Category Archives: Site Admin

SumoMe Fixes

Posted on by
Reply

Update March 23, 2015: This does not work for the current version of SumoMe. But I will keep it up to help with similar situations.

The folks at Appsumo.com have released a free WordPress plugin called SumoMe that is available at http://sumome.com.

You can install SumoMe by either by adding a script to your header (if you are not using WordPress) or by installing their WordPress plugin.

Once you install it and create an account, you have the option of adding two apps:

Twilighter is a slick app that takes the text that is selected on your page and sets up a Twitter tweet using the selected text and creating a short URL back to the page from which it was selected. Your visitor can then make adjustments and click the submit button to tweet it.

The other app is List Builder which opens a modal subscription form that only asks for an email address. You can export the collected addresses as a CSV file.

List Builder caused a problem with this site where the form was showing up behind my header graphic. The problem was the z-index for that DIV element was not high enough. Adding the following code to my style.css file fixed the problem by increasing the z-index value.

.sumome-popup {
     z-index: 11111 !important;
}

Another issue I wanted to fix was the fact that the SumoMe has a control tab that appears in the upper right and visitors can see it. That control tab is of zero use to a visitor, so it is just clutter, yet I will need the tab to change settings. The best solution for now is to make it visible only if an administrator is logged into the site. Please note this code only works if your site is running on WordPress. A hat tip to koningdavid for posting the answer to a similar problem on StackOverflow.com.

Add a style sheet file called visitor.css with the following code:

#sumotest-badge {
     display:none !important;
}

In your theme’s function.php file, add the following:

function visitor_stylesheet()
{
     if (!current_user_can( 'manage_options' )) {

          wp_register_style('visitor_css', get_stylesheet_directory_uri() . '/visitor.css', array(), '1.0', 'all');
          wp_enqueue_style('visitor_css');
     }
}
add_action('wp_enqueue_scripts', 'visitor_stylesheet');

The visitor_stylesheet function checks if the current visitor to the site is an administrator (if the user can “manage_options”, then the user is an administrator). If the user is not an admin, then the visitor.css file is loaded for the user. The CSS code in visitor.css tells the browser to hide the #sumotest-badge DIV element.

Those are my fixes for SumoMe.

Happy cooking!

 

Enhanced by Zemanta

Managing Database Backups

Posted on by
Reply

It is wise to keep backups of your blog’s database, and wiser to keep those backups somewhere other than your blog’s server.

How I keep my backups is not a perfect plan, but it works for me. I keep a month’s worth of my backups in my Google Mail account.

Here’s how:

Install a plugin (like WP-DBManager) that will automatically backs up your database and emails the backup file to your Google Mail account (Gmail.com or Google Apps for Domains) as an attachment. Go ahead and manually have the plugin send a backup to your email account – you need to test it anyway.

Check your email and open the email containing your backup file.

Copy the subject line.

Click the “More” button, then click “Filter messages like these”. The advanced search form will come up with the “From” field already filled out.

Paste the subject line into the Subject field.

Check the “Has attachment” box.

Click “Create filter with this search”

On the next screen, under “When a message arrives that matches this search:”, check the box “Delete it”.

Click “Create Filter” and you are done.

Why delete the backups as they come in? I am not permanently deleting them, just sending them to the Trash folder, and everything in the Trash folder that is older than 30 days is automatically permanently deleted. This saves me from needing to clean out the old backups myself.

One thing to remember is this does not back up the actual files on your site. A copy of the files on my sites is on my computer which is backed up using Crashplan.

 

 

Enhanced by Zemanta

Missing Sidebar and Missed Opportunites

Posted on by
Reply

So I’m looking at my Google Analytics and find that my post Adobe Acrobat Pro X CS6 won’t start: how to fix has over 600 page views (539 unique) for the past month.

For a small-fry like me, that is huge!

I dug deeper and found that the most used Google search phrase for that page was “adobe acrobat x pro won’t open”. I googled it, and my article was #2 right under Adobe.com’s!

If you are reading this on my site, you can see that I run ads on the sidebar. I got excited at the thought of getting some advertising revenue and looked at my advertising stats. There were no clicks registered and the viewed ads number was a lot lower than the page views.

I looked at the page itself and realized the problem. No sidebar was showing up.

So many lost opportunities!

So where did my sidebar go? I’m not sure it was ever there to begin with.

I am using a custom child theme of the Twenty Eleven theme, but I had not done anything to change the base single post template. I downloaded index.php and single.php to look for differences and found that “get_sidebar();” was not in single.php. I copied single.php to my custom child theme folder and copy and added “get_sidebar()” function to the same place it appeared in index.php. I uploaded my new version of single.php and saw the sidebar was there, but it was shoved below the content.

Element inspection time. The CSS for the divs #primary and #content was different for the single post template. I added the following code (which is a copy of the #primary and #content from the parent theme and I added “.singular”) to my child theme’s style.css to cancel the parent theme’s CSS and get my sidebar in the right place:

.singular #primary {
float: left;
margin: 0 -26.4% 0 0;
width: 100%;
}

.singular #content {
margin: 0 34% 0 7.6%;
width: 58.4%;
}

On a side note, if you have never worked with WordPress child themes before, I highly recommend reading the WordPress Codex on Child Themes. You should never change the code of a theme someone else has made because if they update the theme you will lose your changes if you update the theme on the Update admin page.

 

WordPress Safety Tips

Posted on by
Reply

Hacker_magazineSome of the sites I managed have been hacked… again.

Here are some changes I’m making to prevent future hack attempts.

1) Install the “Limit Login Attempts” plugin.

Like its name suggests, this wonderful plugin limits the number of times someone can attempt to log in. If they fail, their IP address is blocked for a set time. You can set the number of attempts to allow, how long the block lasts, and if you want to be emailed when someone is blocked. The plugin also keeps a log of IP addresses, so you can add them to your blacklist (if you use one), and logs the username of the attempted log in so you can check with that user if they need assistance.

The main benefit of the “Limit Login Attempts” plugin is if a hacker is using a brute-force method to find your password. Typically, the hacker will run a program that will repeatedly try different passwords until it is able to log in. The limit on login attempts slows the hacker down in his attempt greatly.

2) Never use “admin” as a WordPress username.

It’s temping to use “admin” as the first user since it is the default username WordPress gives you when you set up your blog.

With the “Limit Login Attempts” plugin installed, I found the hacker was repeatedly trying to log in as “admin” using a brute force method, but he was not trying the other accounts. I set up a new administrator user account for myself, logged into the new account, and deleted the “admin” account, being sure to set existing posts with my new account as the author. I think it would also be helpful to make sure your “Display Name” is not the same as your username.

3) Create a good password of 12 characters or more

Use Upper and lowercase letters, numbers and symbols. Get a password manager to keep all your logins straight.

What has not worked:

Google Authenticator Plugin. I had this installed on a blog that was previously hacked, but I did not have “Limit Login Attempts” installed at the time. The hacker still got in using what I presume to be a brute force attack. The Google Authenticator plugin just made it a pain trying to get back in, but I found deleting the plugin via FTP gave me access again.

I think Google Authenticator is still a good plugin when paired with a system the limits the number of login attempts. Even Google does this by using a captcha system.

TL;DR

To keep your WordPress blog safe from brute-force hackers, install Limit Login Attempts, never use “admin” as a username, and use a good password at least 12 characters long using upper and lowercase letters, numbers and symbols.

Page Template Option Missing

Posted on by
Reply

On one of the sites I administer, we are using a premium theme that comes with custom page templates.

When setting up a new page on this site, I noticed the Page Template option was missing from the Edit Page page.

I knew older pages were using the same template, so I knew the file wasn’t missing. I checked anyway. Yep, it was there. Maybe there was something weird in the header that was keeping WordPress from registering it as a template.

I downloaded and opened the template file and this is what I found (I replaced the template name to protect the sloppy):

<?php /* Template Name: [redacted] */ ?>

I would not have thought the absence of newlines would have mattered, but I knew that was not like the example that WordPress gives here. So I added some newlines.

<?php 
/* 
Template Name: [redacted] 
*/ 
?>

(Make sure you replace [redacted] with your template name.)

Then I uploaded the change, refreshed my Edit Page and the template option was restored.

I’m off to fix the other pages.

Hopefully in the next update of this theme they fix the problem or I will need to update the page files again.

Recovering from a database crash

Posted on by
Reply

Well, I just recovered from a bit of a freak-out.

One of my web hosts’ databases crashed so a number of the WordPress sites I managed were coming up with “Database connection error.”  The web host techs were quick to fix the database so the sites would come back up, but on one of the sites, all the posts were gone.

My first thought was to restore from a backup. I use WP Database Manager by … so I thought it would be an easy fix… until I saw the most recent backup was from March – 3 months ago.

And my freakout entered into stage two.

After I remembered to breathe, I thought maybe there is an error in WordPress that is misreporting the number of posts.  So I logged in to the MySQL admin and found a message saying several of the tables were in need of repair due to a server crash.

So I ran the repair function in the WP Database Manager plugin (I could have used the MySQL admin’s) and all the posts returned!

I checked the backup settings in WP Database Manager next and just resaved the settings.  It started working again.

So the moral of the story is don’t freak out when all you posts turn up missing.  Check the database for errors.

And make sure your backup is working.

An error occured while updating a plug-in

Posted on by
Reply
I tried to update my plug-ins and one or more of the plug-ins gave me an error that looks like this:
An error occurred while updating <plug-in name>: Could not create directory. <full-real-path-of-folder>.

Then I went the plug-in page and it says those plug-ins have been deactivated because they are not found.

Then I tried to reinstall those plug-ins, but that gave me an error.

Then I tried to upload the plug-ins using an FTP client, but I got  a “550 Access denied” error.

I logged into my Godaddy Windows shared hosting account.  When I tried to access those folders, I got another “Access denied” error.

To fix it, I went to the parent directory “wp-content/plugins” and reset its permissions.  I unchecked “inherit”, then checked “read”, “write” and “Reset all children to inherit” then clicked OK and waited for the operation to complete.  I looked in the plugins folder and found the problem folders were no longer there, but I could reinstall them successfully.

I wish I could remember where I heard how to fix this, because I would like to credit where it’s due.

On a another blog I maintain, I thought I could prevent the install error by resetting the folder permissions before updating.  Nope, didn’t work. The plugin folder did not have “inherit” checked, but did have “read” and “write” checked.  I checked “Reset all children to inherit” and click OK as before.  So I tried again, but this time click “inherit” for the “plugins” folder and checked the “Reset all children…” box, and it worked that time.

So it looks like if the “inherit” box is checked, you need to uncheck it and vice-versa.  Just as long as read and write permissions are getting set for the child folders.

The same plug-ins that gave error when updating on the first blog gave me an error on this blog.  Some plug-ins updated fine.  So I don’t know if the problem is with the server, the plug-ins, or a combination of both.

Anyone else having this problem on a Godaddy Windows server?

Cloudflare

Posted on by
Reply

I just learned about Cloudflare.com today.

From their overview page:

CloudFlare protects and accelerates any website online. Once your website is a part of the CloudFlare community, its web traffic is routed through our intelligent global network. We automatically optimize the delivery of your web pages so your visitors get the fastest page load times and best performance. We also block threats and limit abusive bots and crawlers from wasting your bandwidth and server resources. The result: CloudFlare-powered websites see a significant improvement in performance and a decrease in spam and other attacks.

I just set them up for this site under the free plan and plan to set up more.  The set up was fairly easy if you are used to changing DNS settings for your domain.

What are your experiences with Cloudflare?

Domain changed!

Posted on by
Reply

So I changed the domain to WPressureCooker.com.

I thought I’d share how I did it to show how to do it so you don’t have to worry about folks trying to get to your site through the old domain and getting a 404/”file not found” message.

The first thing I did was some research to find the best way to do this.

Quick disclaimer: This may not be the best way for your site.  But this worked for me.  Be sure to back up your database and files before proceeding.

I followed the Yoast.com site’s advice and created a robots.txt file, but ended there because I was not moving any files and he was giving instructions for an Apache server where I was using a Windows server hosting plan.

In my Godaddy hosting account, I set the new domain (wpressurecooker.com) to point to the same folder wordpressurecooker.com is pointing to, and waited for the status to go from Pending to Setup.

Logged in my site’s admin and went to the General settings.  There I changed the Blog URL and Site URL to the new domain name.

I installed the plugin, Domain-Change by Soz which creates the 301 Redirect for you that automatically redirects folks from your old domain to the new.  So if someone comes to your site by a link that goes to a specific article, the page comes up under the new domain.  Even my shortened Pretty Links worked.

I deleted the robots.txt file from my site.

Next came the stat tracking.  I use Google Analytics.  I was hoping that the 301 redirect will take care of most of the problems, but just in case, I made a change to my Google Analytics account and the Google Analytics for WordPress by Joost de Valk settings.  There is the possibility I did this wrong, but in Google Analytics for wordpressurecooker.com I set it to track “multiple top level domains”.  I noticed the code (that you would paste in if you didn’t use the plugin) changed where _gaq.push([‘_setDomainName’, ‘none’]); so in the plugin settings, I set Domain Tracking (which sets _setDomainName) to “none”.

I also have WordPressurecooker.com registered under Google’s Webmaster Tools.  That required me to verify the wpressurecooker.com domain, then for wordpressurecooker.com, I clicked “Change of address” under “Site configuration” I set the New URL for wordpressurecooker.com to wpressurecooker.com.  In the settings for wpressurecooker.com I set the sitemap URL.

It took me a lot longer to type this all out than to make the changes, so I think you will find it pretty easy.

So did I miss anything?