security

You are currently browsing articles tagged security.

WordPress for Genealogy

October 13, 2009 in Did you know ..., Site Development, Web Developer by admin | 1 comment

For those of you out there interested in seeing a genealogy site built using ‘mostly’ WordPress, please visit ManyRoads.  Obviously the site is one of mine (my family genealogy).  However, I think it provides a pretty decent example of what you can do to slice and dice a ‘bunch’ of information into a ‘pretty useful’ format.

I have tried to use a plugin for the genealogy database backend (TNG).  Security remains a problem for that plugin, in that it does not work for me.  However I do have a single set of logins between the two systems and databases when used in the manner seen on the site. As is likely obvious, the ManyRoads site uses a large number of plugins including (Revised list as of 29 January 2010):

  • Akismet - Akismet checks your comments against the Akismet web service to see if they look like spam or not. You need a WordPress.com API key to use it. You can review the spam it catches under “Comments.” To show off your Akismet stats just put <?php akismet_counter(); ?> in your template. See also: WP Stats plugin.
  • All in One SEO Pack - Out-of-the-box SEO for your WordPress blog. Options configuration panel | Upgrade to Pro Version | Donate | Support | Amazon Wishlist
  • AStickyPostOrderER - AStickyPostOrderER lets you customize the order in which posts are displayed per category, per tag, or over-all, in WordPress 2.3+ blog. Useful when using WordPress as a Content Management System. Now with pagination of post lists.
  • AVH First Defense Against Spam - This plugin gives you the ability to block spammers before content is served.
  • Bad Behavior - Deny automated spambots access to your PHP-based Web site.
  • Category Order- The Category Order plugin allows you to easily reorder your categories the way you want via drag and drop.
  • cforms- cformsII offers unparalleled flexibility in deploying contact forms across your blog. Features include: comprehensive SPAM protection, Ajax support, Backup & Restore, Multi-Recipients, Role Manager support, Database tracking and many more. Please see ____HISTORY.txt for what’s new and current bugfixes.
  • Collapsing Blogroll- Output the built-in blogroll where the shortcode [collroll] is placed in the post/page. The categories can be collapsed.
  • Count Per Day- Counter, shows reads per page; today, yesterday, last week, last months … on dashboard and widget.
  • Dagon Design Sitemap Generator- Generates a fully customizable sitemap
  • EG-Series- Better organize and highlight your posts by grouping them into series.
  • Enhanced Links- Allows to get better control over the links listing. Also provides a widget view of the links. Please make a donation if you are satisfied.
  • Enhanced Recent Posts- A plugin for wordpress which enhances the built-in “Recent Posts” widget. Please make a donation if you are satisfied.
  • Exclude Pages from Navigation- Provides a checkbox on the editing page which you can check to exclude pages from the primary navigation. IMPORTANT NOTE: This will remove the pages from any “consumer” side page listings, which may not be limited to your page navigation listings.
  • Flexi Pages Widget- A highly configurable WordPress sidebar widget to list pages and sub-pages. User friendly widget control comes with various options.
  • Global Post Password- Enables you to define a global password for all password-protected posts. Click here to change the password.
  • Google XML Sitemaps- This plugin will generate a special XML sitemap which will help search engines like Google, Yahoo, Bing and Ask.com to better index your blog.
  • Hana Flv Player- The best way to embed Flash Player and Flash movie in your WordPress Blog. Includes GPL Flowplayer and OS FLV player. Usage: [hana-flv-player video='/source_video.flv' /]
  • Hungred Feature Post List- This plugin is design for hungred.com and people who face the same problem! Please visit the plugin page for more information.
  • Just One Category- On a category’s archive page do not show posts from that category’s children categories unless those posts are also a member of the original category in question. Based on Front Page Categories by Ryan Boren.
  • List category posts- List Category Posts allows you to list posts from a category into a post/page using the [catlist] shortcode. This shortcode accepts a category name or id, the order in which you want the posts to display, and the number of posts to display. You can use [catlist] as many times as needed with different arguments. Usage: [catlist argument1=value1 argument2=value2].
  • My Page Order- My Page Order allows you to set the order of pages through a drag and drop interface. The default method of setting the order page by page is extremely clumsy, especially with a large number of pages.
  • NextGEN Gallery- A NextGENeration Photo gallery for the Web 2.0.
  • OpenBook- Displays a book’s cover image, title, author, and other book data from Open Library.
  • p2pConverter- This plugin allows you to easily convert a post to a page and vice versa through an easy to use interface. You may either click on your Manage tab in Administration, and you will see a Convert option under Posts and Pages sub-tabs, or click Convert while editing a post or page in the bottom right side bar. A p2pConverter role capability prevents unwanted users from converting pages (i.e. only Administrators and Editors have this ability), which can be adjusted by using a Role Manager plugin.
  • Page Links To- Allows you to point WordPress pages or posts to a URL of your choosing. Good for setting up navigational links to non-WP sections of your site or to off-site resources.
  • pageMash- Manage your multitude of pages with pageMash’s slick drag-and-drop style, ajax interface. Allows quick sorting, hiding and organising of parenting.
  • PollDaddy Polls- Create and manage PollDaddy polls and ratings in WordPress
  • RB Internal Links- Link to other blog posts and pages without specifying the full URL. Uses a UI to ease finding the post or page you want to link to.
  • Redirection- Manage all your 301 redirects and monitor 404 errors
  • Secure WordPress- Little basics for secure your WordPress-installation.
  • SEO Smart Links- SEO Smart Links provides automatic SEO benefits for your site in addition to custom keyword lists, nofollow and much more.
  • SI CAPTCHA Anti-Spam- Adds CAPTCHA anti-spam methods to WordPress on the comment form, registration form, login, or all. This prevents spam from automated bots. Also is WPMU and BuddyPress compatible. Settings | Donate
  • SidebarTabs- sidebarTabs allows you to easily widgets into Tabs
  • Simple Tags- Extended Tagging for WordPress 2.8 and 2.9 ! Autocompletion, Suggested Tags, Tag Cloud Widgets, Related Posts, Mass edit tags !
  • Snazzy Archives- Snazzy Archives is a visualization plugin for your WordPress site which creates completely unique archive pages.
  • Social Bookmarks- Adds a list of XHTML compliant graphic links at the end of your posts that allow your visitors to easily submit them to a number of social bookmarking sites. Use the plugin options under Dashboard > Social to configure it.
  • Subpage Listing- Displays a directory-like listing of subpages where <!–%subpages%–> exists in the content of pages. It will be displayed if a page is blank. txfx_wp_subpages() can be used to display subpages in the sidebar. See this plugin’s site for details.
  • TNG WordPress Integration- Integrates TNG (The Next Generation of Genealogy) with WordPress.
  • Topsy Retweet Button- Provides a Twitter retweet button powered by Topsy.
  • TreeMagic-Cypress- Way of making Internet and Intranet information easily accessible
  • Visitor Maps and Who’s Online- Displays Visitor Maps with location pins, city, and country. Includes a Who’s Online Sidebar to show how many users are online. Includes a Who’s Online admin dashboard to view visitor details. The visitor details include: what page the visitor is on, IP address, host lookup, online time, city, state, country, geolocation maps and more. No API key needed. Settings | Donate
  • WordPress Download Monitor- Manage downloads on your site, view and show hits, and output in posts. If you are upgrading Download Monitor it is a good idea to back-up your database first just in case. You may need to re-save your permalink settings after upgrading if your downloads stop working.
  • WP-phpMyAdmin- Provides phpMyAdmin from the WordPress admin console
  • WP-PostViews- Enables you to display how many times a post/page had been viewed. Modified by David Potter to include options for when and where to display view counts.
  • WP-Print- Displays a printable version of your WordPress blog’s post/page.
  • wp-scanner activator- This Plugin adds <!- wpscanner -> to enable wp-scanner to scan your blog.
  • WP-SpamFree- An extremely powerful anti-spam plugin that virtually eliminates comment spam. Finally, you can enjoy a spam-free WordPress blog! Includes spam-free contact form feature as well.
  • WP Render Blogroll Links- Outputs your Blogroll links to a Page or Post. Add [wp-blogroll] to a Page or Post and all your WordPress links/Blogrolls will be rendered. This extremely simple plug-in enables you to create your own Links page without having to write a custom template.The output can easily be styled with CSS. Each category with its links is encapsulated in a DIV with a classname called “linkcat”. All the links are attributed with the class “brlink”.
  • WP to Twitter- Updates Twitter when you create a new blog post or add to your blogroll using Cli.gs. With a Cli.gs API key, creates a clig in your Cli.gs account with the name of your post as the title.
  • YD Zoomify- This WordPress plugin allows for simple insertion of a Zoomify zoomable web image in a post content, page or template.

Tags: , , , , , , , , , , , , , , ,

WordPress Security

April 19, 2009 in Guides, Site Development by admin | 3 comments

There are numerous actions a prudent web admin can take to make their site more secure. In an effort to place the key safety precautions you can employ on a WordPress site I have gathered a number of actions from multiple sources and placed them here.

Please note that this posting is not original content, rather it is a merged aggregation from the references listed below.

Item 1.

Always Upgrade to the current version of WordPress

Upgrade your WordPress as soon as possible. Most WordPress releases patch security loopholes, fixes which are essential for your continued protection.

Item 2.

Change Default Passwords

That is the first thing to do, if you are still using the default 6 lettered admin password which is sent to you via e-mail. Give a tight and secure password with numbers and letters and symbols jumbled up so that granny’s bruteforcing technique doesn’t cost you your blog. Don’t be too concerned about loosing your password and choose a simple password as you can always change your lost WordPress password.

Item 3.

Remove WordPress ‘version string’ in your theme files

1. Go to WordPress dashboard, click on presentation -> edit themes -> header.php
2. Find and remove this. bloginfo(‘version’) Save the file.

Explanation: Hide the version number of your WordPress such that it will be hard for hacker to find security loopholes for the specific version of WordPress.

Item 4.

Place empty ‘index.html’ file in the plugins folder

1. Open a text editor ’save as’ and save the file as index.html (be sure to change the filetype from text files to all files if you are running in windows)
2. Upload the file to WordPress wp-content/plugins folder in your web server.

Explanation: Hide the plugins used by your WordPress blog. It uses the same concept as above which is to hide security loopholes in the plugins.

Item 5.

Upload a copy of .htaccess file in the wp-admin and wp-includes folders

1. Using FTP program or your webserver file manager, go to the root folder of your server and download .htaccess file (set ’show hidden files’ first if you’re using FTP program such as FileZilla)
2. Go to your wp-admin folder
3. Upload the .htaccess file you’ve downloaded from the top level directory.

Item 6.

Use SSH instead of Telnet, SFTP instead of FTP

For real security use ssh to access your site instead of ftp which is inherently insecure and open to snooping of your account details as the authorization details (login & password) are transmitted in clear over the internet. With ssh you can use secure ftp protocol like sftp to do anything you can do with ftp. Similarly you can use ssh instead of telnet to securely connect to your Linux / Unix server

Item 7.

Create a robot.txt to place in your top level directory

Recommended contents include:
User-agent: *
Disallow: /cgi-bin
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins
Disallow: /wp-content/cache
Disallow: /wp-content/themes
Disallow: /trackback
Disallow: /feed
Disallow: /comments
Disallow: /category/*/*
Disallow: */trackback
Disallow: */feed
Disallow: */comments
Disallow: /*?*
Disallow: /*?
Allow: /wp-content/uploads

References:

  • http://www.bloganything.net/922/secure-your-wordpress-blog
  • http://blog.taragana.com/index.php/archive/20-wordpress-security-plug-ins-and-tips-to-keep-hackers-away/
  • wordpress codex

Tags: , , , , , , ,

Improve the web with Nofollow Reciprocity.
7 visitors online now
7 guests, 0 members
Max visitors today: 10 at 12:24 am UTC
This month: 11 at 09-01-2010 10:26 am UTC
This year: 37 at 06-03-2010 11:01 pm UTC
All time: 37 at 06-03-2010 11:01 pm UTC