Archive for the ‘ wordpress ’ Category

2012 in review

The WordPress.com stats helper monkeys prepared a 2012 annual report for this blog.

Here’s an excerpt:

4,329 films were submitted to the 2012 Cannes Film Festival. This blog had 17,000 views in 2012. If each view were a film, this blog would power 4 Film Festivals

Click here to see the complete report.

Advertisements

The easiest, most effective way to secure WordPress Sites

WordPress Site security : How To Avoid hackers

1. Place the below on functions to hide WordPress version.
function remove_wp_version() {
return ”; //returns nothing, exactly the point.
}
add_filter(‘the_generator’, ‘remove_wp_version’);

2. Activate the plugin Better WP Security and configure it.

3. Change folder permission
For Directories:  755
For Files: 644

4. Protect config file on htaccess
php>
order allow,deny
deny from all
</Files>

5. No directory browsing. Add the below code on htaccess
# directory browsing
Options All -Indexes

6. Prevent Access To wp-content
Order deny,allow
Deny from all
<Files ~ “.(xml|css|jpe?g|png|gif|js)$”>
Allow from all
</Files>

7. Protect .htaccess
Hh][Tt][Aa])”>
order allow,deny
deny from all
satisfy all
</Files>

8. Securing wp-includes
# Block the include-only files.
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ – [F,L]
RewriteRule !^wp-includes/ – [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]
RewriteRule ^wp-includes/theme-compat/ – [F,L]

# BEGIN WordPress

9. Help Prevent “Content Scrapers”
RewriteEngine On
#Replace ?mysite\.com/ with your blog url
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
#Replace /images/nohotlink.jpg with your “don’t hotlink” image url
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]

Make sure to replace “mysite” with your website’s URL and “/images/nohotlink.jpg” to the path of your image.

10. Protect Your WordPress Blog from Script Injections
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

11. Things to avoid when choosing a password:

Any permutation of your own real name, username, company name, or name of your website.
A word from a dictionary, in any language.
A short password.
Any numeric-only or alphabetic-only password (a mixture of both is best).

12. Change username of “admin.”  and Admin user id 1 to something else

13. Change the table_prefix: Many published WordPress-specific SOL-injection attacks make the assumption that the table_prefix is wp_, the default.
Changing this can block at least some SQL injection attacks.

14. Remove unused themes and inactive plugins from WP-content folder.

15. FTP : When connecting to your server you should use SFTP encryption if your web host provides it.
If you are unsure if your web host provides SFTP or not, just ask them.
Using SFTP is the same as FTP, except your password and other data is encrypted as it transmitted between your computer and your website.
This means your password is never sent in the clear and cannot be intercepted by an attacker.

16. Scan your site frequently.
http://sitecheck.sucuri.net/scanner/

Automatically Backup Your WordPress Site to Google Drive – Version 2

We have released new version(v2) on wp google drive plugin to make back of your wordpress site files to google drive in efeectivemanner.

http://wordpress.org/extend/plugins/wp-google-drive/

Exclusive tutorial on How to Backup your WordPress blog to Google Drive. It is always recommended to backup your WordPress blog, which includes files (themes, plugins etc) and SQL tables (all your blog posts, comments, drafts etc are stored as tables in database).

Whenever your blog is gone (due to unsecured activities or some other reasons), these backups will help to get back your blog. In some cases, using 3rd party plugins and themes can also lead to malfunction of your blog, here also these backups helps to retain back your blog.

Reasons to Backup WordPress Blog to Google Drive

  • Its a Google Product and is free to use up-to 5GB.
  • Can get access to backups on any of the devices like Smartphones, Tablet PC’s, Laptops etc.
  • Backups will be uploaded in quite less time (sometimes based on internet connection also).
  • Highly Secure and reliable service, so there wont be any loss of data in the process.
  • Backups can be shared with your blog partners (if have any) with a single click of mouse

How to Backup WordPress blog to Google Drive

Download and Install Google Drive for WordPress plugin from official WordPress plugin repository.

Google Drive for WordPress Plugin »

Please see the video for plugin process.

Here is the step-by-step guide that helps to backup your WordPress blog to Google Drive. Brief list of things you have to do in this tutorial:

  1. Login to Google API and create a Client ID in it.
  2. Authorizing the Plugin by using Client ID and Client Secret.
  3. Setting up the plugin frequency to take backups.

google-drive-plugin

  • Go to “API Access” tab and click on “Create an OAuth 2.0 client ID”

backup-wordpress-blog-google-drive-api-access

backup-wordpress-blog-google-drive-api

  • Go to “API Access” tab and click on “Create an OAuth 2.0 client ID”

google-drive-api-access

  • In the pop-up window, give a product name and upload logo before clicking on “Next” button.

google-drive-create-client-id

  • By default “Web Application” will be selected and don’t change it.

google-drive-client-settings

  • In “Your site or hostname” section, click on “More Options” to expand link sections.

google-drive-client-id

  • Now, paste the link in the “Backup Settings” page here. Enter domain name in “JavaScripts” origin field.

google-drive-insert-url

  • Click on “Create Client ID” and you have successfully created a Client ID using Google API Console.

google-drive-dashboard

  • Copy the Client ID and Client Secret from API dashboard and paste them in “Configure Google” page.

  • You have to authorize the plugin by clicking on “Allow Access” button.

google-drive-permissions

  • Allow Access to the Plugin and the entire setup has been successfully installed.

Check Out : WordPress Plugin

How to automatically Backup WordPress blog to Google Drive

  • Now, you can configure this plugin further by entering the custom folder ID of your Google Drive.
  • Also define the maximum number of backups (use any positive integer in that field).
  • Set the frequency of backup and everything will be automatically stored in your Google Drive.

    Backup Settings:

    1. You can name your backup directory, any name you like just enter it on text box.
    2. Mail Options : Enable this option to receive mail notification after successful backup on google drive.
    3. Schedule Backup:You can schedule a backup duration here. Based upon the Scheduled time, it will automatically perform schedule backup to google drive.
    4. Manage database :
    –Check yes, if you want to keep Database backup
    –Check the option if you want to exclude particular tables from backup
    –Always keep a recent backup of your site.Here you have option to keep most recent backups.
    Select how many you want to maintain on your server.
    –If you want, you can move particular backup folder to google drive.
    5. Manage Files:
    –Check option to exclude files from backup
    –Select how many backups you would like to maintain on your server.
    –If you want, you can move particular backup folder to Google drive.
    6. On-time backup: For immediate backup.

    FYI:

    Both schedule backup and Ontime backup will works based upon your files selection on Manage database and Manage Files section.

Explore the REST API

I have had the pleasure of working with the WordPress.com REST API over the past few weeks and am very excited to start “dogfooding” this resource everywhere I can. One cool feature is that all the endpoints are self-documenting. In fact, the documentation for the REST API is built by the API itself! With this information we were able to build a console to help debug and explore the various resources that are now available through the new API. So let me introduce you to the new REST console for WordPress.com. A word of caution: the console is only available when you are logged into WordPress.com and is hooked up to the live system, so be careful with your POST requests! At its simplest you can supply the method, path, query, and body for the resource you wish to examine (it’s pre-populated with /me). Press “Submit” to see the response status for your request and an expandable JSON object that you can explore. All links listed under meta are active, so click one to make another request. To get a better idea of what kind of parameters a request can take, select it under the “Reference” section. It will then provide an interface with some contextual help to let you know which path, query, and body parameters it accepts, what each of those parameters are for, and a field for you to provide the value.

Explore the REST API.

 

Introducing WordAds

Introducing WordAds.

2011 in review

The WordPress.com stats helper monkeys prepared a 2011 annual report for this blog.

Here’s an excerpt:

The concert hall at the Sydney Opera House holds 2,700 people. This blog was viewed about 9,300 times in 2011. If it were a concert at Sydney Opera House, it would take about 3 sold-out performances for that many people to see it.

Click here to see the complete report.

8-9 Quake Strikes Japan Triggers Tsunami

Japanese television is showing horrific pictures of a wall of water swallowing everything in its path following a massive 8.9 magnitude earthquake struck off the northeast coast of Japan.

The quake has triggered a tsunami already that’s washing away cars and houses inland in the north-east of the country. Television showed cars bobbing in water alongside fishing boats.

A 10-metre tsunami warning has been extended for the coast in the region.

The tsunami warning was issued to most of the Pacific coast of the main island of Honshu, broadcaster NHK reported. People are being told to get to higher ground.

The quake was initially listed as 7.9 magnitude, then upgraded to 8.8, then 8.9 by US Geological Survey. A series of aftershocks followed including one of around 7 magnitude.

The epicentre of the quake is believed to be in the north of Japan, in the Honshu area.

The quake caused buildings to shake in the capital Tokyo, triggering at least one building fire, NHK television and witnesses reported. Around four million homes are without power in Tokyo, and several people have been buried in a landslide.

Many sections of Tohoku expressway serving northern Japan are damaged and there is a major fire at Chiba refinery near Tokyo.

The BBC is reporting it as a “mega-quake”.

Narita airport, Tokyo’s main airport, has been closed. A number of people are believed to have been injured during a graduation ceremony in Tokyo when a roof collapsed.

The public broadcaster showed black smoke billowing from a building in Odaiba, a Tokyo suburb, and bullet trains to the north of the country have been halted.

“The building shook for what seemed a long time and many people in the newsroom grabbed their helmets and some got under their desks,” Reuters correspondent Linda Sieg said.

“It was probably the worst I have felt since I came to Japan more than 20 years ago.”

The US Geological Survey verified a magnitude of 8.8 at depth of 24.3kms and located the quake 130.3kms east of Sendai, Honshu. The stock market extended its losses after the quake.

Japan’s northeast Pacific coast, called Sanriku, has suffered from quakes and tsunamis in the past and a 7.2 quake struck on Wednesday. In 1933, a magnitude 8.1 quake in the area killed more than 3,000 people. Last year fishing facilities were damaged after by a tsunami caused by a strong tremor in Chile.

There are believed to be 3500 New Zealanders in Japan, and 1600 in Tokyo.

Civil Defence in New Zealand says a tsunami is possible in New Zealand, but it is still monitoring the situation and it would be 11 hours away.

%d bloggers like this: