Nur Ahmad Furlong

Category: Plugins

  • Time to secure my wordpress sites more seriously

    My WordPress site has been hacked by the Pharma Hack.

    Pharma Spam Hack

    It’s sad yes, I know, I should have properly secured my site years ago. I assume one of the reasons my site was hacked was due to a large portion of my print design portfolio containing Pharmaceutical Ad Campaigns. The hack was spotted by a good friend @mozami who noticed my google listing had loads of Pharma keywords which had nothing to do with my site.

    This hack has cost me dearly with regard to my site’s SEO health which dropped dramatically as soon as it hit. I haven’t been taking care of this site much for some time though so I only noticed it way later which is even worse for the SEO ranking points I’ve lost over an extended period of time.

    I reported the incident to Google via their webmaster tools but it took quite some time after they acknowledged my report until the Pharma keyword listings were finally removed. The Pharma hack is one of those which are particularly nasty in many cases is hidden files many times undetectable at a glance are added which means your entire WordPress installation needs to be cleaned out and restored with a fresh copy. This includes your theme’s files, plugins, the works.

    Security Plugins are Dime a Dozen

    I’ve since tested and implemented quite a range of plugins, some extremely simple but hardly effective at all and other’s extremely complicated and sensitive to the extent that I even managed to block myself from access my dashboard.

    Secure WordPress with Website Defender

    One of the plugins which seems to work really well currently is Secure WordPress, which applies a few initial fixes and then linked to a Website Defender account tracks additional vulnerabilities and hack attempts and reports them via a highly intuitive dashboard. The system even tracks when your site goes down and reports it to you as soon as it detects downtime.

    Websitedefender dashboard

    In the dashboard you’ll see possible vulnerabilities listed according to their urgency level, and clicking on each one gives much mroe detail of what the problem could be, how it may affect your site and how to resolve this issue. Of course not all the files and problems detected are “real” threats, so you have the option of setting the issue as resolved or to ignore. This allows you to keep a realistic view of what remains to be fixed and what the threat level of your site currently is.

    Websitedefender issuesreport

    The plugin also provides the solution, with additional links to external sites which discuss the particular security threat posed by the issue being viewed.

    Securitythreat solution

    After applying some of the fixes and marking them as completed the Website defender Dashboard reflects the current updated threat level so I always have a good idea of the security health of my site. When new issues are detected I get emails notifying me of these new possible threats and my security level changes accordingly.

    Initial Threat Detected

    New Threat Level

    These fixes are by no means exhaustive and there are many ways of hardening the security level of your WordPress site.

    A few simple security tips include:

    • Use a non-standard database table prefix when setting up your site in the beginning. wp_ is the standard one
    • Don’t use “admin” as your default admin username, choose something unique
    • Keep your WordPress updated to the latest version. This should include plugins as well. Hackers can exploit vulnerabilities in older versions of WordPress to get into your ย site.

    John Hoff at securemyblog.com has some excellent advice, video tutorials as well as an E-Book covering the topic of website security.

  • WordPress “Custom” Post Types, Taxonomies and Write Panels

    The WordPress developer community is a buzz with a new “Custom” set of lingo which seems to be dominating the airwaves of late. With the release of WordPress version 3.0 a whole host of new custom features have been added to our favourite Content Management System(CMS) platform taking it way further along the line towards official CMS status.

    Custom Post Types

    Though Custom Post Type’s existed pre-3.0, it’s only really been fully embraced now that people have started writing tutorials and guides on how to make use of these sometimes difficult to explain new content types. A Custom Post Type(CPT) is basically a unique type of content which can be given it’s own definition, it’s own Taxonomy(ie. basically a labelling system) and it’s own set of templates to govern how these content types are used and displayed.

    Custom Post type: Unique Data type like Subject, Product, Book, Movie, Software etc

    Taxonomy: Subject Label, Product Label, Book Tag, Movie Genre, Software Type etc

    Write Panel/Meta Boxes: Interface to insert the various custom data via custom form fields other than the standard post or page editor

    I’m not about to rehash another tutorial on how these new beauties work as many have already done the job way better than I could, though I just wanted to mention a few ideas and thoughts and how I think this new feature changes the way we use WordPress.

    Below are a few excellent tutorials covering what Custom Post Types are:

    And some plugins which make creation and management of these super easy:

    Recently I’ve been fiddling around with various ways of using CPTs in order to streamline the way different types of content snippets are displayed as well as to simplify how the site administrator manages these content snippets. Alongside CPTs is another widely used feature allowing the ability to add Custom Write Panels. You starting to wonder what’s with the use of the word “Custom” now I can imagine.

    Custom Write Panels

    Custom Write Panels allow for setting up of special(customised/customisable) editor forms, to make adding and managing content which may be made up of connected bits of data much easier. Plugins like Flutter & PodsCMS have been around for a while allowing WordPress users to build their own write panels. Recently I had a situation where a client website which was making use of the Flutter plugin was upgraded to WordPress 3.0, rendering the flutter write panels inactive as the Flutter plugin is no longer under active development. This forced me to start taking a look at building write panels into the Theme’s Template files itself.

    Here are a few tutorials covering how to setup built in write panels into your theme using functions.php

    Taking it Further

    The next step in my exploration of these newer features is to allow site users, meaning those visiting the (front end)website, to interact with these custom content types by submitting their own content and updating the site via front end forms. There are a few plugins which cover user submitted content but the main contender here is Gravity Forms. It’s a paid for plugin but notwithout reason. This plugin has a wide range of advanced features. Unlike other forms plugins it allows complete control over the markup of the HTML form elements, backend functions and styling of the forms.

    Gravity Forms Plugin for WordPressForms can be built for mere feedback submission or more advanced functionality. I’m looking at using this to build in user submitted content for a Business Listing website as well as a questions and answers website. The plugin also has add-on integration with 3rd party services including Mailchimp( email newsletter management), Campaign Monitor (email campaign management) & Freshbooks(Online invoicing service).

    The plugin also supports inclusion of additional HTML content into forms, conditional form fields which can be activated depending on which other form fields are selected, Advanced email notifications, Dynamic form field population and a whole range of other customized features not found in most other form building plugins.

    Want a $80 Off Gravity Forms Developer License?

    If you’re interested in purchasing the Gravity Forms Developer License which I highly recommend, you can get a discount of up to $80 by using these 2 discount codes when purchasing:

    • Gfdev50 โ€“ $50 off
    • Seodenver โ€“ 20% further off

    So after that shameless promotion, lets continue. A quick search through the wordpress plugin directory will reveal just how many Custom Post Type related plugins are currently in circulation, making this one of the favourite current features for customizing wordpress display and functional characteristics.

    GD Taxonomies Tool

    GD Custom Posts And Taxonomies Tools is a plugin that can be used to expand custom taxonomies and custom post types support. Plugin adds many tools including custom post types and taxonomies management and widget for taxonomies terms cloud.

    Post Type Switcher

    A simple way to change a post type in WordPress.

    I’ve used this plugin successfully when wanting to switch old posts or pages over custom post types after making some modifications to existing sites’ content structure.

    This plugin lets you take advantage of the WordPress 3.0 custom post type feature, and create your own post type. The plugin allows you to add a set of fields attached to your new post type, so that in the edit and add new windows a new box will show with the fields defined. Each field added will be saved in the WordPress Database as a custom field, so that you can take advantage of the standard WordPress query rules to list your content on the page template.

    Custom Post Type UI

    Last but most certainly not least in Custom Post Type Management is the “go to” plugin for easy creation and management of Custom Post Types and their associated Taxonomies.

    This plugin provides an easy to use interface to create and administer custom post types and taxonomies in WordPress.

    It’s compatible with wordpress 3.0.1 and includes settings for controlling the finer details associated with each post type.

    Verve Meta Boxes (custom write panel builder plugin)

    Once you’ve got your post types created you’ll need a tool to manage custom data fields. As mentioned previously Custom Write Panels can be built into your theme but they’re notoriously hard for the newbie and can be really time consuming to setup. I prefer the quick fix in most cases and Verve Meta Boxes provides a clean and simple solution for building Meta Write Panels and associating them with Custom Post Types.

    Now go change the Web the easy way

    So what are you waiting for, go on and dive into Custom Post Types and change the way WordPress can be used. We’ve seen people make some really crazy things with WordPress in the past and the potential for experimentation has increased so much more now.

  • New WordPress site for 2010 WorldCup Fan Accommodation

    I’ve hardly slept over the last week bashing my fingers against my keyboard trying to get this site out as quickly as possible. The site is called fani.am, (That’s Fan i am), which is a 2010 World Cup Accommodation site. This one really challenged me with some of the intricate post associations I had to string together, and with the addition of a couple of extra plugins to add some key features I’m really excited about this one.

    Take a quick look Design and I’ll explain a bit about what’s under the hood of this one.

    Homepage of the fani.am fan accommodation site
    Homepage of the fani.am fan accommodation site

    I really enjoyed designing this one and also trying out a few CSS3 features like rounded corners & Text Shadows. IE6 users, there’s a special treat for you as well. ๐Ÿ™‚

    Custom Fields

    The most hectic part of this site by far was the wordpress wrangling which takes place in the background. Using loads of WordPress custom fields, some for data and some for associating certain post types like matches, with accommodations and with the teams playing the matches, we were able to weave separate categories of posts into an intuitive mixture of information. Custom field have been managed entirely by the flutter plugin’s write panels, which helped make this site extremely easy for novice user to populate with content.

    Fan i am Team Facts sidebar widget
    Fan i am Team Facts sidebar widget

    Conditional Statements

    Using WordPress conditional statements, as well as some conditional Custom field statements we were able to easily pull the correct set of posts for each team, venue or accommodation. The sidebar also gets populated with related widgets displaying content for each type of page you arrive on.

    Picture 71
    Associated Matches, accommodations & attractions

    Dealing with images

    I was a little disappointed about the current state of the built-in WordPress gallery system. You’re still not able to easily pull individual images based on their order in the gallery and can only really pull an entire gallery. The attached image plugin helped pull the first gallery image which was great. Flutter’s image management and upload functionality was ok but could do with the auto generation of thumbs & other sizes which the built in WordPress image uploading performs. Flutter’s image crop & resize functionality just doesn’t work at the moment, though the rest of it’s functionality, mainly write panels played a hige role in this website’s configuration.

    This site relies heavily on plugins for various features, which is one of the great things about WordPress. I know some geeky developers who swear they never use plugins, and that’s fine with me, though I or one love the fact that so much freely available functionality is just lying around ready to take advantage of.

    Plugins I’ve used & abused Include:

    • Flutter – custom write panels
    • Live Coundown Timer – counting down time to the Kickoff
    • My Favourite Posts – allows user to add their favourite accommodations to a sidebar bucket
    • Send to a Friend
    • Tweet News – Footer feed of tweets about FIFA
    • Google News – feed of news about the world cup from google
    • Twitter Widget Pro – Worked better than Twitter Tools
    • IE PNG fix – no need to fiddle with code
    • Sidebar Login – check the login panel top right
    • Cforms II – contact & booking forms
    • DISQUS – Advanced commenting system
    • WP Table Reloaded – Check the Match Schedule (quick & easy manageable tables)

    So far it’s been a really great project and Phase 2 promises to include some even more exciting social media additions. What do you think of this one?

  • A few ways Firefox rocks my day

    I’ve used Firefox for years & it’s grown into a real gem of a tool. Not so much for it’s standards support, but due to a great community of add-on developers. It’s also just geekishly cool & makes a huge difference in my day as a designer, developer, blogger & general surfer. A Few Reasons why:

    Firebug

    Firebug

    – ranks as my favourite add-on for FF. It makes my task of web dev so much easier, helps find problems and teaches me a few things about where I’ve gone wrong in my code.

    Fireftp

    Fireftp

    – Helps you upload to your sites from your browser in 2 ticks. It’s all right in front of you and makes for a nice seemless testing routine.

    Twitterfox

    TwitterFox

    – I did find tweeting a hassle without this add-on and now I find keeping track of my tweets & tweeple a breeze.

    GTD Inbox

    GTD inbox

    It takes your regular gmail & jacks it up for super web GTD. Projects, next actions and the works to keep you productive.

    Fireshot

    Fireshot

    I take a fair amount of screenshots & Fireshot makes it so easy to grab a screen, edit it and then do with it what you like.

    Scribfire

    Scribefire

    I just started using it & it already looks like a Windows Live Writer replacement. Faster & more convenient, I now blog and surf at the same time.

    So, What do you add to your firefox?

  • Miraculously my Categories have returned?

    So my cats are back in the wordpress hat!

    After some trouble with my comments going walkies, it seems all is well again in nomad-one land. Turns out the problem was caused by some quota limit which caused some plugin problems and not the plugins themselves so WP Super Cache and friends, my apologies. Donncha was kind enough to point out that the WP Super Cache plugin doesn’t have any code which can access the categories db at all. The WP-DBManager plugin by Lester Chan came in handy and allows you to repair damaged database tables, back-up and restore your database and generally manage and keep your wordpress db in tip-top shape. I recommend it highly as it helped me restore some data which seemed to have been lost.

    I’m at a loss for words right now and am hoping and praying that I will find a solution other than having to re-categorize my entire sites posts. Something randomly went wonky with my WP Super Cache Plugin which forced me to disable and then delete it. The result was total loss of post categorization, tagging references as well as loss of my entire blogroll.

    If anyone has a solution out there please let me know, I might even reward you if I can manage it. Be very very careful with plugins and remember to keep a regular backup, my last backup is more than a month old. Also export your blog content to an xml file regularly which will allow you to import it all into a new installation should you need to do so.

    YOU’VE BEEN WARNED!

  • WordPress Meetup Cape Town #2 Coming up soon

    Hi All you wordpress Gurus, Rockstars and enthusiasts out there. The second WordPress cape Town Meetup is closing in on us and registration is open. The first meetup was a great success even though numbers were relatively low but we expect a much larger turn-out for session 2.

    No payments necessary this time as the venue is being Sponsored by Jayz.co.za. So you’re interested in wordpress, you want to learn something or have some crazy wordpress skills and experience to share with others,head on over to the second WordPress Meetup in Cape Town on 26th March 2008.

    The Details

    Date: Wednesday 26 March 2008

    Time: 4pm – 7pm

    Location: Bandwidth Barn, 125 Buitengracht Street, Cape Town (map)

    What’s The meetup all about?

    Basically it takes on the style of an (un)conference and is very informal. We get together, bring some ideas,questions, problems, cool wordpressy stuff and share, present, ask and generally try to progress in our understandings of the platform.

    Branding the Meetup

    I’ve been working on giving the meetup a bit of a face and was wondering what you think of it. We’re hoping to turn this event in something of a feature and one which will build in momentum. I’m also looking to form a proper network of WordPress enthusiasts. The designs below are inspired by some designs developed for a previous wordpress based project.

    wordpressmag

    So let me know what you guys think of the logos and hopefully see those of you who can make it there. Please register by posting a comment on this post.