Adding copyright meta data to WordPress

Wordpress Logo

This simple example illustrates how easy it is to automatically have copyright information displayed in a sites meta tags. Simply place the following snippet in your functions.php file (remembering of course to substitute your own copyright details

add_action("wp_head", "add_copyright_meta");

function add_copyright_meta() {
if(is_singular()){
echo "<meta name="copyright" content="Company Details, Year">";
}
}

Reducing WordPress comment spam using .htaccess

Wordpress Logo

I haven’t actually tried this, but the thought has occurred to me that a great way to reduce comment spam would be to use the following in your .htaccess file:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*blogdomainname.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
</IfModule>

Obviously you’ll need to change blogdomainname to your own domain

WordPress site URL during staging

Wordpress Logo

It is often useful to have a development and a staging environment alongside a production WordPress installation. Whilst staging it can be also be helpful to hook into the regular production database prior to switching the site live just to make sure there are no suprises ahead.
Because WordPress defines the site URL used for generating all links from a database entry, placing the below declarations into your wp-config.php file can quickly allow you to do this (without having to use a preview theme) Obviously replace stagingurl with your own address!

define('WP_HOME','http://stagingurl.com');
define('WP_SITEURL','http://stagingurl.com');

Some background reading in the WordPress codex is here

WordPress Hardening

Wordpress Logo

After a clients WordPress site was recently comprimised and subsequently serving up malware and spam a few quick reminders for WordPress security hardening:

Change the database prefix to something other than wp_
Change the security key salts
Protect config file through htaccess
Dont use admin or administrator for the default user
Use a strong password
CHMOD the uploads folder
CHMOD the config and htaccess to 640
Install and configure Akismet for spam prevention

iPhone WordPress Application Configuration

Wordpress Logo

On a self hosted WordPress installation (not a wordpress.com or .org) I was being continually rebuffed by an incorrect username/password combination – and I knew my password was correct.
Was it a problem with the iPhone application itself, was my blog misconfigured, who is John Galt?

The solution as it turns out was reasonably simple:

From your WordPress installation admin control panel: under Settings -> Writing in the Remote Publishing section ensure there is a tick in the checkbox

XML-RPC – Enable the WordPress, Movable Type, MetaWeblog and Blogger XML-RPC publishing protocols.

After that, you should be able to add the site from the iPhone app. Good luck!

FTP credentials in WordPress

Wordpress Logo

The issue is that when you try to automatically update your WordPress installation you are asked to supply your ftp login credentials. Hopefully just like me you are using unique, complex and hard to remember details. Joost De Valk created a plugin to fix the automatic update issue that some webhosts have here

The plugin (and this alternative) are a way to avoid having to go look up the details before plugging them in every time you wish to update.

In your wp-config.php you can define these values to hopefully end this problem once and for all:

define('FS_METHOD', 'ftpext');
define('FTP_BASE', '/path/to/wordpress/');
define('FTP_USER', 'username');
define('FTP_PASS', 'password');
define('FTP_HOST', 'host');
define('FTP_SSL', false);

The codex has a little more to say on the matter here

Renaming WordPress database prefixes

Wordpress Logo

Having non-standard table prefixes can help reduce automated attacks and malicious scripts from compromising your WordPresss database

This is a fairly simple process if you are familiar with the underlying database and principles, but is not recommended unless you are experienced with queries and a sql client such as phpMyAdmin

1) Prepare by making a backup everything, redirect your visitors etc
2) Change the default table prefix in wp-config.php to your required name
3) Rename all WordPress database table prefixes

Here are the necessary SQL commands (remember to change the example to your own table prefix)

RENAME table 'wp_commentmeta' TO 'wp_rand0mstr1ng_commentmeta';
RENAME table 'wp_comments' TO 'wp_rand0mstr1ng_comments';
RENAME table 'wp_links' TO 'wp_rand0mstr1ng_links';
RENAME table 'wp_options' TO 'wp_rand0mstr1ng_options';
RENAME table 'wp_postmeta' TO 'wp_rand0mstr1ng_postmeta';
RENAME table 'wp_posts' TO 'wp_rand0mstr1ng_posts';
RENAME table 'wp_terms' TO 'wp_rand0mstr1ng_terms';
RENAME table 'wp_term_relationships' TO 'wp_rand0mstr1ng_term_relationships';
RENAME table 'wp_term_taxonomy' TO 'wp_rand0mstr1ng_term_taxonomy';
RENAME table 'wp_usermeta' TO 'wp_rand0mstr1ng_usermeta';
RENAME table 'wp_users' TO 'wp_rand0mstr1ng_users';

Remember if there are other WordPress related tables created by plugins you will need to rename these as well. ALL table prefixes should be renamed.

4) Search the options table for any instances of the old table prefixes

SELECT * FROM 'wp_rand0mstr1ng_options' WHERE 'option_name' LIKE '%wp_%'

This will return wp_user_roles and any options or configurations created by plugins or custom scripts. Update the fields as appropriate.

5) Edit the usermeta table

Search the usermeta for all instances of the old table prefixes

SELECT * FROM 'wp_rand0mstr1ng_usermeta' WHERE 'meta_key' LIKE '%wp_%'

Again these fields will need to be updated where appropriate

Test everything is working and then set your site to live once again.

Embedding Google Maps in WordPress

Wordpress Logo

According to the support on the WordPress site here embedding GoogleMaps in WordPress is simply a matter of cutting and pasting the Iframe to your post. Simple! Effective? Not so much!

The problem is that if you use the Visual instead of the HTML Post or Page editors the code can get very messed up which is frustrating to say the least. So, a simple and elegant solution:

In your functions.php or custom_functions.php file (for your relevant theme of course) place the following code

//GoogleMaps Shortcode
function googleMaps($attribs, $content = null) {
extract(shortcode_atts(array(
"width" => '640',
"height" => '480',
"src" => ''
), $attribs));
return '<iframe width="''.$width.''" height="'.$height.'" scrolling="no" frameborder="0" marginwidth="0" marginheight="0" src="'.$src.'&output=embed"></iframe>';
}
add_shortcode("googlemap", "googleMaps");

Usage within a Page or Post
[googlemap width="200" height="200" src="YOUR_URL_HERE"]

So there are three parameters for our custom shortcode: width and height are optional – if you do not specify the size will default to that specified in the functions.php file. The URL is simply the GoogleMaps share URL.

Update 25/09/2012 – Clarified a few typos where WordPress has messed with the character encoding.