Webenso » Wordpress

WordPress Coolness List

Kathy Alice — Mon, 05 Dec 2011 18:38:34 +0000

Last week I got to geek out at a WordPress meetup in a SOMA studio (south of Market in San Francisco) There were 9 short demos at the meetup, here are some of the highlights.

SEO Translate – WordPress plugin that translates your content into many languages, including the double byte Asian languages. Built on Microsoft translation technology, it’s free.

Pagelines – This theme framework lets you rearrange your WordPress site on the fly with a nice drag and drop interface, you can also plugin your own css code without having to deal with ftp.

Livefyre – this plugin made for a cool demo by taking blog commenting to the next level with its real time interface. Livefyre also provides spam filtering and social network sign-in. With my comment luv plugin currently disabled, I’m tempted to check out their free version.

Richa Avasthi demo’ed how she implemented responsive web design into her blog using different stylesheets when particular browser widths were detected. If you haven’t heard the term “responsive web design” before, it means web design that looks good across an array of devices, such as mobile. If you haven’t started thinking about how your website looks on a mobile device, it’s time. I’ve been looking at the twenty eleven WordPress theme as an example as it has responsive elements built into its css.

Backups and upgrades may be boring, but losing your data is not.

Kathy Alice — Wed, 23 Nov 2011 06:08:35 +0000

Have you backed up your WordPress lately? Maintenance activities such as upgrading WordPress or backing up my site rank at the top of my list of my least favorite things to do. I’d much rather write a blog post or check out a new plug-in. But this week I bit the bullet and spent some time on site maintenance.

Do I really need you to tell why backups and upgrades are important? Here’s one reason, WordPress’s popularity has not gone unnoticed by hackers and they are hard at work exploiting security vulnerabilities in the software. By upgrading to the latest version of WordPress you are at least installing the latest security fixes. That goes for your plugins as well.

Backup before you Upgrade

That one click upgrade for your site and plugins is tempting, but before you click the button, there are a few things you need to do first.

Backup your database: Everything you care about is in your WordPress database. Your posts, your categories, your tags. If you just backup one thing, your database should be it. Your WordPress can be reconstructed – but the content on all your posts and your pages likely can not. To backup your database you will want to make an SQL export of your database. This will contain the SQL commands to recreate the tables and import in your content. How you do the export is host dependent. I log into phpadmin through my cPanel and click on “Export”. Here is more information on backing up your database.
Backup your files: This is less important but could be really useful if you ever need to restore your site. Also after my malware experience, I like to look over things periodically. Use a ftp client like Filezilla and copy down all the files in your WordPress installation onto your local computer.
Disable plugins Your plugins may not play nicely with your new version of WordPress, so disable them.

After all of this you are now ready to upgrade WordPress. I just use the Automatic upgrade by clicking on the link that appears in the Dashboard. You can of course do a manual upgrade which is much more involved.

Cleaning house – do you really need all those plugins?

Since you have taken the time to do some site maintenance, why not focus a little more attention on it? Upgrade any plugins that need it, and critically look at your plugin list and decide whether you still want to use all of them. For example, I had been quite irritated how slow my social media plugins made my site, so they haven’t been turned back on, and sure enough, the site is much snappier, confirming my suspicion that the social media buttons are the culprit. So for now they remain deactivated while I develop a different solution.

Backups are good – multiple and distributed backups are better

Keep a couple of the database backups around, so that if there is a problem with one of them you have another to fall back on. Better yet, make a copy of the sql file and store in on a backup service such as Mozy or even Dropbox so there is a copy somewhere other than your computer.

Don’t Forget to Test Your Website

Kathy Alice — Thu, 31 Mar 2011 17:48:29 +0000

Yesterday I received an automated call from PG & E, as I have monthly for the last 2 1/2 years. The automated voice told me their records indicated I was a dog owner and that I needed to make sure my dog wouldn’t interfere with the meter reader. It then gave me the option of pressing “1″ if I no longer had a dog. I have never had a dog so I pressed “1″ but I knew it was futile. Because pressing “1″ in the past hasn’t made the calls stop. Not to mention that I now have one of those “smart meters” that doesn’t require a meter reader. I guess I am just doomed to receive these calls as long as I live here. Doesn’t that kind of stuff drive you crazy? Well you might be doing something similar to your website visitors. QA, short for quality assurance, is the discipline of making sure a given project meets certain quality criteria. In my years working for technology firms, I found that software got plenty of QA attention, however the company’s websites got very little. Why? Because it’s easy to quickly fix a problem on a website, where a piece of software often has to be recompiled and rebuilt, costing money. There was always a tug of war between marketing’s need to get messaging or a program out quickly and the engineering need to do it right. Marketing often won. I’m quite guilty of not testing my own website. With the pressure of enhancing its functionality to make it more useful to visitors and keeping to my posting schedule, making sure everything works always falls through the cracks. Of course using WordPress you get a platform that has been battle tested by thousands (maybe millions), however that doesn’t mean you are completely off the hook. Here are a few “quality” issues to pay attention to:

Browsers You should view your websites in a few browsers, especially after changing themes and installing plugins that have a visual impact. Also pay attention to your sidebars. I recommend viewing your site in Internet Explorer (7 or 8), Firefox and Chrome. If your audience is not tech saavy, unfortunately you probably need to check IE 6 as well. I wouldn’t spend a lot of time fixing IE 6 issues, but it would be good to be aware of them.
Comments Comment on one of your posts and make sure the experience works as you think it should. There are several moderation options, for example you can only moderate comments that have 2 links or more (a sign of spammy comments). Check the spam queue and see if Akismet is doing it’s job correctly. When I reset up Akismet for this site I found it marked as spam several valid comments. So I’m checking the spam queue every so often.
Opt-ins Any integration with another system requires QA attention. Whether your opt-in box comes from aweber or some other email service provider, it is a good idea to walk through each step of the opt-in process. Usually the process works fine, but the user experience leaves something to be desired. Does the pages that the user ends up on make sense or are jarring? Is it clear what the next step is to the user (for example to click on a link in an email to confirm the subscription).

Quality Assurance isn’t just about making the functionality works, that’s the first step. You need to put yourself in the shoes of your visitor and evaluate the user experience. You can take this further and test separate elements of your website to see whether a given headline converts better (this is very useful if your website primary’s purpose is to sell a product). This is called split testing (some visitors see one version and others see another version) and can be done with themes, titles etc. There are plugins that facilitate split testing WordPress. If you are planning to make massive changes to your website, it’s a good idea to preview your plans on a local install of WordPress so you can hack away without breaking anything public. Of course there is no way to make sure everything works perfectly. Giving your users an avenue to let you know when things aren’t working is prudent. As my experience shows with PG & E there is nothing more frustrating than to have no one listening when things aren’t working. Since I send out my posts as aweber blogcasts, those readers can respond letting me know it there are problems. It is also a good idea to monitor the comments on your posts. A contact form is another channel to get feedback, I haven’t put one on this blog yet, but it is only a matter of time before I do. Now I just need to prioritize this task ahead of everything else.

Help, My WordPress Site is Hacked – What do I do?

Kathy Alice — Sat, 26 Mar 2011 20:10:24 +0000

Courtesy of stwn - Flickr Creative Commons License

Early on March 10th, webenso.com was infected by malware. It started out as parts of the site not working however by the end of the day, it had been blacklisted by Google with any access to the site getting the dreaded red “reported attack site” image. If your WordPress site is hacked – what do you do?. First things first, are you (or your web designer) up for the challenge? Security is a specialized field that can require a different perspective and skill set. If you are not comfortable with browsing through code and don’t know your way around .htaccess, other configuration files and phpadmin, consider using a service that will clean up your site for you. Whether you get help or not, it helps to be familiar with the issues and remediation steps. Here’s my take on what you need do.

Initial Steps and Diagnosis

Change your passwords Change every password. EVERY password.
1. Change the passwords for every WordPress user. You can do this in the “Users” menu via WordPress. You can also update the database table directly (wp_users) with random characters for the password to disable the account.
2. Change both your hosting account password AND your phpadmin password.
3. Regenerate the WordPress secret keys and update the wp-config.php file with them. Doing this will invalidate any outstanding login session with your WordPress admin. I was seeing malicious files show up after deleting them. Once I regenerated and uploaded my secret keys, that stopped.
Backup your account. Ideally you would like a backup that preserves the timestamps on the files. But at least download a copy through ftp. Why are you making a copy of a corrupted installation? For later analysis. And if you don’t have ssh access to your account, being able to “grep” (a search utility) through the local copy of your files is crucial.
Look for modified files. Look through all the files in your account for recent or different timestamps. Generally most of your wordpress files will have the same timestamp reflecting when wordpress (or a plugin) was installed, so a different timestamp should jump out at you. These are likely the infected files. In my case, all my index.php files were infected (there are several in different directories), as well as registration.php in the wp-includes directory.
Identify the malicious code Looking through the code I found a suspicious line of code enclosed with script tags that invoked a .js (javascript) file located at a strange looking IP address (it was in octal). I then googled the IP address and found out more information about the malware. What the malware was doing was hijacking visitors to my site to send to theirs. I also found another different infection in my .html files in add on domains that were hosting non WordPress sites. This infection was also enclosed in script tags and using a function called createCSS(). The code stood out to me because it included a long string of numbers. Other code to look for is base64_decode. Once you have identified the type of infection, you will need to search through all your files for the malicious code.

Cleaning up your site

Identifying and cleaning the infected files is one thing, but do you know how your site was compromised in the first place? The usual suspects are weak, easily guessed passwords and compromised plugins. It’s possible the backdoor was installed on your website a while ago which means that just removing the infection you see or restoring to a recent backup isn’t enough. In my case I didn’t identify the source of the inflection until later, so I took the cautious approach. Here is what I did:

Completely removed the wordpress installation (since just reinstalling wordpress doesn’t remove any new files created by the hacker) and installed the latest WordPress version into another directory. This caused me some grief down the road with my images as their location changed and I had to re-upload them.
Created my users by hand, giving them strong passwords.
Instead of just pointing my new wordpress installation to my original database, I exported my database, table by table and imported selected tables. This was probably overkill, but there is a type of attack called “database injection” so I was being careful. I did run into an import problem where a column “post_category” was missing in my new wp_posts table. This is because this column is deprecated in more recent versions of WordPress. What I did was delete the table in the new WordPress database and let my script create the older version of the table.
Reinstalled my theme and plugins – which I am still in the process of doing.

Getting off Google’s black list

If Google has identified you as an attack site, visitors will see a scary red image warning them away (see picture above). You want that to go away as soon as possible so you will need to ask Google for reconsideration. I did this as soon as I had reinstalled WordPress (step 1 above). If your website is already set up in Google Webmasters Tools just log in and request a malware review. My website had already been flagged by Google so it was pretty obvious how to request a review. The review took about a business day at which point the red attack page stopped appearing. I even got an email from Google warning me about the malware although by then I had already taken action.

How I was infected

webenso.com was infected by a trojan that infected my PC laptop when I clicked on a zip file in a email message purporting to be from DHL. Coincidentally I had been waiting on some real estate documents that were to be emailed to me otherwise I would have never open that zip. My virus scanner caught and quarantined it but it didn’t not catch two files that lodged themselves into my browser’s temporary files folder. When I logged into WordPress to write a post, they uploaded and created a way for the hacker to get into my site. When I ran a full scan, Avast found the two files. Moral of the story, always run a full scan immediately after your virus scanner detects a problem.

Additional Useful Links

Get The Word Out – WordPress Ping Services

Kathy Alice — Sun, 06 Mar 2011 20:14:42 +0000

Here’s a simple thing you can do to optimize your blog, set it up to notify services every time you update your blog. These services do different things with the information WordPress sends about your new post but it’s an important distribution channel to get the word out about your blog.

Wordpress out of the box comes set up to notify one service rpc.pingomatic.com, but why stop there? There are many more. The problem is what is a comprehensive list? It’s always changing. I had been using one that I had for many years but it was hopelessly out of date.

I found a comment from a Dr S K Verma that had quite an extensive list. Here is the original blog post with a wordpress ping list, scroll down to see Dr. S K Verma’s comment. However the comment dates back to April 2010 and I was sure things had changed.

So here is what I did, I took Dr Verma’s list and created a text file with the URLs called ping.list. I then ran this command: wget -i ping.list >& ping.list.out

Next I reviewed the output, and removed URLs that got any errors, such as timeouts, 404s or server 500 errors. I did keep those that returned 302 or 301s as those are URLS that are being redirected but still valid. Surprisingly the URL technorati URL returned an error, I have made a mental note to investigate further.

Here is my final list:

http://api.my.yahoo.co.jp/RPC2

http://api.my.yahoo.com/ping


http://api.my.yahoo.com/RPC2


http://api.my.yahoo.com/rss/ping


http://audiorpc.weblogs.com/RPC2


http://bitacoras.net/ping


http://blo.gs/ping.php


http://blog.goo.ne.jp


http://blog.goo.ne.jp/XMLRPC


http://blogbot.dk/io/xml-rpc.php


http://blogdb.jp/xmlrpc


http://blogoon.net/ping/


http://blogroots.com/tb_populi.blog?id=1


http://blogsearch.google.ae/ping/RPC2


http://blogsearch.google.at/ping/RPC2


http://blogsearch.google.be/ping/RPC2


http://blogsearch.google.bg/ping/RPC2


http://blogsearch.google.ca/ping/RPC2


http://blogsearch.google.ch/ping/RPC2


http://blogsearch.google.cl/ping/RPC2


http://blogsearch.google.co.cr/ping/RPC2


http://blogsearch.google.co.hu/ping/RPC2


http://blogsearch.google.co.id/ping/RPC2


http://blogsearch.google.co.il/ping/RPC2


http://blogsearch.google.co.jp/ping/RPC2


http://blogsearch.google.co.ma/ping/RPC2


http://blogsearch.google.co.nz/ping/RPC2


http://blogsearch.google.co.th/ping/RPC2


http://blogsearch.google.co.uk/ping/RPC2


http://blogsearch.google.co.ve/ping/RPC2


http://blogsearch.google.co.za/ping/RPC2


http://blogsearch.google.com.ar/ping/RPC2


http://blogsearch.google.com.au/ping/RPC2


http://blogsearch.google.com.br/ping/RPC2


http://blogsearch.google.com.co/ping/RPC2


http://blogsearch.google.com.do/ping/RPC2


http://blogsearch.google.com.mx/ping/RPC2


http://blogsearch.google.com.my/ping/RPC2


http://blogsearch.google.com.pe/ping/RPC2


http://blogsearch.google.com.sa/ping/RPC2


http://blogsearch.google.com.sg/ping/RPC2


http://blogsearch.google.com.tr/ping/RPC2


http://blogsearch.google.com.ua/ping/RPC2


http://blogsearch.google.com.uy/ping/RPC2


http://blogsearch.google.com.vn/ping/RPC2


http://blogsearch.google.com/ping/RPC2


http://blogsearch.google.com/ping/RPC2


http://blogsearch.google.com/ping/RPC2


http://blogsearch.google.de/ping/RPC2


http://blogsearch.google.es/ping/RPC2


http://blogsearch.google.fi/ping/RPC2


http://blogsearch.google.fr/ping/RPC2


http://blogsearch.google.gr/ping/RPC2


http://blogsearch.google.hr/ping/RPC2


http://blogsearch.google.ie/ping/RPC2


http://blogsearch.google.in/ping/RPC2


http://blogsearch.google.it/ping/RPC2


http://blogsearch.google.jp/ping/RPC2


http://blogsearch.google.lt/ping/RPC2


http://blogsearch.google.nl/ping/RPC2


http://blogsearch.google.pl/ping/RPC2


http://blogsearch.google.pt/ping/RPC2


http://blogsearch.google.ro/ping/RPC2


http://blogsearch.google.ru/ping/RPC2


http://blogsearch.google.se/ping/RPC2


http://blogsearch.google.sk/ping/RPC2


http://blogsearch.google.tw/ping/RPC2


http://blogsearch.google.us/ping/RPC2


http://blogshares.com/rpc.php


http://feedsky.com/api/RPC2


http://kping.com


http://hamo-search.com/ping.php


http://imblogs.net/ping/


http://lasermemory.com/lsrpc/


http://newsblog.jungleboots.org/ping.php


http://ping.amagle.com


http://ping.amagle.com/


http://ping.bitacoras.com


http://ping.bitacoras.com


http://ping.blo.gs


http://ping.blogoon.net/


http://ping.fakapster.com/rpc


http://ping.fc2.com/


http://ping.feedburner.com


http://ping.feeds.yahoo.com/RPC2/


http://ping.kutsulog.net/


http://ping.namaan.net/rpc


http://ping.syndic8.com/xmlrpc.php


http://ping.weblogs.se


http://ping.wordblog.de/


http://pinger.blogflux.com/rpc


http://pingoat.com/


http://rcs.datashed.net


http://rcs.datashed.net/RPC2


http://rpc.blogbuzzmachine.com/RPC2


http://rpc.bloggerei.de/ping/


http://rpc.blogrolling.com/pinger


http://rpc.icerocket.com:10080


http://rpc.pingomatic.com


http://rpc.twingly.com


http://rpc.weblogs.com/RPC2


http://rpc.wpkeys.com


http://services.newsgator.com/ngws/xmlrpcping.aspx


http://snipsnap.org/RPC2


http://syndic8.com/xmlrpc.php


http://thingamablog.sourceforge.net/ping.php


http://topicexchange.com


http://topicexchange.com/RPC2


http://wasalive.com/ping/


http://weblogues.com/ping/


http://weblogues.com/RPC/


http://dashboard.bloglines.com/en


http://www.blogoon.net/ping


http://www.blogroots.com


http://www.blogroots.com/tb_populi.blog?id=1


http://www.blogroots.com/tbpopuli.blog?id=1


http://www.blogsdominicanos.com/ping/


http://www.blogstreet.com/xrbin/xmlrpc.cgi


http://www.catapings.com/ping.php


http://www.feedsky.com/api/RPC2


http://www.imblogs.net/ping/


http://www.lasermemory.com


http://www.lasermemory.com/lsrpc


http://www.octora.com/add_rss.php


http://www.wasalive.com/ping/


http://www.xianguo.com/xmlrpc/ping.php


http://www.zhuaxia.com/rpc/server.php


http://xmlrpc.blogg.de


http://xping.pubsub.com/ping


http://zhuaxia.com/rpc/server.php


http://zing.zingfast.com

A caveat, this was a bit quick and dirty, I didn’t examine the data that came back, so if the service returned HTTP code 200 but also a page saying the service was discontinued, my methodology would not have identified that as a URL to remove.

A word about wget. wget retrieves a web page from a given URL and stores it in a local file without having to use a browser. I have cygwin installed on my PC which gives me a BASH shell with Unix like capabilities, such as vi, grep and yes, wget. And ssh and scp! Very useful. Unfortunately the MacOS (which otherwise has a lot of cool Unix features) doesn’t have wget, but if you google “wget MAC” you will find sites where you can download it for your Apple computer.

A New Look!

Kathy Alice — Fri, 04 Mar 2011 16:52:19 +0000

The cobbler’s children never have new shoes. When you build WordPress sites for other people, there never seems to be enough time to work on one’s own blog. For months and months I’ve been telling myself I needed to update my blog’s look. It’s dated and the code is ugly. Finally I took the plunge and switched to a new theme. This theme is called Vigilance. I bought their (Theme Foundry) pro theme for $68. I usually don’t buy premium themes. Many premium themes just have extra settings that help you customize your blog without having to get into the CSS, HTML and PHP code. In my case I usually find myself digging into the code anyway so why pay for it? However, here was my reasoning for buying vigilance Pro:

Vigilance had an out of the box RSS feed, email feedburner setup. This had been high on my list of todos.
I liked the clean look of the theme.
Claims it is SEO friendly.
Comes with a child theme for customizations, I’m a fan of isolating customizations, as my post on thematic attests to.
Theme Foundry seems to have a good buzz and fans.
HTML 5 support.
I could get it up and running quickly and customize later.

Vigilance has a free version available that is available through the WordPress Theme Search option. The free version has a fair amount of power out of the box, but no HTML5. I’m sure over time, I will not be able to resist temptation and will put my own stamp on this theme.

Why Consider a WordPress Local Install

Kathy Alice — Mon, 07 Feb 2011 13:18:22 +0000

While you can easily save your posts as drafts and preview them before publishing, there is no “preview” function when you make changes to your theme and widgets or install new plugins. Having a sandbox to test out changes sounds awfully good if you have been through the experience of inadvertently breaking your wordpress website. Plus, I prefer using a “real” editor on larger files than editing files through the wordpress appearance editor, but this gets tedious quickly as you have to be continually ftping files to your server to see the results. The big shops have staging servers to test out changes, why can you?

You can. All you need is a webserver and mySQL database running locally with a local wordpress installation. And these days that is easier than you think. For MACs there is MAMP and those of you using Windows, there is WAMP Server or XAMPP. These are all variants on the most common configuration on the Internet for web servers: LAMP (Linux, Apache, MySql, PHP) and are available as downloads.

I had no problems with the MAMP download and install. It helps if you are familiar with PHPmyAdmin to get access to the database. And the wordpress install itself is 2 steps, download and the famous 1 click install. For a guide, wpmods step by step tutorial on installing wordpress locally is an excellent resource. However in my case the database and wp-config.php file was set up automatically by the wordpress install so the create database step appears unnecessary (at least on the Mac).

A local wordpress installation is really useful for the initial build of a wordpress website and plugin installation. It’s so much easier to have multiple windows open as I am changing the files of the theme. I usually don’t create the data (posts, pages and categories) on my local machine, when I am ready for that I move to the target server and continue on. However if this is a need for you, you will need to export the data out of your local database and the import it into the target server. The WordPress Codex on Backups may be useful reading if you are going this route.

WordPress upgrade was a Snooze-fest

Kathy Alice — Mon, 31 Jan 2011 12:58:27 +0000

Before I migrate this blog to a new theme, I first needed to upgrade my wordpress version from 2.8 to 3.0.4. Tonight I took the plunge. As a former Web IT manager I’ve been burned by software upgrades. A firewall upgrade once took out a major site I managed for 3 days. In another incident, we had to roll back an upgrade to some software because it crashed our web server every 20 minutes. So yeah I have some scars. However, this upgrade was practically a non event. No wiping out of all my posts (which I have seen before), my ummm customized (hacked) theme was not affected one bit. So all the precautions I took were not needed. However doesn’t mean that you should throw caution to the winds and not backup your files and database. Here are the steps I took:

Backup your database: All the content in your wordpress site, your posts, your categories, the comments .. did I say ALL your content? .. is in a MySQL database. You want to back that up. Usually that means you need to export your data to a local file on your computer. My hosting provider provides phpMyAdmin which makes that easy. The file that is created is a mixture of SQL commands and data that will recreate your database if needed. Just to be sure I searched in the SQL file the export created for a few keywords I know that were in my posts. When I found them I moved on to the next step. Need help with this? Check out the WordPress Codex on Backups.
Backup your files: The configuration of wordpress is governed by a few key files (wp-config.php being the most important). The look and feel is controlled by the theme you are using. Since I had modified my theme, here is the files I backed up from my server to my computer using Filezilla. Overkill? Maybe, but considering I once had a wordpress upgrade wipe out my original configuration, I wanted to be safe.

All of the root level files such as wp-config.php
Theme files (under wp-content/themes
The uploads directory – this is where all your media files such as images live

Deactivate all plugins: Your plugins may not all work with the latest version of wordpress. Deactivate them first before upgrading.
The moment of truth: I used simple scripts (provided by my hosting provider bluehost) to upgrade wordpress, instead of upgrading from within the dashboard. I liked the fact that simple scripts made a backup before doing it’s upgrade.
Reactivate plugins: Since everything looked good I reactivated my plugins. With several I clicked on the “automatic upgrade” option to update them to the latest version. The All-in-One SEO plugin prompted me to re-enable it but otherwise had all my original settings.

And that was it! I haven’t checked everything … but it seems to have gone very smoothly.

Preventing Image Theft & Copyright Violation

Kathy Alice — Fri, 21 Jan 2011 15:01:08 +0000

Copyright law exists to protect the creators of a original work, whether than be an article, a photo or a drawing. As soon as you create it you have copyright to it, which stays in place 70 years after the author’s death; at that point it belongs to the public domain. Unless you grant license for someone else to use your image, it is considered a copyright violation if they use without your permission. Image theft is an important issue on the web, especially to people who make their living creating visual art. Just this week there was a furor over the site http://lxixixl.com/ which was copying and hosting entire collections of images from people’s websites. Complaints shut it down but there are others that are doing the same thing. Theft of content and image happens every day on the web, so what can you do?

Inform: Show that it is your original work by placing a copyright notice on your website. For example “Copyright 2011 Pablo Picasso”
Make it less desirable: Many artists will only put low resolution copies of their images online. So if they are stolen they are not of full quality.
Make it difficult: Implement functionality that makes it harder to steal the images. For example, disable the right click functionality with javascript. Note this will annoy some visitors who expect the right click to work for legitimate uses. Another approach is to place a transparent image over the real image, so when it is saved the thief gets a blank image. WordPress users might want to check out the iProtect plugin. Keep in mind that that neither one of these are complete solutions. Disabling right click doesn’t help when the thief finds the image in Google Image Search and gets the image there. Which brings me to ….
Hide them from Google and Bing: Keep all your images in one directory and tell Google and Bing not to index that directory by placing a directive in the robots.txt file. Note that this action is useless if Google has already indexed your images.
Watermark them: Perhaps the most effective solution, this alters the image so that it is “marked” in an identifying way. It’s the same idea as branding cattle back in the cattle rustling days. There are also WordPress plugins that watermark the image “on the fly”.

Ultimately it is up to you how much effort you want to put into preventing image theft and violation of your copyright, but don’t just ignore the issue, decide on an approach and take action.

Cool WordPress Themes: Socrates Theme Review

Kathy Alice — Sat, 18 Dec 2010 21:22:49 +0000

I’m always trying out cool WordPress Themes and recently I built a website using the Socrates WordPress theme. Judging by the number of sites that I have recently found using Socrates, it is proving to be very popular. I found it easy to use with a number of cool features.

Socrates Theme Styling Menu

Header The number one thing that most people want to customize on their blog, Socrates comes with a number of built in header images (over 100 images, organized by topic) that you can choose. If you want your own custom header, it’s straightforward, just make sure that the header is 960 by 150 pixels wide and upload. Similarly you can choose a pre-provided background image or upload your own.
Colors In the Socrates configuration settings you will find a menu item called Styling. (See picture above). This is where you determine not only the colors of the navigation bar links, but also the colors of the post links and more. You have the ability to choose hover and links colors. As you can see I didn’t get too creative with colors, I stuck with the tried and true blue for the link color, with green as the hover color to match with the site colors
Navigation Socrates comes with a pre-built navigation bar. One drawback of the theme, is that sites that are built with it are instantly recognizable due to the navigation bar. But if you don’t mind that, the navigation is easy to set up, just enter the URL of the page you want as a navigation menu. I did a mixture of pages and post categories for my nav bar. Socrates also provides for footer navigation (see example below). Since I was building a site rather than a blog, I wanted the list of posts to be named “Articles” rather that “Posts” I had to go into the php code to make that change. Similar if you want to get rid of the search bar .. however the online documentation for Socrates tells you how to do that.
Layout/Templates You have the choice of customizing the default layout with 5 choices. If you want to customize your layout for an individual pages (ie. no sidebar) you can do that with Socrates using templates (eg. Squeeze page, Skinny Sales page etc.) (under the page attributes menu). Once you choose the template there are checkboxes to customize further, for example, to turn off the blog header or even to mark the page no index, no follow.

One of Three Socrates Navigation Bars

Socrates has a lot of built in support for Adsense and other advertising, which I did not take advantage of. This makes it ideal for affiliate marketing, especially for Clickbank products. However it has enough flexibility so you can use it for other types of sites (the site I used it for sells its own product). There are tutorials and forums to help you with the customization and configuration. I didn’t bother watching the tutorials so I can’t comment on how helpful they are .. but that in itself, tells you the ease I figured out how to use Socrates.

Socrates is available for single domain use for $47.00 and unlimited domain use for $77.00, click here for more details on the Socrates Theme.