Wordpress

I See Your WordPress Plugins

Wordpress.com LogoSimonne of AllTipsAndTricks.com has posted a helpful tip for WordPress users. By default, the permissions for your WordPress directory are set up in such a way to allow the public viewing access. Like Simonne, I’m not sure what the practicality would be except for those snooping around or those trying to figure out which plugins you have installed in which they can then look for vulnerabilities or exploits in those plugins to hack your site.

The fix is quite simple. You can do one of two things, change the permissions of that directory from 0755 to 0750 or, you can upload a blank index.html file. When I set my plugin folder to 0750, some of my plugins decided to stop working. So I opted for option two. In fact, I added a redirect within my index.html page that redirects the browser to my homepage.

Here is the code I used in my index.html file if you would like to do the same.

Redirect Code I Used In My Index.html File

UPDATE -Thanks to LGR for adding this in via the comments. You can simply add Options -Indexes to your .htaccess file. This will redirect anyone who is trying to view a folder index to your 404 error page without the need of creating empty index.html files. Thanks again LGR.

Icon Based Social Bookmarking Plugin

m Lienzo.com Logo

Aaron over at Milienzo.com has published his first ever WordPress Plugin entitled ‘I Love Social Bookmarking‘. I love social bookmarking gives your readers a chance to submit your site/articles to various social bookmarking services via a tidy drop-down list.

Screenshot of the plugin in action:

Screenshot Of The Plugin

Version 0.1b is a pre-release trial version released to eliminate bugs and identify popular feature requests before a general public release. If you’d like to help me test this version please install it and let me know of any problems you encounter or additional features you’d like to see included.

Personally, I enjoy using the ShareThis plugin as it provides many more options than Milienzo’s plugin, including the option of emailing the post. However, this is his first ever plugin so it will be interesting to see where he takes this. Milienzio, my advice is to look at what ShareThis has to offer and see if you can improve upon that.

FeedSmith Plugin Security Update

Feedburner.com LogoThe FeedBurner Feedsmith plugin for WordPress which consolidates all of your WordPress RSS Feeds into one, has undergone a small security update. According to Feedburner, older versions of FeedSmith, can be vulnerable to what is called a “cross-site request forgery.” This permits someone to change WordPress plugin settings on your system without you noticing during the time you are signed into your WordPress control panel.

Feedburner recommends downloading the latest version of the plugin, FeedSmith V2.3 as this version ensures that the only person who can change FeedSmith settings is the administrative account that is signed into your WordPress account.

Here are the directions to update your plugin.

  1. Download version 2.3 of the plugin.
  2. Sign in to your WordPress admin control panel.
  3. Under Plugins, locate the current FeedSmith plugin, and click “Deactivate.”
  4. Copy the plugin file, FeedBurner_FeedSmith_Plugin.php into your default WordPress plugin directory, wp-content/plugins/
  5. Reactivate the plugin by logging in to your WordPress administration area, clicking Plugins, then clicking Activate at the end of the “FeedBurner FeedSmith” row.

At the end of this process, v2.3 will be active and will use your existing feed redirection settings; there is no need to re-enter them. You will also be protected against any potential request forgery attack.

AskApache 404 Google Fix

Askapache.com Logo

For those of you who are using the ajax powered Google search plugin for your WordPress 404 page that I featured here Add Google Ajax To Your WP 404 Page, you may have noticed after upgrading to WordPress 2.3 that the search results have stopped displaying. A number of others including myself have experienced this problem and the fix is relatively simple.

In your WordPress admin panel, click on the OPTIONS link. Now click on the AA Google 404 link which will load the options for this specific plugin. Where it says Google API Key, click on the GET ONE link. Type in your URL to Google and they will provide you with a new API key. Replace the plugins current API key with the newly acquired one and click the save button. Your 404 search results should reappear.

My WordPress 2.3 Upgrade Experience

I’m writing this post within the new fancy WYSIWYG editor which is nothing more than the same editor with the exception of a new button. The new button shows me quite a few new formatting features but my favorite one is the UNDO button.

So far, my WordPress upgrade experience has been pretty good. I did encounter an upload problem in which a few folders were uploaded into other folders. In other words, some folders were not overwritten like they were supposed to be. I fixed this and re-uploaded the files which allowed the WordPress upgrade script to properly update my database.

I believe there is a bug that was created after my WordPress installation was upgraded. As you can see below, the area of my dashboard which would normally show incoming links to my site from outside sources, is now showing my own blog posts from my front page. I’m pretty sure this is not supposed to happen. This never occurred during any other WP upgrade I have performed. I have since created a forum post about it on the official WP forums to see if it’s a bug or not.

WordPRess 2.3 Bug

I knew about the tag importers being added to WordPress 2.3 but for the life of me, I couldn’t figure out where they were. I eventually located them within the MANAGE-IMPORT area of my WordPress admin panel. After clicking on the importer for my Ultimate Tagging Warrior plugin, all of my tags were imported into the native tagging features implemented into WP 2.3 I also experienced numerous wordpress.wp_post2cat does not exist errors which were being generated by the UTW plugin, so be sure to disable it once you complete your upgrade.

I want to give a very big thank you to everyone responsible for the automatic update notification feature. This is an invaluable time saver. After my upgrade was complete, I discovered 5 plugins which had an update available for download. The notification window provides a direct link to the plugin on the wordpress.org site where additional information along with the plugin files can be located.

Last but not least, if you are experiencing trouble with WordPress, the best place to find help is the WordPress.org forums. However, before creating a new post, be sure to perform a search to see if your question was already answered. There is nothing more annoying on a forum than seeing 50 different forum threads on the same topic which has already been answered.

You’ve read my experience, now it’s time to share yours by leaving a comment below.

WordPress 2.3 Released Codenamed Dexter

Wordpress.org LogoWordPress 2.3 has finally been released to the public. This is a major release and users of WordPress are encouraged to update as soon as possible. Before you do anything, make sure you create a full backup in case things go bad. I’ll be updating this blog throughout the night and hopefully, I’ll still be around when you wake up. If not, you know what happened to this site.

Time to review the change log to find out why we should upgrade.

  • Native Tagging Support: You can now user tags in addition to categories. 2.3 includes a set of tag importers for tag plugins that existed prior to 2.3 These importers include Ultimate Tag Warrior, Jerome’s Keywords, Simple Tags, and Bunny’s Technorati Tag plugins. Matt states that the new tagging system is pretty fast which should please a number of webhosting companies.
  • Update Notifications: WordPress 2.3 introduces a way for users to be notified when a new release of WordPress is available or when an update to a plugin has been released. This feature works by sending your sites URL, plugins, and version information to the wordpress API.ORG service which compares the information to their internal database.
  • Canonical URLs: Canonical URLs enforce no www-preferences, redirect posts with changed slugs, redirect URLS that get cut off in emails similar to the correct post. According to WordPress these new URLs should help users as well as providing more SEO options.
  • Pending Previews: Those who use multi-user blogs or WordPressMU will appreciate this feature. Authors can submit a post for review by an editor or administrator, where before, they would have to save a draft and hope someone noticed it.
  • Advanced WYSIWYG: WordPress has somehow manage to stuff more features into the Visual Text editor. This update now shows off more features that in TinyMCE that were previously hidden. Dave, looks like your secret is no longer a secret.

In addition to these new features, developers will have a host of new things to deal with such as Atom 1.0 support, jQuery, a new taxonomy system, new importers, hooks and filters and much more. The WordPress community has also helped contribute to over 351 trouble tickets that were closed in the Trac.

You can view the Codex for more information about the release and some screenshots. And of course the place to download is always the same. Before you upgrade you may want to check out our Preparing for 2.3 post.

Matt is hosting an upgrade party within the San Francisco area but I figured I would host one of my own on Skype. If you are awake and care to upgrade your WordPress installation along with me and a few other people, be sure to add me jeffr0e to your Skype contact list and let’s get this party started.

Google Powered 404 Page Update

Askapache.com LogoI was curious as to who was making the money via the sponsored ads that are displayed on the first tab and the web tab of this plugin.

As it turns out, the sponsored ads are for Google because the Ajax powered API is so new. Here is the 411 on the issue.

That is a really great question that I had to search awhile to find. The answer is because this Search API is still so cutting-edge new, Google is the only one making any money from these Ads. It is still pretty beta now, but in the future it will very likely have the features we want. It is against the TOS to remove the ads, and currently you cannot hook your own AdSense account into the Search API. You can however use css to re-position the sponsored links.. like:

.gsc-control .gsc-ad-box {padding-top:100px;}

Does the AJAX Search API contain advertising?

Yes. The Web Search results may include up to 2-4 clearly marked sponsored links. There are currently no ads displayed among the News, Video, Maps, or Blog Search results. If you’re interested in earning money for displaying relevant Google ads on your site, you can do so with Google AdSense.

Thanks to AskApache for clearing this up.

You Comment I Follow

You Comment I FollowI just wanted to let everyone know that after reading Brad’s post on getting rid of the “No-Follow” attribute within comments, I have installed the Do-Follow Plugin.

This plugin removes the No Follow attribute that is usually attached to links that commenter’s leave. Since that is no way to treat a commenter, those links can now provide you with a few more drops of Google Juice. If your a fellow blogger, do your audience a favor and install the Do-Follow plugin, which gives people one more reason to stop by and leave a comment.

BloggerTalk The Bloggers Podcast

BloggerTalk.TV Logo

Each Tuesday at 8pm Eastern time, join a panel of expert bloggers as they discuss the latest and greatest blogging related news. Each show is performed live on Talkshoe where listeners can call in with their questions or stories related to the blogosphere. Whether it deals with monetizing your blog, RSS, generating traffic, or blogging news, rest assured, this 60 minute show will be packed with content.

After my successful stint on episode 3, the lost episode Anthony Feint was kind enough to bring me back on the show for a full hour with David Peralty where we discussed a number of topics. Ironically, BACN was not one of them, although that was the name of the episode. At any rate, here is what we covered.

Davids Pick for this episode was the news related to WordPress 2.3 which will be a major release. My pick dealt with the blog, Readers Appreciation Project and all three of us actually go into a little more detail in regards to reader appreciation. Anthony actually didn’t have a pick this week, or perhaps David and I took up all of the free time left in the show. At any rate, please give this show a listen and I would love to hear your feedback in regards to my performance or anything related to the show.

To listen to this show without leaving the page, click the PLAY button.

Add Google Ajax To Your WP 404 Page

AskApache.com LogoI think I have finally found an easy solution for my WordPress 404 page. The plugin is called AskApache Google 404.

This plugin after being installed, will display an Ajax powered Google search box. This search box will automatically perform a search for Jeffro2pt0 or the text contained within the link that generated the error. The Google search bar contains tabs for finding blog posts, videos, images, and results from across the web.

Now, instead of generating a simple error message with no way of finding what it is the browser was looking for, this plugin gives me a chance to offer the search bar to visitors who can at least ATTEMPT to find what it was they were looking for. I’ve also heard that by using this Google search bar, Google would be more appreciative to my site in terms of SEO, but I have no definitive proof.

If your a WordPress user and you don’t have a helpful 404 page, give the Apache Google 404 Plugin a try. It’s very easy to install and in the end, your visitors will be appreciative that you provided a way for them to try and find what it was they were looking for.

Click Here To Test The Plugin

And by the way, Hello to all of you who have STUMBLED across this page. By all means, take your shoes off and make yourself at home.