How to fix Timthumb security issue?

Timthumb.php is a popular script that is used to resize images dynamically in WordPress sites. This can be usually found in some popular premium¬† themes and image related plugins. Last week, a serious security issue was found in Timthumb. Unless, you update Timthumb to its latest version at once, your site is vulnerable for hacking. This is a serious threat affecting thousands of websites and even the WordPress founder Matt blogged about this. So, please act now. Here are few simple steps to fix timthumb security flaw: Update: Use Timthumb Vulnerability Scanner plugin. 1. Deactivate unwanted plugins. 2. Delete all inactive plugins and themes. If you have customised any of these … [Read more...]

How to find if a site is powered by WordPress?

WordPress logo

Many clients approach me thinking a site is done in WordPress while it is not. So, how to find if a site is powered by WordPress? 0. Use IsitWP.com. It detects a WordPress site with almost 100% accuracy. 1. Right click on any page in the site and select "View page source". You can also select "Page Source" in the view menu in the browser. In the source page, search for terms like wp-content or wp-admin or wp-includes . Any site not having these words in the source is not powered by WordPress. Some might have changed the wp prefix for security reasons. But is a very rare case. 2. Check domainname.com/readme.html to see if it is powered by WordPress. You can also use this method to … [Read more...]

Best WordPress Permalink structure

When you install WordPress, the default permalink structure you have is http://example.com/?p=123 . You can retain this structure if having the shortest URL possible is your priority. Else, you need to change this for better SEO. The most used custom WordPress permalink structure is http://example.com/postname/ . The permalink structure I use is http://example.com/year/month/postname/ . This is good for performance. Also, gives an idea to the user when the post was written. They can also trim the URL like http://example.com/year/month/ or http://example.com/year/ and see archives for that period. If you write posts daily or write many posts a day like in news websites, then … [Read more...]

FTP publishing on Blogger to WordPress: Migration guide

Blogger is closing its FTP publishing soon. Those who want to stay with Blogger custom domain or Blogspot can wait for their Migration tool. I recently migrated a client's site from Blogger FTP publishing to WordPress and it was a learning experience. Here is a brief migration guide: 1. Create a beta site in WordPress. ( http://example.com/beta/ ) 2. WordPress import will not work with FTP publishing on Blogger. So, switch FTP publishing to some Blogspot domain name for a moment. Don't worry. Your blog will be safe as all the FTP files still remain on your server and your site will be accessible. 3. Import your Blogger comments and posts from the Blogspot domain to beta WordPress … [Read more...]

WordPress automatic Thumbnail issue with Hostgator

If you are hosted with Hostgator, you may have a problem with the automatic thumbnail generation feature that many WordPress themes provide. To solve this: 1. Login to your Hostgator control panel and contact Live Chat Support. 2. Ask the support technician to white list your thumbnail generation file for mod_security . You will need to give your file name and path.¬† The file name mostly will be timthumb.php . You can find this file inside the WordPress theme folder. An example file path wp-content/themes/theme_name/timthumb.php This is a known issue with Hostgator's WordPress hosting and all the technicians can recognise your request. This problem will be solved by them in … [Read more...]

WordPress Security Tips

Sucuri

WordPress security tips: * Keep your WordPress installation and plugins up-to-date always and immediately. Many attackers try to take advantage of loopholes in outdated software. So, do not hesitate to upgrade WordPress fearing it would break custom made themes and plugins. Security should be the top priority. Use only trusted sources for WordPress themes and plugins. Please be aware that most of the pretty looking free WordPress themes may be having malware. * Use a strong, unique and different password each for WordPress admin user name, WordPress MySQL database, FTP user account and the web hosting control panel user name. These two steps are the most important WordPress security … [Read more...]