RL Digital

How to Hack-Proof your WordPress Blog

Robert — Fri, 10 Apr 2009 12:10:38 +0000

I just finished helping a friend bring back a Sports Blog after a nasty hacker attack. Luckily, we had a backup of the database. Otherwise, we had little chance to restore the site.

Here are a few tips to keep unwanted visitors from doing damage to your blog.

Set your File Permissions Properly

Use 755 for directories, 644 for plugins and core WordPress PHP files, and 666 for active theme files. You can check and change file permissions with your FTP client.

Use the Login Lockdown Plugin

Hackers know where to find your login page. The basic WordPress installation offers little protection against a brute force attack. Yes, the new WordPress revisions have started using hardened passwords. However, I still recommend giving yourself the added protection you get from the Login Lockdown Plugin. And, check your current or new password with The Password Meter.

Just upload it and activate it. The plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel.

Use a Database Backup Plugin

Manual WordPress database backups are neither easy nor convenient to do. It requires knowledge of phpMyAdmin. Fortunately, WordPress plugin writers have addressed the problem. The best known plugin for this purpose is Lester Chan’s WP-DBManager. With this plugin, you can have WordPress automatically send you backup via email or store them in a folder on your server (or both).

Turn off Registrations

Go to Settings –> General. Untick the ‘Anyone can register’ box. Save your settings. Need to allow registrations? Then, I strongly recommend using the Sabre Plugin. Sabre is an acronym for Simple Anti Bot Registration Engine. It’s a set of counter measures against spam registration on your blog.

Keep your Installation Up-to-Date

If you are not running the latest version of WordPress, then there is a higher probability that your site will be compromised. Hackers take advantage of the open-source nature of WordPress to analyze the source code and test it for potential vulnerabilities. Then, it is left up to developers and users to detect, track down, and then close off the code vulnerabilities that hackers are using.

Backup your Theme, Images, and Plugins Folders

It’s also a good idea to backup your theme, images, and plugins to your personal computer or on to a backup drive. If your host’s server completely crashes, you can restore your entire site.

Hide your Email Address from Spammers with a Simple JavaScript

Robert — Tue, 24 Feb 2009 15:11:43 +0000

Javascripts to hide email addresses from spammers have been around for a while but perhaps you missed this one. I have been using it more and more for my client’s HTML-based websites.

If the email address is: joe@mydomain.com, most websites use:

<a href="mailto:joe@mydomain.com">joe@mydomain.com</a>

That line of basic HTML is easily harvested by spambots. Within a few weeks, the spam will start trickling in. After a few months, there will be a flood of annoying spam emails.

What can you do? Start with a fresh email address and use this small JavaScript:

<script type="text/javascript"><!--
var name = "joe";
var domain = "mydomain.com";
document.write('<a href=\"mailto:' + name + '@' + domain + '\">');
document.write(name + '@' + domain + '</a>');
// --></script>

Simply replace the email address segments in lines 2 and 3. Then, paste the JavaScript into the HTML code for the page (replacing the mailto code). You are done!

Make your own eBay widget!

Robert — Thu, 15 Jan 2009 14:37:10 +0000

eBay’s new affiliate program, eBay Partner Network, is an excellent source of income for product-related blogs and websites. It takes some skill, however, to integrate eBay links and images into content and templates. The program offers several creatives that can be pasted into sidebar widgets. However, I found them to be slow-loading as well as poorly converting (to sales).

I decided to make my own eBay Sidebar Widget. You can see an example of the widget running in the sidebar just to the right. I have outlined the steps below. The WordPress PHP widget and TWP auction code are free.

Steps to make your own eBay widget

PHP Code Widget

TWP Auctions

3. Upload the files twpauctions.php and twpfunctions.php to your root directory.

4. Go to your Widgets Page and add one PHP Code Widget.

5. Paste in the TWP code into the PHP Widget.

You will need to configure the TWP code according to the instructions in the readme file. The TWP code supports negative keywords so you can filter out cables, batteries, accessories, adapters, etc.

The final code should look something like this:

<?php
$epn_campaign_id = "0000000000"; // EPN campaign id
$customid = "Post"; // EPN custom id (optional)
$keyword = "ipod -charger -case"; // put your keyword here 
$display = "2"; // how many items to display
$country = "us"; // see country_codes.txt for info
include "twpauctions.php"; ?>

I chose to display 2 ads to emulate a 300×250 ad widget although the eBay widget height is a bit more than 250px.

Make sure to use the correct version of TWP depending on whether your server is running PHP 4 or PHP 5. And, don’t forget to put in the correct campaign ID from the eBay Partners Network. Also, it is best if you have a theme with sidebar that is about 300px wide.

You can the style the widget by adding the following classes to your stylesheet:

Squeeze More Income from your Blog with Slayer’s Custom Widget Plugin

Robert — Tue, 30 Dec 2008 17:04:22 +0000

The introduction of sidebar widgets in WordPress have resulted in a huge time savings. Gone are the days of pasting code into sidebar.php just see your layout go wacky. The capabilities of widgets in the basic WordPress installation are, however, very limited. By default, all widgets appear wherever the sidebar is loaded within your theme. If you are using widgets to display ads, you cannot choose on which pages the widgets appear.

Slayer’s Custom Widget Plugin solves this problem. This plugin enables you to select which widgets appear on specific posts, pages, categories, author’s posts and tag pages. You can even configure where widgets are displayed per WordPress template using conditional tags.

Installation is easy. Upload the slayer-custom-widgets directory to wp-content/plugins. Then, activate the plugin in the usual way. If you already have widgets installed, you can go directly to the Slayer’s Custom Widgets link found just under the settings section of your admin panel (WordPress 2.7). Configuring your widgets is simple and the layout is very logic. You’ll want to go back to the Appearance Menu and add more widgets once you get the hang of it.

I have already installed Slayer’s Custom Widget Plugin in two blogs. Both are working perfectly. The level of control that the plugin provides is really fantastic. Watch the short video then go to the WordPress Plugin Directory and download the plugin.

Click here to view the embedded video.

Replace Askimet with Defensio

Robert — Thu, 13 Nov 2008 04:22:50 +0000

What’s up with Askimet these days? This well-known WordPress plugin has been letting foul comment spam through on two of my blogs including RL-Digital. To solve the problem, I ditched Askimet and replaced it with the Defensio plugin.

Unlike Askimet, Defensio at least has some adjustments. And, it is an adaptive filter, which will improve with time. You may need to give it a few days to learn, but quite quickly you should see spam eliminated that is sneaking by Askimet.

To help Defensio learn, restore good comments that were incorrectly marked as spam, and mark errant spams as spam. Also, if you do not agree with a comment but it is not spam, make sure to delete it instead of marking it as spam.

You will need an API Key to activate the plugin. You can get one for free by registering on the Defensio site. To see your stats, login to the Defensio site and go to ‘Statistics’. To use the plugin on multiple sites, make sure to generate a unique API key for each site.

Google Chrome Theme by Ericulous.com

Robert — Thu, 11 Sep 2008 01:02:43 +0000

Genkisan, the webmaster at Ericulous.com, has just released a free lightweight WordPress theme based on Google’s popular Chrome browser. There have been several Chrome themes released by other developers. However, this is the best one that I have seen so far. The combination of a full width header and fixed width body looks great without allowing page elements to re-arrange in smaller browser windows.

Features

2 columns fixed width
Fast-loading
Widgets ready
Gravatar ready
Works on Wordpress v2.5 and above
Tested on IE6/7, Firefox, Opera, Safari, and of course Chrome
XHTML & CSS Validated

For more information and a download link, head over to the Chrome Theme page.

New Amazon Movie & TV Show Preview Widget

Robert — Mon, 08 Sep 2008 14:25:15 +0000

Amazon has added it’s new movie & TV streaming service to it’s Associates Program. Associates will earn a 10% referral fee on all movies, TV seasons, and TV episodes such as The Office, House and Law & Order. The widget shown below allows Associates to add movie trailers to their websites.

The first two minutes of videos automatically play at no charge to customers inside the widget. At any time during or after the 2-minute viewing period, customers can choose to purchase or rent the title to watch it in its entirety. The preview serves to drive higher conversions and increased referral fees for Associates.

Amazon.com Widgets

The minimum widget width is 510px. It won’t fit in the sidebar of most blogs. If Amazon wants this widget to be widely used, they will need to squeeze it down to at least 300×250px. That way, it would fit nicely into sidebar widgets.

Google launches AdSense for Feeds

Robert — Sat, 16 Aug 2008 08:56:51 +0000

After several years in beta test, Google has just launched the much anticipated ‘AdSense for Feeds’. When you next visit the Setup tab in your AdSense account, you’ll notice a new ‘AdSense for Feeds’ option.

Features

Optimized CPC and CPM ads
Ads specifically design for RSS feeds
Wide range of customization options
Detailed stats on your feed audience and distribution
Manage monetization of your feeds through your AdSense account

To activate a AdSense for Feeds, you can either burn a feed directly in your AdSense account or migrate a feed(s) from your Feedburner account. I recommend burning your feed in Feedburner first as you have more choices of options and stats.

Migrating FeedBurner Feeds to Google AdSense

In order to activate AdSense for Feeds, you need to migrate your FeedBurner account into your Google Account. To migrate all of your feeds, and your account from feeds.feedburner.com to Google, email adsense-support-aff@google.com and provide the following information:

* Your FeedBurner account username
* The Google Account email address you use to sign in to AdSense

Google will migrate your account and contact you with specific steps for you to follow once migration is complete.

WidgetBucks launches Pre-Designed and Custom Ad Widget Skins

Robert — Thu, 31 Jul 2008 10:43:54 +0000

WidgetBucks has introduced pre-designed and custom ad skins for their well-known WidgetBucks widgets. Publishers have two choices – choose from a gallery of over 125 pre-designed skins to apply to new and existing ad widgets or use the DIY (Do-It-Yourself) tools to add their own unique look-and-feel to ad widgets

The gallery of off-the-shelf skins map closely to WidgetBucksâ€™ product categories, including entertainment (Batman, celebrities), tech and electronics (iPhone, GPS devices, XM Radio), fashion (handbags, flip flips), sports and outdoors (basketball, baseball), video games (Halo), and more. They are can be applied to six IAB standard sizes. The new skins only show up on WidgetBucksâ€™ CPC widgets. CPM display ads will run without the new designs.

DIY design tools include two basic applications — MS Paint and Notepad, both standard on PCs (one Mac Paint equivalent is open-source software Seashore). These tools give publishers powerful customization ability to enable very integrated look-and-feel delivery of their WidgetBucks ad units on their sites.

Shown above is a 160×300 WidgetBucks ad widget as it appears on TechCrunch.

Sign-up and Earn $$ with WidgetBucks.

WidgetBucks launches CPC Ads in Europe

Robert — Wed, 16 Jul 2008 11:43:12 +0000

WidgetBucks has just announced that is expanding its CPC (cost-per-click) network for Western European traffic. Starting July 15th, when publishers serve WidgetBucks ad widgets on their sites, visitors based in the UK will see a short-duration CPM display ad followed by a CPC shopping widget featuring UK-based merchants and products listed in British pounds.

The CPM/CPC hybrid ad gives publishers two revenue streams from the same ad widget instance. Before today, only CPM (cost-per-thousand impressions) ads were served to visitors outside the U.S. and Canada. Additional Western European countries, including Belgium, Denmark, France, Germany, Italy, Netherlands, Norway, and Sweden will come online over the next two weeks.

Changes to publishers reports will be seamless. In addition to current CPM impressions, additional impressions will automatically be added into CPC roll-up and daily totals, as well as resulting revenue. At this time, WidgetBucks is not breaking out CPC impressions and earnings by country. You’ll have to track that via the site URL.

Shown above is a 160×300 WidgetBucks ad widget as it will appear in the UK.

Sign-up and Earn $$ with WidgetBucks.

Update July 30th: Today WidgetBucks added Germany, France, Italy, Netherlands, Belgium, Norway, Sweden and Denmark to the UK. This means that site visitors from those countries will now see the double-revenue ad widgets.