Bulletproof blog

HackedI’ve had an interesting few weeks fixing my blog. It was hacked. I suspect – though I have no direct proof – through my domain host CPanel account. Reading around the Internet, the host that I had chosen and had been happy with for a number of years had been victim to a server attack since early in the new year, and the account details of customers had been posted online somewhere. My CPanel password was relatively strong and not guessable (it wasn’t a dictionary word) yet a file was uploaded to my account via CPanel file upload. When I asked my domain host about it and how they think my account was hack they simply said via an unsecured script, and didn’t elaborate whether it was in my WordPress install or on their server. Anyway, after much cleaning and reinstalling – thank goodness I paid for routine site backup – I’m now back online with a clean site.

As a result of all this unwanted excitement I’ve made a few changes. Most importantly I’ve changed my domain host. I’m now with Bluehost, one of the few hosts recommended by WordPress themselves. I couldn’t be happier. It was an easy switch and I’ve now got more control than ever before over my CPanel account. I’ve also paid for BulletProof Security Pro plugin. I can’t recommend it highly enough if you’re a serious WordPress user. I used the free version for a while and liked it. The Pro version is just terrific and for the first time I feel safe in my WordPress bed at night. The owner Ed Alexander is so helpful. Please do seriously consider this plugin if you manage your own WordPress installation.

As an extra layer of security I now also use CloudFlare. I’m completely new to the word of content delivery networks and web application firewalls. It’s early days to know whether I’m benefitting from the claimed security and performance improvements, but the basic version is free with Bluehost so I’m giving it a go.

If you have any WordPress security tips and favourite plugins please let me know in the comments.

Weblog client that supports WordPress custom fields

Does anyone know if there’s a weblog client, ideally for Mac, that supports WordPress custom fields? I’ve tried popular editors such as Ecto and MarsEdit but I’ve not yet found a client that allows you to specify custom fields. I think custom fields are a killer feature of WordPress because you can store metadata separately from the post itself and do the kinds of cool tricks my Technotags plugin allows such as geotagging and adding reference links at the foot of posts.

Geotag your WordPress posts

If you’d like to geotag you WordPress posts you can do so using my Technotags plugin. The plugin does two things. It allows you to add metadata to your posts including geotag coordinates and it automatically creates a link to Google Maps to show the location of your coordinates.

Get the latest version of the plugin here.

To use this geotagging goodness simply add a custom field key called ‘gmap’ to your post and enter the latitude and longitude in decimal format as the value. Coordinates must be in decimal formal e.g. 52.4509934727,-1.93881244894 rather than as degrees, minutes and seconds e.g. +52° 27′ 3.57", -1° 56′ 19.72" for this to work. Most if not all GPS devices will give you coordinates in decimal format.

The custom fields from an example geotagged post will look like this…

WordPress Custom Fields

Your post is now geotagged! By adding coordinates to your post’s metadata you will be future-proofing your geotags because any future applications that can use latitude and longitude data will be able to extract these without affecting the post itself.

To help your readers visualise the location specified by your geotag coordinates the Technotags plugin creates an link to Google Maps using your coordinates at the end of your post. Because you entered coordinates using custom fields, the Google Map link is separate to your post, like all good metadata should be.

The Technotags plugin does other cool things like create links to Flickr and Technorati tags and much more. Check it out!

Have fun and let me know how you get on. Happy geotagging!

Technotags plugin updated

I’ve updated my Technotags WordPress plugin to v1.1. You can now add Google search links as well as tags to each WP post. Increasingly I wanted to be able to add ‘further reading’ links to my posts without having to break up the flow of a piece. Adding Technorati tags etc. are useful but still far from being a comprehensive way of linking to related information. Plain old Google searches are still probably the easiest way of finding related information so you can now add Google search links to your posts metadata, and have them rendered as a clean and simple further reading section at the end of each piece. I’ve also added CSS support so you can style your links/tags however you like.

Grab a copy of the plugin and let me know how you get on.

Technotags WordPress plugin

Thought I’d see out the year by releasing my first WordPress plugin. The Technotags plugin allows you to specify Technorati, Flickr, and del.icio.us tags as well as geo tag your post using Google Maps. Tags are stored as custom fields in your WordPress database. I implemented tags in this way as I believe that your posts’ metadata, the tags themselves, should be stored separately from the post itself to future-proof your tags rather than lock them into post content.

Get the plugin here. Let me know how you get on and please be gentle as this is not only my first WordPress plugin but also one of my first attempts at PHP scripting.

Exploring WordPress metadata

Sweet. My adventures with WordPress have lead me to explore the metadata capabilities of the posts database. I wanted a way of adding Technorati tags to my posts in such a way that I can optionally render the same tags as Flickr or Del.icio.us tags. Plus I wanted to future-proof my tags (metadata). There are a number of existing plugins that allow you to add Technorati tags for example and editors such as Ecto even allow you to specify tags by importing from your Del.icio.us account. But in most of the plugins that I found, tags are added into the post body itself and are not stored as seperate metadata in the database. I didn’t want to mix my data with metadata so I looked around for a solution that allowed me to create metadata using WP’s custom fields. Aha! I thought, another excuse to learn a bit more about the WordPress gubbins and PHP. So I delved, read the WP Codex of wisdom and wrote my first plugin.

My first WordPress plugin allows you to add tags as custom fields then render them as hyper-linked tags, Technorati tags by default but also Flickr and Del.icio.us tags and in fact tags for any web service that you care to develop an API for. I’m very pleased with the result. No doubt there’s already a plugin that does something similar but heck, this is my plugin and I had fun learning more about WordPress in the process of writing it. I don’t have any plans to release it to the wider world but if anyone’s interested, even if it’s from the point of view of a newbie like me who wanted to find out how to write WP plugins and to explore WP metadata, then drop me a line. The tag links you see at the end of this post are courtesy of my first few steps with PHP.

Random banner images in WordPress

I am thoroughly enjoying working with WordPress. Since changing my blogging software I’ve not only found that I have more control over my weblog but I’ve also learnt a little PHP/MySQL too which is coming in handy for other projects. Knowing a little PHP (all my other scripting experience has been with UesrTalk) has allowed me to tweak this weblog’s templates and functionality. Yesterday I figured out that I can have a random weblog banner image, an excuse to dust off some of my older iPhoto pics. Here’s a how-to for anyone else who’d like to do the same:

1. WordPress stores PHP template files used to make your weblog’s HTML pages in the /wp-content/themes/ directory. I use a modified version of the default theme so my templates files are in /wp-content/themes/default/ and the images used by the template are in /wp-content/themes/default/images/. The template that’s used to create the header of your weblog is called simply header.php.

2. Opening the header.php file in a text editor shows that the section that dictates the header graphic is:

#header { background: url("<?php bloginfo ('stylesheet_directory'); ?>/images/kubrickheader.jpg") no-repeat bottom center; }

3. Opening the kubrickheader.jpg image in Photoshop shows me that I can use any rectangular image that’s 720×182 pixels in place of the default blue box that comes with my chosen template.

4. I selected a range of images from my iPhoto collection that I’d like to use as weblog banner images and cropped them to the correct size saving them with incremental file names e.g. personalbanner1.jpg, personalbanner2.jpg, personalbanner3.jpg, etc. The trick is to save them with the same filename except for an incremental number suffix. You’ll use that number to randomly choose an image later.

5. I uploaded my series of custom banner images, 9 in total, into the WordPress theme image directory of my weblog and changed the header.php template to use the new image series:

#header {background: url ("<?php bloginfo ('stylesheet_directory'); ?>/images/personalheader1.jpg") no-repeat bottom center; }

6. So far so good but the change to the header.php template only allowed me to use the first of my custom banner images. I wanted to show a random banner image every time any of my weblog pages is viewed. By adding a bit of custom PHP, in this case a function that returns a random number, the banner image suffix is randomly chosen with every page load. Job done!

#header { background: url ("<?php bloginfo ('stylesheet_directory'); ?>/images/personalheader<?php echo rand (1,9); ?>.jpg") no-repeat bottom center; }

The rand (1,9) function generates a random number between 1 and 9. Obviously you must change the last number to reflect the number of banner images you have created. We need to add echo rand (1,9) to make sure that the random number is added to the HTML page. By converntion, each instruction in PHP must end with a semi-colon and finally we enclose the instruction in a PHP tag that tells your web server to interpret everything between the tags as PHP code.

And that’s it! Learnt a little bit about how WordPress makes weblog pages and learnt a little bit of PHP! Have fun hacking your own WordPress weblog.