The Robservatory

Robservations on everything…

 

Blogging

Content related to blogging, including Wordpress.

Add Drafts to WordPress admin sidebar

One of the things that annoys me about WordPress’ admin side is that to get to draft versions of posts, you have to first select Posts > All Posts, wait for that page to load, then select Drafts. The majority of the time, when I’m headed to my posts, I’m headed to the drafts section to work on an upcoming post.

This little modification adds a Drafts entry to the Posts sidebar item, as seen in this before-and-after view:

The change is relatively trivial, requiring only a simple edit to your theme’s functions.php file. David Walsh explains it all in this thorough post. I’ve recreated the bit of code in the remainder of this post, just in case the linked site ever goes away. (It’s all under the MIT License, so there are no restrictions on copying.)

But really, just go read David’s post, he explains it very well. I’ve added this to the admin page on the three sites I run, because it’s just so convenient.

(more…)

WordPress plug-ins, take four

This is the fourth (one, two, three) in an occasional series of articles that explain which plug-ins I use here, in case others who run WordPress blogs might be interested…and it also helps me document why I use certain plug-ins, so it’s a double-purpose post.

Since the last installment two years ago, I’ve retired Dashboard Commander and ELI’s Related Posts Footer Links and Widget, and added seven new plug-ins. Here’s what each of those does:

(more…)

WordPress and the Media Manager

WordPress has an impressive built-in Media Manager to help manage photos and screenshots used in posts. It includes a slick multi-file upload tool, drag-and-drop support, basic photo editing, automatic image resizing, simplistic galleries, and it provdes full control over how images are positioned in posts.

Despite all that, I rarely use it, and actively avoid using it as much as possible. I know, I just said it’s wonderful. So why don’t I use it? And why might you want to consider abandoning it as well? (Note that this will be much easier to do if your site is just starting out, as opposed to being well established with hundreds of images in the Media Manager.)

While the Media Manager has a number of minor interface issues (in particular, browsing large collections of images is a real pain) that make using it harder than it should be, there are two main issues that drove me away from it: poor organizaiton and a lack of portability.

(more…)

Use one image to link to WordPress galleries

Note: If you’re not running a WordPress blog and using its built-in gallery feature, the following will be of no interest to you; it’s posted here mainly to make it easier for me to find in the future, when I forget it once again.

WordPress includes a simple-but-usable gallery feature. Unfortunately, posts with embedded galleries display a thumbnail for every image in each gallery—and there are no options to limit the display of thumbnails. While fine for shorter galleries, such as this one, if you’ve got a lot of images, this can make for an ugly page.

What I wanted was the ability to include an image gallery in a post, but not show a thumbnail for every picture in the gallery. Ideally, I’d just be able to use the first image from the gallery, or perhaps even a text link. After a lot of fruitless searching, I finally found the very simple answer in a post by malissas in this thread.

(more…)

Behind the scenes: WordPress plug-ins, take three

This marks the third (one, two) in a continuing series of occasional posts about the plug-ins I use to run the site. Since the last update, things have changed a bit.

  • For various reasons, I’ve had to disable GrowMap Anti-Spambot and Stop Spammers. Anti-spam services are now provided by Akismet, JetPack’s comments plug-in, and Sabre.
  • Sliding Read More also bit the dust, because it wasn’t compatible with WordPress’ built-in Gallery feature.

So much for out with the old…read on to see what’s been added…

(more…)

Behind the scenes: plug-ins revisited

The last time I redid these pages’ appearance, back in 2007, I wrote about the WordPress Plugins and Widgets that I was using to run the site.

After seven years, quite a lot has changed. I’ve gotten rid of all but one of the items on the original list, and found some very useful new additions that help both me and visitors

From that original list, the one leftover Plugin is Ajax Comment Preview, which implements a true click-to-view comment preview function. The others went away either because I wasn’t using them any more (weather in the sidebar, how quaint), or because WordPress’ built-in features made them redundant.

Keep reading to see what’s keeping the site ticking now…

(more…)

The wild world of WordPress plug-ins

A couple weeks ago, our family visited the Evergreen Air and Space Museum. Being an aviation geek, I took a ton of pictures, and wanted to post about 150 of them here on my WordPress-powered blog.

Years ago, I used to make such albums using an app on my Mac, which I’d then upload to my server, reference in a blog entry, and that was that. It’s been a while since I’ve done this, and I know that WordPress’ gallery had improved, and that there were tons of extensions that would also create and manage galleries.

So I set off looking for a plug-in to handle my gallery needs. I thought I had a pretty simple list of requirements:

  • Ability to batch add images at once via WordPress’ built-in Media tools.
  • A grid view to easily sort and caption large numbers of images.
  • Control over title, caption, and metadata—both customizing those fields, and whether or not they appeared.
  • Support for more than one gallery per post or per page.
  • The creation of a thumbnail index page must be optional.
  • An understandable user interface that didn’t have a steep learning curve.
  • No reliance on Flash, but with some flashy features via jQuery or similar.
  • Ideally, the plug-in would create slideshows that scaled nicely based on screen size/resolution.

So I went to the plug-ins section of the WordPress interface, and ran a search for slideshow.

overload

Yikes, 432 plug-ins?! Problem number one: an overabundance of choice. As I started digging, though, I found numerous duplicates as well as entries for plug-ins that hadn’t been updated in years. Problem number two: cruft in the search results reduces their usefulness. I scanned the results, focusing on those with high numbers of positive user ratings.

(more…)

One way to password protect a WordPress site

I was helping a friend set up a site for their family, and they wanted it to be password protected. I protect our family site using Apache’s basic access protection (httpauth), and it works well enough, so that’s how I set up his site as well.

However, we then had nothing but trouble with the Flash-based image uploader in WordPress, which is a tool I don’t personally use. After some digging, I discovered that the Flash-based image uploader simply won’t work with httpauth.

Because the objective was to keep out unwanted visitors, I found a workaround — it’s not perfect security, but it seems to do the job well, and allows the Flash-based image uploader to work. I disabled the httpauth access restriction, then installed two plug-ins:

  • Restricted Site Access: This plug-in prevents anyone from seeing the site without first logging in. We then created one generic username/password for my friend to give out to all his relatives (which is what we would have done using httpauth, too).
  • Peter’s Login Redirect: This sends users to the home page of the site after login, instead of to their control panel. I’m not sure why, but after logging in, our generic user was going to their control panel. This plug-in solved that problem.

The end result is a site that’s protected from casual visitors, as well as robots (though we’ve also got a robots.txt file set up, just in case). It’d be nicer if WordPress would just fix the httpauth issues, but it seems they’re not interested in doing that.

Now speaking WordPress 2.5

After a mostly-painless upgrade, we’re now running WordPress 2.5. About the only hiccup is that the Addicted to Live Search plug-in (which I am addicted to) doesn’t seem to work right with anything other than the default permalink style. (Permalinks are the URLs for individual stories.)

The default permalink style is ugly and doesn’t necessarily work well with search engines, but I love the search feature so much I’m using them for now…hopefully the plug-in will be patched in the near future.

New WordPress attack floating around…

I use a shell script to back up my web sites each day — it exports and downloads a SQL file of the database contents, as well as rsync’s the actual HTML files. When I was checking the log file for last night’s downloads, I noticed something very strange in the output:

  receiving file list ... done
  ./
  html/wp-content/
  html/wp-content/1/
  html/wp-content/1/3c-texas-holdem-poker.html
  html/wp-content/1/american-poker.html
  html/wp-content/1/bonus-code-party-poker.html
  html/wp-content/1/casino-poker-gratis.html
  html/wp-content/1/come-giocare-a-poker.html
  html/wp-content/1/come-giocare-poker.html
  ....
  ....

In total, there were 71 files in the newly-created 1 folder: 70 .html files, and one g.js file. There was also a new oddly-named backup folder, and the index.php file in wp-content (which is just a blank placeholder) had been replaced with basically the same file but with an added line break on the first line.

I googled on some of the .html filenames, and found a number of WordPress sites with the same issue (the “1” folder), but nobody who was talking about the cause of the problem. So I posted about it to the WordPress forums, where someone pointed me to this page, which contains at least a little more background on the issue. I’m also posting some of the html filenames here, in case others are searching for more information on the attack.

As of now, I don’t know how they got in (though I suspect via one of the plug-ins), but I don’t think it’s through any sort of direct site access: none of the site’s other files and folders were changed, nor were any posts or comments created. It also doesn’t seem to be an automated attack, as the 1 folder hasn’t returned after I manually removed it yesterday. But if you run WordPress, keep an eye on your wp-content folder for anything other than what should be there: index.php, plugins, and themes by default. If/when I find out more about this, I’ll post a follow-up.

The Robservatory © 2017 Built from the Frontier theme