Tag Archives: wordpress

Automattic brings free themes to Jetpack, WordPress Premium

Automattic, the company behind WordPress.com, WooCommerce, Jetpack and others has been betting hard on services lately. To add more value to users of their existing services, they’re now bringing a big seelction of themes to them, for free.

Jetpack brings a little more .com to your blog

Automattics’ plugin WordPress tries to bring WordPress.com features to your blog. Options like social sharing, simple forms, sitemaps and others are a few clicks away if you install Jetpack and connect your website to WordPress.com. And now, Jetpack users get another “WordPress.com” perk: access to the WordPress.com themes. Users of Jetpack can now install templates that were previously made available to WordPress.com users, which comes down to 150+ free themes that can be installed within a few clicks. There’s some pretty interesting templates in there. They might not all be “commercially” interesting for business sites but a lot of them definitely have their uses.

WordPress Premium now includes… Premium Themes

WordPress Premium is a service that adds new features to your WordPress.com blog, like a custom domain name, more storage, more design options and VideoPress. As of this month, a new option has been added.

Premium users now have access to all “Premium Themes.” These are WordPress.com themes that you could unlock by purchasing them (for an average price of €80). Now, you can use these themes for free when you’re a WordPress Premium user. Which is is a great deal, considering a Premium plan costs you €99 a year. You do the math.


My WordPress Test Site Got Hacked

I am sure you’ve heard about the “scandal” in which millions of WordPress sites got “defaced” by those pesky hackers. As it turns out, according to reports from leading security companies, it wasn’t particularly hard to pull off either.

WordPress introduces a REST API which allows you (and others) to do all kinds of wizardry remotely. Apparently, that included the option to edit all your posts and pages without providing any kind of credentials. Great job, WordPress!

With millions of people being “hacked”, of course my test website couldn’t miss out. You see, I have WordPress sites in all sorts and shapes that I keep up to date. Personal blog. Work websites. Fun blogs. However, there are also my “test blogs”, which I use to test plugins for WordPress. I also have those kind of sites for Joomla, but that’s another story.

Most of those sites are hosted on Siteground, but one is hosted on a server I shall not name. One where updates don’t happen automatically, and WAF’s are non-existent.

Well, my friends, that website got “hacked”. The reason I keep writing “hacked” is because alledgedly it takes nearly zero knowledge or effort to pull it off. You just need to know about the exploit, do two minutes of work and you can go crazy.

Which they did. The nice Syrian Peshmerga message left a message stating that ISIS sucks and that they’re going to do stuff. I’m guessing it’s related to shooting them. There was also the online pharmacy that wanted to promote some sort of products.

In my case, no damage was done. This is a test site. I don’t update it, because the site is a “throwaway” site. If something is broken, I’ll just start over. There’s the fair expectation that something WILL go wrong. Seeing the REST API hack in action on that site wasn’t scary, it was more of a “Ahah, it’s that easty?” moment.

However, can the same be said about those other sites? How about your sites? Can you afford to have your website defaced? Probably not. It would be bad for business.

That’s why you need to make sure your websites are up to date. And educate yourself on what to do when you DO get hacked. To help you with that, here’s a short and sweet strategy guide.

How not to get hacked

  1. Keep Your WordPress site up to date. Or, have someone else do it for you. Our friends over at Siteground allow you to enable automatic updates. If I’m not wrong – and I often am – they offer to enable this by default. The feature is super easy – once a new version is released Siteground will roll it out for you. Alternatively, some “Installers” like Installatron also roll out automatic updates. Of course, you could do it all manually. Assuming you’ve picked up on the news that an update is released. Unlike Joomla, WordPress doesn’t send reminders that a new version is available.
  2. Make sure you’re using quality web hosting. It’ll prevent you from most server side exploits. And if your hosting company is *really* good they’ll have rules and checks in place to prevent common exploits, like (again) our friends over at Siteground have in place.
  3. Don’t install shady plugins. Or themes. That’s an open invitation to be hacked. And those “cracked” versions of ExpensivePlugin? Yeah, that’s not a good idea either.
  4. If your website is technically sound, make sure that *you* aren’t the weakness. If your password is easy to crack, change it. Websites like HaveIBeenPwned can tell you if you’ve been part of security breaches. That can lead to a big “Oh, shit” moment when you were using the same password everywhere. Also, make sure to enable two-factor authentication.

How to recover from being hacked

  1. Restore your back-ups. What’s that? You didn’t make any, and assume your host is making them for you? While that might be true in some cases, that is NOT a safe bet to make. Setup your own backup tool, like Akeeba Backup or Vaultpress, an configure it. Make backups to more than one location. AND TEST YOUR BACKUPS
  2. Audit your website. Do you know how they got in your website? Then you probably have no idea how big the damage really is. If your website is used professionally, and your income depends on it, consider hiring an expert who knows what he’s doing. Unfortunately, that excludes  most of the $5 freelancers from a certain continent that “claim to be expert in Joomla, WordPress, Drupal, Magento, Grav, Prestashop, OsCommerce, Ghost, Facebook and Microsoft Word.”

    If you are using Joomla, a tool like MyJoomla can help you audit your website. I’m sure similar websites for WordPress exist as well.

  3. Patch your security holes. Don’t just restore your website, and assume you’re not going to get hacked again. You’d be wrong, and stupid to assume that you were just unlucky.

Of course, some people would suggest that my list is missing “Migrate away from WordPress, lol.” I mean, yes. That can be an option if the security holes in WordPress concern you. Just keep in mind that no CMS is perfect, and prone to security problems. Yes, even the one you built yourself. Especially the one you built yourself.

Do you have tips or suggestions to update our list? Questions and being hacked? Use the comments below to be heard. Please keep the “WordPress sucks lol get gud noob” jokes to a minimum.


Adding Multiple Pages to WordPress At Once

When you are trying to take your WordPress site beyond a “Blog and a few pages”, you might run into some problems – especially if you’re coming from a Joomla background like me. One of them is that it’s kind of a pain in the butt to create multiple pages quickly.

In Joomla, I could rapidly create pages by (ab)using the “Save and new” button, but there is no such thing in WordPress. But of course, as is often true with WordPress (and Joomla) there is a plugin for nearly everything.

When you are looking to add multiple pages at once, we found a plugin that might interest you. It’s called “Bulk Page Creator” and does just that: It lets you add multiple pages at once.

You can set the category and status for the pages, and then separate the pages you want to add with a comma. We used the plugin to add fifty pages in a few minutes. When creating the pages, you can choose the “parent page”, and you can choose whether the page should be empty. The alternative is writing some content (which will then be added to all pages.

You can find Bulk Page Creator in the wordPress.org plugin directory.

Setting up a 301 redirect in WordPress

Have you moved domains, or did you add another domain to the army of domains pointing towards your website? You might be wondering how to handle this regarding SEO and 301 redirects. You’ll want the domains to point to one, canonical domain which Google sees as the master domain.

In a less-than-perfect world, this would be the point where I write a detailed tutorial. But the truth is that WordPress comes with a built-in method to setup 301 redirects from all secondary domains to the main domains.

WordPress will automatically create a 301 redirect from any domains pointing towards your WordPress installation, to the domain you’ve got configured in WordPress itself as the “WordPress URL”. You can change this value under Settings > General under “WordPress URL”.

Is there more to it?

Nope, that’s all you’ve got to do. Of course, keep in mind that this advice applies to an existing, functioning site with the domains working properly.

If you’re planning to not only change the domain name but also move the installation between servers, E.G from a testing environment to the live environment, things might get a bit more complicated. Unless you are using Akeeba Backup for WordPress in combination with Kickstart. Upon “recovering” your back-up it will ask for the new site URL and make changes in all those hard to reach places of WordPress, which used to make changing your URL a b****. It works for 99% of the pages, images and other links.

So, here’s a summary of what to do.

  1. Changing domain on existing site: Use Settings > General > WordPress URL
  2. Also changing hosting: Use the excellent Akeeba Backup for WordPress tool

AkeebaBackup’s WordPress plug-in now installed 20,000+ times

Joomla! users were already familiar with household name AkeebaBackup and their flagship product, Akeeba Backup. The extremely popular component for easily creating back-ups of Joomla! websites is installed on most of the Joomla websites in the live – which isn’t a surprise given it’s ease of use, reliabillity and the fact that if you don’t make regular back-ups of your site you should start doing so yesterday.

AkeebaBackup’s developer is never afraid of a challenge, though. And one day, he mentioned on Twitter that someone technically “challenged” him to create a WordPress version of his popular component.

The “impossible” was done, and now WordPress users can use the back-up component which the Joomla! users have been using for many years. With a nearly identical set of features, and both a free and a premium version, it’s now growing it’s market share amonst the WordPress users.

Of course, it’s not as omnipresent as it is in the JoomlaSphere yet, but with WordPress’ plug-in installer (similar to Install from Web in Joomla) reporting 20,000 versions of the core version, it’s safe to say that AkeebaBackup is also building itself a strong reputation in the world of the popular CMS / Blogging platform. Congratulation, AkeebaBackup!