SumoMe Fixes

Update March 23, 2015: This does not work for the current version of SumoMe. But I will keep it up to help with similar situations.

The folks at Appsumo.com have released a free WordPress plugin called SumoMe that is available at http://sumome.com.

You can install SumoMe by either by adding a script to your header (if you are not using WordPress) or by installing their WordPress plugin.

Once you install it and create an account, you have the option of adding two apps:

Twilighter is a slick app that takes the text that is selected on your page and sets up a Twitter tweet using the selected text and creating a short URL back to the page from which it was selected. Your visitor can then make adjustments and click the submit button to tweet it.

The other app is List Builder which opens a modal subscription form that only asks for an email address. You can export the collected addresses as a CSV file.

List Builder caused a problem with this site where the form was showing up behind my header graphic. The problem was the z-index for that DIV element was not high enough. Adding the following code to my style.css file fixed the problem by increasing the z-index value.

.sumome-popup {
     z-index: 11111 !important;
}

Another issue I wanted to fix was the fact that the SumoMe has a control tab that appears in the upper right and visitors can see it. That control tab is of zero use to a visitor, so it is just clutter, yet I will need the tab to change settings. The best solution for now is to make it visible only if an administrator is logged into the site. Please note this code only works if your site is running on WordPress. A hat tip to koningdavid for posting the answer to a similar problem on StackOverflow.com.

Add a style sheet file called visitor.css with the following code:

#sumotest-badge {
     display:none !important;
}

In your theme’s function.php file, add the following:

function visitor_stylesheet()
{
     if (!current_user_can( 'manage_options' )) {

          wp_register_style('visitor_css', get_stylesheet_directory_uri() . '/visitor.css', array(), '1.0', 'all');
          wp_enqueue_style('visitor_css');
     }
}
add_action('wp_enqueue_scripts', 'visitor_stylesheet');

The visitor_stylesheet function checks if the current visitor to the site is an administrator (if the user can “manage_options”, then the user is an administrator). If the user is not an admin, then the visitor.css file is loaded for the user. The CSS code in visitor.css tells the browser to hide the #sumotest-badge DIV element.

Those are my fixes for SumoMe.

Happy cooking!

 

Enhanced by Zemanta

Managing Database Backups

It is wise to keep backups of your blog’s database, and wiser to keep those backups somewhere other than your blog’s server.

How I keep my backups is not a perfect plan, but it works for me. I keep a month’s worth of my backups in my Google Mail account.

Here’s how:

Install a plugin (like WP-DBManager) that will automatically backs up your database and emails the backup file to your Google Mail account (Gmail.com or Google Apps for Domains) as an attachment. Go ahead and manually have the plugin send a backup to your email account – you need to test it anyway.

Check your email and open the email containing your backup file.

Copy the subject line.

Click the “More” button, then click “Filter messages like these”. The advanced search form will come up with the “From” field already filled out.

Paste the subject line into the Subject field.

Check the “Has attachment” box.

Click “Create filter with this search”

On the next screen, under “When a message arrives that matches this search:”, check the box “Delete it”.

Click “Create Filter” and you are done.

Why delete the backups as they come in? I am not permanently deleting them, just sending them to the Trash folder, and everything in the Trash folder that is older than 30 days is automatically permanently deleted. This saves me from needing to clean out the old backups myself.

One thing to remember is this does not back up the actual files on your site. A copy of the files on my sites is on my computer which is backed up using Crashplan.

 

 

Enhanced by Zemanta

Missing Sidebar and Missed Opportunites

So I’m looking at my Google Analytics and find that my post Adobe Acrobat Pro X CS6 won’t start: how to fix has over 600 page views (539 unique) for the past month.

For a small-fry like me, that is huge!

I dug deeper and found that the most used Google search phrase for that page was “adobe acrobat x pro won’t open”. I googled it, and my article was #2 right under Adobe.com’s!

If you are reading this on my site, you can see that I run ads on the sidebar. I got excited at the thought of getting some advertising revenue and looked at my advertising stats. There were no clicks registered and the viewed ads number was a lot lower than the page views.

I looked at the page itself and realized the problem. No sidebar was showing up.

So many lost opportunities!

So where did my sidebar go? I’m not sure it was ever there to begin with.

I am using a custom child theme of the Twenty Eleven theme, but I had not done anything to change the base single post template. I downloaded index.php and single.php to look for differences and found that “get_sidebar();” was not in single.php. I copied single.php to my custom child theme folder and copy and added “get_sidebar()” function to the same place it appeared in index.php. I uploaded my new version of single.php and saw the sidebar was there, but it was shoved below the content.

Element inspection time. The CSS for the divs #primary and #content was different for the single post template. I added the following code (which is a copy of the #primary and #content from the parent theme and I added “.singular”) to my child theme’s style.css to cancel the parent theme’s CSS and get my sidebar in the right place:

.singular #primary {
float: left;
margin: 0 -26.4% 0 0;
width: 100%;
}

.singular #content {
margin: 0 34% 0 7.6%;
width: 58.4%;
}

On a side note, if you have never worked with WordPress child themes before, I highly recommend reading the WordPress Codex on Child Themes. You should never change the code of a theme someone else has made because if they update the theme you will lose your changes if you update the theme on the Update admin page.

 

WordPress Safety Tips

Hacker_magazineSome of the sites I managed have been hacked… again.

Here are some changes I’m making to prevent future hack attempts.

1) Install the “Limit Login Attempts” plugin.

Like its name suggests, this wonderful plugin limits the number of times someone can attempt to log in. If they fail, their IP address is blocked for a set time. You can set the number of attempts to allow, how long the block lasts, and if you want to be emailed when someone is blocked. The plugin also keeps a log of IP addresses, so you can add them to your blacklist (if you use one), and logs the username of the attempted log in so you can check with that user if they need assistance.

The main benefit of the “Limit Login Attempts” plugin is if a hacker is using a brute-force method to find your password. Typically, the hacker will run a program that will repeatedly try different passwords until it is able to log in. The limit on login attempts slows the hacker down in his attempt greatly.

2) Never use “admin” as a WordPress username.

It’s temping to use “admin” as the first user since it is the default username WordPress gives you when you set up your blog.

With the “Limit Login Attempts” plugin installed, I found the hacker was repeatedly trying to log in as “admin” using a brute force method, but he was not trying the other accounts. I set up a new administrator user account for myself, logged into the new account, and deleted the “admin” account, being sure to set existing posts with my new account as the author. I think it would also be helpful to make sure your “Display Name” is not the same as your username.

3) Create a good password of 12 characters or more

Use Upper and lowercase letters, numbers and symbols. Get a password manager to keep all your logins straight.

What has not worked:

Google Authenticator Plugin. I had this installed on a blog that was previously hacked, but I did not have “Limit Login Attempts” installed at the time. The hacker still got in using what I presume to be a brute force attack. The Google Authenticator plugin just made it a pain trying to get back in, but I found deleting the plugin via FTP gave me access again.

I think Google Authenticator is still a good plugin when paired with a system the limits the number of login attempts. Even Google does this by using a captcha system.

TL;DR

To keep your WordPress blog safe from brute-force hackers, install Limit Login Attempts, never use “admin” as a username, and use a good password at least 12 characters long using upper and lowercase letters, numbers and symbols.

Page Template Option Missing

On one of the sites I administer, we are using a premium theme that comes with custom page templates.

When setting up a new page on this site, I noticed the Page Template option was missing from the Edit Page page.

I knew older pages were using the same template, so I knew the file wasn’t missing. I checked anyway. Yep, it was there. Maybe there was something weird in the header that was keeping WordPress from registering it as a template.

I downloaded and opened the template file and this is what I found (I replaced the template name to protect the sloppy):

<?php /* Template Name: [redacted] */ ?>

I would not have thought the absence of newlines would have mattered, but I knew that was not like the example that WordPress gives here. So I added some newlines.

<?php 
/* 
Template Name: [redacted] 
*/ 
?>

(Make sure you replace [redacted] with your template name.)

Then I uploaded the change, refreshed my Edit Page and the template option was restored.

I’m off to fix the other pages.

Hopefully in the next update of this theme they fix the problem or I will need to update the page files again.