Wordpress, Computer Aid

Home→Categories Wordpress

increase your wordpress security

Posted on 1 May, 2013 by Luigi Martin1 May, 2013

I’ve noticed over the years, that many wordpress blog sites have become prone to hacking, and eventually get shut down… which is a shame, as a lot of useful information gets lost along the way.

With just a small amount of work, wordpress can be made secure enough, that you are highly unlikely to get your site hacked.

Change your default admin username

Admittedly, this should be done when you create your blog, as its very difficult to change later (requires database changes). This is an effective method, as most brute-force hackers will assume a username of “admin” and then try a few obvious passwords to get admin access to your blog. by creating the default admin username thats something like: admin654, you make all the hacking attempts a complete waste of time for the hackers, as they need to guess both your username and password.

Use a complex password

This is something thats been taked about by security experts for many years. yet its easy to do, with just a bit of thought: Pick either a well known phrase thas you know eg: Mary Had A Little Lamb, and that becomes a password like: Mhall, then add a number that you know (eg you are born on 19 July: Mhall1907, and there you have it! You can mix this around, eg: 1907Mhall, or: 19Mhall07, or 07MhAlL19

Dont get your web browser to “remember” you login details

I’ve been hit with this problem in the past: sooner or later, you will get infected with a virus/malware. Its quite a simple for the infecting software to get all the saved browser details (website, usernames, and passwords), and then send them to someone who will hack every account you have… VERY dangerous. This applies to virtually every browser, as well as FTP clients like filezilla. So what can you do instead? Use software like keepass, it can store all your passwords, and you only need to remember 1 password to access keepass. You are trading security for the inconvenience of typing your keepass password every to you need to logon to a website.

Update WordPress

Another obvious and simple step: at least once per month, login to the wordpress admin panel, and make sure wordpress and all plugins/themes are fully updated. If you don’t update wordpress quickly, then your blog is at risk of an attacker using a flaw in the wordpress system to hack your website without even knowing your username/password!!!

Install a security plugin

For extra peace of mind, install a security pluging like: “WordPress File Monitor Plus”, and/or “Login Security Solution”

Once you implement these systems, you will find maintaining this security will only take a few minutes per month, so its a very worthwhile investment.

wordpress weaver theme: how to change the sub menu width

Posted on 30 January, 2012 by Luigi Martin30 January, 2012

I’ve recently started using the weaver theme for WordPress.

One of the biggest mental hurdle to jump over, is to not directly alter the CSS stylesheet, but to use the CSS sections under the main options menu of the Weaver Admin panel, and in some cases, the <head> section of Advanced Options

However, I did find that using google to find the correct snippet of CSS code really didn’t work well, since most people go straight to altering the CSS stylesheet.

But I soon found out how to “uncover” the correct CSS on my own.

A good example was the menu bar along the top of:

Home Loan Advisors

I added the CSS:

{font-size:180%}

to the CSS sections for “Menu Bar text”, “Menu Bar hover” and “Menu Bar current page”

This made the menu font just the right size I wanted.

However…

The drop down menu was a fixed width, so the sub menu words were wrapping around, causing an ugly mis-alignment of the gradient background.

The solution:

I found someone who mentioned changing the #access and #access2 section in the stylesheet, but I decided to carefully look at the stylesheet myself (Appearance -> Editor)

The stylesheet is reasonable well documented, so I went to the menu section of the stylesheet, looking for something about “width” and a size of about 100 to 300 px (pixels)… which is what I guessed was the width of existing sub menu.

it didn’t take long to find a section that looked like this:

#access ul ul,
#access2 ul ul,
#access3 ul ul {
    box-shadow: 0px 3px 3px rgba(0,0,0,0.2);
    -moz-box-shadow: 0px 3px 3px rgba(0,0,0,0.2);
    -webkit-box-shadow: 0px 3px 3px rgba(0,0,0,0.2);
    display: none;
    position: absolute;
    top: 38px;
    left: 0;
    padding-left:0px;
    float: left;
    width: 180px;
    z-index: 99999;
}

So, what I wrote in the Advanced Options -> <head> was:

#access ul ul {width:240px;}
#access2 ul ul {width:240px;}
#access3 ul ul {width:240px;}

I was close: that altered the menu width, and the background shadow, but the gradient background hadn’t increased in width.

Another look at the stylesheet showed this code:

#access ul ul a,
#access2 ul ul a,
#access3 ul ul a {
background: #333;
line-height: 1em;
padding: 10px;
width: 160px;
height: auto;
}

So I also added the following code to the <head> section:

#access ul ul a {width:220px;}
#access2 ul ul a {width:220px;}
#access3 ul ul a {width:220px;}

Bingo!

Just the right width!

However, some alterations are more difficult than others.

Ultimately, more comprehensive documentation (or even more meaningful variable names), would make this process a lot easier.

I mean, why call sub menu widths: “access”, why not just call it “sub-menu-width”?

Web Traffic Control: a good way to monetise your blog?

Posted on 29 July, 2011 by Luigi Martin29 July, 2011

I recently got an email about how to earn up to $750 per month via webtrafficcontrol.com

The email says it normally costs $50 to join, but they have reserved 250 “free” spots for blogorama users…

They offer to write targeted blog posts, and also pay you for each post… And it gets even better: they will place the articles directly into my wordpress blog.

It seemed like a great way to monetise my blog with a minimum of effort.

So I decided to create an account and get things started.

Everything went well until I got to the point where I needed to create a wordpress user for web traffic control…

Their website says the user I create must be an “editor” account.

Since I hardly ever create wordpress users, I decided to find out what an editor can do:

Editor: delete_others_pages, delete_others_posts, delete_pages, delete_posts, delete_private_pages, delete_private_posts, delete_published_pages, delete_published_posts, edit_others_pages, edit_others_posts, edit_pages, edit_posts, edit_private_pages, edit_private_posts, edit_published_pages, edit_published_posts, manage_categories, manage_links, moderate_comments, publish_pages, publish_posts, read, read_private_pages, read_private_posts, unfiltered_html, upload_files.

Now, thats just 1 step short of full administrator access.

As a comparison, the next step down (and my preferred option) is:

Author: delete_posts, delete_published_posts, edit_posts, edit_published_posts, publish_posts, read, upload_files

ie, an author can create blogs, alter them, and submit them to me for publishing… and cannot alter other posts, nor look at private posts and pages, nor alter comments.

Now, I have put a lot of my time and effort into my blog, and although others probably don’t mind giving editor access to an unknown company, I’m very reluctant to give that access to anyone I have not met (and know) personally.

So what do I do?

I send off a support ticket, hoping that they can still do what they need with an author account (I figure: why not? the interface should still work in a similar way).

They reply saying that they need editor access in order to create new categories.

They also say that I can trust them, and that I still have control over the content I receive.

So my decision is: No

If I still have control, then they can ask me to create the categories.

Or even better: just use one generic category that I create for them.

I just cannot hand over the keys to my entire blog… Its just not worth the kind of money that I’ll be earning via this method.

WordPress lightbox

Posted on 17 June, 2011 by Luigi Martin17 June, 2011

I needed to create a photo gallery using wordpress, and decided to use a lightbox effect.

For those that don’t know: a lightbox effect is when you click on the thumbnail of a picture, and it displays a larger version of the picture overlayed on the original website (without going to a new browser window)… so it makes browsing thumbnails easier.

After trying a few different lightbox plugins, I eventually settled on WP-Slimbox2… mostly because the website seemed to have problems with most other plugins.

However, I soon found that I also had a problem with WP-Slimbox2:

Some parts of the wordpress “background” would actually show on top of the zoomed picture (the zoomed picture is supposed to be on top of the whole webite).

It turns out the theme I used wasn’t well written, and had done some crazy things with the z-image variable.

And z-image is used to adjust what elements on a page appear on top of others.

The theme was using z-image values set in the range of 10000 to 20000, while the lightbox plugin was “assuming” that themes wouldn’t have z-image values over 200.

So, I had to go through the style.css theme file, looking for z-image variables, and removed the last 2 digits of the number (eg 20,000 became 200).

And now I have a nicely working lightbox effect, with no overlay problems.

Computer Aid

Ph: 0402 133 866

Category Archives: Wordpress