Scripts For Your Website

July 20, 2009

Since WordPress is one of the most popular pieces of software on the internet, hackers are constantly looking for ways to exploit it. Googling “wordpress zero day exploit” returns 115,000 results, which shows a serious need for security measures.

I was recently given access to a new WordPress plugin which claims to be very effective in protecting you from hackers. I discovered that the method used in this plugin was not only ridiculously simple, but actually inferior to a method I have been using for years.

The most vulnerable point of access that hackers have to your WordPress blog is through the wp-content folder. This folder contains all the scripts used by your themes and your plugins. A hacker ( or his robot ) need only enter the following into the ‘Address Bar’ in order to discover the names of all the files in the folder:

http://YourBlogName.com/wp-content/themes

WordPress does not protect you against such access.

The plugin that I reviewed protects this point of entry by “fooling” hackers with a copy of the standard Apache ‘500 Internal Server Error’ page. This fake page is uploaded as ‘index.html’ to both the ‘plugins’ and ‘themes’ folders, so it is “seen” by the hacker software when it attempts access.

Now for my “old-school” method, which I will show you for FREE.

There is a file in the root directory of your blog called .htaccess This file contains coded instructions for your browser to follow before uploading your blog. It already contains code that tells the browser how to access your blog pages. All you have to do to protect your wp-content folder is insert the following code BEFORE the code that’s already there.

# Denies access to directories
Options All -Indexes

That’s all!

This code tells the browser not to let anyone access the index file of any directory, so a hacker will not be able to read the names of the files in your wp-admin folder, and thus not be able to access them. If the hacker software attempts access, it will “see” either a real Apache ‘403 Forbidden’ error page, or just a blank page.

Technorati Tags: deny access, exploits, hackers, htaccess, WordPress

July 13, 2009

I’m going to make an exception to one of my rules for this website, and talk about a new plugin for AdSense that I haven’t yet tried myself. The reason I’m talking about it is that it looks like it might be a winner. And the reason I haven’t tried it is because I just found out about it this morning.

Petre Coman of GoScript.net has some wonderful scripts that do amazing things, and are also quite simple in concept. I have been using his Uniquefier Plugin for WordPress on several of my “feeder” blogs for some time, and it is a huge time-saver.

Petre’s scripts are all quite reasonable in cost, but this is more than reasonably-priced — it’s FREE !

It’s a WordPress plugin called EarnItUp, and it purports to increase AdSense earnings by 30%.

I’m installing EarnItUp right now. Since I haven’t used this form of advertising yet on this blog, I won’t be able to tell if my AdSense commissions are increasing or not. But since it’s free, and easy to install, I can’t pass it up! Can you afford not to try this new way to increase your AdSense revenue?

Go to Petre’s new website, EarnItUp.com right now, and download his new plugin for your blog.

( another one of Petre Coman’s great scripts )

Technorati Tags: AdSense commissions, AdSense revenue, increase AdSense earnings, plugin for AdSense, plugin for your blog, WordPress plugin

July 7, 2009

One reason why blogs have become so popular in recent years is that search engines seem to like them a lot more than ordinary websites. They rank them more quickly, so blogs get noticed faster, and more people visit them.

Why is this? Because blogs have the ability to “ping”.

What is a ping? In simple terms, it’s a short message sent from one computer to another over the internet. The second computer then bounces back a message to the first computer acknowledging receipt. The is where the name came from — it’s similar to a radar ping originally used by submarines in World War II to locate other ships.

When you publish a new post on your blog, it automatically notifies various ping services — pinging them to tell them you have new stuff they should know about.

Why ping? The blog services can then add your blog to their directory or to their list of recently updated blogs. This gives you some backlinks ( very valuable! ). These links can be used not only by people, but get noticed by search engines and social networking sites as well — thus giving you even more backlinks!

WARNING: If your blog uses WordPress, it can easily get banned by many ping services.

Why? Because WordPress sends a ping every time you edit a post. So if you’re making a lot of changes, it will send lots of pings, and could cause you to be banned for ping spamming.

It’s possible that your blog could be banned, and you wouldn’t even be aware of it!

What can I do? Fortunately, there is an excellent WordPress plugin available from MaxBlogPress that solves this problem easily, with little effort and no cost.

The webpage for the Ping Optimizer has a more thorough explanation than I’ve given you here. It’s really simple to install — I use it myself on all my blogs.

So go to MaxBlogPress right now, and download the Ping Optimizer plugin.

( another great script by MaxBlogPress )

Technorati Tags: ping, ping optimizer, ping services, plugin for your blog, WordPress plugin

July 1, 2009

As I promised you on the Home Page, I have a script that will help protect your website from hackers. These parasites collect email addresses to add to their mailing list in several ways.

One fully-automated method is to send out a “robot” program to search all the websites that it can find. Search engines do the same thing, but for a legitimate purpose. The “spambots”, however, are only looking for one thing: email addresses.

I wrote a short javascript several years ago that hides your email address from spam robots. They can’t find it because it’s not in the HTML source code of you webpage. It only gets added to your page AFTER the page is loaded into your browser.

You can read all about the script, copy it, and use it on your own website. Just go to the Stop Spam Bots page on Professor’s Coding Corner ( one of my other websites ). There are clearly-written instructions on how to use the script on your website.

Don’t believe it? I’ve had readers who’ve told me that it’s impossible! But I’ll prove it to you right now.

Scroll down to the bottom of this page. You will see my email address – it’s shown right there as plain as day.

Now right-click anywhere on this page, and choose “View (Page) Source”. This will pop up a small window containing the HTML source code for this page.

Can you find my email address anywhere??? If you can, I’ll eat my hat!

This HTML source code is what the robot sees — ergo, the robot can’t see my email address either.

So go to Professor’s Coding Corner right now, and get the script.

Technorati Tags: hide email address, script, spambots, stop spam