Sofie Estolloso Hofmann Designs International

Upgrade and Keep your WordPress Secure

Wednesday, September 30, 2009 @ 11:15 pm by Sofie Hofmann

Have you upgraded to WordPress 2.8.4? If you did not upgrade yet, then you better upgrade now. It was on September 5, 2009 when it was reported that a worm was discovered making its way around old and unpatched versions of WordPress.

If you have not done anything yet, your WordPress is definitely very vulnerable to this worm. Matt, the co-founder of WordPress, wrote a blog entry on how to keep your WordPress secure and if you have not read it, I suggest that you read it. He explained everything extensively.

Matt wrote that blog entry a long time ago and I am just reminding you all about it in case you have forgotten to upgrade. You do not want your site or blog get hacked, right? Then do something now. It might not be too late yet.

Aside from the worm, an admin password reset exploit was found at the old versions which I mentioned when I upgraded to WordPress 2.8.4 Security Release. You can read about it at this blog entry, Upgraded to WordPress 2.8.4, Reset Password Vulnerability.

If you do not want to upgrade, then fix your WordPress wp-login.php file. How to fix the wp-login.php file? Read this blog entry, Fix: WordPress Admin Password Reset Exploit, at ProgrammerFish.

On the other hand, I really recommend that you upgrade to the latest version of WordPress even if you can fix the wp-login.php file and even if WordPress 2.8.3 is immune to this worm. If you have an older version than WordPress 2.8.3, you have more reasons to upgrade.

But in case your blog or site got attacked or hacked and then you upgraded without fixing it first, then your site or blog remained hacked. If your blog got attacked or hacked, fix or clean your blog first before you upgrade.

Lorelle wrote a very good article about this issue, things you need to know, how to know if your site has already been attacked, how to prevent your WordPress blog from being attacked, if your WordPress blog has been attacked, and how to respond to a WordPress attack. Read this blog entry, Old WordPress Versions Under Attack, at Lorelle on WordPress.

Reminder though, before you upgrade, backup your files, your WordPress theme, database, and all the other necessary files. Follow the instructions at the WordPress Codex on Upgrading WordPress and Upgrading WordPress Extended.

It is a good practice to always upgrade your WordPress to the latest release to avoid getting attacked or hacked. Upgrade constantly and keep your WordPress secure.

WordPress

Upgraded to WordPress 2.8.4, Reset Password Vulnerability

Thursday, August 13, 2009 @ 11:21 am by Sofie Hofmann

I finished upgrading all the blogs and sites that I maintain yesterday from WordPress 2.8.3 to WordPress 2.8.4, Sofie Estolloso Hofmann Designs International, Sofie Hofmann dot com, Pro Blog it | ProBlogging Venture Tips and Ideas, Reviews and Opinions, ISYU.INFO Around the World, Patria Diesel Power Plant Issue, Semirara Dumpsite Issue, Pandan Antique Philippines, Tugbong Festival, PAGTATAP Foundation, Philippine Seafarers Assistance Programme, Weggis along Lake Lucerne Switzerland, and Leocadio Alonsagay Dioso Memorial Public Library, all of them in just one day. Imagine I just upgraded to WordPress 2.8.3 from WordPress 2.8 last Monday, August 10, 2009.

But it is again time to upgrade your blog or site to WordPress 2.8.4. The new WordPress 2.8.4 version is a security release. It is highly recommended that you upgrade your blog or site NOW as there is a vulnerability with the previous version of WordPress wherein anybody can reset the admin password.

A URL can be requested which will reset your admin password. I will not give you the idea on how to do it as it will only make your blog or site vulnerable. I tested it myself. It does not allow remote access but it could give you inconvenience.

When someone tries to reset your password, the message will be sent to the email address of the admin, so there should really be no danger. You can get your new password and you can change your password again once you are logged in.

The problem here is, when someone tries to reset the password more than 100 times on your blog or site, then you will probably get confused which password is the right one. You do not want that to happen, right? Then upgrade your blog or site now.

WordPress

WordPress 2.8 to WordPress 2.8.4 wp-config-sample and wp-cron files, no closing tags

Wednesday, August 12, 2009 @ 12:01 pm by Sofie Hofmann

The first thing I did after I downloaded WordPress 2.8.4 was checking the wp-config-sample.php and wp-cron.php files. I saw that the closing tags are still missing. Since the release of WordPress 2.8, these two files have been missing the closing tags but I did not write about it as it is easy to correct it by simply closing the new wp-config.php file which is a copy of wp-config-sample.php file.

I actually have been wondering why wp-config-sample.php and wp-cron.php files have no closing tags? What I know is every file that has an opening tag “<?php” must have a closing tag “?>” as well. So I am not sure why these two particular files were not closed. I guess they were just overlooked and nobody reported it.

Nowadays, since we are normally upgrading our blogs and sites automatically using the WordPress automatic upgrader, wp-config.php is not being deleted nor replaced. So if you upgraded your blog or site from WordPress 2.7 using the WordPress automatic upgrader, then there is no problem as the old wp-config.php file has definitely a closing tag.

Even if you manually upgraded your blog or site, as long as you did not delete nor replace your wp-config.php file, then your wp-config.php file has definitely a closing tag. Normally, you do not delete nor replace the wp-config.php file anyway every time you upgrade.

The problem now is, if you installed WordPress especially WordPress 2.8 or any of its security releases for the first time for your blog or site. If you copied wp-config-sample.php file and created the new wp-config.php file without supplying the closing tag then your wp-config.php has definitely no closing tag.

As to wp-cron.php file, the old file will be replaced by the new file, so the new wp-cron.php file should be corrected manually as this file has definitely no closing tag.

Regarding other files, I did not check the other files, so I do not know if there are more files that do not have closing tags.

PHP,WordPress

Upgraded to WordPress 2.8.3, Image Gallery Problem and Solution

Monday, August 10, 2009 @ 1:48 pm by Sofie Hofmann

I finally finished upgrading all the blogs and sites that I maintain, Sofie Estolloso Hofmann Designs International, Sofie Hofmann dot com, Pro Blog it | ProBlogging Venture Tips and Ideas, Reviews and Opinions, ISYU.INFO Around the World, Patria Diesel Power Plant Issue, Semirara Dumpsite Issue, Pandan Antique Philippines, Tugbong Festival, PAGTATAP Foundation, Philippine Seafarers Assistance Programme, and Weggis along Lake Lucerne Switzerland, from WordPress 2.8 to WordPress 2.8.3 Security Release. I skipped upgrading to WordPress 2.8.1 and WordPress 2.8.2 as I was on vacation when those WordPress versions were released.

I also upgraded the Leocadio Alonsagay Dioso Memorial Public Library from WordPress 2.6.5 to WordPress 2.8.3 Security Release skipping all the other versions which were released before WordPress 2.8.3. So far, I did not encounter any problem when I upgraded Dioso Library site despite skipping WordPress 2.7 and WordPress 2.8.

I encountered a problem though with some of the sites concerning the image gallery but was also able to solve it.

What exactly was the problem?

Well, with my other sites, the images did not appear because I have 2 or more subfolders under a subfolder under wp-content folder. This problem occurred without checking “Organize my uploads into month- and year-based folders” as I would like to have yearly subfolders only and without the monthly subfolders. I have uploaded several images in different years like 2008 and 2009, in separate subfolders under a subfolder under wp-content folder.

Example 1:
wp-content/files/2008
wp-content/files/2009

Then, with the other sites, I did not only have different years but made use of the feature where we can just check “Organize my uploads into month- and year-based folders”. Checking “Organize my uploads into month- and year-based folders” would mean the images would be in separate monthly subfolders as it created 2009 for year 2009 and different subfolders for different months, 01 for January, 02 for February, and so on. In this case, the images did not appear too.

Example 2:
wp-content/files/2009/01
wp-content/files/2009/02

As I see it, the problem has something to do with having 2 or more subfolders under wp-content folder or 2 or more subfolders under a subfolder of wp-content folder instead of 1 subfolder only. I have sites where I uploaded the images in 1 subfolder only and I have no problem with them.

Example 1:
wp-content/uploads

Example 2:
wp-content/files/images

What was the solution?

I just commented the particular codes which I already mentioned in my blog entry Solution to WordPress 2.7.1 Gallery Code Problem.

And that was it! Everything went back to normal again.

WordPress

Got Indexed by Google and De-indexed by Google?

Tuesday, July 7, 2009 @ 8:03 am by Sofie Hofmann

I wrote about getting indexed by Google and Bing search engines last week. I wrote how Google indexed a blog entry at Pandan.ph within 12 hours after publishing it at 8:05pm on July 01, 2009 which appeared at the first page of the Google search results.

I checked Google on Sunday using the keywords “pandan drag race” and other keywords that I mentioned but the blog entry at Pandan.ph entitled 2nd Invitational Calixto Zaldivar III Motorcycle Drag Race Cup 2008 in Pandan, Antique was nowhere to be found.

The same thing happened at the other blog entry that I published on June 30, 2009 at Pandan.ph. It was also no longer listed at the Google search results.

I also checked Google Blog search. It was good to know that both the blog entries at Pandan.ph were still at the first page of the Google Blog search results which means the blog entries are relevant and valuable.

Another thing happened, this time regarding the domain name itself Pandan.ph. Every time I searched Google before using the keyword “pandan”, Pandan.ph would always appear at the first or second page of the Google search results.

But when I searched Google on Sunday, Pandan.ph was also nowhere to be found even at the succeeding pages just like what happened to the two blog entries. I am very sure that I did not violate the guidelines.

What does Google trying to show here? It just goes to show that Google crawls and indexes the site or blog any time it wants but also would de-index it any time without any explanation.

It shows that the blog entries were relevant when they appeared on the first pages of the Google search results but there is no guarantee that it would stay that way if Google changes its position that the blog entries have no value for both Google and readers. It makes me wonder then how exactly Google measures the relevance of a blog entry or an article.

Google

Get Indexed by Google and Bing Search Engines

Thursday, July 2, 2009 @ 11:30 pm by Sofie Hofmann

You have a blog or site and you would like to promote it, but it has not been indexed by the search engines yet. What would you do then? Well, the simplest way to get your blog or site get promoted is to submit it to several search engines like Google and Bing, formerly MSN Live Search. The question now is how are you going to get Google and Bing index your blog or site.

I wrote about this topic, on how to get indexed by Google and Bing search engines at ProBlogit.com but I will discuss other sites too. Basically the method is the same for the blog to get indexed by both Google and Bing. I discussed at ProBlogit.com how ProBlogit.com got indexed by Google and how SofieHofmann.com got indexed by Bing.

How to get indexed by Google? Submit your site to Google. Join Google Webmaster Tools and add your blog or site. Write content often and link the blog entry from another blog internally and externally.

How to get indexed by Bing? Submit your site to Bing. Join Bing Webmaster Center and add your blog or site. Write content often and link the blog entry from another blog internally and externally.

Another site that got indexed by Bing is this site Sehdi.com which was considered by Bing not valid when I added the site at Bing Webmaster Center. I have the impression that because Sehdi.com is being hosted in Switzerland, it was considered invalid at the time when I added it on June 24, 2009. Other sites are being hosted in the United States, so there was no problem adding it to Bing Webmaster Center.

Despite not being able to add the site at the Bing Webmaster Center, Sehdi.com was still indexed by Bing. It was already crawled and indexed before but this time more pages appeared at the search results just like SofieHofmann.com. All I did was, I just submitted the site to Bing. I wrote content for Sehdi.com but not so often. Despite the irregularity, Bing and Google have indexed the site and blog regularly.

Another site especially its two recent blog entries that I wrote the other day and yesterday that got indexed by Google fast was Pandan.ph. Considering that I did not even link the two blog entries from any other blog. The two blog entries appeared on the sidebar though of SofieHofmann.com and that was it. Other than that, I did not do anything.

When I checked Google today with keywords “pandan police”, the blog entry Pandan police arrested former policemen suspected of robbery in Buruanga, Aklan appeared first on the first page of the Google search results. I also used other keywords such as “pandan cops”, “aklan robbery”, “buruanga robbery” and the blog entry appeared on the first page of the search results.

Then I checked Google with keywords “pandan drag race” and the blog entry 2nd Invitational Calixto Zaldivar III Motorcycle Drag Race Cup 2008 in Pandan, Antique appeared also first on the first page of the Google search results. I also used keywords such as “calixto zaldivar”, “pandan invitational”, “pandan motorcycle race” and the blog entry appeared on the first page of the search results.

Pandan.ph was already added a long time ago at the Google Webmaster Tools. It just goes to show that even if you do not submit your blog entry to Google again as long as Google already made a habit of crawling and indexing your blog, then your blog will appear in Google any time and in this case the latest blog entry was indexed by Google within 12 hours.

I just did not check it right away yesterday after I wrote the latest blog entry at Pandan.ph, so I really have no idea when did really Google index that particular latest blog entry. I just learned about it after 12 hours when I checked Google today.

Bing,Google,Search Engines

Upgraded to WordPress 2.8 Baker, Gallery Code Problem

Friday, June 19, 2009 @ 3:12 pm by Sofie Hofmann

I finally finished upgrading problogit.com, sehdi.com, sofiehofmann.com, weggis.net, pandan.ph, tugbong.pandan.ph, pagtatap.org, psap-parola.org, isyu.info, patria.isyu.info and semirara.isyu.info sites and blogs from WordPress 2.7.1 to WordPress 2.8 Baker. A lot of bugs have been fixed but I guess not everything. There will always be something that will be left behind.

I encountered a problem and that is with regard to the WordPress 2.7.1 gallery code problem which I already encountered when I upgraded the blogs and sites from WordPress 2.7 to WordPress 2.7.1. To resolve the problem, I just followed what I wrote regarding the solution to WordPress 2.7.1 gallery code problem. Other than that, everything went fine. There were definitely a lot of improvements at the new released WordPress 2.8 Baker. Below is a quick video overview of the improvements at the new released WordPress version.

https://videopress.com/v/Pu3T4X8l

One remarkable thing that I also noticed was upgrading using the built-in automatic upgrade is now possible with my web hosts here in Switzerland. I had a problem before using the WordPress automatic upgrade which I also mentioned when I upgraded WordPress 2.6.5 to WordPress 2.7 Coltrane because of the safe mode restriction. Although the safe mode is still on, I was able to upgrade the blogs and sites hosted at my web hosts here in Switzerland by just supplying the FTP details.

Upgraded to WordPress 2.8 Baker

I did not see anymore those function error notices every time I attempted to use the WordPress automatic upgrade. I do not know if it was corrected on the part of my web hosts or on the part of WordPress. I checked the fixed tickets but I did not find the appropriate discussion about it. Nevertheless, if ever it was on the part of WordPress, thanks again WordPress people!

WordPress

Fluid Two-Column New WordPress Theme for ISYU.INFO

Thursday, May 7, 2009 @ 5:22 pm by Sofie Hofmann

I finished creating a new theme, a new fluid two-column WordPress theme for ISYU.INFO which went online on May 1, 2009. I actually had no intention to do it last month but ever since I finished the web designs for Semirara Dumpsite Issue and Patria Diesel Power Plant Issue, I just thought that I have to make use of the domain name isyu.info.

And so, ISYU.INFO Around the World was born. ISYU.INFO is a micro-blogging news site, and it could also be your daily news resource around the world. ISYU.INFO is a micro-blog where I write about just a few of the world news and issues that I have read on a daily basis.

Fluid Two-Column New WordPress Theme for ISYU.INFO

I already did a fluid one-column WordPress theme for this micro-blog within just a day but eventually changed my mind and came up of this fluid two-column theme which I was able to finish within 3 days because of so much revisions from fluid one-column theme.

There is only one layout for this micro-blog, wherein the main content is on the left side and the sidebar is on the right side. The width is not fixed that is why this is a fluid two-column WordPress theme. But just like how I designed the other fluid WordPress themes, the width of this blog may not be fixed but it was also limited to 900px so as not to expand the content if the screen resolution of the browser is bigger than 1440×900.

As usual, this site using a fluid two-column theme was tested at Safari 3, Firefox 2, Firefox 3, Opera 8.5, Opera 9.2, Internet Explorer 6 and Internet Explorer 7 with screen resolutions like 800×600, 1024×768, 1280×1024 and even bigger than 1280×1024.

Web Design,WordPress

Yahoo! Geocities Web Designs

Tuesday, April 28, 2009 @ 10:44 pm by Sofie Hofmann

Yahoo! announced last week that it will be closing GeoCities later this year after 10 long years of providing free web hosting. Yahoo! GeoCities is no longer allowing new customers to sign up for GeoCities accounts. Yahoo! GeoCities will provide more details about its closing and how to save your site data, if you have any, this summer. More information is available at Yahoo! Help Center.

It was with Yahoo! GeoCities when I first experimented designing websites. I created my first homepage in 1999 with GeoCities which was just acquired by Yahoo! then. I remember having that long url and I was never able to memorize it. Despite that, I created four more homepages for different purposes.

Pandan Antique HomePage

The five homepages that I created with Yahoo! GeoCities are still existing. They will exist until Yahoo! GeoCities closes down all GeoCities accounts and websites later this year. I still maintain the websites at Yahoo! GeoCities but I have not been updating them for quite a long time since I bought my own domain names. I already have removed some of the pages and redirected them to the new domain names. Some of the pages, instead of redirecting them, I just put a note about the new domain name.

Pandan Antique Information Site Pandan Antique Lawa

I actually just maintain the websites as they rank high at Google if you search using the keywords “pandan antique”. It used to rank high with the keyword “pandan” but ever since I stopped updating them, the rank at Google also changed. You will still see those homepages only at the second page and once in a while at the first page if you search Google using the keyword “pandan”. But if the keywords are “pandan antique” they are still on top of the first page.

A World of Inspirations Sofies Creations

I have not included my Yahoo! GeoCities free-hosted homepages in this site but when I heard that Yahoo! GeoCities will be closing, I might as well include them here and just put a note later that they are offline once they are not viewable anymore. They are very simple and all were designed using HTML. Remember, its free-hosting at Yahoo! GeoCities. 🙂

Web Design,Yahoo

Search Engine Bots Crawling Problem, Website Not Accessible

Monday, April 20, 2009 @ 4:48 pm by Sofie Hofmann

SofieHofmann.com was down for more than six (6) hours today. I was not sure what was happening as the other sites being hosted with the same server were and are fine, online and can be viewed unlike SofieHofmann.com. So I contacted Dreamhost support team. I guess people were still sleeping in the United States when I wrote so I got a reply a little bit late. Nevertheless, thanks to the support team of Dreamhost, I was able to fix the problem.

What happened? Well, it so happen that both Yahoo and Google were crawling SofieHofmann.com at the same time as what Patrick, the support guy from the support team pointed out and I never realized it. It was true because I also checked the raw.log file. He asked me to check “Goodies” and try to block or limit some search engine bots accessing the site.

Well, I already have a robots.txt file but have not updated it for quite some time now. When I checked my robots.txt, the list of folders inside that file were actually outdated. It never occurred to me that my robots.txt file was already outdated. I forgot to update it when I revised SofieHofmann.com.

So I uploaded the newly updated robots.txt file and used the Goodies as well. Just when I finished uploading the robots.txt file and filled out some stuff at the “Goodies” where “Block Spiders” is located, SofieHofmann.com was fine again.

What did I do? I just disallowed search engine bots to access the images and other folders by writing the name of the folders at the robots.txt file. Then, at the Control Panel of Dreamhost, at “Goodies > Block Spiders” section, I did not check what search engines to block but specified which directories to block from every spider. I also specified the file extensions to block from every spider. Yes, from every spider.

I do not really mind if the images at the site will not be crawled or indexed by the search engine bots. It is enough for me for the search engine bots to crawl the pages, the articles, and the blog entries.

How to disallow the search engines bots accessing some of the folders?

I just created, actually updated the text file called robots.txt and wrote the following:

User-agent: *
Disallow: /faq/
Disallow: /cgi-bin/
Disallow: /images/

In your case, if you would like to add more folders, just add them. I specified some more folders too. I just did not write everything at the example above.

Then I uploaded the file at the root folder. The asterisk (*) for the User-agent here means any spider, regardless if it is Yahoo, MSN, Google or whatever. I would like to limit all the search engine bots crawling the images folders and the other folders at the site, no exception.

When two big search engines are crawling a site at the same time, this is using up all the site’s connections and driving up the memory usage. For me, not allowing the search engine bots to crawl the images folders as I really have a lot of pictures at the site is not at all a problem.

The problem was so simple and it was such a discomfort not to be able to access the site. And I did not even realize that the solution was that simple too. If you have the same problem, well, check your robots.txt file.

Search Engine Bots,Search Engines