Wordpress Security

One of my wordpress blogs was hacked last week - some swine had stuffed some iffy links into the theme’s header.php file.So it’s got me thinking what sensible precautions should be taken to protect a wordpress installation. Here are some things to consider/action:

1. Keep on an up-to-date release of wordpress and make yourself aware of patches by subscribing to the wordpress development blog.
2. Keep your plugins up-to-date too. Wordpress 2.5 offer automatic plugin upgrades.
3. Ensure you backup your wordpress data. I mentioned a backup plugin a while back.
4. Get your themes from trusted sources.
5. Matt Cutts offers 3 security tips here. Additionally, I think it’s okay to create a empty index.html in your /themes folder to stop snoopers seeing what’s in your theme folder.
6. Use strong passwords and change regularly.

Additionally you can modify your .htaccess file to restrict various actions, though some people may not have the confidence to change that file.

What other precautions do you take to secure your wordpress installation?

Searching In Wordpress 2.5

I’ve upgraded a couple of my blogs to wordpress 2.5 (without a hitch) and it looks good. Auto updates of plugins is an ace timesaver.

Having just read the official wordpress development blog I notice that search now works on pages as well as posts. I’ve tried it and it does of course - this is a great feature as your visitors can obviously now find text within the content of your static pages.

Must get round to upgrading my other sites, including this one - with a new theme perhaps!

Hiding Pages In Wordpress

Depending upon your chosen wordpress theme, everytime you create a new page a link to that page automatically appears in your sites navigation menus.

That’s fine if the page contains juicy content but you probably don’t want to make your privacy policy or your site credits pages too prominent - they clutter up the nav menus and detract from your real content.

Previously, I have been tinkering with the header.php code including an extra bit of code to exclude specific page numbers. But not any more! There’s a great little plug-in called exclude pages - download here - that simply adds a dialogue box to the righthand sidebar when editing pages. Just tick the box if you want the page including in the nav menus, or don’t if you don’t !

As usual, test it to make sure it’s working for you on your chosen theme.

Revolution 2 Theme: H1 Permalinks

I’ve been using version 2 of the Revolution theme (link in my page footer) on a couple of new sites and spotted an issue. When viewing archives the heading of the individual posts is not acting as a permalink to that post - not an issue in version 1 by the way.

Because I’m no wordpress expert it took me some time to find the solution in the Revolution support forum. The solution is to edit the archive.php page and replace the line referring to <h1> with this:

<h1><a href=”<?php the_permalink() ?>” rel=”bookmark”><?php the_title(); ?></a></h1>

I’m finding that copy & paste of php code into wordpress doesn’t always work correctly - anyone know why that is? I suspect some truncation is occuring.

As always, test your changes!

How To Backup Wordpress

If you’re using self hosted wordpress you should be backing up your data (posts, comments,etc).

One easy way to do it is to use this plugin and setup an automatic backup schedule that fits in with your blog update frequency. Setting the backup manager to email you the backup is an easy way to keep chronological copies of your backups.

Another Premium News Theme

As wordpress continues to grow in popularity amongst the search marketing community more and more premium themes are becoming available. Don’t forget that premium often means pay-for.

This very site uses a premium theme and I’ve been posting about how to tweak it here for example. Fellow marketer Stephen Pratley mentions a few places that offer premium themes and I’ve just come across this new premium theme.

For other news on premium and quality free themes take a look at:

• Premium News Themes
• Justin Tadlock (free themes available)
• Premium Press (free themes available)
• Small Potato (some great free themes)

Please do comment on any other quality premium style themes that you’re aware of.

Official Revolution Theme Support Forum

In addition to the adhoc posts that I’ve been publishing about the original Revolution theme, note that Brian Gardner has recently setup the Revolution support forum covering the different themes.

Revolution Theme Optimisation: Recent Posts Count

On your homepage you’ll have a righthand sidebar containing your recent blog posts. Once you have several posts you may find that your list of recent posts is longer than you want it to be - you don’t really want the list to be greater than the height of the main image.

You can modify how many entries the recent posts list will display. After a couple of attempts six entries seems to work for my own homepage. To modify the number of displayed posts edit the file home.php and look for this bit of code and change the default setting to your preference (I’ve bolded my setting of 6):

<div id=”homepageright”>

<h3>Recent Blog Posts</h3>
<ul>
<?php get_archives(’postbypost’, 6); ?>
</ul>

</div>

Thanks to Melbourne, Australia, internet services company fatdog for prompting this useful post.

Revolution Theme Optimisation: Removing The Logo

Following on from my first post about optimising the Revolution theme, here’s how to remove the default Revolution logo from the top of each page and replace it with text instead. I can never remember how to do this, so this is as much for my own benefit as anyone elses!

1. Within your wordpress dashboard edit the theme
2. Edit style.css and look for #headerleft
3. Change the padding to 30px 0px 0px 0px;
4. Save
5. Edit header.php and find the div id=”headerleft”
6. Replace the existing code in that div with this (copy and paste might cause a problem for some reason I haven’t yet worked out, so test that the link works on your text after saving the change):
   <a href=”<?php echo get_settings(’home’); ?>/”><?php bloginfo(’name’); ?></a><br />
   <?php bloginfo(’description’); ?>
7. Save and test.

Just A FeedFlare Test

I’m just testing feedburners feedflare. I should see some links at the end of this post in google reader if it’s working correctly.

Next Page »