You are here: Home / Archives for Blog

Joomla 1.5 Document Linking in an Article

March 25, 2008 By

I was asked today how to insert a PDF or Word Doc into a Joomla article. Here is the process if you need it as well. This is a two step process. I am assuming you are already logged into the administration panel.
[Read more...]

Share
Filed Under: Blog, Joomla Tagged With: , , , ,

Website Backups

March 21, 2008 By

Website backups go hand in had with security. They are security for a disaster or if you website gets hacked. You should make regular backups of your website. This applies not only to websites, but blogs, Joomla and Mediawiki sites.

Most hosting companies do not do backups for you. They backup the server installation, but leave you on your own for your blog. The better hosting companies will do periodic backups of your websites. If anyone know hosting companies that do or don’t provide backups please add them in the comments. I am talking about the basic hosting services that many bloggers and simple websites use. Siteground does weekly backups, while Hostmonster, Dreamhost, and Cyberwurx do not.

To do a backup, you usually have 2 options with most hosting company control panels. These 2 methods are as follows:

  1. Full backup of your entire site
    • Includes your website, database and home directory files
    • Options:
      1. Save this to your local computer
      2. Backup locally on the hosting server and then download when complete
  2. Separate backups for your database and your website
    • Run this after you add plugins, themes, images, podcasts, videos or other files on your website
    • Backup your database on a more regular basis

My recommendations for backups would be to do a full backup after you have your website completely setup and then again once a quarter. I would then recommend doing a website only backup monthly unless you make many changes to your website on a regular basis. This does not count frequent posting updates. I would then do the website backup at least weekly or whenever a large number of changes are made. Lastly, I would recommend backup up the database at least weekly. If you post multiple times a day you may want to make backups daily or find a service that does it for you.

To make these backups faster, more reliable, and quickly accessible, allow the backups to run locally on the hosting server. When it is complete, download them to you local computer.

Share
Filed Under: Blog, Domain Hosting, Information/Wiki Websites, Joomla, Wordpress Tagged With: , , , , , , , , , ,

2 Simple WordPress Security Tasks

March 20, 2008 By

While on the topic of WordPress, I thought I’d share 2 simple and quick tips to help secure your WordPress blog installation.

Security Task 1
The first tip is one you should have done when you installed WordPress, but is easy to skip over and not do. This task is to remove the install program. If not, you run the risk of someone trying to reinstall your blog or what is more likely using it to get information about your account and server to hack your database. To remove the install program do the following steps:

  1. Log into your hosting account control panel
  2. Open the file manager and traverse to your blog/wp-admin directory
  3. Find the install.php file and delete it. If you wish you can download it to your computer first if you are paranoid about having a copy.

Security Task 2
The second task involves your blogs database security. WordPress, along with many other web programs, place their database settings in the configuration file that resides within the web directory. For WordPress, that file is wp-config.php and it resides in the root blog directory.

In most instances nothing will ever come of this although it is a major security risk. What can happen is that for some reason your blog does not work and displays the actual php code, you just exposed your database settings to a potential hacker. They can use this to delete or edit your content very simply. To fix this, do the following:

  1. Log into your hosting account control panel
  2. Open the file manager and traverse to your blog root directory
  3. Edit your wp-config.php file
  4. Find the lines of code that contain your MySQL settings. They’ll look similar to the following example code. Leave this window open for later use.

    // ** MySQL settings ** //
    define(‘DB_NAME’, ‘putyourdbnamehere’); // The name of the database
    define(‘DB_USER’, ‘usernamehere’); // Your MySQL username
    define(‘DB_PASSWORD’, ‘yourpasswordhere’); // …and password
    define(‘DB_HOST’, ‘localhost’); // 99% chance you won’t need to change this value

  5. Copy these MySQL setting lines so you can put then into a new file outside of your web root directory. For example, your account directory when you log into your file manager is /home/youraccount. The web root would most likely be /home/youraccount/www or /home/youraccount/public_html.
  6. Create a new file in /home/youraccount directory. You can name the file whatever you wish, just make sure it ends in .php as shown in the example. For this example the name to use is blog.database.php
  7. Open blog.database.php and insert the lines copied in step 4 above as follows:

    <?php
    // ** MySQL settings ** //
    define(‘DB_NAME’, ‘putyourdbnamehere’); // The name of the database
    define(‘DB_USER’, ‘usernamehere’); // Your MySQL username
    define(‘DB_PASSWORD’, ‘yourpasswordhere’); // …and password
    define(‘DB_HOST’, ‘localhost’); // 99% chance you won’t need to change this value
    ?>

    Notice the 2 additional lines, 1 at the beginning and 1 at the end. This tells the web server to run this file as PHP code. If you don’t put these lines in the file, you will again have your database information shown in plain text in the browser. An additional tip here, DO NOT leave a blank line after the final ?>. If you do, you will have unexplained issues in your WordPress Control Panel, particularly in the Presentation and Plug-In screens (and yes, I found that out the hard way).

  8. Go back to your wp-config.php window and remove the MySQL setting lines now and replace them with the following:

    require_once( ‘/home/youraccount/blog.database.php’ );

  9. Test your blog to make sure everything still works. If it does not, retrace the steps here to make sure you don’t have any misspellings and everything is correct before trying again. Linux is case sensitive, so also ensure the capitalization is correct. I would suggest going all lowercase anyway for simplicity.

These steps are simple, but effective in protecting your blog. Of course these won’t protect against every attack, but they go along way in protecting you. In addition, in case of a disaster you still have the backup that you can restore. Hopefully , you’ll never need any of these tips. However, it is better to be prepared just in case.

Share
Filed Under: Blog, Wordpress Tagged With: , , , , , , , ,

WordPress Permalinks

March 20, 2008 By

Since I setup the webserver myself, I have total control. Because of this, there are occasional permission issues that I run into. Yesterday this happened with WordPress Permalinks.

To change Permalinks, you do so under Control Panel -> Options -> Permalinks. The best choice is Date and Name based, This is better for SEO (Search Engine Optimization). Unless you are familiar with wordpress paramaters, I would stay away from the custom choice.

Once you choose the option you want click “Update Permalink Structure”. You should see a message at the top saying “Permalink structure updated.” My first issue was that the .htaccess file was not writable. You can read more about these at httpd.apache.org/docs/1.3/howto/htaccess.html. I won’t get into the discussion of whether these files are good or bad at this time. Simply put they are required for wordpress blogs if you do not control your own server.

.htaccess files (or “distributed configuration files”) provide a way to make configuration changes on a per-directory basis. A file, containing one or more configuration directives, is placed in a particular document directory, and the directives apply to that directory, and all subdirectories thereof.

I created the .htaccess file in my root web directory and make it writable by the web server, i.e. on linux it is 664. This time when I clicked update the file was saved and the Rewrite Rules were written into the .htaccess file. Here is a sample of what it wrote:

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

I still had a problem though. The permalinks still did not work. Since I was controlling the apache configuration I tend to keep it more locked down. So I went to my configuration include file for this domain and made the following additions:

Options Indexes FollowSymLinks
AllowOverride FileInfo Options

These were added inside the tags. I then restarted the apache service. Everything now worked.

I am planning on taking you through the entire process of setting up WordPress and even a web server as I have time.

Share
Filed Under: Apache, Blog, Wordpress Tagged With: , , , , , , , , , ,

Valueweb Domains

March 19, 2008 By

Last week, I was working with a gentleman who purchased a domain name that was registered at Valueweb.com. The process was atrocious. First the seller had to fax information to Valueweb since they don’t have a transfer method online. Once the domain ownership was supposedly transfered, the passwords and auth codes were still on the account of the seller. Valueweb never did split the sold domain off into a separate. The seller and myself both made several phone calls to get this straightened out, or so we thought.

Once I had access to the account, assuming it was separated, I changed passwords and contact information. In addition, I had to call them to change nameservers, that too is not available online. These calls took place on Monday.

Today, the buyer starts receiving emails about other domains expiring on the account. Valueweb had only split the account into a sub account of the sellers account and not into its own account. Again, the seller and I spent time on the phone and in emails with Valueweb straightening out this mess.

After a couple hours of phone calls and emails the buyer now has a separate account containing the one domain or at least I think so. This afternoon I started the process of transferring the domain to GoDaddy.

I would never recommend using Valueweb for any domain purchases. With their customer service this horrendous with just a domain transfer, I’d hate to see what their hosting services were like. I don’t ever plan on finding out.

On my last phone call today, I discovered, Valueweb is now owned by Domain People. I have not had any experience with them at this time. If anyone from Domain People reads this, please fix Valueweb if you want to keep any customers.

Share
Filed Under: Blog, Domain Hosting Tagged With: , , ,

Open Source Activism

March 18, 2008 By

I’ve finally decided to start a technology blog. I have had friends encourage me to do this for a while. My intent will be to blog about what I do to setup open source technology in my work to help with political activism. I will blog mostly about the following open source packages and topics:

  • WordPress – blogging software utilized by Blogivists
  • Joomla – CMS system that contains blogs, forums, polls and other features
  • Mediawiki – Software used by Wikipedia
  • Web server setup/management
  • Internet Identity
Share
Filed Under: Blog, Information/Wiki Websites, Internet Identity, Joomla, Wordpress Tagged With: , , , , , , , ,
Newer Posts »