Archive for WordPress Plugins

URGENT: Security Vulnerability in Many WP Themes

By Terrell Sanders
Wednesday, August 3rd, 2011

Many WordPress theme developers (including Main Street) have relied on a nifty little code plugin called TimThumb to resize images for WordPress themes. Yesterday a security vulnerability was discovered that can use this plugin to load malicious code on your site.

Current versions of WordPress do resizing automatically, but until recently developers had to rely on plugins like TimThumb for these functions. Unfortunately this flaw is in an incredibly popular plugin that major developers have used for years. All themes by ElegantThemes include this code.

We recommend all WordPress users verify that they are not running TimThumb on any themes installed on their site, even themes that are not active.

To determine if any of your themes use TimThumb, go to Appearance Menu > Editor. In the list of Templates on the right column you are looking for a file called timthumb.php. If you have that file in your theme, it needs to be updated immediately. Be sure to check each theme installed on your site, you can use the pulldown box in the upper right corner to select each theme. Do not edit anything. You can break your theme.

Update instructions vary based upon your theme, contact your theme developer or Main Street if you find the timthumb.php file in your theme.

This is a serious security threat and should be investigated immediately.

 

Categories : Developers, Ministry, Non-Profit, Small Business, WordPress, WordPress Plugins

iThemes Loopbuddy: the plugin I’ve been waiting for

By Terrell Sanders
Thursday, July 28th, 2011

For years, theme developers have been creating sophisticated themes that let us easily change colors, backgrounds, and even column widths. But we’ve always had to revert to “programming” to change the way archives list or posts display. Even seemingly simple tasks like “listing only posts from category=’News’ in a widget area” required searching for plugins that never quite did exactly what I wanted. Of course, you can custom program anything. That’s how companies like Main Street make their living, but it seems like WordPress should offer some extra flexibility in formatting output from the loop.

Now with Loopbuddy from iThemes we have a great tool for selecting and formatting loop results without programming. This is the plugin I have been waiting for.

Loopbuddy lets you create custom queries and layouts. These results can be displayed in a widget area or on a page via shortcode. They work on iThemes themes or any other theme.

My first task for Loopbuddy was to create a sermon library page for a church website. I have a series of posts tagged with category of “sermons” that each have a title, thumbnail and short body copy with a link to the audio file. I wanted a simple page that would show all the sermons in tight list that didn’t require clicking the title to get to the audio link. The standard theme archive page was too verbose and I didn’t want code a custom category page for such a simple task. Looks like a job for Loopbuddy.

First I created a query that only selects records that have category = “sermons” and sort them newest to oldest. That’s all we needed in the query to get the right records.

Next I created a layout that would form my abbreviated listing page. On the layout I selected the title, post thumbnail, date and content. I can ignore author, categories and comments that make the standard archive list too long for my needs. These selections are all drag and drop, no coding required.

Finally, I created a page for my sermon library and inserted a shortcode on that page that specified which query and layout to run. That’s it. Exactly the results I wanted with no programming. I can use CSS to adjust any spacing or fonts to perfect the page design. Since I used a shortcode it didn’t matter if I was using a Loopbuddy compatible theme or not.

I never recommend clients use the 1.0 version of anything on their business websites, but for $45 for use on unlimited site, Loopbuddy is pretty sweet for a brand new plugin.

Categories : Developers, Small Business, WordPress, WordPress Plugins

Spring Cleaning for Your WordPress Site

By Terrell Sanders
Friday, June 10th, 2011

WordPress is a wildly popular platform for hosting website. When properly configured, it’s extremely secure, easy to use, fast, and incredibly search engine friendly. But the way WordPress achieves these distinctions is by frequent updates and tons of support from third-party plugins. It’s important to review your WordPress site a couple times a year to make sure it is running at it’s best.

DISCLAIMER: This list is provided as an outline of technical tasks required. It does not provide step-by-step instructions. Do not mess with the backend of any website unless you know what you are doing. Most of the following steps can cause catastrophic damage to your site if performed incorrectly.

Here is our checklist for a semi-annual WordPress site update:

1. Backup

Before doing any site maintenance you need a full backup. Not just the files but the databases, too. The most likely time to crash your website is when you are updating plugins and such. Just grabbing the files in public_html with FTP will not get the post data and configuration data in the MySQL database. If you’re not familiar with MySQL exports, take a look at BackupBuddy by iThemes.com. It does a great job of grabbing everything you need and making it easy to restore if you need it.

2. Update WordPress

The reason WordPress ranks as one of the most secure content management systems is because they have a huge group of developers helping identify and fix security holes before they become epidemics. But you have to be on the current version of WordPress to reap these benefits. Most current versions of WordPress have an update now button that will initiate the update.

3. Review Plugins

Having too many plugins running can slow down your site and make troubleshooting a pain. This is a good time to review your plugins for any you don’t need any more. Every major version of WordPress includes new features that were previously provided by plugins. If the plugins aren’t needed any more, remove them.

4. Update Plugins

More than likely some of your remaining plugins will have updates available. You can go to the plugins’ website and learn about the new features or bug fixes. It is generally a good idea to keep your plugins current.

5. Theme Updates

Check with your theme developer to see if there are any updates for your theme. Just like plugins, new theme versions can take advantage of new WordPress features like menus that didn’t exist before.

6. Security Check

Look at your users table, particularly users with Administrator rights. Make sure you know who has accounts. Remove obsolete accounts. New versions of WordPress do not require the master admin account to have the username admin. If you have other administrator level users you can delete the admin account. This makes it a little harder for hackers to get in.

7. SEO Review

This is a good time to review any SEO settings in your themes or plugins. Make sure the keywords and descriptions are current. Verify your Google Analytics or other tracking systems are properly configured.

8. Content Check

Give your website content a quick read through. Particularly make sure that phone numbers, addresses and staff contacts are still current. Verify that any contact forms or other plugins are sending to the proper contacts.

9. Backup Again

It’s time for a final backup. The first backup you did was to protect you if anything broke during this update process. Now you want a backup of the new up-to-date site. Again, make sure the databases are backed up, too.

10. Store Backups Offsite

Last step is to move your backups to a safe place (not on the same server as the website). If the server goes down, you don’t want it taking your backups, too. We like to make sure backups are stored on a different server, preferably with a different vendor than our host site.

That’s it, you’re up-to-date with one of the most popular, secure and easy to use web content management systems available. Relax and enjoy your site.

Categories : Developers, Small Business, WordPress, WordPress Plugins

Creating a simple web-based registration system using Gravity Forms

By Terrell Sanders
Tuesday, December 14th, 2010

Most websites have simple contact forms that collect data from site visitors and email it to a specific contact. This is great for low volumes of responses, but it doesn’t give you an easy way to collect and manage dozens or hundreds of responses without slogging through pages and pages of emails.

One of our favorite WordPress plugins is Gravity Forms. This premium plugin lets you create all types of fancy input forms that email the data like usual, but also collects the information in a database which you can export in a spreadsheet format. This gives you an easy way to do simple registrations and surveys without having to transcribe the data out of dozens of emails.

Gravity Forms single site license price is only $40 (US), which is a bargain when you realize everything it can do.

Using Gravity Forms you can setup a simple registration form or survey (simple, meaning there are no payments required — we’ll save that for a future article).

You create a new form with the input fields you want to collect – name, address, phone, email, etc. You can also ask custom questions, multiple choice questions, drop down boxes, etc. You can then define what happens after the form is completed. The system can send an email with the data, and send a confirmation email back to the user. It can even send the data to different email addresses based on responses in the data. Pretty sweet. Even if I plan to collect the data from the database, I still like to have the system send me emails as the registrations come in. It lets me know what kind of response we are getting.

Meanwhile, the data is also being collected in a database by Gravity Forms. When you are ready to process the registrations you can go to the control panel, select the form, and export all the data in CSV format. This format can easily be opened and manipulated by your favorite spreadsheet program.

Other neat features provided by Gravity Forms includes limiting the number of responses, ie. only the first 50 entries, then it won’t take any more. It also allows you schedule a form so it will quit taking responses after a cutoff date. All these features can be very expensive to program in any other tool.

Overall, Gravity Forms is a great plugin that allows powerful forms and data collection on your site for a very small price.

Categories : Developers, Ministry, Small Business, WordPress, WordPress Plugins

Searching Custom Fields

By Adam White
Friday, July 2nd, 2010

I was disappointed the other day when looking into the query that happens on WordPress searches. It seems that WordPress by default will only search for your keyword or phrase in the title and body of the post. Not in related category or other taxonomies and not in custom fields. This could pose to be a problem for some users and how they layout their content.

With the latest release of WordPress (3.x) offering both custom post types as well as custom taxonomies, there will be a lot of users wanting to take full advantage of these features along with custom fields to create unique content along side their blog and static page content. I have found a plugin that has been around for a while now, but with the latest revisions to the core of WordPress, will become more and more essential to people utilizing these new features.

If you want someone to be able to search your custom fields and other taxonomies though the built in WordPress search then you need the plugin called “Search Everything” by Dan Cameron of Sprout Venture. It’s a simple and well executed method of adding specific elements to the main WordPress search query.

Search Everything’s Plugin Site

Categories : WordPress Plugins
Next Page »

Follow Us On Facebook