WordPress, Security

No Comments »

Security is a huge buzz word on the internet because of the many threats to privacy that exist in the online world. Here are a few things you can do to protect your privacy when you use WordPress. This list is by no means complete or exhaustive, just a few basic ideas. If you need serious privacy protection….well, you probably shouldn’t be building any website, much less a blog.

• Change your admin password frequently. Make it something unique and hard to guess.
• If you create an email address for posting, make it very unique and very long, containing no actual dictionary words, and an ugly combination of numerals and letters. You don’t have to remember it — just make an entry in your email address book for it.
• IMMEDIATELY upon installation, disable the Ping-O-Matic option in Options -> Privacy or Options -> Writing -> Update Services. There is an option during installation to disallow search engines from your site. This disables the ping function. Say yes! You can always change it later when and if you want to use Ping-O-Matic or other update services.
• Make changes to your theme, .htaccess and plugin files on your local computer, and upload them via FTP. Don’t allow WordPress to make changes for you. This isn’t really security against external attacks, but rather protection against user error. There is no “undo” button in WordPress after you hit the Update button.
• If you don’t have any authors or users on your blog besides yourself, go to Options -> General and disable the Membership settings (uncheck both boxes).
• If you permit comments on your site, visit Options -> Discussion and decide what security options you wish to enable.
• Enable the Akismet plugin. It’s well worth getting a free WordPress API key (takes a minute or two to sign up) for the spam protection you will receive.

This is just a quick overview of some very basic security measures. Comments and additional suggestions are welcome.

WordPress, How Tos, Security

No Comments »

During setup in the newer versions of WordPress, you are asked whether you want to let search engines see your blog, or just regular users. This is, IMHO, a very misleading question.

You might indeed want search engines to find your blog — after you get it set up completely. But not knowing the real meaning of this option, you say “yes” to search engines, and unbeknownst to you, WordPress is now going to notify Ping-O-Matic every single time you make a post to your blog! Yes, even your test posts and that silly “Hello World!” post (if you edit or update it).

Personally, my first assumption would be that the question about search engines would insert or leave out robots.txt tags, create or modify the robots.txt file, or something of that nature — since the robots.txt file and tags are directly related to search engines, and keeping them out or letting them in.

As a new blogger, or even moreso as someone setting up a content management system, the concept behind Ping-O-Matic (and update services in general) may be completely unknown. And furthermore, it has nothing to do (at least not directly) with search engines. So asking this question, in this manner, at set up is misleading to say the least.

This question should read “Do you want to automatically inform Ping-O-Matic of new posts to your blog? (If you choose YES, your site may be indexed immediately, even your test posts. You can change this option later in Options –> Privacy.)” since that is exactly what your answer to the question will determine. It should also tell you (or present a link to find out more) about pinging, and the actual results of setting this option to YES.

If you don’t want your new blog (and any test posts you make) immediately crawled by Yahoo! and other search engines, then say NO to this option during set up, or turn it off as soon as you get into Admin for the first time, before you blog about anything…or even update (edit) the Hello World! test post.

Tutorials, Webmaster

No Comments »

You’ve finally had it with your old web hosting company, and you’re ready to make the move to a new one. You get all signed up, and then they tell you that there’s just one thing you must do: visit your registrar and change the DNS servers. What??

In English, that translates: “Go to the website where you bought your domain name, log in with your username and password, and point your domain to the new host.”

If it’s been a while since you registered your domain name, and if they haven’t been good at keeping in touch, then you might not even remember who you registered with. And what’s a DNS server anyway? Let’s start at the beginning.

Please note these are generic steps to take for all registrars. For specific instructions for your registrar, contact them.

1. If you don’t remember who your registrar is, run a “whois” check on your domain name.
2. Note the name of the registrar, and the email address you used when you signed up. (Do you still have access to that email address? That is the only place they will send your username or password information.)
3. When you find the name of the registrar, visit their website.
4. Use their “Lost Password” function (and maybe even “Lost Username” :)) to find your login information. NOTE: The key here is whether you still have access to the same email address you signed up with. If not, you will need to contact the registrar’s customer service department by phone, and find out what their procedure is for letting you back into your account.
5. Once you have all that taken care of, and you are ABLE to log into your account, please do so.
6. Now you will change your nameservers: look for a link in your admin area which reads something like “Change Nameservers” or “Manage DNS”.
7. Your registrar needs you to provide two (2) nameservers. This information was provided by your hosting company in that Welcome Email that sent you on this quest in the first place. Go read it! The format of these nameservers will be like this:

ns1.chocolate2code.com

ns2.chocolate2code.com

The “ns1″ and “ns2″ are pretty standard, but there are variants. And of course, you’d replace “chocolate2code.com” with the domain name of your new host server, as per your Welcome Email. Note: the nameserver domain is not necessarily the same as the domain name of the registrar. Don’t guess…verify the nameservers in the email you received.

Phew! Now you’re done! What happens next?

Now you sit back and wait. It takes 24 to 72 hours for this change you just made to propagate across the whole entire internet. Every ISP out there in the big world has a different idea of how often they should check for DNS updates. Some check every few hours, others check every few days. Be patient. If you start testing your new site in less than that time, you will get it sometimes, and other times you’ll still see the old site.

If after 3 full days you are unable to see your new website consistently every time you try, then contact your new hosting company and let them know. Oh…and don’t forget to empty your browser’s cache before testing! That’s the first thing the hosting company will tell you to do when you call them. It’s nice (and will gain you some respect from them) if you can say, “I already tried that,” and mean it.

Tutorials, Internet

No Comments »

Having trouble with the internet? Website down? Can’t send email? Can’t receive email? These are frustrating problems, and our tendency is to “call someone” to help us. We start with the cable or DSL company. They tell us it’s not their problem. We call the webhost, they say everything is fine on their end. How can a regular guy track down a problem in a sea of misinformation? If you do some basic troubleshooting yourself, you’ll find it’s much easier to communicate with the technical support folks, wherever you end up calling.

Don’t Call Anyone….Yet

Much of the answer (and therefore the first troubleshooting steps) lies in the set up you have at your home or office. All of the following can be part of, or the root of, the problem:

• Network router (wireless or wired)
• Network card installed in your computer (wireless or wired)
• Your modem (dial-up, cable and DSL all have modems)
• Your ISP (Internet Service Provider: DSL, Cable or Dial-up company)
• Your web hosting provider (what’s that? if you don’t know, you don’t have one, so don’t worry about it :))
• Your domain registrar (same question, same answer)
• Your outgoing and/or incoming mail server (could be managed at your office, could be the same as your web host, or your ISP….or may be outsourced to a 3rd party email provider!)

My aim today is to help you navigate this complicated mess of potential causes, and find the right person to help you with your problem.
Pinpoint the Problem

Often, you can get a handle on “who to call” just by pinpointing the specific problem.

1. Can you access the internet? Can you visit webpages? If not, then you either have a problem with your home network (your modem, your network card, or your router), or your ISP is having trouble.
2. If you can’t send or receive email, and you can’t access web pages, then you probably have a network issue or ISP issue. Your home network is the first place to start. If power cycling your modem, disconnecting and reconnecting, rebooting your computer(s) or power cycling your router don’t help, then your ISP might be having problems. Telling the support tech at your ISP that you’ve tried all these other possibilities will gain you some respect when you call, and avoid wasting your time.
3. Do you have a web hosting company? If you can access the internet and bring up sites like Google and MSN, but you can’t access your own website, then your web hosting provider is your contact point.
4. Trouble with email? If your email address is from your ISP (you@comcast.net, or you@bellsouth.net, etc.) then that’s who you’ll want to call.
5. Email issues can be a little more complicated if you are using your own domain for email (you@yourdomain.com). Your domain’s email is probably managed by your hosting company, at the very least your incoming mail (that’s your POP account). But it’s possible that your outgoing mail (a.k.a. SMTP) is through your ISP! You’ll need to find out if your outgoing and incoming mail servers are the same, or different (look in your email program, on your own computer, where you set up your email account). If they are different, be sure to call the one you’re having trouble with. The other one will tell you it’s not their problem — and they will be correct.

Email Problems: When you have your own domain
Here are a couple of common scenarios for email issues, when you have your own website and your web hosting provider is managing your domain’s email:

Both your outgoing and incoming mail servers are based on your own domain name, for example:

Incoming (POP): mail.yourdomain.com

Outgoing (SMTP): smtp.yourdomain.com

If this is how your email is set up, then your web hosting company is responsible for both incoming and outgoing.

Your incoming and outgoing mail servers are different, typically your incoming is on your own domain, and your outgoing is on your ISP, for example:

Incoming (POP): mail.yourdomain.com

Outgoing (SMTP): smpt.yourISP.com

In this situation, you’d most likely be experiencing trouble with getting email, but not sending email…or vice versa….but not both. (If your problem is with both, then either you have the set up in the previous example, OR the problem is not only with email, but with your website or your internet access as well….or you have two problems at once, which isn’t entirely out of the question…. :))

By now, you should have a better idea of where the root of your internet problem lies. If you’re still not sure after reading this, at least you’ll be able to ask more intelligent questions of whomever you do call, and they will be able to give you better guidance toward a solution.