A few months ago, we redirected this blog from WordPressGarage.com to WPGarage.com in order to respect the request by the folks at Automattic that people not use the word WordPress in their domain name. We wrote up a guide on how to do this type of 301 redirect, and at that point it seemed that things had gone mostly smoothly. However, I now know that things did not go so smoothly, and here are some things that you should pay attention to if you also choose to 301 redirect your site to a new domain:
Google Analytics
Google Analytics stopped tracking our traffic. It said it was receiving data, but the stats showed zero visitors – an internet flatline. At first I thought that the redirect had caused all traffic to this site to cease, but I knew that could not be the case since our posts were still appearing in the SERPs, which is where most of our traffic comes from. Plus, we were still getting comments, which meant that some people were visiting. My search to figure out why this was happening led me to find a bunch of other issues (listed below), but eventually I just removed the Google Analytics WordPress plugin we were using, and pasted the analytics code into the footer. That solved the problem, and the stats started showing traffic again.
On another note, it seems that you need to log into Google Analytics and update the profile to the new address. I did that, but it didn’t fix the above problem. Anyways, here says it doesn’t matter what domain name in your Google Analytics settings the tracking code is on.
Lesson: pay close attention to your analytics stats after you redirect your site to a new domain. That way, if you see a problem you can start working immediately to solve it. It took me six days to solve our problem, which meant six days of no logged statistics. I would have hated to have done that to a client!
Google Webmaster Tools
If you’ve got Google Webmaster Tools monitoring your site, you need to change some settings there in order for it to start tracking the new domain properly.
Google has complete instructions on what to do if you are moving a site to a new domain. One of the things they mention there, which we didn’t do before we did the redirect, is to update your settings in Google Webmaster Tools. If you’ve been tracking your site in Google Webmaster Tools, you need to register a change of address. To do so you, need to re-verify the old site, which includes verifying both the www and non-www versions of the site. Google says that the reason for this is that “Typically, both versions point to the same physical location, but this is not always the case.” I had only added the non-www version to Google Webmaster tools, so I had to add a new site for www.wordpressgarage.com. This was a problem since I’d redirected everything and couldn’t put the meta tag that is required in the header of the old site. So I had to remove the 301 redirect from WordPressGarage.com’s .htaccess, add the header tag, and Verify. Once that was done, I could do the change of address.
Redirect Properly with or without www
While I was trying to figure out why our analytics weren’t working, I noticed that we had set up the 301 redirect as follows: http://wordpressgarage.com > http://www.wpgarage.com > http://wpgarage.com. In other words, we had written in the .htaccess file that visitors to wordpressgarage.com should be redirected to www.wpgarage.com, but here on wpgarage.com we have it set up that all visitors are redirected to the non-www version of the domain name. Basically, visitors were redirected twice. Not elegant, that’s for sure.
Google PageRank
I recently realized that this site lost its Google PageRank in the redirection process. We used to have a PR of 4, and now it’s 0. Zero!! I would like to know why that is the case, since all of a site’s value is supposed to be passed on to the new domain if a 301 redirect is used. But in consolation, I haven’t seen a reduction in traffic. In fact, traffic has gone up since we did the redirect.
So there you go: some more things you should pay attention to when doing a 301 redirect of a site to a new domain name. All of the above makes me realize how dependent we are on Google for managing our site properly. What can we do – they create the best (free) tools, so we use them, and we also depend on them for traffic.
Recently, someone asked me how to set up a local Wamp server on their computer so they can test Wordpress sites locally before uploading and editing online. MakeUseOf nicely explained what a Wamp server is and how to set it up. I wanted to expand their explanation to include setting up Wordpress.
What is this Wamp business?
According to MakeUseOf, WAMP stands for Windows Apache, MySQL and PHP.
A great majority of websites are run by a trio of services – Apache, MySQL and PHP. Apache is the web server, which handles browser requests and sends the information across the internet to your browser. PHP is the programming language that many sites are written in – this creates dynamic content which in turn is sent to Apache, which sends the data to your browser. And finally, MySQL is the database which stores the information for programs. PHP is used to access this database.
2. Create a new Database (‘wordpress‘ or ‘blog‘ are good). Leave Collation. Click Create.
3. Click the Home icon in the upper left to return to the main page, then click Privileges. If a user relating to WordPress does not already exist in the list of users, create one:
Click Add a new User.
Chose a username for WordPress (‘admin’ is good) and enter it in the User name field. (Be sure Use text field: is selected from the dropdown.)
For Host, select Local and type in localhost
Choose a difficult-to-guess password and enter it in the Password field. (Be sure Use text field: is selected from the dropdown.) Re-enter the password in the Re-type field.
Write down the username and password you chose.
Leave all options under Global privileges at their defaults.
Click Go.
4. Return to the Privileges screen and click the Check privileges icon on the user you’ve just created for WordPress. In the Database-specific privileges section, select the database you’ve just created for WordPress under the Add privileges to the following database dropdown. The page will refresh with privileges for that database. Click Check All to select all privileges, and click Go.
5. On the resulting page, make note of the host name listed after Server: at the top of the page. (This will usually be localhost.)
6. Returning to where you extracted the WordPress package, rename the file wp-config-sample.php to wp-config.php.
7. Open the renamed wp-config.php file in your favorite text editor. Here’s a screenshot of how the wp-config.php is set up.
8. Fill in the following information
DB_NAME
The name of the database you created for WordPress. (ex. Wordpress) DB_USER
The username you created for WordPress (ex. admin) DB_PASSWORD
The password you chose for the WordPress username. DB_HOST
The hostname you determined (usually localhost)
9. Save the file.
10. Run the install scrip by copying and pasting this URL into your browser http://localhost/wordpress/wp-admin/install.php
We just got a scary phone call. Don’t worry, everyone’s ok. We logged into one of our Wordpress sites and, while the backend was still there, all the posts and pages and comments were gone. G-O-N-E. Poof. Just like that. I went into the PHPmyadmin section of the control panel to look at the database and saw this error: “wp_posts” is marked as crashed and should be repaired.
After a mild heart spasm, I started searching the web furiously for a solution and thank goodness found this video, which calmly explained what to do and fixed the problem.
If you don’t feel like watching the video, here’s what I did:
1. Gather backups of everything. It is painstaking and takes a looong time, but better safe than sorry.
Find the most recent backup that was sent to your email via the WP-DB Backup plugin
Go into the PHPmyadmin in your hosting provider’s control panel, export the whole database as well as each table individually.
[Note: The table that crashed probably won't let you export it, and will give you this ugly message: Table 'wp_posts' is marked as crashed and should be repaired]
2. in PHPmyadmin, click the checkbox next to the corrupted table (ours was wp_posts). The table will probably say “in use”. Use the dropdown menu at the bottom to select “repair table”.
Lessons learned
1. Backup hourly or daily and send all backups to a separate email account so you don’t have to worry about it clogging up your inbox
2. Check your blog’s overhead column in PHPmyadmin at least once a month and repair any tables with a high overhead.
If you want to give people the option to contact you by email, you need to display your email address on your site. But by doing so, you are putting yourself at the mercy of the low-lives out there harvesting email addresses so they can spam you with products that will enlarge certain parts of your body.
There are solutions out there that use javascript and other stuff to “obfuscate” your email address, but why use something external when you can use the handy, shiny, built-in WordPress email obfuscating template tag?
To use this template tag, you need to do the following:
Make sure your email address is in your user profile.
Put the following template tag wherever you want the address to appear:
The function antispambot() above parses the e-mail address passed by get_the_author_email() (this is the same asthe_author_email(), except it returns rather than displays the author’s e-mail address). Use of the echo command displays the output of antispambot(). An interesting feature is it encodes only portions of an address, and does so randomly so the letters encoded are different each time the page loads, adding a little more firepower to the spam protection arsenal.
My questions are:
Since this pulls an author related parameter, will the email address change according to the author? (Probably.)
Can this even be displayed in the sidebar?
It seems that if it is author related, it is not a good solution for displaying a website email address that does not belong to a specific person, like . But if you do have a multi-author site and you want to display the authors’ email addresses, this seems like a great way to do that without feeding the spam wolves.
A few days ago I wrote about 38 ways to optimize and speed up your WordPress blog. One of the issues I touched on is the use of caching plugins, like WP-Cache 2 and WP Super Cache. Little did I know how important these plugins are for ensuring a smoothly running WordPress blog. Jeff Atwood at Coding Horror noticed that his tiny WordPress site was using huge amounts of CPU time. You can see the image of the results on his post. He says the following:
This is an incredibly scary result; blog.stackoverflow.com is getting, at best, a moderate trickle of incoming traffic. It’s barely linked anywhere! With that kind of CPU load level, this site would fall over instantaneously if it got remotely popular, or God forbid, anywhere near the front page of a social bookmarking website.
He then shows an image of how the blog’s CPU usage looked after installing the above-mentioned caching plugins. The improvement is tremendous, and he explains why he can’t understand why this type of caching isn’t built in to WordPress:
It’s not like this a new issue. Personally, I think it’s absolutely irresponsible that WP-Cache like functionality isn’t already built into WordPress. I would not even consider deploying WordPress anywhere without it. And yet, according to a recent podcast, Matt Mullenweg dismisses it out of hand and hand-wavingly alludes to vague TechCrunch server reconfigurations.
A default WordPress install will query the database twenty times every time you refresh the page, even if not one single element on that page has changed. Doesn’t that strike you as a bad idea? Maybe even, dare I say it, sloppy programming?
And it’s not like he’s setting higher standards for WordPress – he happily uses Movable Type which features static rendering, and he says that the .NET framework has had caching built in for years.
The point: install a caching plugin ASAP if you have not yet done so, and save yourself the problems of a sluggish, overweight site.
Well look who’s right. The powers-that-be at WordPress announced yesterday that two security-related releases are now available for users of the main 2.2 branch and the legacy 2.0 branch, i.e. versions 2.2.2 and 2.0.11. (Who’s still using the 2.0 branch – shame on you! Oh right, that would be me…don’t worry, not here!)
I have compiled a to-do list of plugins that I install and steps that I take to optimize and secure every WordPress site or blog that I create. This list will be updated with new developments or plugins and tips that I discover, so make sure to check back.
Must haves:
Feedsmith – redirect all your feed subscribers to FeedBurner so that you can track your feed stats. Now FeedBurner allows you to keep your domain name in the feed address. This means that instead of your feed address becoming something like http://feeds.feedburner.com/WordpressGarage, it can be http://wpgarage.com/rss2 or whatever the feed address is for your site.
Add FeedBurner feed flares to feed – make it easy for your RSS subscribers to bookmark or email your posts with Feed Flares
Change permalink structure – use pretty permalinks for better search engine optimization. I always use the following custom permalink structure:
/%category%/%postname%/
Google (XML) Sitemaps - important for search engine optimization. This is not for your readers, but for the search engine crawlers that visit your site.
Ultimate Google Analytics - this is an easy way to install Google Analytics on your site. There is another plugin that does this, but this one is “ultimate” because it also tracks outgoing links and links to downloads.
Simple Tagging – tags are important for search engines and for Technorati. I tried all the other tagging plugins, and this is the easiest to use, and with it you can easily create a tag cloud and add related posts to each entry. Creating a tag cloud with Simple Tagging.
Full Text Feed plugin – if you want your RSS subscribers to be able to see full text feeds, and you plan on using the More tag in your posts to create excerpts, you need this plugin.
WordPress Database Backup - if you value your work, install this! It will send a backup file of your database to your email on a regular basis.
Search Everything – if you have Pages on your site (i.e. not posts) with important information, they should show up in search results on your site. By default, WordPress excludes Pages from search results.
Wordpress Dashboard Editor – this allows you to easily get rid of all the incoming WordPress feeds that appear on your dashboard. I don’t find that they add any value for me, and I know that they would just confuse my clients, so I use this to get rid of them.
DoFollow – if someone comments on your site, why not give them the gift of a link back to their site? Since I set up every site so that first comments from a commenter must be approved, I’m not worried about spammers getting links back to them.
WP-Cache 2.0 – since you never know when you’re going to write that amazing post that the whole world will digg, install this so that when that day arrives, your servers(hopefully) won’t crash.
Subscribe to Comments 2.1 – blogs are communities. Allow your commenters to follow comment threads by subcribing to comments.
Add comments feed to header for more subscribers – this is a way to increase your comment feed subscribers by adding the Comments Feed to the list of feeds that are displayed when a user clicks on the RSS link in the browser.
Hacked Antisocial (hacked version of Sociable) – you need to give your users an easy way to bookmark your posts. This plugin does this, while not diminishing your “link juice” – or WP Plugin: Gregarious – this is an efficient and customizable plugin that adds a little green icon at the end of posts, with wording of your choice (like “Bookmark this”), and when clicked opens a drop-down menu with a list of social sites for bookmarking, plus the option to email the post.
ST Visualize Advanced Features or Advanced TinyMCE Editor – the default WYSIWYG editor in WordPress is painfully simple. A little known secret is that there are more buttons available, but they are hidden. The ST Visualize Advanced Features plugin adds a button to the toolbar that, when clicked, opens up another row of formatting buttons. The Advanced TinyMCE Editor plugin turns the toolbar into a full-fledged WYSIWYG with 60 functions!
WP-PageNavi – puts nice pagination at the bottom of every page. This just increases usability and tells the user how many pages there are on the site, and where they are in the scheme of things.
Yes-www – make sure that all pages are either with the “www” or without, depending on your preference. The advantage of this plugin is that it also deals with index.php requests, and redirects them accordingly.
All in One SEO pack – optimizes titles, makes sure Google doesn’t spider duplicate content – or the SEO_Wordpress plugin – both prevent duplicate content spidering and generally improve the site for search engines. Now I use All in One SEO Pack only- it does everything, including meta keywords and descriptions, title optimization (list the post name first, and then the name of your blog, for SEO – like this: How to protect your WordPress site >> wpgarage.com. In the default installation, these elements appear with the blog name first, and then the post name).
Setting up pinging – you can enter ping addresses under Options>Writing in the admin. Here is a list of ping addresses that you can copy and paste into that box. Alternately, you can use an online pinging service, like King Ping. If you enter your blog URI on the King Ping site, it will ping 53 sites every time you post. These sites have been manually reviewed for suitability and quality.
Simple Spam Filter – more spam protection. Works in conjunction with Akismet
Admin Themer – make modifications to the admin in a separate CSS file so they are preserved even when you upgrade.
Landing Sites – when people come to your site from a search engine, show them other possible posts they may be interested in based on their search query
WP-Chunk – shortens long URLs in comments so they don’t mess the layout
Digg This – adds Digg button when your posts are digged/dugg
Custom Query String – allows you to set how many posts will appear on different pages like Home, Search, Category
No self pings plugin – if you link to another post in your own blog, it appears as a trackback. I don’t like these trackbacks, and delete them. This plugin stops self-pings automatically.
Slug Trimmer – if you use pretty permalinks, they are formed from the titles of your posts. Sometimes the titles are long, and then you end up with a really long URL. This plugin trims the URLs automatically.
SRG Clean Archives - this allows you to create a useful archive page, where the posts are divided up into months and years.
OneClick – no more unzipping and then FTPing themes and plugins. OneClick allows you to upload plugin or theme files from the Admin panel, or right-clicking in Firefox. All you have to do is browse for the zip file and click “upload” and the plugin does the rest.
Useful:
Sticky Menu – Sticky Menu lets you define an unlimited number of menus, in which you list the exact number of menu items you want to appear. Menu items can link to any pages, posts, etc., in your site or any URLs exterior to your site. You can define a class name for each menu item.
Fancy pull-quotes plugin - instead of creating a style for pull-quotes, you can use this plugin to make it easier.
TinyMCE Comments - this makes it easy for commenters to format their comment. It seemed to slow down my site a lot.
cforms – the easies, most flexible form builder I have ever seen. You can have multiple forms on one site, add as many fields as you want, divide your form into sections, validate, style it, have email autoresponders, track submissions, and more!
Did you know that the standard WordPress installation is vulnerable to attacks from hackers? Well, it is, but fear not – there are steps you can take to protect your precious WordPress site/blog:
Staying updated – always make sure your site is running on the most updated version of WordPress.
Make sure your wp-config file is not read or writable. The wp-config file is the one that is originally called wp-config-sample.php when you download the installation files, and you rename it to wp-config.php and change the information in it to match the database you set up. If you don’t know how to change file permissions, WPDesigner points us to the WordPress codex entry on the subject.
Delete install.php once you’ve finished installing WordPress.
Protect yourself against comment spam. WPDesigner has links to four resources that can help you with this.
Limit self-registration of users – users can subscribe to your site very easily by visiting your login page. Make sure that either you have set WordPress to not allow anyone to register, or that if you do allow registrations, they are limited to the lowest permission levels. Again, see WPDesigner for more info.
WPDesigner suggests creating a new admin account with a unique password, and deleting the default admin account.
See the entry on Hardening WordPress in the WordPress codex for more information on securing your WordPress site or blog.
Securing your plugin directory: Bill Hartzer says that it is important to protect your WordPress plugins directory. He says he doesn’t want people snooping around his plugins and seeing what he does with them, but I’m guessing that it’s probably not great from a security standpoint to leave the plugins directory wide open for hackers. Since the plugins directory does not have an index.html or index.php file in its root, if someone goes to your directory, they will see all your plugins. So he provides some code for creating a simple index.html page to put in your plugins directory. Once it’s there, no one can snoop (at least not easily).
Gives access permission to all visitors with exceptions (security, usability)
Specifies custom error documents (usability)
Disables directory browsing (security)
Redirect old pages to new (optional)
Disables image hotlinking (bandwidth)
Enables PHP compression (bandwidth)
Sets the canonical or “standard” url for your site (seo, usability)
Update Sept. 5, 2007:Follow these instructions at BlogSecurity to create an .htaccess file that restricts wp-content and wp-includes, and restricts access to wp-admin.
I am definitely going to make the above part of my list of things to do to every WordPress site. Better safe than sorry!
Ramit over at I Will Teach You To Be Rich reminds us that when all is said and done, a blog’s success depends on the merit of its content, and not on the quality of its design, stats programs, or all the SEO stuff you do to optimize your site. These things help, but they won’t make or break it for you.
Generating a sitemap for your site is an important step in optimizing it for the search engines. However, they tend to be very unpretty. See the sitemap on this site, for example. Not exactly a thing of beauty.
There's lots of great stuff out there for WordPress. I put this blog together so that I would have a place to organize the best information so that when I need it, I can easily find it. What better way to do it than with WordPress?
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
semicircle button and Click “Put online”.
