On March 13th, a SQL injection script was found in the WP Statistics plugin. WP Statistic is an open source plugin design to track visitors. It records IP addresses, referring sites, search engine terms, and location statistics. Per it’s WordPress.org, the plugin has over 600,000 installs. The Daily Swig reported that the plugin can break a WordPress site’s encryption keys and salts. Hackers can use automated tools like sqlmap. The flaw was found in admins accessing the “Pages” option to get statistics. This sends a request to a database and generates an SQL query. This function is normally reserved for administrators. But the flaw can be viewed by non-admins. The hacker can then input their own values into the database.
When the creators were alerted to the flaw, they quickly sanitized the bug and released a new patch.
In 2009, I purchased a domain called RealLifeSuperheroes dot org (or RLSHorg). I used WordPress as the Content Management System. I reposted articles about people dressing up as superheroes and fighting crime. My friend and I secured an advertising deal with Lionsgate for the Kickass Movie in 2010. To further the site’s usability (or UX), I added the BuddyPress and bbPress plugin. I also added a multisite function so people can blog on the site.
After watching the movie “The Social Network” I gave my site up to anyone who wanted to run it. I was done being the site’s webmaster. A guy named Watchman (from Milwaukee) said he’d run it. With no WordPress experience the install became severely infected with viruses. Watchman allowed anyone to register. I could not recover the website, so I closed it down. The site had over 800 spam users. I did not have the experience to clean the infected site. Nor could not I rebuild it. So I moved the old articles to a WordPress.com archive site. Watchman gave up the domain and the GoDaddy hosting account.
There was a lot of backlash from RLSH people. One guy in San Diego claimed I did this on purpose to destroy the community. Another guy named Geist claimed I stole money from him. I guess Watchman asked for money to keep the hosting going. Even now, people complain about my mismanagement of RLSHorg.
I learned two things from hosting a community hub-
Never let the inmates run the asylum.
Develop a thick skin.
Visitors do not understand the hard work and dedication that goes in a website. I spent hours on site development and maintenance. A lot of my money went into the site. I learned about WordPress (which I am glad for). But the fronted users had no idea why I did certain things. Instead they complained about my management. They said that I had a bias or an agenda against other people. They wrote blogs about how I was like to Osama Bin Laden (with YouTube videos and Photoshop memes). It was a horrible experience in hindsight. I am not sure the Pros outweigh the Cons.
Site users have no capability to understand web development. It is not their job to know. Their job is to visit and consume content. Complaining about a website means they are visiting. My job is to build and maintain the site. They are the users. They are not the admins. It is their right to complain.
I have the right not to listen. It is my right not to believe their insults. I chose to listen to gather feedback. I failed to understand that there are bad opinions. Not everyone is capable of rational thought. Some people give selfish criticisms. Frankly, some people are stuck up jerks. It is difficult to discern what was positive feedback and what was not. I didn’t trust myself. The job of a web admin is to trust that they know what they are doing. Some users are not trained web development people.
I learned that a web developer will always be linked to a website. You can build the backend to be easy to maintain. But if the new owners do not understand why things work the way they do, the site will crash. This might be the reason why some classes I took recommends adding maintenance fees. No one wants to be the garbage man. Everyone wants to be the Mayor. A site owner is both the mayor and garbage person. And being a free website garbage man sucks.
I am building a new WordPress collective at https://thecomixscene.com. The plugins I am using are BuddyPress, bbPress, Youser, and Comic Easel. My intention is to create a Webcomics hub like Tapas or Webtoons. I want to teach indie comic creators how to build and maintain WordPress sites. There are some Indie Comic collectives that do not and their subdomains are lacking. Whatever I learned in college, I want to sharing with others. Revisiting my time as admin of RLSHorg may help me make smarter choices. I don’t want to make the same mistakes as before.
Unsplash released an official WordPress plugin. For those who may not know, Usplash is an image repository for free images. Photographers donate their photos to Unsplash for others to use for free. Unsplash built a plugin that connects WordPress to their image library.
The setup is easy. A user must have Unsplash account so the plugin can connect the site via security token. Click on the connect button in the plugin’s dashboard, and your all set.
Adding this powerful repository eliminates the need to search for royalty-free images. It is not fun activity unless you are creating your own images. The conflict I found is that this plugin will not work if you are using the External Links plugin (by WebFactory LTD).