Posts Tagged ‘WordPress Tips’
WordPress has just released 3.0 with some impressive new features. 1,217 bug fixes and enhancements, to be precise. Check out the video below for some of the highlights.
WordPress has released version 2.8.2. This releases fixes an XSS vulnerability with URLs not being fully sanitized when viewing in the admin. It is recommended that you upgrade to protect yourself from this issue.
So you’ve decided you want to make a site with WordPress, that’s the easy part. How do you get traffic to it? The most obvious answers are SEO and link building, but both of those require lots of time to produce and visible results. The easy way is to let your visitors do the promotion for you by leveraging social networking and bookmarking.
Users of social networks like Facebook and Twitter are very curious and love to click links making them sources for driving huge amounts of traffic. There are several plugins available for adding Facebook links to your blog posts automatically. One of the most downloaded and, in our opinion, better plugins is Add To Facebook. Twitter traffic is even more powerful. Two plugins that we recommend are TwitThis and TweetMeme.
Allowing your users to easily add bookmarks to sites like StumbleUpon and del.icio.us can also be helpful in building traffic to your site. The well recognized king in this area is the Sociable plugin.
What We Use
Instead of cluttering the page with several plugins linking to all of these services we use ShareThis. You can customize the feel a little bit and it allows both Facebook and Twitter posting as well as social bookmarking.
Shortcodes allow you to show data simply by adding [shortcode] to your WordPress site. This article includes 9 very cool shortcodes you can add (it also shows the format for creating any of your own) and a list of already included shortcodes.
SEO is a critical part of getting people to your site and these WordPress plugins help you acheive your goals quickly and easily.
The most important on page factor in SEO today appears to be your title tag. HeadSpace2 allows you to easily control the layout of all title tags on your WordPress blog. Along with title tag management you can control all of your description tags which, while not very important in SEO, can be very important in attracting people to click your site in the SERPs.
What happens when you change a post’s URL? Do you know when your visitors are getting 404 errors? With Redirection you get everything you need to easily redirect posts and log any 404 errors.
Until Meta Robots there hasn’t been an easy way to keep WordPress from allowing the indexing of certain pages on your blog. Now you can easily prevent the indexing of any pages/posts on your blog.
Including works like “in” and “the” in your post slugs doesn’t really do your SEO any good. SEO Slugs automatically removes all of these types of words from your slugs.
We get asked regularly how to add Google Analytics tracking to WordPress sites. A quick search of the WordPress plugins directory shows about 60 results for “Google Analytics” so there are no shortage of ways to add it. The plugin we prefer to use is WP Google Analytics. With WP Google Analytics you can not only add your tracking code easily you can choose to log 404 errors, searches and outgoing link clicks as well as disable tracking for any role you want, like administrators, editors, etc.
To install WP Google Analytics you just need to download the .zip file from the plugins directory, go to your WordPress admin dashboard and navigate to Plugins > New > Upload. Upload the .zip file and activate the plugin. You can then change the settings and insert your tracking code.
Hackers love to use dictionary or brute force attacks to try to get admin logins into sites. What they do is find your admin login page and continue to try hundreds or thousands of passwords until they find yours. There are 3 pretty easy ways to prevent this from working:
- Change your admin username.
- Use a hard to guess password.
- Install Login LockDown
Changing your admin username
To do this you will need to login to cPanel and go to phpMyAdmin. Select your WordPress database and browse the wp_users table. Edit the first entry which should have the username “admin” and change the value to something else.
Use a hard to guess password
Your password should be at least 8 characters with a mix or upper case letters, lower case letters, numbers and special characters. If you would like a secure password generator you can find one here.
Install Login LockDown
Login LockDown allows you to set a threshold for failed login attempts before a user is blocked. From their WordPress plugin directory description:
Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Admisitrators can release locked out IP ranges manually from the panel.
Installing Login LockDown is just like any other plugin. Download the .zip file from the plugin directory. Go to your WordPress admin dashboard and navigate to Plugins > New > Upload. Upload the zip file and activate the plugin. You can the setup your rules.
There is a great plugin called WP Security Scan that will check several possible security issues on your WordPress installation, automatically fix some, and let you fix others.Â After installation there will be a new link in the wp-admin sidebar called Security. Click that and you’ll get your recommendations.
Right now WP Security Scan covers:
-WordPress admin protection/security
Future releases will also address:
*one-click change file/folder permissions
*test for XSS vulnerabilities
*lock out/log incorrect login attempts
*user enumeration protection
There is a possible error when using the automated upgrade tool to upgrade to WordPress 2.8.
If you get far enough in the upgrade process that the archive has been downloaded from WordPress and extracted and then hit an error (like bad permissions) WordPress is supposed to delete the new files. Instead it appears that it deletes all the files rendering your blog unusable.
Should BuyHTTP Customers Worry?
Thanks to our fully managed ownership/permissions system you should not run into this issue. Upgrading our blog using the automated tool could not have been easier. If you do run into this issue, thanks to BuyHTTP Data Vault you can restore all of your files in a matter of a few minutes and be back up and running. Then you can run a manual upgrade.
Follow this bug: Trac ticket # 10140
Found via WPEngineer.
WordPress on it’s own can get pretty resource intensive when you start getting traffic. Fortunately there are a couple of easy ways to vastly improve the speed of the site and reduce the resource needs. This is good for you, good for us and good for everyone you might share a server with.