Ideas to Improve Your WordPress Site

I create software for web users and am always on the look-out for ideas.
What I really want to find out is what people want – even though they may not know themselves.

One great place to look is the WordPress Plugin Directory
This lists all the great, freely available, wordpress plugins.
As usual, this got me sidetracked into wondering just how useful some of these plugins are.
One that really caught my attention was Shortcodes Ultimate
Short-codes allow your website to run proven pieces of software simply by entering a short name that replaces a function. So for example, a few letters in your code could create tabs, buttons or sliders – all fully tested and functional.

I’m particularly interested in checking out the upgrade that enables me to create my own short-codes.

Like all new toys, there will be a learning curve, but I’m hoping that in the long run it could save a lot of time and effort?

How to Protect your WordPress Login

Not having posted to for quite a while, I found that I was locked out of the WordPress Login Page.
That was a really good refresher for me, having to check all the things I might have done to protect this site from getting hacked – so far as practicable.

wp-admin-not-found

First stop was to check where the Nameservers for this domain were pointing.
After digging out the user name and password for domaincheapsters.com I checked the nameservers stevemackay.com was point to – in one of my hosting accounts.
Next I needed to check which of my hosting accounts at d9hosting.com uses the nameservers.

Then open up FireFTP and download a copy of my website.
So far so good, but still no joy.
The information I really wanted was in a MySQL database file.
This meant going digging out another user name and password to get into the cpanel of my hosting account.
The information was there – but I had no idea, which of 193 MySQL data bases, was used for this site.
Unfortunately WordPress give MySQL databases names automatically, unless they are edited.
Although I checked a few, I really don’t have the patience to go through files in wrdp1 all the way to wrdp193 to find the one I was looking for.
Instead I checked the contents of a few php files – nothing there to cause a problem

Finally I checked the .htaccess file
This is a hidden file – so you need to check the option in any FTP program to even see the file exists.
.htaccess is where I had added protection to make it more difficults for others to log in.
I had added code so that only a PC having my IP address could open the log-in screen.

A quick google check of my IP address showed it had changed.

My-IP-Address
Updating my IP address then using FireFTP to over-write the old copy of .htaccess – and suddenly I could log in to my blog again.

wp-login-page
.htaccess a critically important file – so I was careful to use my trusted copy of notepad++ for the editing

The code to protect any wordpress site from displaying the login screen from …/wp-admin is:

# BEGIN WordPress

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /

RewriteRule ^index\.php$ – [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

</IfModule>

# END WordPress

<Files ~ “^wp-login.php”>
Order deny,allow
Deny from all
Allow from 10.20.200.180 *** replace with your IP Address

</Files>

 

You can repeat the line ‘Allow from ….’ as many times as you need with as many IP addresses as you use.
This code must be saved in a .htaccess file then uploaded and stored to the root of your domain name folder on your server.
Make sure you keep any existing code in the file before adding this extra code.
Don’t forget that your IP Address is likely to change every time you switch your router off then on again.

 

WordPress Web Server Contingency Planning

Last Friday I got an email from D9, my hosting company, to advise they needed to lock everybody out of their wp-admin panels because of massive attacks on their servers.

That was a big problem and wake up call for me because apart from adding content to my websites I am developing and testing new plugin software.

Years ago I used to use software called ‘wamp server’ to run local versions of Apache, MySql and PHP under windows on my PC. That allowed me to develop online content without needing even an internet connection.

Whilst Wamp Severe worked I always seemed to be fiddling with something to get it to do what I needed.

More recently, I’ve heard people praising an alternative to Wamp called Xamp.
So I decided to do a Google search for reviews and comparisons before deciding what to try now.

Eventually I ended up on a wikipedia comparison page that showed me all the information I was looking for.
Right away, I could see that Ampps provided everything I was looking for.
Not only did it include Apache, Mysql and PHP but also other modules that made running WordPress a breeze.
Plus it is GPL licensed – meaning it is open source and available at my favourite price = free.

ampps-control-panel

A single 116Mb file download and quick install later and I was up and running everything on my PC – extremely easy and painless. By the way, I’m still running Windows 7 Pro.

My next job was to install a new local wordpress site – again very simple.
Different to using Fantastico, but just as easy.

Within 15 minutes of downloading Ampps I had a new wordpress blog installed locally and up and running from backup copies from my live site.

Next I decided to search for software that would let me clone wordpress blogs – again at a price I want to pay.
What I wanted to be able to do is maintain and update sites on my PC then quickly and easily transfer them to a live online server.
What I didn’t want to have to do is manually zip up files and create or backup and restore MySql databases – far too fiddly and error prone.

I would have been happy to pay maybe $47 for software that let me copy and restore unlimited copies of wordpress sites.
But I really didn’t want to pay hundreds of $ that Jason Fladlein charges for his WP Twin software.
Or similar prices for Backup Buddy

In the end my persistence paid off and I found a fantastic WP plugin called WP Clone by WP Academy.
WP Clone not only does everything I need but is also listed in the main WP Plugin directory – meaning it is open source and free.
So far over 14,000 people have downloaded this plugin and it has a top 5* rating – something I agree it warrants.

The new way I plan to work is to:

  • Create regular WP backups of live sites using WP Clone
  • Maintain copies of my WP sites locally using Ampps
  • Develop major site updates locally
  • Transfer major site updates from local to live using WP Clone

Now I can finally keep control of maintaining and backing up all of my websites.
Then even server crashes will no longer a disaster, because I will be able to quickly and easily transfer complete sites to a server that works.