WordPress blogs can get hacked into fairly easily if the host has software that is outdated. Another thing that can put your WordPress blog at risk is if you don’t update the site and the plugins.

A friend of mine who is an art teacher at the local high school had her site hacked. She really didn’t have a clue how to fix it. Part of her problem was the hacker somehow got into the cpanel of the website where it was hosted (on Blue Host). Since that time, Blue Host may have increased security and they did send my friend a new, more secure password.

The hacker had made the home page say “by real_Karizma” and also made it impossible to edit any posts within the WordPress dashboard. When I logged into the cpanel, I was quite relieved to find that all the files and the databases were still there. Fixing the home page back to normal was easy. I replaced the index.php file that was in the folder of the theme that was in use. Fixing that file made the site look back like it should have when viewed in a browser. What took a bit longer to figure out was why, when logging into the WordPress site and not being able to see the entire dashboard. I was seeing the dashboard the way a user might see it if they did not have the administrator role.

I really didn’t want to take the entire site down, reinstall WordPress software and then restore the database to get all the content for the blog back on the site. My shortcut to this was to log back into the cpanel on the host and look at the database tables. (I backed up the database first using myphpadmin.)

Looking at the database tables in myphpadmin I noticed that there was data for the wp_users with the hacker’s name and email address. I deleted that user. That left the original user listed but the field code on the right side of the table had the number 2. I guessed (and it seemed to be a correct guess) that if I just changed that number 2 to a 1 that the user would have all the administrator roles assigned to them. To my delight, just changing that number in the database table fixed the problem!

The next thing to do was to update the blog to the latest WordPress version. Again, I lucked out that the plugins in use were compatible and the blog was still functioning correctly.

Technorati Tags: blog, fix, hacked, hacking, restore, undo, wordpress

I think there are too many automated commenting software tools around lately. I am using the Askimet plugin and another one to stop spam called:  WP-Spam Free, but they aren’t stopping the flood of ridiculous comments. I am about to make sure I am upgraded to the latest version of WordPress.  (I am not but will be as soon as I post this.)

I’ll try to post again to see if upgrading to WordPress 3.0.1 helps at all. I really don’t want to turn off the commenting features of my blog. So, if anyone has a tip to make these dumb comments stop, please let me know! Also, if I marked someone’s legitimate comment as spam, let me know and I will fix my error.

UPDATE: I looked up more ways to stop comment spam. In the WordPress Dashboard, under the Settings, there are a couple of places to either moderate or blacklist words commonly used in spam comments or you can enter the IP address of the spammers and moderate or blacklist those! Since I get repeat spam comments from some of the same people I used this feature (that I had not tried before) and so far it has successfully stopped most of the WordPress comment spam.

Technorati Tags: blogging, comments, Plugins, spam, wordpress

Gather the folders for all plugins and put them into one folder to speed up set up later.

Have your WordPress theme selected and downloaded and put it in a folder you can find easily.

Step 1: Log into the cpanel of the site and click on Fantastico Icon

Step 2: Select wordpress and install wordpress (which installs the core files) 

Step 3: Log out of the cpanel and launch your FTP software. Using FTP, copy the folder of the theme into the wp-content/themes folder

Step 4: Using FTP, copy the folders of the plugins into wp-content/plugins folder

Step 5: Log into WordPress dashboard on one site, go to Appearance and select/activate the theme.

Step 6: Go to Plugins and ativate plugins – also for any plugin that requires it, look under Settings for that plugin to add information. One example is the All-in-one SEO plugin that will need the title, description and keywords added.

Step 7: Go to Settings (on the dashboard) and select “General” to check that the url and email are showing correct info

Step 8: Under Settings, select “Writing” and add the Update Services that you want to ping

Step 9: Under Settings, select “Permalinks” and change the Custom Structure to /%category%/%postname%/  … or just to /%postname%/ (note, I recommend this for advanced users only – it will require an .htaccess file and that can get complicated).

Step 10: Click Pages on the Dashboard and add or edit pages for “about us” and other pages if necessary (such as terms or privacy policies) – a Contact us page can be added with a form in it too if you are using a plug in such as cformsII.

Step 11: Select Appearance and then select widgets to add items to the sidebar of your blog (if you are using widget ready themes).

Step 12: Click “Posts” from the dashboard and select “Categories” – enter the categories you want posts to be shown under

Now your blog is ready for you to write your posts. Go to it, and be original, add value with what you share and be interesting!

Note: If you are setting up multiple websites, keep a matrix (using an excel spreadsheet or create a Word file or even a Google doc) of the urls and cpanel logins, as well as wordpress user names and passwords for easy reference.

Technorati Tags: checklist, new wordpress blog, Plugins, set up, setup, steps, WordPress Tips

Here are a few things that are recommended to do – especially for those of you that host your own blog:

1,  Keep your version updated

2.  Update/ugrade your plugins

3.  Backup your database

Easy Way to Get the Latest Version of WordPress

The older, unpatched versions of WordPress (older than 2.8.4) are not secure and are vulnerable to being attacked by a worm that will infect your site. This is what WordPress.org says about it:

Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.

These things are similar to doing routine maintenance on an automobile – and the ones I am recommending are as easy as putting in windshield wiper fluid or adding oil to your engine. I won’t recommend the ones that would be as difficult as doing a complete oil change (because I am too busy to do any of these things the long and boring way). So, my recommendations are to use more automated methods (which have been created by brilliant programmers for people like me to use – I am not a programmer).  I have written before about a plugin that helps you upgrade your WordPress to the latest version in an automated step-by-step process. And really, this is so easy! You don’t have to download software and know anything about programming. All you need to do is download a plugin and put it in the “plugins” folder. To get the plugin go here: Download Upgrade Plugin. Then you log into your wp-admin (WordPress admin) dashboard. Click on the Plugins on the left, activate your new plugin. Then, at the top of your WordPress administrative dashboard a prompt will appear that says, “Click Here to Automatically Upgrade WordPress to latest Version.” Basically, if you click that there will be instructions that walk you through upgrading. It’s so easy to do, and it will keep your site more secure.

Update/upgrade WordPress Plugins

I also think you should try to keep any plugins updated. Here is some good information on the WordPress.org site about site maintenance – http://codex.wordpress.org/WordPress_Site_Maintenance. Ugrading plugins usually only requires you to click the “update now” links on the plugins page. Sometimes you may have to actually download the latest plugin and then upload it to your hosted files.

Keep Backups of your WordPress Database

After you get your site upgraded, there is also a plugin to use to have backups of the database (which holds all the posts, comments, user and other data for your blog). If you were ever to experience a site problem or hosting problem, you can use the backups to set your site back up. My favorite plugin for scheduling these backups is the WP-DB-Backup plugin. This one is really easy and can be downloaded here: WordPress Database Backup.

Technorati Tags: database, latest version, maintenace, Plugins, security, update, upgrade, virus, wordpress, worm

For those that have asked me about the WordPress plugin called Caffeinated Content, I’ve created a document that gives you a look inside – and shows exactly how to install and use the plugin. This is from a slide show and converted to a PDF – so you can download it here:

Get the guide: 7 Steps to Using Caffeinated Content

Remember, after you download this file, if the pages are not oriented to read on your monitor, use the View menu to rotate the view. If you don’t have this plugin, you can get it from the creators at  Kansieo – Caffeinated Content for WordPress. (where they have lots of information and more instructions, too).

Hope this helps you understand the power of this useful plugin!

Technorati Tags: auto content generator, Caffeinated Content, Kansieo, WordPress plugin