wordpress, Computer Aid

increase your wordpress security

Posted on 1 May, 2013 by Luigi Martin1 May, 2013

I’ve noticed over the years, that many wordpress blog sites have become prone to hacking, and eventually get shut down… which is a shame, as a lot of useful information gets lost along the way.

With just a small amount of work, wordpress can be made secure enough, that you are highly unlikely to get your site hacked.

Change your default admin username

Admittedly, this should be done when you create your blog, as its very difficult to change later (requires database changes). This is an effective method, as most brute-force hackers will assume a username of “admin” and then try a few obvious passwords to get admin access to your blog. by creating the default admin username thats something like: admin654, you make all the hacking attempts a complete waste of time for the hackers, as they need to guess both your username and password.

Use a complex password

This is something thats been taked about by security experts for many years. yet its easy to do, with just a bit of thought: Pick either a well known phrase thas you know eg: Mary Had A Little Lamb, and that becomes a password like: Mhall, then add a number that you know (eg you are born on 19 July: Mhall1907, and there you have it! You can mix this around, eg: 1907Mhall, or: 19Mhall07, or 07MhAlL19

Dont get your web browser to “remember” you login details

I’ve been hit with this problem in the past: sooner or later, you will get infected with a virus/malware. Its quite a simple for the infecting software to get all the saved browser details (website, usernames, and passwords), and then send them to someone who will hack every account you have… VERY dangerous. This applies to virtually every browser, as well as FTP clients like filezilla. So what can you do instead? Use software like keepass, it can store all your passwords, and you only need to remember 1 password to access keepass. You are trading security for the inconvenience of typing your keepass password every to you need to logon to a website.

Update WordPress

Another obvious and simple step: at least once per month, login to the wordpress admin panel, and make sure wordpress and all plugins/themes are fully updated. If you don’t update wordpress quickly, then your blog is at risk of an attacker using a flaw in the wordpress system to hack your website without even knowing your username/password!!!

Install a security plugin

For extra peace of mind, install a security pluging like: “WordPress File Monitor Plus”, and/or “Login Security Solution”

Once you implement these systems, you will find maintaining this security will only take a few minutes per month, so its a very worthwhile investment.

Repair wordpress MySQL tables using phpmyadmin

Posted on 3 November, 2011 by Luigi Martin3 November, 2011

I had a heart-stopping moment a short while ago.

I was updating a blog post (just fixing some spelling errors), clicked save / update, and I got an error message that said something about there being do data and that maybe the article had been deleted.

So I refresh the page, but I get the same error.

I go back to my main blog page (which looks fine, since it is cached), but when I click on any blog post, I get a page not found error.

Next stop: the wordpress admin dashboard.

I quickly see that wordpress thinks I have zero posts, zero pages, 20 categories, and over 2000 tags

It looks like some things are ok, but all of my 850 posts have disappeared!

But I quickly remember that I setup the Computer Aid blog to perform a weekly database backup, so it shouldn’t be a total disaster.

But before I start restoring databases, I figure I’ll have a look at the database using myphpadmin:

log into my website cpanel
in the databases section, click on myphpadmin
in the phpmyadmin page, click on the wordpress database
in the list of database tables, click on the wp_posts table, and I get a message saying: wp_posts is marked as crashed and should be repaired

So it looks like I might be able to fix things without a database restore.

So I go back to the list of database tables, and at the bottom, I click on “check all”, and then to the right, I click on the “with selected” dropdown, and select “repair table” (be careful not to select “empty” or “drop” !).

After a few seconds, everything is fixed, and the Computer Aid blog is running once again.

wordpress: changing the menu order of static pages

Posted on 16 April, 2010 by Luigi Martin16 April, 2010

I’ve had this problem twice now, so I thought I’d better write it down before I do it again.

You might want to create a set of static pages for wordpress, if you want to have a “home” page, an “about us” page, a “contact us” page, a “blog” page, etc.

The problem is that many templates will order the pages links alphabetically.

I normally like having the home page showing as the first link, and the blog link near the bottom.

The solution is quite easy.

Go to the pages -> edit menu, lets pick the home page, and you will see a screen like this:

Change the number in the order box to 1

Change the other pages using different numbers (eg 10, 20, etc)… I often place the blog page at number 90… and with a good numerical gap between pages, you can insert new pages “in between” existing pages without having to renumber all the pages.

Naturally, the next question becomes: how do I make the blog page a “static page”

Create and publish a blank static page (give it a title, but don’t write anything in the body.

Next, go to settings -> reading, and change the “front page displays” section to “static page”… then select your home page and your blog page from the drop down list.

And hey presto!

You now have a “normal” website based on wordpress… where the blog “seems to be” as a part of the overall website.

WordPress calais pluging gives: Parse error: syntax error, unexpected

Posted on 20 May, 2008 by Luigi Martin20 May, 2008

I recently updated my blog to wordpress 2.5

While I was working on it, I took a look at various plugings available, and I thought I’d try WP Calais Archive Tagger and WP Calais Auto Tagger.

As soon as I tried to activate them, they immediately gave errors:

Parse error: syntax error, unexpected xxxxxxx

where xxxxxxx indicates lots of technical info 🙂

I figured I’d send Dan Grossman an email, asking for advice.

To his credit, he quickly replied, indicating it was a problem with running PHP5 code in a PHP4 environment, and suggested changing .htaccess, or a setting in the website control panel.

Since my cpanel, had no such setting, I did a bit of research, and found that I needed to add 1 line to the .htaccess file in the blog folder:

AddHandler application/x-httpd-php5 .php

Since I discovered that PHP5 can be very different from PHP4, I also double checked all the existing plugins, and the blog in general.

in the end, everything worked well, with no compatibility problems anywhere.

wordpress and smf ‘access denied’ ‘wrong username/password’ while connecting to mysql

Posted on 5 January, 2007 by Luigi Martin5 January, 2007

Some of you might have noticed this blog (and my forum) was unavailable for nearly 1 day…

Although I still don’t know how and why (no other databases on the hosting servers were affected), I eventually managed to work around it.

The main symptom was that when trying to view my blog, wordpress would not be able to connect to its mysql database (and the same problem with the forum).

So, I couldn’t even get into the wordpress admin area, as it also needed db access.

Now I’m the first to admit I’ve never been good with databases, so this was one huge struggle (more than what I’m describing… I’m leaving out all the swearing, chocolate breaks, and countless false leads)

I found some help in http://wordpress.org/support/topic/34295 some very similar symptoms… but I didn’t like the idea of using my server IP address.

But given the way wordpress/mysql was installed (using fantastico), I eventually figured out that the wordpress wp-config.php file was trying to connect using database: compaid_wrdp1, username: compaid_wrdp1, password: lots of characters I’ve not seen before…, and dbhost: localhost.

Now this file hadn’t changed in 6 months, but given that I could access phpmyadmin and look at the database fields, then my hosting username and password (compaid) would be able to connect… so i tried changing wp-config.php to use username: compaid, and my hosting password… and it worked.

Now I’m not sure what the security implications are, so I created a compaid_wrdp1 user using “mysql databases” on the cpanel, gave it an obscure password (similar to what it had previously), gave this user full access rights, and changed wp-config.php accordingly, then everything was back to “normal”…

I’m still not sure if there are any security problems with doing it this way (ie can someone read the wp-config.php file and then get my database password?), but at least that password is different to my cpanel password, so hacking should be limited to just 1 database.

Given that it happened simultaneously to 2 databases on my domain, there is the possibility of a hacking attempt, or “splog” (blog spam) attempt by a spam spider. But who knows. My blog uses akismet and “bad behaviour” to block spam… and they work very well in tandem, but a hack / spam attempt is always possible.

Moving from Blogger to WordPress

Posted on 22 June, 2006 by Luigi Martin22 June, 2006

WooHoo!!!

After a month of (intermittent) effort, I have finally moved my blog from blogger to WordPress (under my computer-aid.com.au domain).

A lot of effort went into making it blend into my webpage theme… it aint perfect, but its as close as I’ll be able to get it.

I started off looking for a 3 column theme (not many available for wordpress)… and eventually narrowed it down to 4 contenders. I ended up choosing the gila theme by John Hesch. I made many changes (mostly to the stylesheet), so I could get the colours right. I also re-arranged the sidebars, so that I sould include my site buttons on the left (plus a small ” i dont power blogger” logo 🙂

Once everything looked right, I decided to follow the excellent instructions by John Sherman at underscorebleach.net and loaded all my blogger blogs into wordpress (although it took about 30 attempts with the wordpress import function)… It kept failing with a “Zero Sized Reply” error… possibly a php memory error.

I then redirected my blogger blog to point to this blog & hey presto! I’m back and running with no lost blogs and (hopefully) no lost traffic.

Computer Aid

Ph: 0402 133 866

Tag Archives: wordpress