Create a new addon domain entry in cPanel X

May 3, 2008 – 1:33 pm
  1. On the cPanel X opening dashboard click the Addon Domains button
  2. Ensure you have pointed your domain DNS to your hosting provider
  3. Fill in your domain address and root site directory
  4. Press Add Domain!
By Michael Visser | Posted in Installation | Comments (0)

update_userdata() is My Wish for Wordpress 2.5.2

April 30, 2008 – 12:26 am

I’ve created an idea in Wordpress Ideas regarding the addition of a new function for Wordpress called update_userdata(). I’m currently developing an Intranet solution using Wordpress as the presentation and interaction layer, tight integration with SugarCRM and other database-driven business systems are involved.

update_userdata() will allow a Wordpress user with sufficient privelages, or based on permission level to edit any user’s critical fields, update_usermeta() can modify a defined user’s optional fields but no functionality currently extends to critical fields.

A workaround to update a user’s critical fields without using the Wordpress Administration is to inject an SQL statement into the database, for instance…

UPDATE wp_users
SET wp_users.email_address = $updateEmailAddress
WHERE wp_users.ID = $updateUserID

By Michael Visser | Posted in Customisation | Comments (0)

Issue with Single Click Update for Plugins

April 26, 2008 – 4:47 pm

Wordpress 2.5 includes support for ’single-click’ Wordpress plugin updates from the Plugins page within Site Administrator. Simply put, Wordpress can automatically download and install the latest version of a committed plugin as soon as it’s released into the wild.

Currently if you use single-click update for plugins the existing plugin directory is deleted and the new version of that plugin installed to the same location. This presents an issue for Wordpress plugins that use custom files within their own plugin directory (eg. /wp-content/plugins/[plugin]/). An example of this is the popular form builder plugin cforms II which uses custom styles within /wp-content/plugins/cforms/styling/ for form formatting.

The workaround to keep existing settings for incompatible plugins until the Wordpress development team fix this issue is to make a local copy of any custom files within each plugin directory before running a single-click update and re-uploading those custom files.

By Michael Visser | Posted in Issues, Plugins | Comments (0)

Wordpress Secret Key Security Fix

April 26, 2008 – 12:21 pm

Default installs of Wordpress 2.5 include a new constant called SECRET_KEY, this constant must be changed to a unique phrase to resolve a medium risk security vulnerability on Wordpress-powered sites.

The Wordpress development team explain the SECRET_KEY constant as

Since 2.5 your wp-config.php file allows a new constant called SECRET_KEY which basically is meant to introduce a little permanent randomness into the cryptographic functions used for cookies in WordPress.

This is a one time only constant value change that you will not need to modify.

You can visit this link [the Wordpress Development team] set up to get a unique secret key for your config file. (It’s unique and random on every page load.) Having this line in your config file helps secure your blog.

By Michael Visser | Posted in Security | Comments (0)

Wordpress 2.5.1 is Available

April 26, 2008 – 11:56 am

Download Wordpress 2.5.1 now (available from Wordpress)

The Wordpress development team have released Wordpress 2.5.1 into the wild. This system update includes a critical security fix for open-membership Wordpress-powered sites.

If you download the entire 2.5.1 release, you will be getting over 70 other fixes. 2.5.1 focuses on fixing the most annoying bugs and improving performance.

The security vulnerability in 2.5 was discovered by Steven Murdoch and is not a public exploit, yet. Therefore you are encouraged to update to the 2.5.1 immediately.

Other updates in included in this release include:

Here are some highlights:

  • Performance improvements for the Dashboard, Write Post, and Edit Comments pages.
  • Better performance for those who have many categories
  • Media Uploader fixes
  • An upgrade to TinyMCE 3.0.7
  • Widget Administration fixes
  • Various usability improvements
  • Layout fixes for IE

Big thanks go out to the Wordpress development team, once again exceeding our expectations and more.

By Michael Visser | Posted in Releases, Security | Comments (0)

Custom Wordpress Administration Theme Styles

April 21, 2008 – 10:59 pm

Plugin: Baltic Amber Admin Themes (available from Baltic Amber Admin Themes)

Impress your next client with attention to detail by applying their corporate style guide colours to the Wordpress Administration interface with the help of Baltic Amber Admin Themes.

Choose from fresh preset styles or apply your own defined colour set through the Colour Settings sub-menu within your User Profile.

By Michael Visser | Posted in Development, Plugins | Comments (0)

Remove Wordpress Administration Width Limit

April 21, 2008 – 10:51 pm

Plugin: Admin Big Width (available from XoraX Source-Blog)

Anyone maintaining a Wordpress site with a larger screen resolution than 1024×768 that is not running Admin Big Width is missing out on a considerable proportion of usable screen real-estate. By removing the fixed-width Administration design restriction imposed by the Wordpress team the Administration display is now best made use of.

This affects the display of all facets of the Administration interface including:

  • Plugin listings
  • Setting pages
  • New Post / New Page
By Michael Visser | Posted in Plugins | Comments (0)

Install Files and Database Backups

April 20, 2008 – 4:56 pm

Plugin: BackUpWordpress (available from Wordpress Designpraxis)

I recently deployed BackUpWordpress - a complete backup solution for Wordpress power users - across my personal and commercial Wordpress-powered sites to avoid any unnecessary pain from lost site files and/or corrupt SQL databases.

Scheduled e-mails on a daily and monthly frequency of each site’s database are sent to dedicated e-mail accounts with compressed file attachments containing the site’s database and site files.

The default setup of BackUpWordpress backup scheduling is as follows:

  • Daily backup
    An e-mail is sent daily to your defined e-mail address with a compressed archive containing the site’s complete SQL database at time of backup
  • Weekly backup
    An e-mail is sent weekly to your defined e-mail address with a compressed archive containing the site’s directory structure and sub-files (eg. root site directory, /wp-admin/, /wp-content/, /wp-includes/, etc.)
By Michael Visser | Posted in Backup, Plugins | Comments (0)

Securing the Wordpress wp-admin directory

April 20, 2008 – 4:21 pm

Plugin: WP-Security Scan (available from Semper Fi Web Design)

After installing WP-Security Scan - an online vulnerability scanner for Wordpress-powered sites - and analysing my test results I have locked down access to the/wp-admin/ directory in the root of my own Wordpress sites as a precaution to future Wordpress file access vulnerabilities.

This access control restricts access to your Wordpress Administration so that users can only access the Wordpress Administration or any files within /wp-admin/ from IP addresses listed in your /wp-admin/.htaccess file. Do not apply this security measure if you have a dynamic IP address assigned to you by your Internet Service Provider (ISP).

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Wordpress Admin Access Control"
AuthType Basic

order deny,allow
deny from all
allow from xx.xx.xx.xx
allow from xx.xx.xxx.xx

If you do apply this security measure and find you have locked yourself out of your Wordpress Administration please contact your hosting provider or use their online file explorer to edit /wp-admin/.htaccess (if available).

By Michael Visser | Posted in Plugins, Security | Comments (0)

Creating a Custom Wordpress Home page

April 19, 2008 – 11:43 am

Wordpress is not optimised out of the box for commercial deployment, the potential is certainly there but on the surface it’s just a blogging platform. For that reason it makes sense that the home page for all default Wordpress sites is a list of recent posts in chronological order.

The needs of commercial sites differ vastly from bloggers by requiring a customised home page and the ability to sink the company blog or Media releases functionality into the back of the visitors experience. Generating sales conversions through well-directed user prompts is one of the most important goal of commercial sites, blogs appearing on the home page only dilute this experience.

For starters we’ll create a new page called ‘Home page’, another new page called ‘Media releases’ then modify options through Wordpress’s Options section to enable our custom home page, finally we’ll create a new theme template called ‘Home page’.

Creating a new page called ‘Home page’

  1. Open your Wordpress administration
  2. Click Write
  3. Click the sub-menu Page
  4. Set the following page details as follows.
    • Title to ‘Home page’
    • Slug to ‘home’
  5. Publish the page

Creating a new page called ‘Media releases’

  1. Open your Wordpress administration
  2. Click Write
  3. Click the sub-menu Page
  4. Set the following page details as follows.
    • Title to ‘Media releases’
    • Slug to ‘blog’
  5. Publish the page

Editing Wordpress Options

  1. Open your Wordpress administration
  2. Click Settings
  3. Click the sub-menu Reading
  4. Change the radio button for Front page displays to ‘A static page’
  5. Using the drop-down in Front page displays set the Front page to ‘Home page’ and Posts page to ‘Media releases’
  6. Save changes

Creating a new ‘Home page’ theme template

This aspect requires an FTP client to connect, create and modify files on your web server. If you do not have access or privileges to create new .php files within your Wordpress site then contact your Site administrator.

  1. Using your FTP client connect to your Wordpress web server
  2. Navigate to your current Wordpress theme directory (eg. /public_html/wordpress/wp-content/themes/Kubrick/)
  3. Create a new file called home.php
  4. Edit home.php with your favourite plain text-editor
  5. Create your template header by declaring the files template name, you can paste the snippet provided at the bottom of this page into home.php
  6. Save changes

Updating the Home page page template

  1. Open your Wordpress administration
  2. Click Manage
  3. Click the sub-menu Pages
  4. Edit Home page
  5. Set the page detail Page Template to ‘Home page’

That’s it! Visit the site again and you should see a blank page, you can now put whatever you like here by adding content to your page template called ‘Home page’ located in your theme directory as home.php. What other customisations do you deploy on commercial sites? Have some great ideas for the home page? Speak your mind in the comments below.

PHP snippet for home.php

<?php
/*
Template Name: Home page
*/
?>

By Michael Visser | Posted in Customisation, Development | Comments (3)