Category Archives: Blogging

Changing WordPress defaults

Posted on by April 28, 2012

If there is one thing a hacker likes, it’s default settings.

Two of the settings in WordPress that originally were unchangeable were the default user – admin, and the database table prefix – wp_.

Nowadays both these can be changed at the time of installation but many people fail to do so and they remain at the default.

Changing them on an established site is not too difficult.  Once you have a tool like phpMyAdmin then it is pretty straightforward.

Changing the default username is the simplest job of all – simply open the ‘wp_user’ table and change the user_login to something other ‘than admin’.  The password and permissions will remain the same.  From experience, hackers trying a brute force attack will always use admin because a)  that’s the default and b) because trying to crack a username as well as a password is exponentially more difficult.

Changing the database table names is a little more time consuming.

First of all, the site needs to be taken off line, as any changes (such as comments) made during the fix will more than likely be lost.  I use the Ultimate Maintenance Mode plugin for this.

Next you need to check the maximum upload filesize allowed by your server.  A simple way to check is to select “Import” in phpMyAdmin and it will tell you.  A typical value would be around 10 to 15 Mb.  The reason for this check is that it is easy to download a database dump. but you may not be able to upload it again if the file is too big.  Most small sites will give little trouble, but a larger, well established site with thousands of posts and tens of thousands of comments will generate a dump well in excess or the limit.  The simple way around this is to export the database in batches of groups of tables.  Compression is another way around this, but for the sake of simplicity it’s best to use a SQL dump rather than a compressed one.

Once the file (or files) has been downloaded it is a simple matter of opening it (or them) in a text editor and doing a Search and Replace.  Note however that within the dump file there are two types of single quote.-

DROP TABLE IF EXISTS `wp_posts`;

CREATE TABLE IF NOT EXISTS `wp_posts` (

`ID` bigint(20) unsigned NOT NULL auto_increment,

`post_author` bigint(20) unsigned NOT NULL default ‘0’,

Both types are shown in the above example.  The oblique quote appears before wp_… and the straight quote at ‘0’.  Doing the Find and Replace, it is essential to use the oblique version.  Cut and paste is the simple solution.

Decide on a new table prefix (I’ll call it ‘fixed_’ and then do the Find (`wp_) and Replace (`fixed_). on each and every SQL dump file.  Once that is complete, import the file(s) back into the database.  You should now have doubled the number of tables, half with the old prefix and the rest with the new.

Now open up the file wp-config.php and change the value  of $table_prefix to the new one .

The site is now ready for public viewing, but you will find one rather nasty looking problem – when you try to access the Dashboard. or the Admin area you will get a message –

“You do not have sufficient permissions to access this page”

To fix this, (using phpMyAdmin) open up the table  ‘fixed_usermeta’ and modify any data in the ‘meta_key’ field that starts with the old ‘wp_’ to the new prefix ‘fixed_’.  You should end up with fields containing the likes of ‘fixed_capabilities’ and ‘fixed_userlevel’.

Lastly, open the table ‘fixed_options’.  You will see an entry under ‘option_name’ called ‘wp_user_roles’.  Change that to ‘fixed_user_roles’.

That’s it.

The site should now be happily running with a new administrator user name and a non-default database.

Dead blogs

Posted on by January 9, 2012

I thought I would try a little exercise today.

There is a list of the top 100 Irish blogs at Justin Mason’s site.  Now this list is old, but unfortunately I don’t know just how old.  However I reckon it dates back to some time in 2008.  For my little exercise, I thought I would test those sites to see just how many are still active.

The vast majority are indeed still there .  Some however came up completely blank or are restricted access.  I decided to test the sites I could access and see how recently they had been updated.

How do you define a redundant blog?  I decided that if it hadn’t been updated in the last 60 days then it was probably dead.  The result is a little disappointing.

Of the 100 blogs, over half [53%] haven’t been updated.  If I use a tighter figure of fourteen days, then 60% are gone.

Now the list claims to give the top 100 sites by Technorati Rank so it is not a comprehensive list of all blogs.  However one would assume that to gain a listing, the blog would have to be fairly popular, and the author would have to be reasonably dedicated, to the 60% death rate is a little surprising.

Maybe they are right.

Maybe Irish blogging is terminally ill?!

WP Social Blogroll

Posted on by July 29, 2011

I am not a great fan of Blogger as a platform.

I admit I have never used it with an account of my own, but I do know that it can be difficult commenting on Blogger site.  There is one feature of it that I like however and that is the ability to display links along with the title and time of their last post.  It was a feature I envied and finally I found a solution.

I installed WP-Social-Blogroll on Head Rambles.

I had a philosophy of linking to any site that linked to Rambles and this led to a rather long list.  I therefore set the list up on its own page.  At the time, I could not get the damned thing to work in the way I wanted, as it insisted on displaying the links and the icon, but it left out the latest post, the author and the date.   I left it and promised myself I would address it at another time but never did.

Recently it was pointed out to me that the Links Page wasn’t showing any links at all.  I dived in and for the live of me couldn’t understand why it wasn’t working.  I decided to install the plugin again from scratch.

Originally I just set up a normal page and included the Social Blogroll code.  They did recommend that I install it from a template however.  I tried that [I had never used a template page before but it was simple enough] and the links appeared, but still without title, author or date.  I was back to square one again.

I scoured the Internet but could find nothing relevant.  I don’t know how I found the solution, but I did.  I was using the wrong API key from Google!  I set up a new key, using the precise link to the Links Page and inserted it.  It worked perfectly.

The problem then was that I suddenly discovered just how many sites hadn’t been updated for months or even years.  The only thing is to remove all the links that haven’t been updated in [say] the last six months.  That is going to be a big job.

Maybe I should have left the plugin unfixed?!

Stumble strikes again

Posted on by January 12, 2011

I have mentioned before how I get occasional surges of traffic from Stumbleupon.  The page in question was posted in October 2007, but periodically it rises in the ranks of Stumbleupon.

Last Monday, at 4 in the afternoon, the latest ‘storm’ started.   I call them storms, as the usual pattern is a sudden peak in traffic before the page slides into obscurity again.

This time was different however.  What emerged over the last week is a quite remarkable pattern of traffic.  The Monday evening storm developed into one of the biggest since 2007, and instead of subsiding, it developed into a whole series of cycles.

graph1
Hourly traffic over seven days

For some reason, traffic drops to a minimum at around ten in the morning before rising to the next peak.

graph2
Daily traffic over thirty days

The decay in traffic is also quite remarkable in that it follows a mathematically precise curve.  I took the snapshots a couple of days ago, but the traffic is still following the same very precise pattern.

graph3
Monthly traffic over a full year

As the second illustration shows, the quantity of traffic is quite significant too.  In fact the site is receiving more traffic in one day than it would normally receive in a whole week.   Even more startling is that by the 9th, January’s traffic had already created a new twelve month record.

The traffic is still pretty heavy, but the rate of decay has slowed right down.  Mathematically, it is indicating that I can expect a permanent increase in traffic of around 500%.  However I recognize that is extremely unlikely which probably indicates why I’m not a climatologist?

Stumbleupon

Posted on by May 17, 2010

I confess I know little about Stumbleupon.

I know the general principle – you like something, you Stumble it – but it still baffles me.

A couple of years ago, an article in Head Rambles was Stumbled.   The effect was virtually instantaneous and a little alarming.  My hosting company phoned me to say they were on alert because of traffic to the server, it was that bad (or good, depending on your point of view).

Since then, that article has ridden through several Stumble Storms, as I call them.  None has been as powerful as the original, but they still cause massive traffic.

Stumble Graph 1 The graph above clearly shows the initial storm on October ‘08.  The majority of the little stalagmite peaks after that are mini-storms.  They appear to occur at random intervals and random intensity.

There is a storm in progress as I write this.

Stumble2

The graph above shows hourly traffic over a seven day period.  The storm started at around eleven last night and is easing off now, but the effect is very clear.  As storms go, it was a very minor one, but I’m not complaining.

What does baffle me is where these storms originate.  I have searched Stumbleupon and can find no mention of Head Rambles.  Presumably though there is a page somewhere that people are seeing?  Has it risen up the ranks again for a brief moment of glory? 

I have a lot to learn about this Internet lark!