Tag Archives: Secure WordPress

July 2010 Meetup Notes: Choosing a Canon of Plugins

Things change rapidly in the WordPress world. The content in this post is more than a year old and may no longer represent best practices.

Questions & Answers
Marquee?

Susan started off by asking about putting a marquee (scrolling text) on her WP site as a placeholder for forthcoming content. Though none of us had used such a plugin, we found a few in the plugin repository and tested Marquee Plus on Sallie’s test blog.

Marquee Plus input

marquee plus options

The initial result was pretty bland, but what I didn’t notice during the test was that you can include HTML tags and style your text that way—or make links.

Marquee Plus first test

Enclosing the words in <h1> tags produced the following result:

Marquee Plus test 2

How do I keep a post on the top of the home page?

To keep a post at the top of your blog’s index page (index.php) even after you have posted more recent items, check the “make post sticky” option in publish. (You can also set this in the “Quick Edit” section.) This only works on the main index page, not on the archive or category pages.

Sticky Post in edit window

sticky post in quick edit

Image gallery that links to posts?

Mari asked how to create a gallery of images that linked to posts like the one at No Recipes.

post thumbnail gallery from no recipe

It appears to be a Random Posts widget of some kind. We took a look at the Advanced Random Posts plugin, which has an option to show post thumbnails, but no obvious way to leave out the titles. It’s probably worth doing some further searching and testing. Prizes for anyone who locates the best plugin.

Do you need a development server/test installation of WP?

It’s always a good idea to have a test site of some sort, either installed locally or online, where you can experiment with plugins and themes, particularly if the plugins are older and you don’t know whether they’ll work with your version of WordPress. But you can test them on a live site, too. The worst thing that’s likely to happen is that you’ll have to go into the plugin directory by FTP and delete the plugin if it breaks your site completely.

What’s the difference between WordPress.com widgets and WordPress.org Plugins?

WordPress.com gives you a set number of available widgets to add to your sidebar, and that’s it. On the plus side, they’re all guaranteed to work, and to work together. When you install a plugin on your WordPress.org site, there are many ways it can extend the site’s function. Sometimes that will be through a widget, but not always. The plugin could do something like back up the site, create a sitemap, add elements to posts and pages, etc.

Note that there are more than 10,000 plugins in the repository right now, and they don’t all play well together. No developer can test his/her plugin against all the others, never mind all the combinations.

Do widgets always have to be in the sidebar?

It’s up to your theme designer. Some themes also have widgetized footers or headers. If you’re designing a theme, you can put a widgetized area almost anyplace. But if you’re not comfortable editing the code to insert a widgetized region, you’re stuck with what the designer has provided, and should look for a theme that already has widgets where you want them. Note that widgets don’t always translate from theme to theme, so if you change themes, your widgets might end up in the “Inactive Widgets” section.

Is there a cross-platform offline blog editor?

Yes! You can use ScribeFire, the Firefox (and now Chrome and Safari) plugin to edit posts offline. I have no idea whether it stores local copies of those posts the way Ecto or Windows Live Writer does.

Can you post the same information to more than one WP site simultaneously? We want to keep the information on two sites updated in tandem.

You can use RSS to populate your site with content from elsewhere (if they’re posts), but you may need to do some tweaking. Talk to Anca about this; she’s working on it for a client.

How do I back up my blog?

There are dozens of plugins. The old standby is WP-DB-Backup, which backs up your database and mails it to you. There’s also Automatic WordPress Backup, which backs up your themes, plugins, uploads, and database to Amazon S3. Or you can use the amazing commercial BackupBuddy plugin, which makes restoring/moving sites easy. (With most other options, you need to do a manual restore.) Check for host compatibility before installing.

Your webhost may back up your site, but make sure the backups aren’t stored on the same server as the site itself.

Is there a gallery besides NextGEN that allows user uploads? NextGEN’s public uploader doesn’t give users the option to include a caption.

Uh…good question. If you have an answer, post it to the meetup mailing list!

Rotating Banners

Someone asked at the end about rotating banners. There are themes designed with this feature built in, but also plugins for it. One recent one that’s 3.0 compatible is Banner Rotator FX.

Plugins

We didn’t approach the plugin list comprehensively, and if we’d covered everything, it might have taken us until 5 PM. I’ve distributed the list separately and uploaded it to the meetup site.

The summary is that Sallie thinks every site should have:

Other plugins tend to vary depending on what you’re using the site for.

You can find Sallie’s Plugin Bookmarks on Delicious. There are 257 of them as I type this.

Mobile Plugins/Themes

Note that there are times when you will want a custom mobile theme, because your blog header and footer and sidebar don’t display normally (if at all) in WPTouch or WordPress Mobile Pack. But these themes can make navigation of your site much easier for users of smartphones. You should give users the options to choose to use the mobile theme or not through a theme switcher link.

WPTouch switcher link

WordPress Mobile Pack Switcher Link

You’ll need to create custom icons for your different pages in WPTouch. You can generate them using the Flavor Studios iPhone Icon Generator. Note that these may be overwritten if you update the plugin!

Announcements

Graham Bird won a copy of Beginning WordPress 3 by Stephanie Leary, donated by Apress. We look forward to reading Graham’s review. There’s another copy in the WordPress Meetup Lending Library at TechLiminal. If you leave a $10 deposit and sign the book out, you can take it home for a while.

New Sponsor

The Meetup has a new sponsor, WP Questions. If you’re a WP expert, you can make a few bucks answering questions. If you’re a WordPress newbie, you can get help for just a few bucks.

Future Meetups

We’ll hold our next meetup on August 22nd. The topic is BuddyPress. If you have a topic you’d like to present on, submit an idea or send me an e-mail.

June 2010 Handout: WordPress Security Basics

Things change rapidly in the WordPress world. The content in this post is more than a year old and may no longer represent best practices.

Sources for the Presentation

Sallie’s Security Bookmarks (updated regularly)

Protecting WordPress from the Inside Out (a brilliant presentation by Syed Balkhi)

Hardening WordPress (the original Codex article)

WordPress Security Presentation by Brad Williams (from WordCamp Montreal 2009)

Top 5 WordPress Security Tips You Probably Don’t Follow (WordPress Tavern Guest Post)

Keeping Your Self-Hosted WordPress Blog Secure (by Marcelo Lewin)

How to Improve Basic Security on a Fresh WordPress Install (Weblog Tools Collection)

More Plugins for Securing Your WordPress Install (Weblog Tools Collection)

WordPress Security Monitoring and Diagnosis (Weblog Tools Collection)

Latest WordPress Hacks: It’s Your Responsibility (Mark.Watero.us)

Security Plugins

AntiVirus (An A-V program just for WordPress)

Automatic WordPress Backup (Backs your WP files and DB to Amazon S3)

Secure WordPress (Conflicts with WordPress Firewall)

ServerBuddy by PluginBuddy (Checks for security flaws and plugin compatibility)

Theme Authenticity Checker (Checks for spam links in your themes)

WordPress Database Backup (Scheduled or manual backups of your WP database)

WordPress Exploit Scanner (Checks for signs that you’ve been hacked. Results can be confusing to non-geeks)

WordPress File Monitor (E-mails you every time a file has been changed)

WordPress Firewall (Blocks suspected attacks; conflicts with Secure WordPress)

WordPress Security Scan (Scans for file permissions; lets you change WP table prefix)

June 2010 Meetup Slides: WordPress Security Basics

Things change rapidly in the WordPress world. The content in this post is more than a year old and may no longer represent best practices.