- If any of you have noticed, the title of this blog has changed slightly. It was “The Parsons’ Rant”. It is now “The Parsons Rant”. A minor change so how come? Posts on this blog are Tweeted, Facebook-ed, and LinkedIn and in many cases, the site name was appearing as “The Parsons' Rant”. That odd sequence of characters was WordPress’s way of representing an apostrophe ( ‘ ) since a naked character like that can mess up parsing by web applications. (There are plenty more characters that are represented in this way. You just don’t see them on the front end.) Even though Dr. Data knew what it was, it still looked butt-ugly on an e-mail or Tweet so he changed the name slightly to avoid that happening. Otherwise, it’s still the same old blog containing the same old drivel.
- The post was week about “That Topic” set a new record in visitors & page-views that continued into the week-end when I don’t usually post. (Dr. Data told you so!)
I’ve been hard at work implementing an increased level of security for a client who has a number – more than 10 – WordPress sites. These sites were repeatedly being hit by the bad guys who gained access to her WordPress installations via brute force attacks. These attacks exploited vulnerabilities in the standard WP configuration and added a large number of bogus subscribers.
In an effort to “harden” this client’s WP sites, I’ve been working with a tool called Better WordPress Security by Bit51. There are a large number of WP security plug-ins available – most of them are free – but Bit51’s seems to combine most of the known WP vulnerabilities that can be remedied into one package. For example, did you know that the standard WP table prefix of “wp-” is an open invitation to mischief via PHP injection attacks? A savvy hacker can cobble together a bit of PHP code that wreaks havoc with the WP database simply because the default table prefix is very seldom changed. Bit51’s plug-in will generate a random table prefix and automatically apply it to the WP database.
This is just one example from a whole slew of tweaks and fixes in this plug-in. It can even handle database backups for you and I know from my own experience that finding a reliable backup utility that actually does what it’s supposed to can be a tall order. Many of them are half-baked at best, do not work with all server configurations or their support ceased long before WordPress 3.x came on the scene.
Some of the recommended tweaks do not work with all themes or server configurations but this package is well worth the time taken to install and configure it. Even if you can’t use some of the fixes that Better WordPress Security offers, any amount of security is better than none at all.
Better WordPress Security is “donation-ware” which means that it’s free for you to use but Bit51 would certainly appreciate any legal tender you send their way. If you’re trying to decide whether you pay the electric, gas and water bills this month, not to worry; Bit51 will gladly accept Tweets and/or posts about Better WordPress Security which is what I’m doing here. I’m also going to nag my client about a significant donation to the cause.
Go to bit51.com/software/better-wp-security/ to learn more.
One of my clients is launching a new career and to support her range of interests and expertise, she is developing a series of websites using WordPress. Getting the message out there is the number one priority and for that, you need a search engine – in this case, Google – to crawl your site. My client needs to know this for not just one but x number of websites.
Google makes it easy for you.
- Go to Google.com
- Type in the words “cache: www.yoursitename.com” (Or .net, .info, .me, etc.)
- Google will present you with a list of results and – hopefully – your most recently crawled posts will be at the top of the list.
The Geeks Club provided this tip so I’ll quote them directly:
Google takes a snapshot of each page examined as it crawls the web and caches these as a back-up in case the original page is unavailable.
For example, I did this for howardparsons.info and found 4 hits at the top of the list; The most recent ones being April 26, 2012. Before that, the date was April 12, 2012.
Have fun and impress your friends!
Just a few things to mention here. If you are actually following this blog, you may – or may not – have noticed this box in the sidebar; Just above the box/widget listing Recent Posts. This box lists the top 5 most “liked” posts here on The Parsons’ Rant. You also may have noticed that – at the time of this writing – the box is empty. This is most likely due to one of three reasons:
- This feature is a relatively new one on this blog site
- No one knows how to “like” my posts
- No one likes any of my posts
I am going to assume that it’s most likely # 2 and show you how to “like” my posts if you are so disposed. Way down at the end of each post, there is a heart-shaped button above my signature that allows you to indicate – anonymously – that this particular post has found favour with you. (See the picture at left.) This is not an ego thing and you don’t have to “like” anything if you don’t want to but this is a way of giving me feedback on the subject matter and whether I’m talking about the right things. Maybe the next time you stop by, the box won’t be quite as empty.
Finally, I have noticed an issue with my photo galleries. I realise that they are not the greatest bits of photography but they have stopped loading on to the page. The text comes up and the little wheel beneath turns and turns but nothing ever happens. (See the image below) I do not know if this has been going on a while or is a recent development. I would say that it’s due to internet traffic but other pages and posts with static images seem to load their photos just fine. Maybe it’s due to a collision between 2 or more plugins. Maybe the most recent update to the gallery plug-in is at fault. Rest assured that I will sort this problem out and you will be able to see my mediocre photography again in short order. Problem Sorted! Thanks to Dalton at madebyraygun.com! This outfit makes the Portfolio Slideshow Pro plugin that powers our galleries.
If you’re like most internet users, you regularly sign up for a site or service that requires a password and the passwords for everything gets to be a pain in the rear. I’m currently working with a client who has a good number of WordPress sites. Recently, this person’s sites were all compromised and a bogus Administrator account was set up for each one which used the same name. The client wondered how all this happened and if she was the victim of some personal attack.
Usually, these incursions are NOT because your name is “Bob”, because you’re a Freemason or anything like that. Most likely it is because your site(s) has been hammered by repeated attempts to gain access from Viet Nam, China, the Ukraine, Holland & probably a lot more places. The hacker – or hackette – doesn’t care whom the site belongs to – just that it’s a WordPress site. They employ web-crawling software robots that look for WordPress sites and when one is found, they immediately try to break in by using the default user name – “admin” and various combinations of characters as a password. Since it’s a robot doing the dirty work, it doesn’t matter how many times they try to gain entry. Sooner or later, the robot will either find the right combination of characters or give up because it has reached some specified limit of attempts set by the hacker.
If it does get it, the robot will make a note of the user name/password combination for that site and then set up a bogus account with administrator privileges and a second robot will use that account to spike your site with malware, links to scare-ware sites, etc. If you have more than one WordPress site, the robot will use the combination as a starting point for your 2nd site, etc.
The lessons to be learned from this are:
- DO NOT use the default user name for WordPress – or whatever – on a permanent basis. Use it just long enough to create a less than obvious user name for the Administrator account.
- DO NOT create a password that is a repetition of the user name or any variation of it such as “spotnap” for “pantops”, substituting upper case letters for lowercase ones & vice versa, etc.
- DO create a password that is a combination of upper & lower case letters, numbers and special characters such as “!$%(), etc.
Therefore, DO NOT have a bunch of sites using “admin” & the same password over & over again. Don’t use “admin” at all! Have a different administrator name and password combination for each site. The password should be a combination of Upper & Lower case letters, numbers and special characters.
Sometimes, I think that we take the amazing modern world in which we live for granted. Admittedly, I’ve been fascinated with computing ever since I used a Hewlett Packard programmable calculator at North Carolina Wesleyan College in 1974. (I think that my program had something to do with calculating Caddis Fly populations in Ecology.) My wife -NCWC ’75 – groans every time I get a hold of a new computing gadget or some other such bit of technology.
What I’m going to relate here is pretty basic yet provides one of those “Wow” moments when you stop to think about how it all happens.
Yesterday, I installed a new WordPress plugin that would add my signature to the bottom of all of my posts and pages. It was a pretty new plugin and thus there were some minor problems.
- The page to manage the settings was all in German
- The signature went on everything – both posts and pages
- There was no way to selectively disable the signature on certain pages
- There was no basic documentation for the perpetually confused
There was a link to the plugin website and once I got there, I found that the site was all in German too. Not to worry. All I had to do was push a button on the web page and everything was translated into English. I posted a message mentioning the above problems and figured that was the end of it.
Earlier today, I was watching CBS “This Morning” and using my tablet to check e-mail at the same time. I dropped by this site’s administration page and noticed that there was one plugin update; For the very plug-in I mentioned above.
Around 9:00, I went into the office, fired up my Dell Studio pc with a quad core motherboard and prepared to rant a bit. Out of curiosity, I checked the settings page for the signature plugin and found that:
- Everything was in English
- I could choose to add my signature to only my Posts
- I could choose to add my signature to only my Pages
- I could choose to add my signature to both Posts and Pages
As of this writing, the authors have not added documentation nor did they implement the option for selected pages. Frankly, I was not expecting that last bit as it would take a fair bit of coding to accomplish.
So what had happened in less than 14 hours was this:
- I installed a WordPress plugin and found some areas for improvement
- I went to a German website which was translated into English at the click of a button
- I made some suggestions for improvements
- I updated the plugin with fully half of my suggested improvements implemented the next morning.