Do you hate the latest version of WordPress? Sick of the horrible visual mode editor, lost your favourite advanced editor? Detest the new image manager?
A know a lot of people who are, who cannot live with the new things WP4 has brought along. People who are so desperate to have functional content editing tools they were thinking of switching platforms. Some of these people are my clients! In fact most of my clients have been complaining since WordPress 3.9 arrived, wanting their easy to use tools back.
Regular readers of this blog may be wondering why there’s been so few new posts in the past several months…
The reasons for our tardiness are two-fold: First of all I’ve been relocating my home and business to Aston Bay in the Eastern Cape. Secondly – blame the latest versions of WordPress, and above all the new text editor (TinyMCE 4.*).
Bloggers often ask the question “does using .htaccess for security or redirection slow down the site”? The answer should perhaps not be a simple yes or no. Some hosts recommend .htaccess should not be too large (not have a lot of rules) as it has a bad impact on performance. 
Then again some users have very long lists of rules in their .htaccess files and their sites are still fast enough to satisfy visitors and accepted Google page load speeds.
We need to weigh the benefits of using .htaccess for security, redirection and site configuration against any performance penalties (or advantages). Once we understand how .htaccess works on our blogs we can make the decision how we will this extremely useful file.
Honour Nelson Mandela with a remembrance ribbon on your WordPress blog. When I heard the sad news today I wanted to show my condolences on my WordPress sites, so knocked up a couple of plugins to put a ribbon in the top right corner of the sites.
There are 2 versions of the ribbon. One shows an English message, while the other is in Mandela’s home language – Xhosa (plugin code is in English)
Lately we have seen a decline in the number of TimThumb RFI attacks against our WordPress sites. A year ago this was the most common hacking probe logged for every WordPress site we manage. Back then we’d see a lot; from 10 to 50, sometimes more, different sources a day. Hardly a day would go by without at least one hacker looking for the vulnerability.
Over the last 6 months, the number of witnessed attempts has declined. Sometimes we don’t see a single probe looking for the old, vulnerable, timthumb.php / thumb.php script for several days.
We took spam control to a ridiculous level. As an exercise in discovering just how effectively spam can be blocked with WordPress it’s been an interesting exercise. We looked at the 4 main types of spam one is likely to see on their blog; comment spam and trackback spam, spam registrations and finally e-mail spam from contact forms.
The site chosen was our WordPress information site. A few months back a plugin support forum was added to the site, and public registrations allowed. Almost immediately there was a spate of spam registrations – “visitors” registering an account. Most were bots. How do we know? Well, the only link to the registration form is from forum pages, and only a few registration attempts came from one of these referrer pages – the others all arrived at the form directly, without visiting the site at all.
For the past couple of days we’ve been watching a customers WordPress site being attacked by a botnet of websites trying to access site admin with user name “admin” and a variety of simple passwords.
Most of these attacks are coming from USA based web hosting services. One particular top level service provider, Provo Unified Layer, stands out above the rest as the most hacked network. Many 2nd tier providers use Provo Unified Layer infrastructure including Bluehost and Hostmonster. Of the hosts using Provo Unified Layer infrastructure, Bluehost is ahead of the pack in having hosted sites participating in the botnet. (Read more about Bluehost and the Botnet).
I’m finding lately the WordPress image manager overlay often freezes when used to insert images in posts or pages. It’s annoying as the only way to get back to the article is to refresh the page – usually losing anything written since the last auto save or manual save.
It seems like an Ajax bug – at least from the number of Ajax errors in the logs. It’s recent as well – I don’t remember this ever happening before the WordPress 3.6 update. I’m getting this on most of the WordPress sites I edit, and have client’s reporting the same problem.
This isn’t a plugin conflict – how can I be so sure. Well, it also happens on WordPress.com – this blog too… And as we all know, we don’t add plugins here, and everything is supposedly tested to work before being rolled out on the platform.
Read the full article at tech.graphicline.co.za/wordpress-image-manager-freezing
I had some good news today; my first plugin submitted to WordPress.org got accepted and is now in the repository.
It’s only a very simple plugin that adds rel=”nofollow” to tag cloud widgets, but it feels good to contribute something to the community. Of course, it also feels good to see my .org identity listed under the plugin 🙂
And here’s the link to the repository http://wordpress.org/plugins/gl-tag-cloud-nofollow/
Wishing For Spam Free Hosting
Aug 24
Posted by Mike
Are You Wishing For Spam Free Secure Hosting
Do you wish you could host your WordPress blog (self-hosted) where spam wasn’t a problem, where hackers couldn’t damage your site, where your host took effective steps to keep spammers and hackers away from your blog?
Are you fed-up with all the spam and hacker attacks from China, the former Soviet states and other notorious regions, the sharply rising level of cyber-attacks from the middle east and northern Africa?
Are all the hacking attacks and login attacks from hacked web sites and bad-host web-servers giving you grey hairs?
Read the rest of this entry →
Posted in WordPress
Leave a comment
Tags: Blog, CMS, Hacker, Hacking, Hosting, spam, Spam Comments, Spambot, Website, WordPress, WordPress Hacks