WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system, referred to within WordPress as Themes.
On March 13th, a SQL injection script was found in the WP Statistics plugin. WP Statistic is an open source plugin design to track visitors. It records IP addresses, referring sites, search engine terms, and location statistics. Per it’s WordPress.org, the plugin has over 600,000 installs. The Daily Swig reported that the plugin can break a WordPress site’s encryption keys and salts. Hackers can use automated tools like sqlmap. The flaw was found in admins accessing the “Pages” option to get statistics. This sends a request to a database and generates an SQL query. This function is normally reserved for administrators. But the flaw can be viewed by non-admins. The hacker can then input their own values into the database.
When the creators were alerted to the flaw, they quickly sanitized the bug and released a new patch.
I had speed issues with my WP installs for a while now. I could not figure out what I was doing wrong until now. I used too many plugins to block brute force attacks.
My default plugins for my WP installs are iThemes Security, Wordfence Security, and Jetpack. I use iThemes to change the WP-config and .htaccess files. iThemes has its own brute force protection. Wordfence is used a firewall and scanner. Jetpack has its own brute force protection. By disabling Jetpack’s brute force option, my sites sped up. I’m already protected with iThemes Security.
Sometimes I forget that a website suffers because of over-protection. When I overprotect my sites with a lot plugins, my sites suffer from performance issues. It is like doubling up on prophylactics… the effectiveness degrades because of friction. It is the same for plugins. Too many security plugins destroy the effectiveness of one security plugin.
In 2009, I purchased a domain called RealLifeSuperheroes dot org (or RLSHorg). I used WordPress as the Content Management System. I reposted articles about people dressing up as superheroes and fighting crime. My friend and I secured an advertising deal with Lionsgate for the Kickass Movie in 2010. To further the site’s usability (or UX), I added the BuddyPress and bbPress plugin. I also added a multisite function so people can blog on the site.
After watching the movie “The Social Network” I gave my site up to anyone who wanted to run it. I was done being the site’s webmaster. A guy named Watchman (from Milwaukee) said he’d run it. With no WordPress experience the install became severely infected with viruses. Watchman allowed anyone to register. I could not recover the website, so I closed it down. The site had over 800 spam users. I did not have the experience to clean the infected site. Nor could not I rebuild it. So I moved the old articles to a WordPress.com archive site. Watchman gave up the domain and the GoDaddy hosting account.
There was a lot of backlash from RLSH people. One guy in San Diego claimed I did this on purpose to destroy the community. Another guy named Geist claimed I stole money from him. I guess Watchman asked for money to keep the hosting going. Even now, people complain about my mismanagement of RLSHorg.
I learned two things from hosting a community hub-
Never let the inmates run the asylum.
Develop a thick skin.
Visitors do not understand the hard work and dedication that goes in a website. I spent hours on site development and maintenance. A lot of my money went into the site. I learned about WordPress (which I am glad for). But the fronted users had no idea why I did certain things. Instead they complained about my management. They said that I had a bias or an agenda against other people. They wrote blogs about how I was like to Osama Bin Laden (with YouTube videos and Photoshop memes). It was a horrible experience in hindsight. I am not sure the Pros outweigh the Cons.
Site users have no capability to understand web development. It is not their job to know. Their job is to visit and consume content. Complaining about a website means they are visiting. My job is to build and maintain the site. They are the users. They are not the admins. It is their right to complain.
I have the right not to listen. It is my right not to believe their insults. I chose to listen to gather feedback. I failed to understand that there are bad opinions. Not everyone is capable of rational thought. Some people give selfish criticisms. Frankly, some people are stuck up jerks. It is difficult to discern what was positive feedback and what was not. I didn’t trust myself. The job of a web admin is to trust that they know what they are doing. Some users are not trained web development people.
I learned that a web developer will always be linked to a website. You can build the backend to be easy to maintain. But if the new owners do not understand why things work the way they do, the site will crash. This might be the reason why some classes I took recommends adding maintenance fees. No one wants to be the garbage man. Everyone wants to be the Mayor. A site owner is both the mayor and garbage person. And being a free website garbage man sucks.
I am building a new WordPress collective at https://thecomixscene.com. The plugins I am using are BuddyPress, bbPress, Youser, and Comic Easel. My intention is to create a Webcomics hub like Tapas or Webtoons. I want to teach indie comic creators how to build and maintain WordPress sites. There are some Indie Comic collectives that do not and their subdomains are lacking. Whatever I learned in college, I want to sharing with others. Revisiting my time as admin of RLSHorg may help me make smarter choices. I don’t want to make the same mistakes as before.
Unsplash released an official WordPress plugin. For those who may not know, Usplash is an image repository for free images. Photographers donate their photos to Unsplash for others to use for free. Unsplash built a plugin that connects WordPress to their image library.
The setup is easy. A user must have Unsplash account so the plugin can connect the site via security token. Click on the connect button in the plugin’s dashboard, and your all set.
Adding this powerful repository eliminates the need to search for royalty-free images. It is not fun activity unless you are creating your own images. The conflict I found is that this plugin will not work if you are using the External Links plugin (by WebFactory LTD).
draw comics and webcomics. Comics is a passion of mine since I was a kid. It is
important that my webcomics loads fast and clear. I am particular on site
had an option called “Photon.” Photon accelerated images by using WordPress.com
as a Content Delivery Network. Photon did the reverse for my images. My sites
loaded very slow. If my site lost its connection to WordPress.com, my images
would not load at all. I stopped using the Photon option.
merged Photon with a new option called “Site Accelerator.” I was skeptical
about activating this option because of my experience. To my surprise, the Site
Accelerator did NOT screw up my webcomic; it improved my site’s load speed.
am happy that Jetpack continues to improve their service. I am also happy that
my load speeds improved.
I began using WordPress in 2009. I worked on a site called Real Life Superheroes.org. I used WP to repost articles about people dressing up as Superheroes to do good deeds. The site evolved into a Social Network (due to BuddyPress). When the movie Kick-Ass came out, Lionsgate offered my co-admin and I a cross marketing deal. In 2011, I stepped down as admin and left the site to new administrators. They could not maintain the site. It broke due to viruses and spambots. I moved the old content to a wordpress.com address.
Since then, WordPress is my go-to site builder. I often experiment with other platforms, but my bread and butter is WordPress. It is what I am familiar with and it is what I’ve taken classes for. It’s a powerful piece of software. I don’t know where I would be without WordPress.
Thank you to the Automattic team for building a CMS that has shaped how I develop websites.
WordPress 5.0 just launched today. I have updated all my WP sites. There are no issues to report right now. All is good.
This is my first blog with Gutenberg as the native text editor.I’m not skeptical about how WP would function with Gutenberg. I am concerned with how awkward the new text editor is. WP is reaching out to Squarespace and WIX users. I will learn to live without a basic text editor. I remain annoyed by the Document/Block options on the right-hand side. This may be another feature that appeals to non-WP users.
There are new plugins to build on Gutenberg framework. Block Gallery by Rich Tabor allows users to build better galleries. Block Lab is another plugin to create custom Gutenberg block. I’ve loaded both in this install and will experiment with them.
Good luck to everyone updating their installations today. I hope it is a smooth transition.
I changed my Heart WordPress blog address! I want toexperiment with the latest version of WordPress (WP 4.9.9 Alpha). Although WPdoes not recommend beta testing their programs on live site, I am doing itanyway.
My Heart WP site is a continuation of my college finalproject. Rather than let my WP project fade into portfolio obscurity, I use itto test new WP features. My final blog project site was a subfolder my WP network install. I created that network using the WP Multi-Network plugin and WordPress Multi-Site option. But, the plugins I use for my final are not usedanywhere else on in the network. This concerns me because I don’t want to usean untested plugin that will destroy my network. So I moved my blog to adifferent install which I can destroy without worry.
This site will be the first site I upgrade when WP 5.0 comesout. I’m anxious to see how WordPress runs when Gutenberg is its core text editor (https://wordpress.org/gutenberg).
I’ve accepting that images cannot post left or right. I wanted to have images within a paragraph body, but its difficult in Gutenberg. After reading the WP Tavern post, I see that I’m not the only one frustrated with the image options in Gutenberg.
I hope that this issue is resolve before the 5.0 release date later this month.