ERIC SHEFFERMAN <DOT> COM

Blog-o-Goodness

FREE Website Uptime Monitoring

There is a LOT that can be done with free online services — sometimes things that probably go way beyond what the service creators envisioned.

Read the rest of this entry »

Share

You can’t go out this Friday night, it’s time to update WordPress to Version 3.4.2

Holy mother of toad! Again! WordPress just loves to release those late in the week security updates.

We already know how hackers work — they do a file compare of the old WordPress version to the new one, the write some code to exploit the vulnerability, and then they set the code loose on whatever servers they already control to hack MORE servers and control them too.

Then they go out, party for the weekend, and check in Monday morning to see all the WordPress installs they’ve hacked and can add their porn links to.

You’ve got two choices folks:

1. Get hacked and have all the gurus on WordPress.org blame you for your negligence.

2. Stay in Friday night logging into each of your WordPress installs and clicking the damn UPDATE button and waiting for it to finish. (And if you’re smart, run a backup before you do that.) No party for you

But FINALLY there is a new third choice that actually makes sense!

3. Use ManageWP to administer all your WordPress sites and be able to update them all with ONE click. And then go out and party!

I just used it and now I get to go out and party while feeling a bit safer and secure, knowing that my WordPress sites are all updated to the latest version.


Go there, do it now, the pain of having your site hacked over the weekend is too much. Trust me: been there, done that.

Share

Why I hate WordPress – Part 9,347

Seriously,

http://wordpress.org/news/2011/06/passwords-reset/

And to crap on top of it, I actually do have W3 Total Cache installed and did update it just the other day.

However, it only updated “because it’s there” — I don’t actually use it. I just never happened to delete it after I deactivated it. I guess I was hoping I’d figure out how to enable something useful like cacheing without it destroying the usability of my site.

So now I’ve had a “cleverly disguised backdoor” installed on my web site (which can thus access ALL my domains) for a few days.

Of course, I don’t even know what to look for regarding this exploit.

How could I have protected myself from this? Checking the WordPress.org news minute by minute for their latest security issues? Can I afford to ever sleep? Or maybe I just need to read through every single line of code for every single theme and plugin? Oh — but I probably have to scan the entire WordPress core as well. How long could that take?

Oh – the only solution is to buy VaultPress for ALL my domains… That makes sense. At least then I’ll be making somebody else’s monthly Corvette payment.

That’s the problem I keep running into with WordPress — it’s a bunch of very pretty cards and when you’re done… you’ve built a house of cards.

From my admin page — I gave up on even having this plugin activated in January.

Share

WordPress – Be Ready To Be Hacked Again

Ahh… the dreaded

3.0.4 Important Security Update

…a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.”

Yeah. What that says to me is, “A hacker has already looked at the vulnerabilities in 3.0.3 and written a script to exploit it and deployed it on the websites he/she has already hacked so that it can go out and get access to even more web servers by simply crawling the web looking for WordPress installations that haven’t been updated yet.”

Read the rest of this entry »

Share

Getting WordPress Multisite to Work Part 4

Discover how ManageWP solves all these problems and more!

New way to tackle this… Last night I tried to install WordPress MU instead of WordPress 3 Beta.

After all, I don’t particularly care about the exciting new features — I just want to run multiple domain names off a single WordPress install so I only have to keep one WordPress install updated and secure instead of 10 or 20 or 50.

For all the stuff I’ve seen about installing MU, I thought it was going to be difficult. It wasn’t, but…

Read the rest of this entry »

Share

Getting WordPress Multisite to Work Part 3

Discover how ManageWP solves all these problems and more!

Today I’m going to make a fresh start and try to document it. Maybe it will even work.

My domain for installing WordPress 3 Beta will be http://earthmustdie.com/

So I created a database, uploaded the files and created my WordPress site. That was easy. Now…

Read the rest of this entry »

Share

Getting WordPress Multisite to Work Part 2

Discover how ManageWP solves all these problems and more!

It was a rainy night in NYC

I’m getting closer to getting the WordPresss Multisite feature to work for hosting multiple domains with one install.

I went to the WordPress NYC Meetup group last night since they were discussing the features of WordPress 3.0 including Multisite.

As an aside, I’d like to mention that it was a very impressive lecture put on by Steve Bruner and Boone Gorges — both of them know their stuff and know how to explain it. If you’re in the NY area and developing with WordPress I highly recommend this group.

Ah… but as to my particular install problem… not so much insight. I did learn that what I want to do is rather simple compared to what a lot of people in the room are doing.
My goal is to run all the websites I have now with just me as the single user running on a single install of WordPress. It shouldn’t be any particular extra stress on web server resources to do it that way vs. separate installs, but I’ll be able to roll out WordPress updates and plugin features across all my sites with a single button — and thus make it a lot easier to make sure that I always have all security updates in place. Otherwise setting up an additional website is about 10 minutes of “install work” followed by a lifetime of daily maintenance.

So the plan is to get Multisite working and handling all my different domains. And here’s what I’ve got so far:

Share

Keep Up With
Eric Shefferman

Via RSS
    

Via Email Updates
Name:
Email:

Categories

Archives

The following link is not for people: I do not like it, Sam I Am.