be called on your site. At the very least, you can call a plugin directly via a URL and get an error message which reveals a bit about your site; at worst, the plugin will actually do something independent of WordPress.
• Open source does not mean ethical, legal, honest. I can conceive of a plugin that has buried in it is some nasty code. And to add insult to injury, by calling it Open Source, this bombshell can appear on the WordPress plugins site, ready to automatically download and install.
• Even a ‘good’ plugin may have problems due to security (after all, look how often bugs crop up in WordPress itself). For example, if the plugin author doesn’t follow strict security rules when writing the plugin, there can be leaks. Combined with it being Open Source, someone may read the source code and use those leaks to crack open a site.

So with so many potential issues, what should you do?

• Go for trusted. If a plugin has been in use for months, and the programmer is respected, that’s a plus. If the plugin is brand new and unknown, that’s a minus. Not that new plugins can’t be good – but unless you know about plugins in general, you might have a problem, which leads to our next point.
• Ask your tech person. Someone who knows PHP and WordPress tech can tell you if the plugin is odd or not. It’s time consuming to go through a plugin line by line (I know, I do my fair share when vetting them for my ActiveBlogging members), but essential.
• Use few plugins. The fewer you use, the fewer security issues you have to check over.
• If you program your own plugins, program securely. Learn about PHP security. Read all you can on the topic. And make your plugins bullet-proof. Even a line like this at the top helps:

  if (!defined('WPLANG')) exit();

  This call checks if the WPLANG value is defined, which it is in WordPress; but if you call this plugin directly, it isn’t, and fails silently.

• Delete unused plugins. Log into your site and remove any you aren’t using if at all possible.

The issue of security is a huge one – and like anything on your website you need to be on guard against broken ones. It’s a real shame, but that unfortunately is the price you pay to be on the ‘wild west’ of the Internet.

They are the comments like ‘like your blog’, or ‘bookmarked it’, or the more obvious ones with a quick comment before a page of links: ‘enjoyed your site (link to viagra) (link to porn) (link to cialis) (link to porn) etc’,

Your definition of spam comments may vary, but mine is very simple:

If they didn’t write something relevant to the blog post they commented on, it’s spam.

If I’m talking about a plugin, it doesn’t matter if they are having problems finding places for government grants – no relevancy, it’s gone.

Ask me about permission to use my feed? They can contact me directly (the link labeled ‘contact’ does wonders). And if it’s a real person, then I pity them: if they can’t figure out how to borrow a free-for-all feed, giving them permission won’t help.

However, I make fun because all of these are spammed comments from real machines, not real people. And I know because I’ve tried a fun little plugin that takes care of all my spam woes and deleted all of these (at least until spammers get wise and improve their systems).

The plugin, Cookies for Comments, by the talented Donncha Caoimh (of WP Super Cache fame) checks to see if a spammer is automated; if so, the comment is lost. Otherwise, it’s passed through.

The plugin is easy to use: download from his site, install, and activate (of course, you can get it directly and install it from WP Central via the Plugin’s Add New tab in Admin – search on ‘cookies comments’.

The only thing I would mention is to change the settings (in the Admin Settings; Comments for Cookies section) to delete comments instead of placing them in the spam section. While it might be fun to get them blacklisted as spammers, deleting them directly means you don’t have to fuss with any cleanup.

The plugin so far works like a charm; instead of monitoring my comments and deleting a few dozen a day, now I only login for a ‘real, live’ person. It’s a great change.

In fact, the plugin is so good I’m more or less retiring my member’s comment killer plugin from active duty, and now am recommending this to everyone. One exception: when WordPress is used for a static site (ie, no comments at all), my plugin can vacuum up ALL comments without a trace.

Grab the plugin – install it – and sit back and avoid one more chore online: comment cleanup…

In the end, it was because of old wp-cache-config.php and advanced-cache.php files in my /wp-content/ directory. Briefly, these files caused a cache issue that was not needed on this blog. Remove them, and the blog was AOK.

The reason for mentioning this? I thought I’d explain how I troubleshooted (troubleshot?) the issue. Perhaps you’ve encountered a similar problem, but even not, here’s how you can narrow down many WordPress blog problems and troubleshoot your blogs:

• View the source. Just because a page is blank doesn’t mean it is blank. For example, a white page could still include HTML head and body tags. If part of them are missing, this might be a clue to where the program broke.
• Try to log in. If the main page is gone but the admin page works, start with theme/plugin issues. In this case, every link into the blog failed, so I knew it was a bit bigger.
• Try elsewhere on the site. I checked other blogs, other sections (such as a forum). No problems there, but if there was, I’d focus on site issues (server problems, htaccess issues, bandwidth/space constraints, etc).
• Try the site basics. Via FTP, I could confirm all the files were there and appeared complete. I logged into cPanel and confirmed the database was there and was fine.
• Tweak. For instance, with my FTP tool, I could change file names. Rename htaccess to something else, and then reload the page. Do the same for wp-config.php. I even downloaded, edited, and uploaded a modified wp-config.php, with a bad password, hoping it would complain. Nothing, which led me to realize the blog startup was not even getting to the database access section.
• Upgrade. I was planning to do this anyways, but I wanted to wait until I solved the problem, since this often adds problem on top of problem. However, it seemed it was not going to be solved anytime soon. I uploaded the new files directly, but keeping the current files safe by moving them to a separate location (I wanted them for later checking). I also DID NOT reuse the /wp-content/ directory (with my plugins and theme) yet.

My reason for this was simple: I wanted a pristine installation to see if it could start up. In fact, it did, and I was relieved. Yet when I started adding my /wp-content/ back in I encountered problems. The reason, as I said was those files, which triggered caching where they shouldn’t.

If it appeared I just did divide and conquer, you’re right – breaking things up into smaller sections makes for easier checking, and eventually caught up with the problem. Look to breaking up a WordPress issue like this, and you might find troubleshooting easier and problem-solving faster.

It’s always possible to save money by doing it yourself. There are many online tutorials, and sites that explain how to do WordPress setup and configuration (like this one). However, if your primary goal is to make money, it pays to stick to what you’re good at.

But if you prefer to get someone to set up your WordPress blog, add features to it, customize the design, etc., here’s some hiring tips:

• A website is like a house. You pay for the amount needing to be done. Do you have a domain name? A website hosting plan? If someone has to clear the field and dig the foundation to make way for your site, then their time will cost.
• WordPress uses themes to change the look. There are many available for free, but they may not suit, so you’d be paying for modifications (it’s also VITALLY important to get someone to check over a theme, as it can have malicious/spam code in it). Generally, the fewer the modifications, the lower the cost.
• Much of your expense will likely be extras. For example, do you need your blog set up, are there any other items on the site to be set up or connected to the blog (forum, helpdesk), etc.
• Selecting and setting up plugins are another aspect – these are code pieces that ‘plug in’ to your blog to add features. For example, one plugin takes care of comment spam (which can be a time-consuming chore daily).
• Finally, you will want your blog to be search engine optimized, which means an edit or two of the theme to add SEO options. For example, you should do tracking of your site, which will require a setup of Google Analytics (a free but powerful tool).

You’ll notice I never mentioned quality of work, references, or the usual stuff. That’s because I’m sticking to WordPress in particular here. General hiring tips should always apply of course, and just because someone says ‘WordPress Pro’ doesn’t mean they can be trusted. Get to know them if possible, and see what work they offer.

Nonetheless, it’s not easy finding reliable people. So as a service, you can open a held desk ticket on this site and ask me! I meet (and get to know) a lot of WP techs online, and I may know of someone who’s a good fit. If nothing else, I may be able to steer you towards a way to save money.

And of course, I still recommend a little bit of getting your hands dirty – and what better way than with a membership in ActiveBlogging, and the ‘Knowledge You Need For The Blog You Want!’

RSS feed readers, for the uninitiated, make it easy to read RSS feeds, those text summaries of blogs, and simplify the task of reaching out and grabbing those text-only (mostly) blog summaries. Using one, it’s short work to review a goodly number of articles quickly.

In my case, the topic is timely: I’ve just updated FireFox to 3.6, and of course that means there’s all sort of plugin conflicts between my current ones and the newest Firefox.

I generally avoid upgrading and/or using a lot of plugins for just that reason (it’s also why I’m reluctant to use a lot of WordPress plugins, except my own, of course). However, one is mandatory – Sage, my trusty RSS reader.

However, in reading up about it, I also noticed a lot of other RSS readers – ones with different styles (in fact, I did a quick search on ‘best firefox rss reader’ and there seems to be a huge amount – although which one is best is inconclusive).

For example, Sage is very simple – click to open a side pane, and then click on feeds to load them in the main one. Very convenient to open/add files.

However, another popular one is News Fox, which open in a tri-pane window – feeds on left, site’s listings on the top right, and articles in the bottom right (much like an email client). It looks interesting…

However, I realize my ideal RSS feeder should:

• Work via FireFox, since I use it so much.
• Allow me to easily add feeds, ideally with a click (like Sage).
• Make it simple to segregate feeds, for when I want to browse feeds on a particular topic.

Not sure if anything like that is out there, or if Sage will do for now. Of course, I’d be willing to try another solution – if the benefits are well worth it. So I’m asking – what RSS feed reader do you use? Why do you like it? And what makes it ‘best of class’ for RSS feed readers (for FireFox or otherwise)?