Free Technology Tutorials

Note: The following is made available under GPL from http://codex.wordpress.org/GPL. It has been edited significantly from its original form. There is no guarantee this information is accurate…use at your own risk.
—————————————————–

My WordPress blog has been hacked; or at least I think its been hacked. What do I do now?

The WordPress Exploit Scanner plugin can help detect damage so that it can be cleaned up. Other things you should do:

• Change passwords for all blog users, including your own, with a role higher than Subscriber
• If you upload files to your site via FTP, change your FTP password
• Change your web hosting control panel (such as Cpanel) password
• Completely remove all current WordPress core code and re-install the latest version of WordPress
• Make sure you are only using trusted plugins and themes–those from wordpress.org or a trusted commercial developer
• Remove all unused themes and plugins
• Make sure all of your plugins and themes are up-to-date–it’s best to install new, clean copies of each theme and plugin
• Update your security keys in wp-config.php
• Search your entire web-directory (public_html directory, not just the WP directory) to ensure no other files are infected
• Check directory and file permission on your server. Typically, directory permissions should be 755 and files should be 644, but this will depend on your particular server environment.

If all else fails, contact me and I will quote you a reasonable price for fixing your site for you…I only work on Linux systems with Cpanel, or an equivalent control panel.

Note: The following is made available under GPL from http://codex.wordpress.org/GPL. It may be edited a little from its original form, but probably not a lot. There is no guarantee this information is accurate…use at your own risk.
—————————————————–

In WordPress 2.9, it’s super easy to embed videos, images, and other content into your WordPress site. Just type/past the url into your post/page and WordPress does the rest. Make sure that the URL is on its own line and not hyperlinked (clickable when viewing the post).

For example, all I did to add the video below was copy/past the the video url into this post…the url should be on its on line. In the past you would have just seen the link to the video, but from 2.9 onward, WordPress automatically embeds the video in the post.

You can also opt to wrap the URL in the embed shortcode. It will accomplish the same effect, but does not require the URL to be on its own line.

Note: It’s important to make sure the url isn’t hyerlinked when you type/past into the post/page. If so, then you will simply see the link, like below. This is also a good tip if, for some reason, you want to show the link and not the embed.

http://www.youtube.com/watch?v=5nxXsROoBYs

Can I Use Any URL With This?

Not by default. For secutity reasons, WordPress will only embed URLs matching an internal whitelist. By default, WordPress will automatically embed from the following sites…this list will grow over time.

• YouTube
• Vimeo
• DailyMotio
• blip.tv
• Flickr (both videos and images)
• Viddler
• Hulu
• Qik
• Revision3
• Scribd
• Photobucket
• PollDaddy
• Google Video
• WordPress.tv (only VideoPress-type videos for the time being)

Note: The following is made available under GPL from http://codex.wordpress.org/GPL. It may be edited a little from its original form, but probably not a lot. There is no guarantee this information is accurate…use at your own risk.
—————————————————–

Delete Old or Unwanted Plugins — Keeps Your Site Running Well and Increases Security

Many times a plugin doesn’t fit your site or you don’t need it, but you leave it there just in case. These tend to pile up in your Administration > Plugins Panel, making your plugin list long and cumbersome to scroll through. If left there long enough, they might become obsolete with the new WordPress versions and they could get outdated and cause problems–including security vulnerabilities. Check your Plugins list often and clean out the stuff you know you won’t use.

Begin your Plugins housekeeping by visiting the plugin author’s site to see if there are instructions on how to uninstall the plugin via the Plugins panel on the left side of the screen. Some plugins require adding tags and code to your Template files while others require modification of the WordPress administration files. Be sure and read through the plugin’s uninstall instructions to remove each of these modifications so your site will not have errors when the plugin is turned off.

If no specific instructions for uninstalling exist, then read through the installation instructions to check for modifications, if applicable, and reverse their changes, if implemented. If it has been a long time since you used this plugin, you still might have left its modifications in your template files and forgotten them. Carefully remove them.

To remove a plugin, make sure the plugin is deactivated from the Administration > Plugins Panel. Then you can uninstall in that same area. For some plugins, there may be left-over files in your plugins directory even after you uninstall using the admin interface. It’s always a good idea to look in your plugins directory to ensure the plugin files are gone…if not, then delete them.

Note: The following is made available under GPL from http://codex.wordpress.org/GPL. It may be edited a little from its original form, but probably not a lot. There is no guarantee this information is accurate…use at your own risk.
—————————————————–

WordPress 2.8 Database Table Overview

Note: The following is made available under GPL from http://codex.wordpress.org/GPL. It may be edited a little from its original form, but probably not a lot. There is no guarantee this information is accurate…use at your own risk.
—————————————————–
Ping

Within the WordPress interface, “ping” is sometimes used to refer to Pingbacks and Trackbacks.

In general computer terms, “ping” is a common utility used in a TCP/IP environment to determine if a given IP Address exists or is reachable. Typically, Ping is used to diagnose a network connection problem. Many times you will be asked, “Can you ping that address?”. That means, does the Ping utility return a success message trying to reach the “problem” IP Address?

Pingback

Pingback lets you notify the author of an article if you link to his article (article on a blog, of course). If the links you include in an article you write on a blog lead to a blog which is pingback-enabled, then the author of that blog gets a notification in the form of a pingback that you linked to his article.

Note: The following is made available under GPL from http://codex.wordpress.org/GPL. It may be edited a little from its original form, but probably not a lot. There is no guarantee this information is accurate…use at your own risk.
—————————————————–
Trackbacks in WordPress

Trackbacks were originally developed by SixApart, creators of the MovableType blog package.

In a nutshell, TrackBack was designed to provide a method of notification between websites: it is a method of person A saying to person B, “This is something you may be interested in.” To do that, person A sends a TrackBack ping to person B.

A better explanation is this:

• Person A writes something on their blog.
• Person B wants to comment on Person A’s blog, but wants her own readers to see what she had to say, and be able to comment on her own blog
• Person B posts on her own blog and sends a trackback to Person A’s blog
• Person A’s blog receives the trackback, and displays it as a comment to the original post. This comment contains a link to Person B’s post

The idea here is that more people are introduced to the conversation (both Person A’s and Person B’s readers can follow links to the other’s post), and that there is a level of authenticity to the trackback comments because they originated from another weblog. Unfortunately, there is no actual verification performed on the incoming trackback, and indeed they can even be faked.

Most trackbacks send to Person A only a small portion (called an “excerpt”) of what Person B had to say. This is meant to act as a “teaser”, letting Person A (and his readers) see some of what Person B had to say, and encouraging them all to click over to Person B’s site to read the rest (and possibly comment).

Note: The following is made available under GPL from http://codex.wordpress.org/GPL. It may be edited a little from its original form, but probably not a lot. There is no guarantee this information is accurate…use at your own risk.
—————————————————–

To change your password in WordPress v2.7 or later:

1. In the Admin Panel, go to USERS
2. Click on your username in the list to edit
3. In the Edit User screen, scroll down to the New Password section and type in a new password in the two boxes provided. The strength box will show how good (strong) your password is.
4. Click the UPDATE USER button

Your new password takes effect immediately.

Using the automatic emailer

If you know your username and the email account in your profile, you can use the “lost password” feature of WordPress.

* Go to your WordPress Login page (something like http://yoursite.com/wordpress/wp-admin.php)
* Click on lost password
* You will be taken to a page to put in some details. Enter your user name and the email address on file for that account.
* Wait happily as your new password is emailed to you.
* Once you get your new password, login and change it to something you can remember on your profile page.

Through MySQL Command Line

1. Get an MD5 hash of your password.
* Visit md5 Hash Generator, or…
* Create a key with Python. or…
* On Unix: echo -n <password> | md5sum
2. “mysql -u root -p” (log in to MySQL)
3. enter your mysql password
4. “use (name-of-database)” (select WordPress database)
5. “show tables;” (you’re looking for a table name with “users” at the end)
6. “SELECT ID, user_login, user_pass FROM (name-of-table-you-found)” (this gives you an idea of what’s going on inside)
7. “UPDATE (name-of-table-you-found) SET user_pass=”(MD5-string-you-made)” WHERE ID = (id#-of-account-you-are-reseting-password-for)” (actually changes the password)
8. “SELECT ID, user_login, user_pass FROM (name-of-table-you-found)” (confirm that it was changed)
9. (type Control-D, to exit mysql client)

Note if you have a recent version of MySQL (version 5.x?) you can have MySQL compute the MD5 hash for you.

1. Skip step 1. above.
2. Do the following for step 7. instead.
* “UPDATE (name-of-table-you-found) SET user_pass = MD5(‘”(new-password)”‘) WHERE ID = (id#-of-account-you-are-reseting-password-for)” (actually changes the password)

Through phpMyAdmin

See the following video:

http://educhalk.org/blog/how-to-change-your-wordpress-blog-password-using-phpmyadmin/

Note: The following is made available under GPL from http://codex.wordpress.org/GPL. It may be edited a little from its original form, but probably not a lot. There is no guarantee this information is accurate…use at your own risk.
—————————————————–
Best Practices For Posting

Practice Accessibility
To be compliant with web standards for accessibility, be sure to include ALT and TITLE descriptions on links and images.

Use Paragraphs
No one likes to read writing that never pauses for a line break. To break your writing up into paragraphs, use double spaces between your paragraphs. WordPress will automatically detect these and insert HTML paragraph tags into your writing.

Using Headings
If you are writing long posts, break up the sections by using headings, small titles to highlight a change of subject. In HTML, headings are set by the use of h1, h2, h3, h4, and so on. By default, most WordPress Themes use the first, second, and sometimes third heading levels within the site.

Use HTML
You don’t have to use HTML when writing your posts. WordPress will automatically add it to your site, but if you do want control over different elements like boxes, headings, and other additional containers or elements, use HTML.

Spell Check and Proofread
There are spell check Plugins available, but even those can’t check for everything. Some serious writers will write their posts in a text editor with spell check, check all the spelling and proof it thoroughly before copying and pasting into WordPress.

Think before you post
Ranting on blogs is commonplace today, but take a moment and think about what you are writing. Remember, once it is out there, it can be seen by many and crawled by search engines; and taking things back is harder once it is public. Take a moment to read what you’ve written before hitting the Publish button. When you are ready, share it with the world.

Write about what you like
You’ve heard this a thousand times before and it sounds too cliched, but it is true. If you force yourself to write something that you don’t really enjoy, it will show. Perhaps you might not have a specific theme for writing when you just start, but that’s ok. You’ll become more focused later. Just enjoy the experience and write what you like.

Write frequently
Write as frequently as you can, may be even more than twice a day, but don’t let quantity get in the way of quality. Your viewers come for content, don’t give them useless stuff…like these tips from the WP Codex

Don’t use too much slang
Not all the readers will be from your part of the world so make sure people can understand easily.

Don’t hide your emotions
Tempting as it might be, don’t hide your real emotions. After all that is what a blog is about. If you want, you can stay anonymous and voice your feelings on whatever you are passionate about. You might have strong views on various subjects but let your readers know your passion. What is passion worth if you can’t even share it? You’ll actually love the discussions it can lead to. The discussions will broaden your own thinking and you might end up making some really good friends.

Consider your readers
Perhaps this sounds weird, but consider who needs to know about your blog before you tell them about your new blogging hobby. Will you be able to write freely if you tell them? How much should you let your readers know about you? Is it ok if your boss or girlfriend reads your posts? If you don’t want them to read, take anonymity measures accordingly.

Make use of comments
Comments let people share their ideas. Sometimes, they might not be good, but you can ask such people to shut up. Most of the times, they will and if they don’t you can delete their comments. Blogging like real life, can be both fun and not so fun at times. Be prepared. Also, give your people a place to contact you in private if they want to write to you.

Worry about blog design later
Blog design matters, but only to an extent. Don’t give up on blogging just because the design isn’t coming up as you’ll like it it to be. Sooner or later, you’ll get around the design problems with ease. But continue writing. Content is what attracts your readers, not just the look of your blog.

Don’t play too safe
Talk about the real you. Readers aren’t impressed by how big your house is, which cool club you belong to, or what the weather is in your hometown. Don’t be a bore and put a long post on how you fixed the leaking tap in minutes. Readers don’t care about braggers, they care about the real you–how you feel, what gets you excited, why you are the person you are. But if achievements are all that you can talk about, you will bore your readers.

Use pictures and videos
They make the pages colorful and viewers get to see a little of your part of the world. They feel connected.

Keep writing
Don’t stop blogging. If you don’t have anything to write about, chances are, you are still holding back. Let loose. Perhaps surf more blogs and maybe you’ll get an idea. You can write about your friends, complain about your boss, or simply rant about what’s gone wrong. Yet if nothing else works, just write a review on the latest movie, book, or product. Easy actually.

Save your posts
Save your posts before you press the publish button. Anything can happen with your computer or with an internet connection. You don’t need to lose your post.

Note: The following is made available under GPL from http://codex.wordpress.org/GPL. It may be edited a little from its original form, but probably not a lot. There is no guarantee this information is accurate…use at your own risk.
—————————————————–
WordPress Security Keys

In WordPress 2.8 there are four  (4) security keys , AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY, and NONCE_KEY that you can optionally add to your wp-config.php file to ensure better encryption of information stored in the user’s cookies. You can use the online generator to automatically generate random keys for your WordPress install…see the default wp-config-sample.php file for the url to the online generator.

An example of keys from the online generator:

These keys are optional, but including them will enhance the security of your WordPress site. In simple terms, a secret key is a password with elements that make it harder to generate enough options to break through your security barriers, so since they are free, easy to generate, you only have to add them one time, and you never have to remember them, no site should be without them. Do you have these in your wp-config.php file?

Note: The following is made available under GPL from http://codex.wordpress.org/GPL. It may be edited a little from its original form, but probably not a lot. There is no guarantee this information is accurate…use at your own risk.
—————————————————–

Content visibility is about controlling who can see your blog content. WordPress allows you to control the visibility of your posts and Pages on an individual basis. By default, all posts and Pages are visible.

There are several ways to set the visible for your blog content. You can set it on a per post/Page basis for public, private, or Password Protected, or make the entire blog private and Password Protected through the use of WordPress Plugins.

Setting Page and Post Visibility

Visibility for posts and Pages is set from the Edit panel. The option is available under the “Publish” option normally found at the top-right of the Edit panel. The screenshot below shows the interface, with the relevant section highlighted in the red rectangle.

The default state for post and Page visibility is Public. Public visibility means that the content will be visible to the outside world as soon as it is published.

By clicking on the edit link next to Visibility: Public in the Publish options, you can choose from an expanded selection of visibility options.

The options are:

* Public: The default, viewable to all.
* Password Protected: Clicking this radio button followed by “OK” causes a further text box to appear, into which you can enter a password.
* Private: This option hides the content from the public completely.

Password Protected Content

Password Protected content is not immediately visible to the outside world. Instead, visitors will see a prompt similar to this:

The title for your protected entry is shown, along with a password prompt. A visitor to your site must enter the password in the box in order to see the content of the post or Page.

Private Content

Private content is published only for your eyes, or the eyes of only those with authorization permission levels to see private content. Normal users and visitors will not be aware of private content. It will not appear in the article lists. If a visitor were to guess the URL for your private post, they would still not be able to see your content. You will only see the private content when you are logged into your WordPress blog.

Once you change the visibility to private, the post or page status changes to “Privately Published” as shown. Private posts are automatically published but not visible to anyone but those with the appropriate permission levels.

WARNING: If your site has multiple editors or administrators, they will be able to see your protected and private posts in the Edit panel. They do not need the password to be able to see your protected posts. They can see the private posts in the Edit posts/Pages list, and are able to modify them, or even make them public. Consider these consequences before making such posts in such a multiple-user environment.

Hiding The Entire WordPress Blog
Currently the functionality to hide your entire blog from public view, or to restrict it to certain users, is not part of the core WordPress product. There are possible plans to introduce this functionality into a later version.

There are various WordPress Plugins to restrict the visibility such as Page Restrict.