Tag Archives: WordPress

Ping. The ping heard across the world

If you’re wondering why trackbacks and pings aren’t working on your blog then you might want to do what I did earlier today: allow your blog to talk to other servers.

WordPress needs either allow_url_fopen to be set On or to have the Curl extension loaded. If you’re having problems receiving pings from other blogs then both of these are probably turned off or missing. Wouldn’t it be nice if Options->Discussion warned that pings wouldn’t work?

Look in your php.ini, or the output of phpinfo() to check for both. If you want to enable fopen, then the entry in php.ini should look like this:

;;;;;;;;;;;;;;;;;;
; Fopen wrappers ;
;;;;;;;;;;;;;;;;;;

; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
allow_url_fopen = On

I switched to Litespeed web server a while back and by default allow_url_fopen is set to Off and the curl library isn’t included. Check /opt/lsws/php/php.ini and make sure remote fopens are allowed!

Thanks Barry for helping me fix that.

PS. if you linked to this blog recently, feel free to save your post again. WordPress will ping my site again and this time the ping will get through.

20f1aeb7819d7858684c898d1e98c1bb

What is the significance of “20f1aeb7819d7858684c898d1e98c1bb”? It’s the MD5 hash of the name “Anthony” and was the password used by someone who broke into lightbluetouchpaper.org. Searching for the md5 hash was clever, but it won’t work for long because Ryan is working on securing the WordPress cookies and passwords.
In case you’re wondering, the hacker got in because the blog was running an outdated version of WordPress.

Tips to help keep your blog safe:

  • Keep all your software updated, not just WordPress. Make sure your plugins are updated.
  • Use a strong password. Don’t use words or sequences of characters like “12345” as your password. Make it a mix of characters and numbers.
  • Don’t ever store your database dump online in a place Google will index it. It is very easy to use a Google search to find it.
  • If you use public WiFi or a net cafe regularly, use SSL to secure the communication with your blog. Use the secure admin plugin for just this purpose.
  • If you use Firefox, install PwdHash. It’s simple to use and works really well.

WordPress MU admins – Fire up phpmyadmin and look at wp_users. Try these sql queries to find weak passwords in your database:

SELECT count(*) FROM `wp_users` WHERE user_pass = md5(‘wordpress’);
SELECT count(*) FROM `wp_users` WHERE user_pass = md5(‘12345’);
SELECT count(*) FROM `wp_users` WHERE user_pass = md5(‘qwerty’);
SELECT count(*) FROM `wp_users` WHERE user_pass = md5(‘anthony’);
SELECT count(*) FROM `wp_users` WHERE user_pass = md5(‘Anthony’);
and because of the season:
SELECT count(*) FROM `wp_users` WHERE user_pass = md5(‘christmas’);

Scary isn’t it how many people still use simple passwords? I must release that “Strong password” plugin we use on WordPress.com soon. That will certainly help avoid account hijacking.

Spy on your visitors with Blog Voyeur

Do you ever wonder what pages your regular visitors look at? Do they dig deep into your blog exploring old posts or do they sit in their feed reader and only read your latest posts?

By using my Blog Voyeur plugin you can find out.

This is the first release of the plugin. It appears to work well on the couple of blogs I tried but your mileage may vary. Download link is on the Blog Voyeur homepage above.

blogvoyeur screenshot

Subscribe to comments?

Pass the word around. If you use the very popular Subscribe to Comments plugin by Mark Jaquith, you should download version 2.1.1 download the development version instead. (thanks Baris!)

The previous version has a small but annoying bug. If you approve comments from several posts at one time, everyone subscribed to those posts will get notifications for all the approved comments! Mark applied my patch 3 weeks ago but people are slow to update.

In the last 3 days I’ve received extra notifications from 2 blogs. I emailed the first blog owner, but then Pat moderated some comments this morning and I decided this was the easiest way to get the word out!

Go on, update your plugin! Your blog visitors will thank you!

Fair use of photos on Youtube?

You probably remember the Web 2.0 bubble video that did the rounds recently. Funny wasn’t it? Unfortunately the authors of that video never asked for permission to use many of the photos featured in it. Jim asks if that was fair? Lane Hartwell is one of those photographers. She wrote of her frustration with people stealing her work. The video is viral in nature, and features the website of the creators at the end so it’s got commercial value for them.

Unfortunately the video is not available any more. Doesn’t that suck? If only they had respected the rights of the photographers involved.

Links …

  • I finally upgraded Blogs.linux.ie to the very latest WordPress MU, with caching by WP Super Cache. The version that was on there was so old the table names still used blognames, rather than blog_ids. A small shell script I wrote and a database backup made it easy to script the upgrade. Registration is disabled for the moment, and email me if you have problems logging in. On another note, if you use Tribby Board, add a few indexes to the board table. That app dragged the whole of linux.ie down with all the spam that was going into it.
  • Movabletype went GPL yesterday! That’s great news for the MT community!
  • Did you know that RTE Radio 1 is for sale? Going cheap at a 1 Euro. (via Kae)
    rteradio1forsale
  • Oh oh. mbr love note. Thanks nikolay!
  • The WordPress Podcast gave my super cache plugin a glowing review. Charles did murder my surname, but I’ll forgive him. Must put an mp3 of me saying my name on the about page or something.
  • Two amazing photos from flak photo: Moving—Eric and Many Shades of Pink

Blogs in Plain English

What’s the big deal about blogs? Haydn rang me this morning because he’s doing research on blogs and I remembered Joseph mentioned this video on IRC. This is a reminder from the Common Craft folk that not everyone knows what a blog is, or why they’re a great communication tool.

If you’re reading this and thinking about setting up your own website, watch this short three minute video and you may well decide to start a blog. Nice to see WordPress.com get a mention too!

This town needs an enema

“This town needs an anema”. That was a line from last week’s “A town called Eureka” and I knew I recognised it. It was a line in the original Batman movie! I couldn’t find a clip of this scene, but here’s the first level of Batman the Movie on the Commodore 64!

How We Met

A short movie shot on the human body. Cool idea and nice story. Here’s the “making of” video.

  • A long list of WordPress MU plugins.
  • I’m sure not everyone knows about the recent activity page on Flickr. Check it out and subscribe to the feed to track comments to your stream.
  • So, you’re comfortable with the web, you can find your way around. Take it for granted? Of course you do. George Barr explains the significance of the web for photographers.
  • The Expressive Moment in Street Photography – this is so hard to accomplish. Many of my street shots lack that expressive moment. Must try harder.
  • Funny photography videos. Love that myspace one!
  • Elly and Tom both ask if Blognation is in meltdown. Seems that wages have not been paid in some time. I see Conor’s last post was yesterday. Hope things get sorted out.
  • Oh great! Another story to reinforce the stereotype of the drunken Irishman!
  • The Sociability plugin for WordPress displays a nice message to Digg and Stumbleupon visitors encouraging them to add a vote for your post. I haven’t looked at it yet. I wonder if it’ll work with Super Cache?

PS. Looking for a Budget 2008 calculator? Try the one at tax123.ie. Via Keith.

Digg users will love this

Version 0.5.1 of WP Super Cache is now available! This release of the plugin will be especially useful for Digg and Slashdot users who experience really huge traffic spikes.

This post has been dugg! Add your Digg here! I doubt it’ll get anywhere near the front page at this stage as it’s only collected 3 diggs in 7 hours. Once it hits 24 hours it disappears forever.

supercache-directfiles

After submitting a site to Digg, some people do the following to get every last ounce of performance out of their WordPress blog, especially on an underpowered server:

  1. Clear the cookies from their browser so the comment form won’t be filled in. (or use a second browser).
  2. Visit the page they submitted to Digg and save it to their desktop.
  3. Open an ftp programme, and recreate the path to the page. Then upload the saved file as “index.html” to that directory.
  4. Finally, after the Digg subsides 24 hours later, remember to remove the directory structure and index.html.

The new version of WP Super Cache automates all the above. You do have to make your blog’s root directory writable by the webserver, but you’re warned continually that this is a major security risk and reminded to make it read-only again.

Download it here: wp-super-cache.0.5.1.zip

How does it perform versus the regular static files the plugin creates? In most situations you won’t notice any difference, but when there are tens of thousands of requests hitting your server for one particular page, I find that Apache has trouble keeping up.

In other developments, I added checks for PHP safe_mode. Unfortunately safe_mode stops WP Super Cache working properly. I’m glad to see Mark applied my patch for Subscribe to Comments! No more stray emails if you use the moderation queue to approve comments from many posts!

WIP: Blog Voyeur and Custom Akismet screenshots

Here’s a sneak preview of some stuff I’m working on, besides WP Super Cache and WordPress MU.

First of all, there’s my Blog Voyeur plugin. It’s a visitor logging plugin like many other ones, but this one only records hits from users who have left comments here. The screenshot below is what you see in the backend listing page. I took out the names of the users for privacy reasons but so far it’s worked quite well. I’m not sure yet if this plugin will see the light of day. After discussing this with Mark he came up with some possible uses for it. Inventive fellow is he. Comments in brackets by me.

“When I made that post yesterday criticising Matt, I wondered if he would look at it. Well now I know he did… and because he didn’t comment he’s guilty…” (paranoid?)

Match your cookie thing with crazyegg 🙂 (excessive?)

Have a popup – “Hi Matt!” (annoying?)

See returning user, see no comments so send them an email asking for their views on the posts they did not comment on. (obsessive?)

voyeur-list-t.gif

I mentioned this second plugin already. It’s a modified version of Akismet. You can download it yourself if you want to play with it. If someone else wants to take it further feel free to. It’s all GPL code. I’m posting a screenshot because it’s amazing to see so much spam from one IP address in only a few days. Just goes to show what a good job Akismet does.

akismet numbers
Close

Ad-blocker not detected

Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Here are a few options.

  • uBlock Origin is a free, open source, ad blocker for your browser.
  • Use pi-hole if you have a spare Raspberry Pi on your network.
  • Set the private DNS settings on your phone to dns.adguard.com to block adverts and trackers.