The WP Greet Box WordPress Plugin gives bloggers the ability to show custom messages to readers based upon the referrer that sent them to the blog, as well as showing a default message to users that come from a referrer that is not defined. The plugin combines many of the popular plugins so you only need to run the WP Greet Box WordPress Plugin instead of a plugin for Digg users, StumbleUpon users, Delicious users, etc etc. The plugin also works well with sites that use cache plugins by using JavaScript to output the messages. This prevents the welcome to a Stumbler of Digg user being output into the cache version of the page and being shown to the wrong person, a common problem with some of the other plugins to welcome visitors.

The WP Greet Box WordPress Plugin has also made it easy to add additional messages for other referrers by simply adding a new URL and message. This can great if your blog starts to get referral traffic from a specific URL such as another blog or forum, allowing you to offer those readers a custom message.

You can download WP Greet Box from the WordPress plugin repository. It might be the plugin you were needing to be able to disable several other plugins and have a solution to welcome visitors that is compatible with cache plugins.

• Use WordPress to Welcome Visitors
• Blogging with Google Maps
• Making Backup Sexy!
• Digg - A Bloggers One Night Stand
• 5 WordPress Security Essentials

I personally was using the method I described in my previous post on my webmaster blog, and it worked great. The biggest problem was the need to redo it after every upgade. Granted the time spent redoing it is nothing compared to dealing with the hundreds of robots leaving comment spam. After the last upgrade I did not have time to complete my spam fix due to other time pressures and commitments. It did not take long for the comment bots to start taking advantage of the opening. In a few short days I had hundreds of automated comment spam piling and stinking up my blog like the giant a pile of horse shit that it is. Thank goodness for Akismet that kept it off my blog so I did not have to sort through the comments and delete them.

That is when I found WP-SpamFree. WP-SpamFree uses a combination of Javascript and Cookies to prevent automated comment spam from being left. While it works on a different principle than the method I described in my method, it relies on the fact that many automated comment bots cannot handle Javascript and cookies. It is an effective combination. I have been running it on my webmaster blog for just over two weeks and the number of comment spam that I have received has dropped to nearly zero. Looking at the web server log files I can tell that the comment spam I have received has been from actual people visiting the site and leaving it, not from automated comment bots.

Installation is as easy as any other WordPress plugin. Simply download the plugin and unzip it. You will need to upload it to your WordPress blog into the plugins folder. Once it has been uploaded simply activate it in your WordPress administration section by clicking Activate on the plugins page. Once it is activated you will see a WP-SpamFree menu available on the Plugins section. Here you can configure the plugin and set some additional settings to deal with trackback and pingback spam as well as some contact form settings.

If your WordPress blog is swimming in automated comment spam give the WP-SpamFree plugin a try. It might make a world of difference in the amount of comment spam you have to sort through.

• Keep the Comment Bots at Bay
• WordPress Annoyances
• Blog Spring Cleaning
• Use WordPress to Welcome Visitors Revisited
• 5 WordPress Security Essentials

WordPress 2.5 has been released to the world and it offers a redesigned administration user interface that is a joy to work with. There is no doubt that WordPress has become the leader in blogging software. A quick survey of the top blogs on Technorati and you will find the majority of the top 100 blogs are using WordPress. As great as WordPress is there are somethings that still tick me off about it. Perhaps it is becuase I am not only a blogger but I am a webmaster and I get the thrill and joy of updating not just my blogs, but many other blogs for clients that use WordPress. Despite Rhett’s dislike of lists here are my top eight annoyances about WordPress that still bother me.

1. Reliance on Plugins - Plugins are great, they add features to a blog so people can make it their own. It never fails that when a new WordPress version is released that I will have some incompatibility with a plugin. Sure there is the Plugins/Plugin Compatibility list, but how long do you wait for a plugin to become compatible. There is always the option to not use plugins I suppose, but then you might as well host your blog on Blogger.
2. Plugins that should be Features - Since I am on the topic of plugins. Why does WordPress not incorporate features like those offered by plugins such as All in One SEO pack and Robots Meta into WordPress. What about a built in contact form? Those are just a few that I can think of. I am sure others can think of other plugins that they feel are required on WordPress that should just be built in features.
3. Comments and Trackbacks - This annoyance is aimed at the WordPress theme designers out there (and I am guilty of this one as well). The comment section of blogs are a mess. Themes need to start separating comments from trackbacks. I like trackbacks. I like to visit other blogs and see what they are writing about peoples posts, but they need to be taken out of the comments and placed elsewhere so they don’t interfere with the flow of the conversation in the comments.
4. Security - Similar to the plugins that should be features annoyance, there are several things that WordPress could do to make it more secure out of the box. It is great that WordPress 2.5 finally changed how the password was stored in the database, but there are still several other security items that could be built into WordPress to stop hackers from getting in. Features that plugins like Login LockDown should be built into WordPress.
5. Automated Comment Spam - Spammers suck, we all know it. The fact is the majority of spammers spam using automated methods and never actually visit your blog. The majority of comment spam I clean up day, after day, after day on WordPress blogs is automated comment spam posted through the wp-comments-post.php file. There must be some way using Javascript or PHP to help prevent some of this spam from making it through. The WordPress blogs that I have implement my Javascript redirect in most cases reduced automated comment spam entirely. The comment spam that makes it through is from people actually visiting.
6. Technical Level - WordPress is written by geeks for geeks, whether you like it or not. I have no problem editing PHP code, but the average person that just wants to publish a blog should not have to learn PHP to manage their blog. While I think WordPress offers many advantages over Blogger.com for publishing, for non technical bloggers WordPress can be too much.
7. Flash Uploader in WordPress 2.5 - I like WordPress 2.5. The new administration interface is nice to work with but I have to question the decision to make the new media uploader a flash based utility. Not only because flash is a closed source product, but also because it does not always work. I know I am a geek, and I use Ubuntu Linux on my desktop. Not only that but I use the 64bit version of Ubuntu. Adobe flash support for Linux is questionable at best, their support of 64bit Linux even less. The result, I can’t upload images from my main desktop to WordPress 2.5. The only way to fix it, you guessed it, a plugin that turns off the flash uploader.
8. Upgrading - I know there are plugins to help upgrade WordPress, but to be honest I don’t trust them. The new WordPress 2.5 plugin upgrading feature is nice and is one of the best new features in my opinion. Unless of course the plugin is not compatible with WordPress 2.5 then it is a nightmare waiting to happen. Upgrading WordPress has got to be one of the biggest annoyances there is.

This post might seem like a huge rant, and I suppose it is but the reality is WordPress is not the best blogging platform for everyone. I recently had a client ask me why someone would use Blogger.com to host their blog instead of using WordPress. Rhett also recently asked me why I still use Blogger.com to run my Video Rambler blog. My answer to them both is that Blogger.com takes some of the headaches out of running a blog. I don’t have to worry about upgrading, security is taken care of by someone else, plugin compatibility is not an issue and the techincal requirements are lower to manage the blog. I keep my Video Rambler blog as a Blogger.com simply because it is still fun that way. If it was a WordPress blog it might seem like work.

For the record, I really do enjoy using WordPress and I would like to thank everyone that works on WordPress for the great job they do. If things were perfect there would be no room to improve.

What are some of the things that annoy you most about WordPress or your blogging platform?

• Comment Spam Be Gone
• Keep the Comment Bots at Bay
• Use WordPress to Welcome Visitors Revisited
• Blog Spring Cleaning
• 5 WordPress Security Essentials

I discovered the WP-Amazon plugin last week when I was looking for an easy way to insert Amazon links into blog posts. Inserting affiliate links from the Amazon Associates program is one of the most tedious and slow tasks there is. I was certain there had to be a faster way. WP-Amazon supports Amazon stores from six countries including: Canada, France, Great Britain, Germany, Japan and the United States. Adding your Amazon Associates ID is optional, and the plugin will work perfectly fine without the ID, you just won’t get paid anything if people click through those links and buy something.

The plugin makes it easy to insert images and/or product text links to Amazon. Just install the plugin, go to write a post. When you want to insert a link to an Amazon product, click the little Amazon button on the top right hand corner, do a search for the product and simply click and drag the image and link. Adding links to Amazon just got a lot easier. Here is a video of the plugin in action.

When I installed the plugin last week I had some issues with it not being compatible with WordPress 2.3.3, but a quick look through the WP-Amazon Google Group gave me a solution to the problem. I notice that the plugin has actually been updated since I installed it to be compatible with WordPress 2.3+. If you do have any problems getting the plugin to work a quick search through the Google Group and maybe a post will probably solve your problem.

Whether you run a niche blog talking about a specific product or you just like to talk about the latest books/cds/dvds that you bought the WP-Amazon plugin will save you a lot of time adding in those Amazon links. The WP-Amazon plugin will also help you to diversify your blogs income sources so you are not relying on only one or two ad sources. The Amazon Associates program is one of my favourite programs. Amazon is a brand that has a high level of trust by consumers and that can help convert to a sale.

Photo by Robert Scoble

• Blogging with Google Maps
• Use WordPress to Welcome Visitors Revisited
• Making Backup Sexy!
• Use WordPress to Welcome Visitors
• Developing Money Making Niche Sites with WordPress

If you have searched through the dozens of free WordPress themes sites and can’t find the right theme for your blog you can look through the Freebies section on DigitalPoint. You will probably need to do a search on the freebies section for “WordPress theme” to pull out the latest posts that offer themes you might be interested in. Otherwise you will have to wade through all the desperate attempts to get Dugg and pleas for Stumbles. There are often WordPress themes being offered for free there that are new that you might not have seen on some of the other free WordPress themes sites. The majority of the themes will have links placed in the footer that have either been sold to pay for the theme, or they are looking to advertise there own websites. Make sure you examine those links and sites to find out what you would end up linking to if you use the theme. There might be a website linked there you don’t want to link to. Of course the same can be said for many of the free WordPress theme sites that help distribute WordPress themes. Make sure you check what your site would be linking to if you use the theme you really like.

If you don’t like the idea of linking to sites that bought footer links or helped design the theme and you have a little bit of money to spend you might be able to get a great deal on a unique custom theme that you can have full rights to. That way you can place your own links in the footer of your blog instead of some strangers. On DigitalPoint you will want to browse through the Buy, Sell or Trade - >Templates forum, on SitePoint it is the Template for Sale forum under the Marketplace. Here you will be able to find templates created for all kinds of Content Management Systems, Forum software, Link Directories and of course WordPress. You can do a search for WordPress on the specific forums if you like but the WordPress themes will not be so hard to find. You will find all kinds of WordPress themes for sale in these forums, ranging in price from $50.00 to $200.00 and higher. Some will only be Photoshop files and not coded themes, so make sure you read the description of what is being offered carefully. If you purchase a Photoshop file only you will either have to code it yourself or hire a fantastic PHP/HTML/CSS coder like myself (hint hint) to finish the theme off for you.

What you are looking for, aside from a great looking theme, is in the description of the sale or auction are terms that state that the buyer will get full and unique rights to the theme. This means that you will own that theme and the seller will not resell that theme. You can then do what ever you want with the theme. Sell copies of it, sell your own footer links and offer it for free, place your own links in the footer and offer it for free, and of course use it as your very own custom WordPress theme on your own blog.

If you are new to the Webmaster forums be sure to check the rules about taking part in the buy and sell areas of the forums. Some sellers will not sell to new members. There is also the possibility of being taken advantage of by a seller on one of the boards. Find out all you can about the seller. I know at DigitalPoint the iTrader rating system helps to find out about past deals from sellers and buyers and can be very helpful to avoid a bad seller.

I have seen some fantastic themes go for as little as $50.00 that were fully coded and offered full rights. You might be able to get a great deal and give your blog that unique look you want.

• Free Blogger Cards
• Top Blogs Failing at Error Pages
• Developing Money Making Niche Sites with WordPress
• Use WordPress to Welcome Visitors Revisited
• A Beginners Guide to Blogging - Blogging Platform

You can download the entire release to upgrade your WordPress blog or you can download just the fixed version of xmlrpc.php and replace the version on your blog. You can read more about the release on the WordPress blog. They are also recommending any users of the wp-forum plugin to remove it due to a security flaw that is being exploited until it is fixed.

A reminder, before you update your WordPress site to make a backup and of course don’t forget to use some basic security to keep your blog safe.

Happy Blogging!

• Use WordPress to Welcome Visitors Revisited
• 5 WordPress Security Essentials
• WordPress 2.5 in March
• WordPress Annoyances
• 5 WordPress Search Engine Essentials

We all know that any kind of manual backup does not happen as often as it should. If your web host offers cPanel it is easy to backup your website. All you need to do is login into your web hosting control panel, browse to the backup page and click a couple of links and download your backup. When was the last time you did it? If you are like most bloggers it has probably been a little while since you backed up. Sure you could rely on your web host to backup your website, but have you read the terms of service for most web hosts? Most will not guarantee that the backups they make will be any good. What is the WordPress blogger to do?

The WordPress database backup plugin comes to the rescue. This plugin makes it easy to backup your core WordPress database tables as well as extra tables you want to backup. Installation is simple. Once you download the plugin you will need to upload the wp-db-backup.php file to your plugins folder. Once the file has been uploaded login into your WordPress admin panel and goto the plugins tab. Look for the WordPress Database Backup listing and activate it. After it is activated you can configure it under Manage->Backup.

When you goto manage the plugin you can choose to include the extra tables in your WordPress database and do a backup manually. Better than doing a manual backup, is the option to have the plugin do a scheduled backup and have it emailed right to you. You can schedule it for once hourly, daily or weekly depending on how often you update your blog. Most blogs would probably be good with either a daily or weekly backup.

If you want a very easy way to backup your WordPress blog, install the WordPress database backup plugin. It makes your WordPress database backup a snap and could help you recover from a disaster quickly.

photo by: JackVersloot

• WordPress Annoyances
• Use WordPress to Welcome Visitors Revisited
• Developing Money Making Niche Sites with WordPress
• 5 WordPress Security Essentials
• Blogging with Google Maps

To understand how this method works you need to know a little bit about how WordPress processes the comment form. If you look at the source code of a WordPress comment form you will see the form tag. It should llook something like this:
<form action="http://www.yourblog.com/wp-comments-post.php" method="post" id="commentform">
WordPress uses the wp-comments-post.php file to handle the processing of comments. Automated comment spam bots know this so all they do is add your blog to their list of sites to target and their software goes to work spamming your blog by posting directly to the wp-comments-post.php file. You can try to simply rename the default WordPress file for handling comments but that will only work for a little while until the bot does read the actual html form and adds the new url and file name to their database.

Automated comment spam bots so far have one flaw that we can still use to our advantage. They don’t read external Javascript files very well. What we simply do is hijack the normal comment form action using Javascript and send the real person to the correct comment processing script and let the bot go ahead and post to the default WordPress comment file. Here is how you do it.

Warning: This requires the editing of core WordPress files. You are reminded to make a backup of your blog before doing this just in case or at the very least copies of the files you are going to edit.

Step 1
Create a copy of the wp-comments-post.php file from the root of your WordPress blog. Give the copy of the wp-comments-post.php file another name, one that is hard to guess would be best, but it should be something different from wp-comments-post.php. I often use a randomly generated file name created from a password generator, but something as simple as nospamcomments.php should work. This copy of the wp-comments-post.php is going to become your new comment form processing file, so make a note of the file name you will need it later.

Step 2
Now that you have a copy of the wp-comments-post.php file you can go ahead and edit the wp-comments-post.php file. What we want to do is keep the wp-comments-post.php

I edited it down to just this:

<?php
if ( 'POST' != $_SERVER['REQUEST_METHOD'] ) {
header(’Allow: POST’);
header(’HTTP/1.1 405 Method Not Allowed’);
header(’Content-Type: text/plain’);
exit;
}

require( dirname(__FILE__) . '/wp-config.php' );

$location = ( empty($_POST['redirect_to']) ? get_permalink($comment_post_ID) : $_POST['redirect_to'] ) . ‘#comment-’ . $comment_id;
$location = apply_filters(’comment_post_redirect’, $location, $comment);

wp_xhzlub_redirect($location);

?>

Save the file.

Essentially what we want to do is just redirect the submitted form from the bot to the post that the bot says it came from without actually doing anything.

Step 3
We need to create a way to direct real users to the correct comment form processing script. We do this with a little bit of Javascript. In your text editor create a new file and add the following Javascript:

function nospamaction(theForm) {
theForm.action="http://www.yourblog.com/nospamcomments.php";
return true;
}


Save the file as nospamaction.js (it can be named something different if you want, it is up to you).

Step 4
If you have been editing these files on you home computer you will need to upload the new files to your web server. If you have been editing/creating new files on your web server using your web server control panel then you can skip this step.

Step 5
Once you have the files uploaded to your web server you can login into your WordPress admin panel and login. You need to make two small edits to your theme files. Go to the Presentation tab and choose Theme Editor. Select your header file first. The javascript file you created needs to be added to the header. Add the following line between the head tags. If you don’t know where that is just place the line just before the closing head tag (</head>).

<script language="javascript" type="text/javascript" src="http://www.yourblog.com/nospamaction.js"></script>


Update the file header file and then edit the comments file. You need to find the form tag for the comment form. The default one looks like this from the Kubrick theme:
<form action="<?php echo get_option('siteurl'); ?>/wp-comments-post.php" method="post" id="commentform">


To make the form submit to the proper file to process the form we need to add a Javascript event to the form. Add the onsubmit event handler to the form tag and call your Javascript function to redirect the form output to the correct comment handling file.
<form action="<?php echo get_option('siteurl'); ?>/wp-comments-post.php" method="post" id="commentform" onsubmit="return nospamaction(this);">

Update your comments file.

Step 6
Go and test your comments form on your post. Make sure you clear your web browser cache and if you are using wp-cache or Super cache turn them off. Try your new form with Javascript turned on first to make sure it redirects properly to your renamed wp-comments-post.php. If you get a new comment posted then you know if worked. Then try your form with Javascript turned off. You should be redirected right back to your post and no comment will appear in your admin.

Pros
This method can help prevent automated comment spam from overwhelming your blog.
Lets automated comment bots think they successfully posted.

Cons
Requires Javascript be turned on in your readers browser. Most have this turned on.
Edits a core WordPress file. When you upgrade your WordPress install you will need to redo steps one and two again and upload the files.

Conclusion
I have used this simple Javascript hijack to prevent comment spam on several WordPress installations and it has cut down considerably on automated comment spam. The comment spam that does get through will be trackback spam and spam from real people actually visiting your blog and filling in the comment form. I have used this method on other types of comment and contact forms as well and it continues to work on several high profile sites that I have worked on in the past. This is only one solution to comment spam. If you are not comfortable editing WordPress files you might want to have someone that is do it for you, or try some of the other techniques that are available. The sooner you don’t need to worry about dealing with comment spam the sooner you can do what you love, writing great content for your blog!

• Comment Spam Be Gone
• WordPress Annoyances
• Blog Spring Cleaning
• Social Proof - The Masses Can’t Be Wrong
• 5 WordPress Security Essentials

Hello, my name is Lee Robertson and welcome to Epiblogger. The photo is a picture of me and my two year old daughter Erica and four year old son Matthew out having some fun in the snow on Boxing Day. I am 37 and live in a great community called Rosthern in Saskatchewan Canada. I have been involved in some kind of web project since 1994 when I created my first website for a non-profit. I have worked for non-profits, web design companies, large corporations and most recently I have been running my own web development and computer consulting business. I have been blogging for roughly two years with my Video Rambler family friendly YouTube blog and my webmaster blog that I started roughly a year ago.

These two welcome posts have me thinking about how to welcome people to your blog? The thing about a welcome is it makes people feel important that you took extra time to greet them. If you have ever bought anything at eBay or Amazon you have noticed how they greet you by your name or username. One of the great things about WordPress is how extend able it is. By adding in a few simple plugins you can have WordPress create special welcome messages to people depending on how many times they have visited your website or where they are coming from.

• What Would Seth Godin Do? - This plugin adds a special welcome to new visitors to your blog and encourages them to subscribe to your RSS feed. You can customize the message to say anything you want though, and how many times a user is considered new. It uses cookies to determine if a user is new or not.
• Hello Stumbler - I like to treat Stumblers special. Perhaps I am biased because it is my favorite social media that I use. Hello Stumbler will place a nice welcome message at the top of the post to welcome Stumblers to the page.
• Digg This - I am not a big Digg user, but if you are interested in having your blog highlighted on Digg then you should have this plugin. If I recall it can be setup to only show once a post has been Dugg and if people are coming from Digg. It could probably also be modified to show a custom welcome to Diggers.
• Reddit Button - Similar to the Digg This plugin. Offers Reddit users a button to click and can be setup to only display if people are coming from Reddit.
• Berri Personalized Care - I have not actually used this plugin, but it looks like you can customize up to four message templates for different referrers. It is based on the rthanks plugin by Alamsyah Rasyid.
• From RSS? - I have not personally used this plugin and just recently came across it, but it looks promising. You can then welcome your regular RSS subscribers special.
• I wanted to add another plugin that offers readers that come from search engines a related post to the one they landed on, but I can’t find where I stored the link. If anyone knows what the plugin is called leave a comment and link.

If you can’t find a plugin to help you create a special welcome to visitors you are getting from specific websites you can always use some ingenuity to create your own. By using Daiko’s Text Widget and some quick PHP code you can create a special welcome for any visitors you want. The great thing about Daiko’s Text Widget is it accepts PHP code. An example of how you can use this is with Entrecard. I used a Daiko’s Text Widget to add the Entrecard widget to Epiblogger. Before the widget I added a simple referrer check to see if the visitor was coming from Entrecard and if so give them a nice little welcome message. You could do something more complex and automatically link to your latest post, a post you think might interest Entrecard users or what ever you like I suppose. If you are John Cow perhaps you could tell people to piss off, although that would not be very welcoming would it.

<?php
$entrecardurls = Array('www.entrecard.com','entrecard.com');
$urlcamefrom = array_change_key_case(parse_url($_SERVER['HTTP_REFERER']));
if (in_array($entrecardurls['host'],$urlcamefrom)) {
echo ‘Hello Entrecard User! Welcome to Epiblogger’;
}
?>
Place Entrecard Javascript here


There is one small pitfall to generating custom content to welcome people. It can create more load on your server. If you use WP-Cache 2.0 or WP Super Cache to help relieve the stress of a large Stumble or Digg then what can happen is the page with the special content can be cached and will show to all readers instead of just those readers coming from StumbleUpon or Digg.

What are some other ways that you can create a special welcome message for readers on your blog? Do you have any examples of blogs that offer you unique welcome that you like?

Update: Don’t you hate when you just write a post and then the next day you find more information that you really should have in the post. Today in my travels I came across two other plugins that you should look at if you want to welcome visitors.

• Welcome Visitor! Reloaded - Appears similar to the Welcome Plugin but appears to use cookies to distinguish from new or previous visitors.
• The Welcome Plugin - Looks like a very robust plugin to welcome visitors including the ability to welcome them by name and display their MyBlogLog avatar.

I will have to take a closer look at both plugins and try them out.

• Use WordPress to Welcome Visitors Revisited
• Obscurity to Popularity - Entrecard
• Easy Top Post Widget
• Epiblogger Valentines Giveaway!
• Social Proof - The Masses Can’t Be Wrong

Blogging can be a lot of fun and there is nothing more thrilling than having people appreciate your hard work by leaving comments and passing the word around about how great your blog is. Unfortunately along with all of your great fans there are also just as many bad guys out there that would love to deface and hack your beautiful creation. Here are five basic security tips that you can easily implement on your WordPress blog to try and keep the bad guys out.

1. Use a Strong Password - Choosing a good strong password is one of the first and easiest defenses against being hacked. Choosing your partners first name is probably not the most secure password. While there are many differing opinions out there on what makes a secure password here are some things to keep in mind. Passwords that are longer than 8 characters and contain a combination of upper and lowercase letters, numbers, and symbols creates a stronger password. I often don’t use special characters but will make passwords at least 10 characters long. If you want to check your password strength check out the Microsoft Password Checker for a rating of how strong your password is.
2. Protect the WordPress Admin Folder - Stopping the bad guys from getting into the WordPress admin folder in the first place is an excellent place to start to secure your blog. There are many different ways to increase the security of your WordPress admin folder including:
   • Using the WordPress Plugin - htaccess password protection for wp-admin. Nothing like adding an extra layer of protection by using some Basic HTTP Authentication on the wp-admin folder.
   • Using the Login LockDown - WordPress Security Plugin to ban ip addresses from accessing the wp-admin login if they have had 3 failed login attempts within 5 minutes.
   • Deny access to the WordPress admin folder by ip address. You can read more about this method over on Reuben Yau’s post Protecting the Wordpress wp-admin folder.
3. Deny Access to Other Folders - Many web hosts by default allow people to browse a folder if there is no default index.html file. This can be a security concern for folders like your WordPress plugins folder. You can prevent people from snooping in these folders by adding blank index.html files or setting up an htaccess file to prevent browsing of folders without indexes. You can read more on All Tips and Tricks.
4. Remove the WordPress Version - Many hackers are looking for vulnerable WordPress installs. You can slow them down by removing the WordPress version that is included in most themes by default. If you don’t want to dig around in the code of your theme you can install Blog Security’s bs-wp-noversion plugin: Removes WordPress Version to remove the WordPress version for you.
5. Update WordPress - Perhaps one of the easiest security essential to keeping your WordPress blog secure is to keep an eye on your WordPress dashboard for announcements of new releases of WordPress and to update your install as soon as you can. The same also goes for the plugins you run. WordPress 2.3 and up notify you when plugins have been updated. Take the time to update your plugins regularly to keep security concerns down to a minimum.

A very valuable page to read is the Hardening WordPress over at WordPress.org. By doing some very simple things you can make it more difficult for the bad guys to ruin your day by defacing or hacking your blog. A few minutes spent on these items can save you hours if your blog gets hacked. If the bad guys do happen to get in, restoring your blog is much easier if you have a recent backup of your website.

• WordPress 2.3.3 Urgent Security Release
• Making Backup Sexy!
• 5 WordPress Search Engine Essentials
• Use WordPress to Welcome Visitors Revisited
• WordPress Annoyances

If you have not seen some of the new enhancements for the Administration Panel check out the demo that is available.

Also check out this great video showing some of the new features.

WordPress 2.3.2 Released

In other WordPress news if you have not noticed, WordPress 2.3.2 has been released. This is mainly a security release to fix a bug that could expose your draft posts, and to suppress error messages that could expose information about your WordPress database. They also added in a bonus that lets you define a custom DB error page. I will have to take a look at that and add it to the list of things to do here. You can read more about the release on the WordPress 2.3.2 blog post. You can also download WordPress 2.3.2 now and update your site.

Logo by 4_EveR_YounG

• WordPress 2.3.3 Urgent Security Release
• Making Backup Sexy!
• Blog Spring Cleaning
• Use WordPress to Welcome Visitors Revisited
• WordPress Annoyances

1. All in One SEO Pack - This plugin should be built into WordPress. WordPress on its own does not create very nice page titles, creates a lot of duplicate content and does not generate keywords and description meta tags for each post. All in One SEO Pack takes some of the hardest work to tweak a WordPress blog and does it for you in seconds.
2. Robots.txt - Spending a little time looking at your robots.txt file can also improve how your blog does in the search engines. Much like using the All in One SEO Pack you can direct the search engines to now index the duplicate content that exists on one your WordPress blog. At the bare minimum you will probably want to include the following on your robots.txt file.
   User-agent: *
Disallow: /cgi-bin
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins
Disallow: /wp-content/cache
Disallow: /wp-content/themes
   There are more folders you might want to disallow access to and we will look at those more in depth in a future post.
3. Permalink Structure - The only reason you should use the default WordPress permalink structure (http://www.yourblog.com/?p=123) is if you have no other choice! It is unfriendly to your readers, and while search engines will still index it, you will most likely rank higher in the search results with a nicer permalink structure. While the there is endless debate about what the ultimate permalink structure is here are the three choices I would choose:
   1. Date and Name based: This structure is a familiar one to people that have used Blogger since it uses a similar permalink structure. It looks something like this: http://www.yourblog.com/2008/01/02/sample-post/. Depending how often you plan on posting I would remove the day and leave it to /year/month/
   2. Category based: Many people are using a category based permalink structure. It is more friendly to people and many people think it helps search engines because the url has more keywords in it. It looks something like this: http://www.yourblog.com/category/post-title/.
   3. Postname based: This is the easiest and the one choosen for Epiblogger. It is simply http://www.yourblog.com/post-title/. It gets right to the point and will probably deliver more search engine benefits than the other structures.
4. URL Canonization - Before WordPress 2.3 WordPress blogs suffered from a problem with URL Canonization. That is whether or not they had the www in the front of the domain name or not. This created duplicate content for the search engines because www.epiblogger.net and epiblogger.net would seen as different websites, even though they had the same content. If you are running WordPress 2.3 or higher you no longer have to worry about this because WordPress will use the url you place in your options. If you are not using WordPress 2.3 or higher you really should upgrade for security reasons.
5. Statistics - There are three kinds of lies: lies, damned lies, and statistics. (Wikipedia) Statistics might just be a bunch of lies, but there are better lies and worse lies. Install a decent statistics package to help you keep track of what people read, how they find you and to help you improve your blog. Google Analytics is a good package, but there are others. I have used pMetrics Performancing Metrics and it is very good as well.

Next week I will look at 5 WordPress Security Essentials to keep your blog secure.

• Developing Money Making Niche Sites with WordPress
• Blogging with Google Maps
• 5 WordPress Security Essentials
• Keep the Comment Bots at Bay
• Blogs on the Go - 7 Ways to Make a Mobile Blog