Monitor your WordPress Installation for Hacking

WordPress installations require some folders to have permissions set at 777 either temporarily or permanently. These writable folders allow hackers to upload files used for phishing, DDoS, or sending email spam. The WordPress File Monitor Plus Plugin monitors not only the files in the WordPress installation folders but all the files in the public folder for additions/deletions/changes. Here are features in the latest version (2.2): Monitors file system for added/deleted/changed files Sends email when a change is detected Administration area alert to notify you of changes in case email is not received Ability to monitor files for changes based on file hash, time stamp and/or file size Ability to exclude files and directories from scan (for instance if you use a caching system that stores its files within the monitored zone) Site URL included in notification email in case plugin is in use on multiple sites Ability to run the…


WordPress Code Injections – A New Threat

One of my clients has a rather popular sports site on based on WordPress. The site is up-to-date and running on DV server. A few weeks ago malicious code starting to appear on the site setting off warnings from anti-virus programs that monitor websites. Sometimes, entire files are uploaded that contain malicious scripts. Most of the time, however, JavaScripts are appended to existing PHP or HTML files. One of the favorite targets is the WordPress index file (index.php). A self-executing JavaScript is added after the closing ?> tag. How they append the file is a bit of a mystery as permissions are correctly set at 644. The purpose of the malicious code seems to vary. Some code attempts to spread worms/trojans, steal passwords, or re-direct to spam sites (meds).


WordPress Leading Whitespace Fix – XML Parsing Error…

I recently got the nasty “XML Parsing Error: XML or text declaration not at start of entity Location” error instead of RSS feed on two client WordPress sites. First, I tried the Fx-RSS-Feed plugin. No luck! it identified several hundred WordPress and theme files with unnecessary whitespace. Most of the files were write-protected. Way too much work for me to change all the permissions, run the plugin, and change them back. Instead, I used the fix at Wejn’s lair. Scroll down the page and download the file “wejnswpwhitespacefix.php” or get the text version here.


How to Hack-Proof your WordPress Blog

I just finished helping a friend bring back a Sports Blog after a nasty hacker attack. Luckily, we had a backup of the database. Otherwise, we had little chance to restore the site. Here are a few tips to keep unwanted visitors from doing damage to your blog. Set your File Permissions Properly Use 755 for directories, 644 for plugins and core WordPress PHP files, and 666 for active theme files. You can check and change file permissions with your FTP client. Use the Login Lockdown Plugin Hackers know where to find your login page. The basic WordPress installation offers little protection against a brute force attack. Yes, the new WordPress revisions have started using hardened passwords. However, I still recommend giving yourself the added protection you get from the Login Lockdown Plugin. And, check your current or new password with The Password Meter. Just upload it and activate it….


Make your own eBay widget!

eBay’s new affiliate program, eBay Partner Network, is an excellent source of income for product-related blogs and websites. It takes some skill, however, to integrate eBay links and images into content and templates. The program offers several creatives that can be pasted into sidebar widgets. However, I found them to be slow-loading as well as poorly converting (to sales). I decided to make my own eBay Sidebar Widget. You can see an example of the widget (GPS on eBay) running in the sidebar just to the right. Does it make money? Yup, it does. That’s why it gets a prime position. I have outlined the steps below. The WordPress PHP widget and TWP auction code are free. Steps to make your own eBay widget 1. Download and install the WordPress PHP Code Widget. 2. Download TWP Auctions. 3. Upload the files twpauctions.php and twpfunctions.php to your root directory. 4. Go…


Squeeze More Income from your Blog with Slayer’s Custom Widget Plugin

The introduction of sidebar widgets in WordPress have resulted in a huge time savings. Gone are the days of pasting code into sidebar.php just see your layout go wacky. The capabilities of widgets in the basic WordPress installation are, however, very limited. By default, all widgets appear wherever the sidebar is loaded within your theme. If you are using widgets to display ads, you cannot choose on which pages the widgets appear. Slayer’s Custom Widget Plugin solves this problem. This plugin enables you to select which widgets appear on specific posts, pages, categories, author’s posts and tag pages. You can even configure where widgets are displayed per WordPress template using conditional tags.


WordPress For Dummies

The word is out! The much anticipated book, WordPress For Dummies, will be orderable on Oct. 29th. Amazon expects to ship on or around Nov. 2nd. Simultaneous with Amazon’s release, the book with will available at Barnes and Nobel, Books-A-Million and, of course, Dummies.com and Wiley.com (publisher). According to the author Lisa Sabin-Wilson1, “this all-new Dummies guide delivers just what would-be bloggers need to get up and running with WordPress and start communicating with the world. WordPress For Dummies covers blogging basics, choosing a hosting solution or setting up a host, developing blog content, syndicating blog posts with RSS, launching a specialized blog (including podcasting, photoblogging, mobile blogging, and videoblogging), and even earning revenue. It includes help on every aspect of installing and using WordPress, illustrations from real-world WordPress blogs, step-by-step tutorials on key topics, and insights from bloggers who use WordPress”.