New Design

I got tired of the old design for this site, so I updated to a new theme.  Still modifying it completely, but here it is.

Also, I had to move the photos from the old gallery into a WordPress powered one, which was a pain.  So, while the images now have the ability to have titles and descriptions, they mostly don’t (aside from the RockBand BandMate gallery).  I’ll be doing that over the next few weeks/months, and will do it as I add more galleries.

Hope you enjoy the new design as much as I do.  I’ll probably get bored with it in a few months, anyway. So if you hate it, come back in a little bit, and there’ll most likely be something new.

WordPress 2.6.2 Available

If you’re like me, and run a bunch of WordPress sites, you get annoyed when a new release is available, mainly because it takes so long to upload all of the files.  Also, if you’ve modified any of the core code, you don’t want to have to re-do that (also, like me.)

I’ve gone through and pulled out the files from 2.6.2 that have been changed, and are therefore part of the upgrade.

2.6.2 Changed Files Zip
2.6.2 Changed Files RAR

Both contain the same files, but depending on whether you prefer zip or RAR, you’ve got the option.  The compressed files contain only those files that have changed, and need to be uploaded:

• wp-login.php
• wp-settings.php
• wp-admin/css/press-this-ie.css
• wp-admin/import/textpattern.php
• wp-admin/includes/image.php
• wp-admin/includes/template.php
• wp-includes/formatting.php
• wp-includes/pluggable.php
• wp-includes/post.php
• wp-includes/query.php
• wp-includes/version.php
• wp-includes/widgets.php

Just upload those files, overwrite your existing ones, and you’re good to go without waiting forever for the ten zillion other WordPress core files to upload.

The Importance of Backing Up Your Site

Working for a fairly large webhost, I often see people who got “hacked”, and their websites destroyed.  I often laugh, because people don’t often get “hacked”, but often simply have their password guessed, which gives the “hacker” full access to your site, account, and files.

98% of the time, that’s the case.  Given, there’s always the chance that someone got root access to your server, and really did “hack” you, but that’s very rare in today’s day and age.

So, I often laugh, until it happened to me back mid-June.  I noticed I couldn’t load the stats pages for any of the sites in my hosting account (of which there are quite a few), so I contacted my host.

Their response was “The page won’t load because it’s 0kb”, a file size of zero? That stats package has worked for years on some of my domains, I thought that was odd.

So I uploaded a new version, and went on about my business.

Hours later, I realized I should go through FTP, and look for other files that had been modified recently.  Sure enough, every index.html and index.php file, in every domain, in every subdirectory had been modified.

The “hacker” (read: bored kid in some random European country) added some code to all my pages that was supposed to redirect a visitor to a spam site.  Luckily, he did it wrong, and none of my visitors were affected.

Needless to say, I was bullshit.  I spent a few hours going through, and removing all of the code, by hand.  I got annoyed, and finally asked one of the guys who works for me, for help.  He wrote me a nifty little bash script that I could run.  Luckily, my host gives me SSH access, and I managed to run it against my entire account, and clean out the rest of the modified files, without issue.

The reason I got hacked? Simple. I had a stupid, easily guessable password.  Exactly what I laugh at our customers for.

So, I panicked.  I went in, and first changed my hosting and FTP passwords.  I then thought about how to change my MySQL password.

The problem with that is complex, but follow me.  If I change the password on the MySQL server, my sites will go down, until I update them one at a time.

If I change my password in the sites, they’ll go down until I change it on the server.  Follow?

So I opted to create a new MySQL user, with a new password all together.  I then (using the same find and replace code from earlier) updated my username in all my scripts, then my password, and voila, back up and running.

I then began thinking about how to protect myself, should this (or something worse) happen again.  I looked for scripts that I could run on the web server, to backup my sites and databases, but couldn’t find anything that would work.  I then stumbled upon HandyBackup, which runs on my computer at home.

It simply connects to your account via FTP, and downloads all of your files to your computer.  This is great, assuming you’ve got storage space to keep all those backups around.  If you upgrade, you can also have it burn to DVD automatically, but that’s costly, and not very effective.

So, each night of the week, I have the application connect, and download all of my changed files.  On Saturday night at midnight, it connects and downloads all of the files (changed, or not).  So, at worst, I’m a week out from a complete restore of files.  And any file that’s changed, I’m only 24 hours (at most) out from a clean working version.

It takes up quite a bit of space, because I host a lot of sites, however I think it’s worth it.  It’s also helpful for when you accidentally break some code on a page, and didn’t think to save a copy right then.  You just jump to your backup, and voila.

If you run any website that you “make money” from, or that “is my business!!”, you should take it upon yourself to do the backups, and not rely on your host to do it.  While most hosts do it anyway, some charge you to do the restore. (My company doesn’t, but the company I host with, does.)  You know what they say, if you want something done right, do it yourself.

Why upgrading WordPress is so important.

It seems like every other week, WordPress releases a new version of their awesome software. That’s a good thing, unless you run multiple websites using WordPress.

If you’re in that boat, upgrading all of your WordPress sites might be a pain in the butt, but it’s extremely important to do so.

The main reason for these “dot releases” (ie; 2.5.1) are security fixes. Which means that when someone finds a way to “hack” your WordPress installation, the new release fixes that.

What’s that mean? Well, if you’re running a version that’s old, there’s probably a group of people out there that’ve found a security hole in it.  They can gain access to your account, and cause all sorts of problems for you.

For example, if you’re running WordPress 2.3.2, there’s a very simple “hack” that anyone with the power of Google can do, that can give them complete access to your Admin panel.  And well, you know what they do from there, including deleting everything on your blog, that you’ve ever done.

So, be sure to stay up to date. Always update plugins, always update core code. Always.

Creating WordPress Themes

Don’t get me wrong, creating WordPress themes is not for the faint of heart, nor for the casual blogger who doesn’t really have a good grasp on developing websites. However, if you know your way around PHP and basic HTML, you should have no issues creating your own theme, or adapting a website into a WordPress theme.

Generally, themes go into the same location, regardless of your blog structure; /wp-content/themes. It depends on what your theme name is, as to what folder you put it in. However, each theme has its own folder, to be kept separate.

When you first install WordPress, you’ll get the “default” theme, which is a great place to start. Usually I copy that folder down to my desktop, and make a clone of it, to work off of.

A theme needs to consist of a few basic files, to make it work:

• index.php
• style.css
• comments.php

You can take it a step further, if you want to easily update/change aspects of the design, and add in a header.php and footer.php. For this example, we’ll use header and footer.

At the top of any existing theme’s CSS file (or when creating a new file), you need to always ensure that you’ve got some information to let WordPress know what the theme is. It’ll generally look like this:

/*
Theme Name: What do you want to call your theme in WordPress?
Theme URI: Where you downloaded the theme from
Description: any details?
Author: your name
Author URI: your URI
Version: You don’t need a version, but can put one in here if you want to.

General comments/License Statement if any.
.
*/

This will tell WordPress information about your theme, to display under the “Presentation” tab.

So, you now have your theme set up, but need the files. Why? Simple, to make the theme work. Here’s a quick run down of what each file does.

• index.php - this is the homepage of your WordPress. You can get away with only having an index, if you don’t want to create different pages for each place in your installation.
• style.css - the stylesheet for your design. You should be fairly comfortable with CSS by this point, if not, there’s a ton of resources available on the internet.
• comments.php - this is the template for what your comments page/form will look like. If you don’t have one, no one will be able to comment on your WordPress
• header.php - this file can be included at the top of all of your “pages” and “posts,” so that you can easily change something across all the pages, without editing each one. This is where you include the majority of your design.
• footer.php - same as the header.php, but goes after your content, instead of before. This is where you conclude your design that comes after the “content” or “body” of your site.

Generally, there are a bunch of other files you can include, too; 404.php, single.php, page.php, author.php, archive.php, search.php, etc.

Each page serves a separate purpose. I won’t get into too much detail, as to not confuse you. Here’s a quick example of what an index.php might look like, if you made it yourself:

<?php get_header(); ?>

<?php if (have_posts()) : ?>

<?php while (have_posts()) : the_post(); ?>

<div class=”post” id=”post-<?php the_ID(); ?>”>
<?php the_content(’<br /><br /><div align=”right”>Continue Reading <?php the_title(); ?> »</div>’); ?></span><div align=”right”><br /><br />Posted by: <a href=”<?php the_author_url(); ?>”><?php the_author(); ?></a> on <?php the_time(’F jS, Y’) ?> at <?php the_time() ?><br><span class=”postmetadata”>Posted in <?php the_category(’, ‘) ?> | <?php edit_post_link(’Edit’, ”, ‘ | ‘); ?> <?php comments_popup_link(’Leave a Comment »’, ‘1 Comment »’, ‘% Comments »’); ?></span></td>

<?php else : ?>

<h2 class=”center”>Not Found</h2>
<p class=”center”>Sorry, but you are looking for something that isn’t here.</p>
<?php include (TEMPLATEPATH . “/searchform.php”); ?>

<?php endif; ?>

</div>

<?php get_sidebar(); ?>

<?php get_footer(); ?>

So, what does all that do? Pretty simple, I’ll break it down bit by bit:

<?php get_header(); ?> - this bit simple calls my header.php file to be included.
<?php if (have_posts()) : ?> - this is very important, your theme won’t work without it. It simple tells WordPress if you have posts, to do the following.
<?php while (have_posts()) : the_post(); ?> - if you have posts, show them on this page.

This next bit’s a bit more complicated, because there’s a lot of parts to it:
<?php the_content(’<br><br><div align=”right”>Continue Reading <?php the_title(); ?> »</div>’); ?> - php the_content is what shows your post. The “continue reading part” will get shown if your post contains a “More” link in it. I’ve set this particular one up to show “Continue Reading This Post”, where “This Post” would be replaced by whatever I’m calling the post in WordPress.

Posted by: <a href=”<?php the_author_url(); ?>”><?php the_author(); ?></a> on <?php the_time(’F jS, Y’) ?> at <?php the_time() ?><br><span class=”postmetadata”>Posted in <?php the_category(’, ‘) ?> | <?php edit_post_link(’Edit’, ”, ‘ | ‘); ?> <?php comments_popup_link(’Leave a Comment »’, ‘1 Comment »’, ‘% Comments »’); ?> - This will simply show: Posted by: Mike (as a link to my author page) on 10/19/2007 at 12:01PM. Posted in Design, WordPress Tutorials, WordPress. Leave a Comment (or if there’s comments, it’ll show the number of comments already left.)

This bit: <?php edit_post_link(’Edit’, ”, ‘ | ‘); ?> can be a bit confusing. What this does is simply show you a link that says “Edit” when you’re viewing your post, and you’re an admin on the blog. Other people won’t see it though, don’t worry.

<?php else : ?> - Very important to have, this closes the previous bit where we tell WordPress what to do if we have posts.

<h2 class=”center”>Not Found</h2>
<p class=”center”>Sorry, but you are looking for something that isn’t here.</p>
<?php include (TEMPLATEPATH . “/searchform.php”); ?>

Above is a simple include to a search form. In case someone tries to access a URL that doesn’t exist.

<?php get_sidebar(); ?> - includes a sidebar, if you’ve got one.

<?php get_footer(); ?> - includes your footer.

It seems a lot more complicated than it is, and there’s an infinite amount of variables, and things you can do with your theme. I’ll cover some more variables next time, and what they do. Hope this helped get you started.

WordPress Plugins and Themes

Now that I’ve covered Getting Started, and the Admin Panel, we can move on to some other WordPress related things, namely Themes and Plugins. Let’s start with Themes, as that’s going to impact your WordPress application the most.

A “theme” is really just a design for your site. It gives your site that “customized” feel to it, even if there’s a thousand other people using the same theme. Generally, themes are free to use and will only require a “linkback” to the author’s site, as payment. Given, there’s some themes that are “for pay”, but it’s up to you if you want to pay for those.

Installing a theme is generally one of the most simple things to do with WordPress:

• Download your new theme from wherever you’re getting it.
• Unzip the folder (usually requires WinZip)
• Open FTP for your site, and head to the /wp-content/themes/
• Upload your theme folder directly there, leaving the file structure in tact.

That’s it. You’ve installed your new theme. To activate it, just go to the “Presentation” tab, in your Admin panel. You should now see a screenshot (assuming that your theme came with one) of the new theme. To “turn it on”, simply click on it. The page will refresh, and your WordPress application will now be using your new theme. Simple, right?

That’s themes in a generalized view. Check back in a few days, and I’ll be detailing how to modify or create your own theme.

On to plugins! To me, plugins are the most important part of any WordPress installation. Plugins are files or scripts that add functionality to the default workings of WordPress. They enhance what WordPress does right “out of the box” (which is quite a bit), and make it do more things. Plugins range from filtering spam, to creating contact forms, to photo galleries, to a zillion other things. In my opinion, no WordPress install is complete without adding a handful of plugins.

Some plugins I can’t live without: Akismet - Akismet fights spam comments by comparing their content to a centralized database of “known spam” content.
Adsense Deluxe - Adsense Deluxe is for WordPress users who want to generate some income, presumably with Google Adsense. I’ve tested this, and used it successfully with other ad providers, as well.
Netgen Gallery - Allows you to quickly, and easily add photo albums to your WordPress, with fancy AJAX abilities when viewing the photos.
Similar Posts - This plugin is great. It searches your content for other posts containing similar words and phrases, and automatically links them to the post the viewer is reading. It helps get people to other pages on your site.
Simple Pop Up Images - By default WordPress’ handling of images clicked to enlarge, is ugly. This plugin allows you to configure it to show them in a nice popup, without too much extra work on your part.

There’s really a zillion more plugins that you can use on your WordPress, and it’s entirely up to you which ones you want to use, and what benefit they’ll be to you. There’s two “main” places I go to look for plugins:
The WordPress Codex - Their central location of all of them.
Wp-plugins.net - Not official, but just as good.

Installing a plugin is just as easy as installing a theme to your WordPress:

• Download the plugin from its author’s location
• Unzip the plugin folder
• Open FTP
• Upload the folder to /wp-content/plugins

That’s it. Plugin installed. Now, you need to activate it. Head on over to your WordPress admin panel, and click the “Plugins” link. You should see your newly installed plugin there, with a link (on the right) to activate. Just click that link, and that’s it.

Just be sure, once you activate, to go test it on your site, and click around a little bit on other things. Sometimes plugins aren’t compatible with one another, and may not work well together. If this is the case, you’ll need to check with the author (usually they list incompatibilities on their site) for a fix.

One of the great things about the new WordPress (2.3) is that on the Plugins page, it notifies you if there’s a new version detected of the plugin. When there’s a new version, you should always update. There could be potential security flaws in using older scripts. Upgrading is just like installing for the first time. It’s recommended that you deactivate the existing plugin before upgrading, but I never do that. (Do as I say, not as I do.)

That’s it for plugins and themes. Pretty easy stuff that can heavily impact your WordPress installation, and the success thereof. Check back in a few days, my next write-up will be on how to customize a theme or even create your own from scratch. This will truly give your site a “custom” feel to it.

WordPress Admin Panel Guide

The WordPress Admin panel, or the “brains” of your WordPress install, is a key place, and probably the place you’ll spend the majority of your time on, rather than the site itself. It’s written very smart, and things make sense where they are. It’s generally located at www.mysite.com/blog/wp-admin (assuming you installed your blog into /blog, as we did in our first post, on how to install.

The WordPress Admin panel, or Dashboard, is broken down in a handful of subset groups, which make administering your WordPress much easier.

When you first login to your Dashboard, you’ll see the default Admin theme:

From left to right, your options read: Dashboard, Writer, Manager, Comments, Blogroll, Presentation, Plugins, Users, Options

Each of these groups is clickable, and brings you to the subset of options for that group, if they’re available.
Dashboard - This is the homepage of your Admin panel. It allows you to see recent WordPress news (from WordPress), recent comments, recent posts, Askimet Spam protection (assuming you’ve installed it, and you should!), and sites who’ve linked to yours.
Write - This will give you subset options for Write Post, or Write Page. Write post will post to your blog portion of WordPress, while Write Page will post to the “pages” section of your WordPress. Pages and Posts are different in many ways, but we’ll get more into that later on.
Manage - The manage section allows you to modify existing posts (whether in draft, published, or pending review form), modify existing pages (draft, published or pending), manage uploaded images, manage your categories, manage your files, import blog posts from another blogging service (LiveJournal, Greymatter, etc), or export your WordPress database.
Comments - This subset will give you three options; comments, awaiting moderation, and Akismet Spam (assuming you’ve installed Akismet, which again, you should!). Comments are all approved, and posted comments on all of your posts. Awaiting moderation are comments that are waiting to be approved (depending on how you set up WordPress, you can set certain things to be flagged for manual review), and Akismet Spam is stuff that is automatically detected as spam. You generally just go in here, verify everything is spam, and click “Delete All”.
Blogroll - A Blogroll is simply a list of links to other blogs. You can moderate links here, view who you’ve linked to, and import links from another location.
Presentation - This is where you select your active theme, and modify any theme you’ve got, without doing so through FTP. This is helpful, if you make a lot of small changes. Note: in order to use the Theme Editor, your files need to be writeable by the server. If you have any questions on how to do that, drop a note in the comments, and I’ll explain.
Plugins - I’ll be doing an extensive post on plugins, and themes coming up shortly. However, the Plugins menu is where you can see which plugins you have activated, and activate new ones. Plugins are basically extensions that make WordPress more useful, or customized.
Users - If you allow registrations on your WordPress, or have other authors, this is where you can go to manage them, give them permissions to do things (or not do things). You can also change passwords, e-mail addresses, and website URLs through this page. It’s also used for manually creating users of your WordPress, as well.
Options - Probably the most important part of your WordPress. The Options subset gives you a zillion options, literally. I’ll explain them, left to right, as they appear on screen: General Options; this allows you to change your blog’s name, your e-mail address, time stamp, new user default role, and membership options. Writing; allows you to modify a variety of options related to writing posts on your site, including the size of the posting box, default category, and others. Reading; configuration for how many posts to show on the site/RSS feed, and what to show on your front page. Discussion; allows you to configure who can leave comments, how often, if someone has to be registered to leave a comment or not, and when to flag a comment as potential spam (to moderate it). Privacy; do you want the WordPress to be indexed by search engines? Permalinks; this can be complicated if you don’t know what they are. A Permalink is basically a link to a specific page. You can opt for different options, based on what WordPress can do. Note in order to change from the default, you’ll need an .htaccess file, and it has to be writeable by the server. Miscellaneous; this simply lets you change where your files/images get uploaded to.

And that’s it, the WordPress Admin panel in a nutshell. Any specific questions? Leave them in the comments, and I’ll do my best to help out. Check back soon for my post on Plugins and Themes, how to use them, and what they’ll do for you!