Thursday, July 10th, 2008
If you want to give people the option to contact you by email, you need to display your email address on your site. But by doing so, you are putting yourself at the mercy of the low-lives out there harvesting email addresses so they can spam you with products that will enlarge certain parts of your body.
There are solutions out there that use javascript and other stuff to “obfuscate” your email address, but why use something external when you can use the handy, shiny, built-in WordPress email obfuscating template tag?
To use this template tag, you need to do the following:
- Make sure your email address is in your user profile.
- Put the following template tag wherever you want the address to appear:
<?php echo antispambot(get_the_author_email()); ?>
The WordPress codex says that this tag works as follows:
The function antispambot() above parses the e-mail address passed by get_the_author_email() (this is the same as the_author_email(), except it returns rather than displays the author’s e-mail address). Use of the echo command displays the output of antispambot(). An interesting feature is it encodes only portions of an address, and does so randomly so the letters encoded are different each time the page loads, adding a little more firepower to the spam protection arsenal.
My questions are:
- Since this pulls an author related parameter, will the email address change according to the author? (Probably.)
- Can this even be displayed in the sidebar?
It seems that if it is author related, it is not a good solution for displaying a website email address that does not belong to a specific person, like . But if you do have a multi-author site and you want to display the authors’ email addresses, this seems like a great way to do that without feeding the spam wolves.
![[Slashdot]](http://slashdot.org/favicon.ico)
![[Digg]](http://digg.com/favicon.ico)
![[Reddit]](http://reddit.com/favicon.ico)
![[del.icio.us]](http://del.icio.us/favicon.ico)
![[Facebook]](http://www.facebook.com/favicon.ico)
![[Technorati]](http://technorati.com/favicon.ico)
![[Google]](http://www.google.com/favicon.ico)
![[StumbleUpon]](http://www.stumbleupon.com/favicon.ico)
Posted in Good Blogging Practice | Tags: bad guys, security | 2 Comments »
Tuesday, April 15th, 2008
When starting out, many bloggers seek out the cheap and easy route, either choosing to blog on Blogger, WordPress.com, or another free and hosted blogging platform. This approach makes sense, since a person can never know until they’ve started if they even like blogging, let alone whether they’ll be successful.I almost always suggest to beginner bloggers to set up a blog on WordPress.com, but the reason is not because I think this is ideal, but because it is easiest to migrate a blog from WordPress.com to a self-hosted WordPress.org site, which is ideal (as opposed to migrating from Blogger, which can be a nightmare). One of the reasons it’s so easy is because you can select the same permalink structure as in your original WP.com blog, and just change the main domain name part in a 301 redirect. Also, by using WP.com, you will become familiar with the WordPress system and interface, which is similar in the self-hosted WordPress.org version.
Why am I against WordPress.com?
I am not against WordPress.com. I think it’s a great service, and the quality of the features is unmatched in any of the other free hosted blogging platforms. In addition, people in the SEO industry have told me that due to the strength of the WordPress.com network, blogs that are hosted there do incredibly well in the SERPs. But if a person wants to take up blogging as a serious activity, or finds that their WordPress.com blog is growing, I suggest that they move their blog off of WP.com to their own self-hosted blog. Here is why:
- Limited blog design flexibility - whenever I’ve tried to use a WordPress.com blog, I’ve always found myself stuck at some point because I can’t add certain features. Users are limited on WP.com by the amount of customization they can do to the CSS, even if they pay for extra access to the CSS. They also can’t customize the loop, and the sidebars can only be modified to the extent that widgets allow. Also, WP.com users can’t add WordPress plugins, which is one of the keys to expanding your blog’s features.
- You don’t control your content - as soon as you are using a service that is hosted by someone else, you have lost partial ownership over your content. I’m not talking about what exactly it says in the WP.com terms of service (we’ll get to that soon), but I am talking about the issue of your content sitting on someone else’s servers. I personally prefer to try to keep my content under one roof - my own. As for the WP.com Terms of Service - you are at the mercy of their discretion as to whether your content is appropriate. When hosting your content on someone else’s servers, you are always at risk that someone may decide that your content is inappropriate, and they can easily shut you down.
- Hosting quality issues may haunt you - if the WP.com servers are having trouble, like the recent DoS attack on the WordPress.com servers, you will suffer. Of course, that is the case on all servers, but if you are really unhappy with a service provider, you can call them up, complain, and always change servers if need be. When your blog is on WP.com, it’s not as easy.
- You are at risk of being censored in certain countries - upon finding content that they don’t like on WP.com, certain countries with undemocratic tendencies will simply block the entire system. While it is possible for them to just block the individual WP.com blogs that they find offensive, these countries either don’t care enough to try, or are happy to block an entire blogging universe since blogging is all about free speech, and they are not. Countries that have blocked WordPress.com are Turkey, China and Brazil.
WordPress.com is a great service, and the people providing it are incredibly generous. However, like any other free hosted service, it has its drawbacks which should be taken into account when deciding on which path to take for your blog: free hosted or paid and self-hosted.
Posted in Tips | Tags: security, SEO | 19 Comments »
Friday, February 22nd, 2008
Today, WordPress Garage turns one year old. Hasn’t our little baby grown up fast? Blow out the candles…
It is exactly one year ago today that I wrote my first post here. It was about Jerome’s Keywords Plugin, which was a popular plugin for creating tags in WordPress before they became a built-in feature.
The reason I started this blog is because at that time, I was building web sites for clients, but felt that I could not justify creating static sites anymore. I was searching desperately for a solution that would enable me to create sites with a content management system that wouldn’t break the bank, and that I could manipulate and customize without being a programming wizard.
I looked into many open source options, and found that WordPress was easiest to use from the designer/developer’s point-of-view, and from the user’s point-of-view. So my company started building sites on WordPress. As we built, we learned a lot and I felt like we really need a good way to organize the information we were gathering about good plugins and how to use them, themes, and code hacks.
And thus WordPress Garage was born. Between WordPress’ categories, tags, and the search function, I figured we’d always be able to locate the information we need within minutes.
Apparently, others also were looking for this information, and readership grew as well, which is good because it’s a lot more fun to write when you know people are listening.
Birthday presents
In honor of WordPress Garage’s birthday, I have two new presents:
- A WordPress Garage facebook page! If you like this blog, please come on over to this page and become a fan. I’d really like to get to know my readers a bit more.
- The WordPress Garage YahooGroup - I’m on the WordPress Pro mailing list, which is about the most dry and boring list on earth. I suggested that the list become more active, and while people said it wasn’t appropriate for that list, they liked the idea. So, this email list’s goal is to be a place where people can help other people with their WordPress issues. Looking for that perfect plugin? Can’t figure out why your blog is breaking? Join the list and ask!
Statistics and summary
It’s fun to compare my first month on WPG to this last month. Site visits have gone up 1,424%, and pageviews have gone up 841%. Now I get almost 8000 visitors a month according to Google Analytics, and over 14,000 page views. Most of my visitors come from Google Search, with the rest coming from StumbleUpon and other sites. My top referring sites in order of traffic are:
Most popular posts
The most popular posts on WPG at the moment are:
Best WP Garage tips
These posts aren’t necessarily the most visited, but the tips in them are pretty useful:
Most controversial posts
A little bit of controversy adds color to an otherwise boring monologue about loops and plugins. I don’t like to create conflict, but getting people to participate in an active discussion is just fun.
Consumer evangelists vs. lawyers: using “WordPress” in domain names - this is the post where Matt Mullenwegg commented three times. In this post, I argued that WordPress shouldn’t shun blogs (like mine) that use the word WordPress in their domain name, and should rather embrace these consumer “evangelists” who love the product so much that they volunteer their own time to talk or blog about it. After I wrote this post I finished Meatball Sundae by Seth Godin, and he also talks about this idea.
Anyways, Matt and Lorelle didn’t like my opinion, and accused me, or those like me, of “blatant[ly] disregard[ing]…a core tenet of our community,” of being like a scraper, and of legal violations. In the end Matt kind of softened up and he said he’s “thrilled about [me] or anyone who blogs about WordPress.” He said if I want clarification about their policies I should feel free to email or call him. So, mustering up some good ol’ Israeli chutzpah, I called him and left him a message. Despite his generosity, I think this blog is still shunned by the WordPress powers-that-be. Oh well.
Would we use WordPress if there were no plugins? - I just threw out this question to make us think about how valuable WordPress would be on its own. I think it’s value lies in the fact that it supports plugins.
ZDNet says WordPress not clunky, but also not CMS - I referred to an article by ZDNet about whether WordPress is a CMS and sparked a lively discussion.
WordPressGarage is being scraped! I want to stop them…now! - I realized that one particular site was scraping all of my content and republishing it. I threw the issue out to my readers, and got some interesting responses in the comments.
Is WordPress’ security vulnerable at its core? - WordPress is being upgraded all the time because of security issues. Plugins also have constant security vulnerabilities. Is this standard, or is there a problem with WordPress? BlogSecurity.net said there’s a problem with WordPress. Read the post to find out more.
Milestones
- Someone told me that I’m one of the coolest people in the WordPress community! Can you believe it? (No, it wasn’t my mother.) While in the real world I am far from being considered cool (mother with lots of kids who works hard to pay the bills with little time for play), I guess that in the WP community my geekiness is…cool…or something.
- WordPressGarage listed as one of Top 40 Blogs About WordPress!
- I’m sure there was something else I got excited about over this past year, but I can’t remember.
So happy birthday WordPress Garage, and may we enjoy another fun year of WordPress blogging together!
Posted in News & Views | Tags: backup, blogging, CMS, security | 16 Comments »
Wednesday, February 6th, 2008
To my chagrin, my blog is telling me that it’s time to upgrade again.
It’s an urgent security release because if you allow registration on your WordPress blog, users can edit other users’ drafts. WordPress development also mentions the vulnerability in the WP-Forum plugin that I mentioned recently. This is the first time that I’ve seen WordPress themselves mention a plugin security problem. It must be really serious.
Can we discuss WordPress’ security for a sec?
I know that WP fans say that the reason there are so many security breaches is because WordPress is so popular and widespread, more people try to hack it.
WordPress detractors say that there is no excuse: WP gets hacked too much, has too much spam, and too many security problems.
So which is it? Let’s take a look at what a pretty objective group of people have to say about WordPress security: BlogSecurity.net.
BlogSecurity.net is a great blog that reports on social networking and web blog security. A large percentage of their posts are dedicated to WordPress issues. This could be because WordPress is so popular so they’ve decided to dedicate most of their energies to covering it, or it could be because WordPress has more security issues to report about.
It seems to be the latter, and BlogSecurity.net addressed the general issue of WordPress security recently:
We have seen alot of critical vulnerabilities being discovered in WordPress core and its plugins of late, who’s to blame?…
One of the major problems I see with WordPress is that it provides little (if any) protection against input validation attacks. So where does the problem lie?
One of the main problem lies in the way WordPress sanitises user input….
If WordPress is going to get serious about security, we need to come up with hardcore secure functions, that the WordPress core, and its plugin developers can use. These functions should take the security considerations out of the plugin developers hands and secured from within the WordPress core!…
This is one area, where I think blogging platforms like Drupal do a far better job! (my bold)
So is WordPress insecure by design? The answer seems to be yes!
Ramifications? I don’t know. I’m not jumping ship any time soon because no other blogging or CMS platform offers what WP does: flexibility, ease of use, extensibility, and great community support.
I’m no software developer, but I would say that it’s probably in Automattic’s interest to concentrate all their efforts in tightening up security issues now, and only once that’s done to add any new features they planned on implementing in the next release.
——————————
Here are some other plugin vulnerabilities that were recently discovered, in case you missed them:
WordPress WassUp Plugin “to_date” SQL Injection Vulnerability
WordPress AdServe Plugin “id” SQL Injection
WordPress WP-Footnotes Plugin “admin_panel.php” Cross-Site Scripting
dmsguestbook, st_newsletter, Wordspew, wp-footnotes vulnerabilities
wp-calc & wp adserv plugin vulnerabilities
Posted in News & Views | Tags: Automattic, security, upgrades | 4 Comments »
Wednesday, January 9th, 2008
Mark from 45n5.com has posted a short and pointed video about WordPress, and how it sucks. The video is aptly titled “WordPress sucks,” and here it is for your viewing pleasure:
[youtube]http://www.youtube.com/watch?v=X0BTz-hTvOg[/youtube]
David Peralty has responded with his own video on BloggingPro arguing that WordPress doesn’t suck. And here it is:
[youtube]http://www.youtube.com/watch?v=7fyuvzWtTgI[/youtube]
So does it or doesn’t it? Suck, I mean.
Let’s do a comparison between the two videos and their messages to try to figure this one out:
| Mark |
David |
| Short, to the point |
Starts off strong, but goes on way too long |
| Sings really badly |
Needs a haircut (or so he says - I don’t think so) |
| Entertaining with “interesting” effects |
Is boring |
| Makes some good points I can’t argue with: WP gets hacked a lot, has too many security updates, and too much spam (”WordPress has more spam than a fat kid eats spam…and that’s a lot!”) |
Basically says these problems are the fault of the users. But who can blame users who don’t update all the time when updates are being released every week? And spam is not the users’ faults. |
In my opinion, Mark wins this round - he gets his points across in seconds flat, so he keeps our attention, plus his arguments are legitimate. But I still really like WordPress, despite its faults, because it does have a lot of benefits. The biggest benefit, I think, is that it puts flexible publishing in the hands of the people. You don’t have to be a programming guru to put together a stylish, user-friendly, optimized, and feature-filled site. And of course, the price is right.
What do you think?
Posted in News & Views | Tags: security, upgrades | 2 Comments »
