Version: 13.1
Revision: 15 Build 33
Wordpress – Which file is the most important?
Introduction: In this tutorial, we are going to learn the basic about files, directory and study how important these files can be! But, for those who already knew these, then I am not going to argue. But, you may want to continue and learn something new… it’s your choice!
————————
Everyday, when we login and operate Wordpress, there is a file that controls your SQL database and your administrator panel. This file is called: “wp-config.php”. However, if there is a server problem or your blog was hacked, there is a chance that you may lose your “Wordpress password and SQL Database”. Therefore, you have to create a plan and keep these files in a safe place!
On the other hand, your SQL database, it can be ‘backed up’ with your Cpanel and export it to your external devices, such as: removable drive or compact disk. But, please be aware about your internal hard drive. They can crash and cause serious problem! So, get yourself an external hard drive, if you don’t have one yet!
Secondly, if you have a large collection of plug-ins, you may also want to compress all of these as a ZIP file and download them to your external hard drive. So, if your server had a crash… again… there is always a backup for you to upload! This will also reduce your time and bandwidth. Well… technically, if you are a busy guy, like me, you may want to learn this word “Logic” and keep yourself happy from these miserable nightmares! But, don’t forget about your “Themes” directory. There must be a lot of work going into these folders!
Thirdly, if you have a large “htaccess” file, you will need to create a backup of that too. Don’t forget it! It will come in handy!!
Finally, here is a short version, if you are confused or clueless…
To make this short and simple, there are four areas that you need to back up. These are your “wp-config.php file, htaccess file, wp-plugin directory and your theme’s folder.” If you are not bother about these files, then you are on your own. But, I am not going to be around and flick my wand.
That is today lesson! Better get working on my art profile…
Copyrighted By Lair360
Version: 12.1
Revision: 13 Build 11
How to repair Wordpress from hackers!
Introduction: When you are working really hard on your Wordpress and gain a good amount of visitors, you are in the line as a target practice for hackers and cyber-space criminals. In other terms, if you get hacked by these idiots, then you are in big trouble! This can also effect your rankings, offending readers to expose ‘Virus and Trojans’ attacks and infect other reader’s computer; making you as an unwilling promoter to subject materials that is not related to the article or the blog. Nevertheless, It can also be classified into many sources, for example: “spam, rude topics, swearing and pranks.” But, the worse dilemma is losing your articles and valuable contents. However, if this happens to you, it is best to not postpone on the clean up process, since a speedy restore will generally minimize the damage that was caused by the morons. That is right… the crazy hackers!
On the other hand, there are many sources that will suggest you to upgrade your Wordpress to the latest version. However, there is a flaw in the upgrade, as most users will not notify you that the hacker may have left a backdoor (hidden file) in a directory where it wouldn’t get overwritten with the actually upgrade, or injected code into your theme. Therefore, I am writing this article to completely clean and restore a Wordpress installation that has been hacked.
1.] Backup your website and database.
Backing up a hacked copy of your blog or database, it is still a crucial process as it contains valuable information and files. You really don’t want to lose your data if something goes wrong with the cleanup process. Even worse, you can take a risk and restore things back to their hacked state and start over.
2.] Create a copy of your uploaded files and images.
Images are generally safe from posing a security risk and ones that you uploaded by yourself (for example: the ones that was included with a theme, for instance) will be harder to trace and replace after things are fixed again. Therefore, I would recommend you to grab a copy of all the images in your uploaded folder to avoid broken images in your posts (later on). If you have any non-image files that may possibly been compromised, such as zip files, plugins or php scripts that you were offering people, it is a good idea to grab fresh copies of those from the original source.
3.] Download a fresh copy of WP, plugins and a clean template.
Upgrading Wordpress automatically, it will make life easier for you and everyone! However, it will only replace specific files, and it doesn’t delete obsolete ones. It will also leave your current themes and plugins in its original place. This means, if you use to upgrade a blog that has already been compromised, it can very well leave attackers a door to get back in. So, it is best to start from scratch as far as your file portion and installation goes.
4.] Delete all files and folders in WP directory & upload!
FTP protocol = Slower (depends on your file size and folders).
Cpanel Manager = Faster (depends on your server responses).
When you have a fresh copy of all your files and folders, you will need to completely wipe (Erase) the entire directory and the structure of your blog. This is the only (possible) way to completely remove all infected files. You can do all of these through FTP protocol, but due to the way that FTP handle folder’s deletion, this can be slow as hell! This can also disconnect you from your server, due to flooding with FTP commands. Nevertheless, if you have Cpanel, you can compress everything in a Zip file and extract them within the server, and it will also shorten your time!
Notes: if you are uploading your files and folders in a Zip file, there is a high chance that your codes, they are not broken or corrupted. Therefore, if you have Cpanel, please take the advantage and safe your time and bandwidth.
6.] Run a database update!
At this stage, you will need to give WP a little boot in the backside. In other words, you will need to point your browser at “/wp-admin/upgrade.php”.
7.] Change your Admin password!
From this level, if you have more than one Admin, and you can’t get the others to change their passwords, then I would suggest you to change their user levels (privileges) until they can change their password. Simple…
On the other hand, if there is anyone in your user list that has ‘editing’ capabilities, and you don’t recognize them, it’s best to kick (remove) them out of your blog. But, for the best security, I would recommend you to delete everyone!
8.] Check all posts and articles for ‘iframe’ hacks!
Inside your Cpanel, you will need to direct yourself to “phpMyAdmin” and run the following sql scripts.
This script searches your SQL database for hidden iframes, script injection and display.
Also, please note that you can delete these rows if it exists (it should be rebuilt dynamically)
———————————-
SELECT * FROM wp_posts WHERE post_content LIKE '%iframe%' SELECT * FROM wp_posts WHERE post_content LIKE '%noscript%' SELECT * FROM wp_posts WHERE post_content LIKE '%display:%'
———————————-
If you want to combine the above script into a single batch – process, you can use this scripts as an alternative.
———————————-
SELECT * FROM wp_posts WHERE post_content LIKE '%iframe%' OR post_content LIKE '%noscript%' OR post_content LIKE '%display:%';
———————————-
9.] Double check your blog (for a second time) and look into your SQL database for anything suspicious!
Don’t just sit back and think it’s all done like a paper airplane!!
Keep a lookout at all time and manually update your Wordpress!
Copyrighted By Lair360
Version: 13.1
Revision: 33.2
Secure Wordpress & Hide Your Errors!
Introduction: When I was designing my new homepage, I was really worried, especially the “wp-config” file and your “Wordpress debug” configurations. In other words, if a hacker can access this file and retrieve your “SQL Database” and collect your server errors, then you are seriously in trouble! So, I would suggest you to implement these codes and place them into your HTA Script file. This is a safety precaution and its your last line of defense against criminal cyberspace!
When you access your ‘WP control panel’, it is like a blackened that will only allow the administrators to access the information by login in with their username and password. However, if the user creates an error, it will provide related tips or information to ease the login. So, it is a pretty useful toy for unwanted intruders!
Part 1: disable “wp-debug” from unwanted intruders.
——————————-
To disable “wp-debug”, you will need to access your “wp-config.php” file and set it on FALSE or delete the strings. Otherwise, any error in WordPress, it will be displayed in your browser. Nevertheless, these ‘debug tools’, it should only be used in the development area of WordPress.
1.] Login to your Cpanel and edit your “wp-config.php” file. But, don’t forget to make a copy of the original file, before you try to disable it.
define('WP_DEBUG', false);
2.] Save your changes and move onto part two!
Part 2: protect your “wp-config.php” file.
——————————-
In part one, you have disabled “wp-debug” configurations. But, to stop your offender from hacking into your “wp-config.php” file, you will need to create a ‘.htaccess’ file and place this code into your main – blog – directory. This will hide the files or forbidden the intruders from seeing your “SQL database’s passwords” and other important information.
# protect wp-config.php <files wp-config.php> Order deny,allow deny from all </files>
2.] When you are done, please double check your source and save your changes.
After that, just delete your old “.htaccess” files and upload your new version.
3.] Move to part three!
Part 3: hide your login messages from hackers.
——————————-
At this stage, you will be modifying your theme’s “functions.php” file. Therefore, I would recommend you to create a backup of your original file. After that, you can proceed with the instructions.
Notes: when a user tries to login on your blog, but failed, the login screen will display a message to let you know what happened. Sure, it may be useful to you. But, it will be even more useful to potential hackers and criminal cyberspace!
To solve this problem, you will need to find your “functions.php” file and add this source. After that, you will need to double check the codes and save your changes.
<?php add_filter(’login_errors’,create_function('$a', "return null;")); ?>
That is all! This will secure your Wordpress like a crystal ball! But, don’t rely on it too much! In other words, you will need to keep track of spammers, comments and make sure that they are not injecting any type of worms or infections. If this happens, it could cause a security breach to your login area and your database. Therefore, if you see a suspicious comment / email, please delete it and always update your Wordpress, change your database password and your login password.
Good Luck to all of you and Merry Christmas!
Copyrighted By Lair360
Version: 13.2
Revision: 34 Build 11
Five important backup – rules for Wordpress publisher!
Introduction: In this tutorial, we are going to learn the basic about backing up your important ‘Wordpress’ files & folders. This tutorial is pretty easy to read and it should make you aware. This is also like a checklist, to let you backup the important items, just before upgrading to a newer version of ‘Wordpress.’
1.] When you’re prompted to upgrade, you’ll need to disable all of your ‘Plug-ins’. If you ignore this crucial step, there may be some side effects or errors, when you update your Wordpress engines and your SQL database.
2.] Always check your ‘wp-config.php’ file and keep a backup of that file. This file is the hearth of your ‘Wordpress’ engine and it also controls your SQL database and your Administrator’s settings. If you lost this file or the file becomes corrupted, then, your SQL database is completely useless.
If this situation is severe, you will need to consult this problem with your ’server provider’. They might have a backup of your ‘config.php’ file or your database’s password. However, it depends on your hosting – provider – services.
3.] When you’re upgrading, you might want to create a backup of your costume -Wordpress – theme folder. This is only for users who had purchased their own template or had their template completely modified. This tactics is very useful and it will also reduce your time, instead of modifying from scratch.
4.] When you’re are using your FTP server, you will need to create a backup of your ‘.htaccess’ file. This file is also very important, if you have a lot of coding that use to block spammers, evil robots and hot-linkers.
5.] This backup is optional. But, it is useful if you don’t want to re-download or search for the correct plug-ins. All you need to do is look for your ‘plug-in’ folder and compress it as a zip file. That is all…
Simple? I think so…
Copyrighted By Lair360
Wordpress – display ADS on your sidebar v5
Tagged Under : 125 pixel ads, php script, Sidebars.php, Wordpress
Version: 4.1
Revision: 34 Build 22
Wordpress – display ADS on your sidebar v5
Introduction: this project was driving me to the wall! I have to re-write my entire “125 pixel ADS” – source code, so that it could find the images from your costume – template – files. Also, this version is not JavaScript, infact, it was written in PHP with CSS script. So, it’s a little harder for me to build. But, don’t panic! I already did a test run.
Anyway, all you need to do is follow the instruction, carefully!
1.] Login to your Cpanel and look for your theme folder.
Directory: /wp-content/themes/* costume – theme – folder/…
2.] Look for your “header.php” file and add this line.
<script type="text/javascript" src="<?php bloginfo('template_directory'); ?>/css/blocked_template.css"></script>
Notes: if you saved the file with a different name, you must modify the CSS directory.
If you don’t, your sidebar will go funny…
/* --- Copy these code into your 'blocked_template.css' --- */
#sidebar li li.ad1 {
float:left;
margin: 0 5px 5px 0;
width:125px;
}
#sidebar li li.ad2 {
float:left;
margin: 0 0 5px 0;
width:125px;
}
#sidebar li li.ad3 {
float:left;
margin: 0 5px 0 0;
width:125px;
}
#sidebar li li.ad4 {
float:left;
margin: 0 0 0 0;
width:125px;
}
/* --- Copy these code into your 'blocked_template.css' --- */
3.] Back into your server, you’ll need to create a new “template.php” file. Just give it a simple name, like: ‘ads125.php’. After that, you’ll need to edit your file and add these code with your prefered ADS.
Notes: you’ll need to create a seperate directory (costume stylesheet directory) for your image-banners. The directory is called: ‘banner_images’.
<ul class="banner125 clearfix">
<li class="ad1">
<a href="<?php bloginfo('url'); ?>"><img src="<?php bloginfo('template_directory'); ?>/banner_images/ads125.gif" style="display:block;margin:0;padding:0;" alt="125x125 banner ad" /></a>
</li>
<li class="ad2">
<a href="<?php bloginfo('url'); ?>"><img src="<?php bloginfo('template_directory'); ?>/banner_images/ads125.gif" style="display:block;margin:0;padding:0;" alt="125x125 banner ad" /></a>
</li>
<li class="ad3">
<a href="<?php bloginfo('url'); ?>"><img src="<?php bloginfo('template_directory'); ?>/banner_images/ads125.gif" style="display:block;margin:0;padding:0;" alt="125x125 banner ad" /></a>
</li>
<li class="ad4">
<a href="<?php bloginfo('url'); ?>"><img src="<?php bloginfo('template_directory'); ?>/banner_images/ads125.gif" style="display:block;margin:0;padding:0;" alt="125x125 banner ad" /></a>
</li>
</ul>
4.] Save your progress and add this line into yout “sidebar.php”. But, you must place this ‘ads125.php’ file in the same directory as your “sidebar.php”.
<li> <?php include (TEMPLATEPATH . '/ads125.php'); ?> </li>
5.] You’re good to go!
Copyrighted By Lair360
