I wanted to redirect 2 domains. One of the domains, (let’s call it olddomain.com), was listed as the primary domain with Hostgator.  The other domain, (let’s call it otherolddomain.com), was in a subdirectory of the primary domain. I thought I could just reuse the oh-so-easy 301 redirect that worked when we moved WordPressGarage.com over to WPGarage.com. Ha!

As it turns out, I got this error:

Firefox has detected that the server is redirecting the request for this address in a way that will never complete

I quickly got on chat with Hostgator and they told me that I had to create a “dummy” domain that doesn’t redirect,  (let’s call it dummydomain.com), and set it as the primary domain because you can’t have a redirect on the primary domain if you also want a redirect on subdirectories. Apparently that is what would cause an infinite loop.  A dummy domain could be any domain that won’t need a redirect. So, I created a dummy domain, dummydomain.com and set it as the primary domain. I then created an add-on (subdirectory) domain for the former primary domain, olddomain.com, and moved the primary domain folders down to the subdirectory level where olddomain.com is now located. The other domain, otherolddomain.com was fine all along since it was an add-on domain (in a subdirectory).

had Hostgator touch up the htaccess and voila! Here’s what worked:

the .htaccess on the old domains:

In HostGator, here’s how the redirect looked:

I think that the code that we mentioned in an earlier post:

Redirect 301 / http://www.<strong>new</strong>domain.com/<em>

</em>

would have worked but I didn’t want to break what worked!

Read more about 301 redirect fun!

• How to move a domain with a 301 redirect on WordPress
• More on doing a 301 redirect of a WordPress site to a new domain

This post was originally published at Even More on 301 Redirects with WordPress, Primary Domains, Dummy Domains and Hostgator on WP Garage - WP Garage - wordpress tricks, hacks, and tips.

A few months ago, we redirected this blog from WordPressGarage.com to WPGarage.com in order to respect the request by the folks at Automattic that people not use the word WordPress in their domain name. We wrote up a guide on how to do this type of 301 redirect, and at that point it seemed that things had gone mostly smoothly. However, I now know that things did not go so smoothly, and here are some things that you should pay attention to if you also choose to 301 redirect your site to a new domain:

Google Analytics

Google Analytics stopped tracking our traffic. It said it was receiving data, but the stats showed zero visitors – an internet flatline. At first I thought that the redirect had caused all traffic to this site to cease, but I knew that could not be the case since our posts were still appearing in the SERPs, which is where most of our traffic comes from. Plus, we were still getting comments, which meant that some people were visiting. My search to figure out why this was happening led me to find a bunch of other issues (listed below), but eventually I just removed the Google Analytics WordPress plugin we were using, and pasted the analytics code into the footer. That solved the problem, and the stats started showing traffic again.

On another note, it seems that you need to log into Google Analytics and update the profile to the new address. I did that, but it didn’t fix the above problem. Anyways, here says it doesn’t matter what domain name in your Google Analytics settings the tracking code is on.

Lesson: pay close attention to your analytics stats after you redirect your site to a new domain. That way, if you see a problem you can start working immediately to solve it. It took me six days to solve our problem, which meant six days of no logged statistics. I would have hated to have done that to a client!

Google Webmaster Tools

If you’ve got Google Webmaster Tools monitoring your site, you need to change some settings there in order for it to start tracking the new domain properly.

Google has complete instructions on what to do if you are moving a site to a new domain. One of the things they mention there, which we didn’t do before we did the redirect, is to update your settings in Google Webmaster Tools. If you’ve been tracking your site in Google Webmaster Tools, you need to register a change of address. To do so you, need to re-verify the old site, which includes verifying both the www and non-www versions of the site. Google says that the reason for this is that “Typically, both versions point to the same physical location, but this is not always the case.” I had only added the non-www version to Google Webmaster tools, so I had to add a new site for www.wordpressgarage.com. This was a problem since I’d redirected everything and couldn’t put the meta tag that is required in the header of the old site. So I had to remove the 301 redirect from WordPressGarage.com’s .htaccess, add the header tag, and Verify. Once that was done, I could do the change of address.

Redirect Properly with or without www

While I was trying to figure out why our analytics weren’t working, I noticed that we had set up the 301 redirect as follows: http://wordpressgarage.com > http://wpgarage.com > http://wpgarage.com. In other words, we had written in the .htaccess file that visitors to wordpressgarage.com should be redirected to www.wpgarage.com, but here on wpgarage.com we have it set up that all visitors are redirected to the non-www version of the domain name. Basically, visitors were redirected twice. Not elegant, that’s for sure.

Google PageRank

I recently realized that this site lost its Google PageRank in the redirection process. We used to have a PR of 4, and now it’s 0. Zero!! I would like to know why that is the case, since all of a site’s value is supposed to be passed on to the new domain if a 301 redirect is used. But in consolation, I haven’t seen a reduction in traffic. In fact, traffic has gone up since we did the redirect.

So there you go: some more things you should pay attention to when doing a 301 redirect of a site to a new domain name. All of the above makes me realize how dependent we are on Google for managing our site properly. What can we do – they create the best (free) tools, so we use them, and we also depend on them for traffic.

This post was originally published at More on doing a 301 redirect of a WordPress site to a new domain on WP Garage - WP Garage - wordpress tricks, hacks, and tips.

Recently, someone asked me how to set up a local Wamp server on their computer so they can test WordPress sites locally before uploading and editing online. MakeUseOf nicely explained what a Wamp server is and how to set it up. I wanted to expand their explanation to include setting up WordPress.

What is this Wamp business?

According to MakeUseOf, WAMP stands for Windows Apache, MySQL and PHP.

A great majority of websites are run by a trio of services – Apache, MySQL and PHP. Apache is the web server, which handles browser requests and sends the information across the internet to your browser. PHP is the programming language that many sites are written in – this creates dynamic content which in turn is sent to Apache, which sends the data to your browser. And finally, MySQL is the database which stores the information for programs. PHP is used to access this database.

How to Set up a Wamp Server

Step 1

Download the WampServer.

Step 2

Run the installer, using the default options provided.

Step 3

Double click the Wamp icon on your desktop .

On your taskbar, near the time in the bottom right corner of your desktop, left click on the semicircle button and Click “Put online”.

How to set up WordPress on your Wamp

Step 1

Download WordPress. Extract the files.

Left click on the semicircle on your taskbar.

Open up the www directory.

Drag the WordPress folder into the www directory.

Step 2

1.  Open PHPmyadmin from your wamp menu

2. Create a new Database (‘wordpress‘ or ‘blog‘ are good). Leave Collation. Click Create.

3.  Click the Home icon in the upper left to return to the main page, then click Privileges. If a user relating to WordPress does not already exist in the list of users, create one:

1. Click Add a new User.
2. Chose a username for WordPress (‘admin’ is good) and enter it in the User name field. (Be sure Use text field: is selected from the dropdown.)
3. For Host, select Local and type in localhost
4. Choose a difficult-to-guess password and enter it in the Password field. (Be sure Use text field: is selected from the dropdown.) Re-enter the password in the Re-type field.
5. Write down the username and password you chose.
6. Leave all options under Global privileges at their defaults.
7. Click Go.

4. Return to the Privileges screen and click the Check privileges icon on the user you’ve just created for WordPress. In the Database-specific privileges section, select the database you’ve just created for WordPress under the Add privileges to the following database dropdown. The page will refresh with privileges for that database. Click Check All to select all privileges, and click Go.

5. On the resulting page, make note of the host name listed after Server: at the top of the page. (This will usually be localhost.)

6. Returning to where you extracted the WordPress package, rename the file wp-config-sample.php to wp-config.php.

7. Open the renamed wp-config.php file in your favorite text editor. Here’s a screenshot of how the wp-config.php is set up.

8. Fill in the following information

DB_NAME
The name of the database you created for WordPress. (ex. WordPress)
DB_USER
The username you created for WordPress (ex. admin)
DB_PASSWORD
The password you chose for the WordPress username.
DB_HOST
The hostname you determined  (usually localhost)

9. Save the file.

10.  Run the install scrip by copying and pasting this URL into your browser http://localhost/wordpress/wp-admin/install.php

Step 3

Hooray! Hopefully all went according to plan.

Treat yourself to a nice cold beer.

This post was originally published at How to set up WordPress on a Wampserver on WP Garage - WP Garage - wordpress tricks, hacks, and tips.

We just got a scary phone call. Don’t worry, everyone’s ok. We logged into one of our WordPress sites and, while the backend was still there, all the posts and pages and comments were gone. G-O-N-E.  Poof. Just like that. I went into the PHPmyadmin section of the control panel to look at the database and saw this error: “wp_posts” is marked as crashed and should be repaired.

After a mild heart spasm, I started searching the web furiously for a solution and thank goodness found this video, which calmly explained what to do and fixed the problem.

If you don’t feel like watching the video, here’s what I did:

1. Gather backups of everything. It is painstaking and takes a looong time, but better safe than sorry.

• Find the most recent backup that was sent to your email via the WP-DB Backup plugin
• Go into the PHPmyadmin in your hosting provider’s control panel, export the whole database as well as each table individually.
  [Note: The table that crashed probably won't let you export it, and will give you this ugly message: Table 'wp_posts' is marked as crashed and should be repaired]

2. in PHPmyadmin, click the checkbox next to the corrupted table (ours was wp_posts).  The table will probably say “in use”.  Use the dropdown menu at the bottom to select “repair table”.

Lessons learned

1. Backup hourly or daily and send all backups to a separate email account so you don’t have to worry about it clogging up your inbox

2. Check your blog’s overhead column in PHPmyadmin at least once a month and repair any tables with a high overhead.

Here’s to a spaz-free WordPress!

This post was originally published at Crash! Burn! How to repair tables in the WordPress database on WP Garage - WP Garage - wordpress tricks, hacks, and tips.

If you want to give people the option to contact you by email, you need to display your email address on your site. But by doing so, you are putting yourself at the mercy of the low-lives out there harvesting email addresses so they can spam you with products that will enlarge certain parts of your body.

There are solutions out there that use javascript and other stuff to “obfuscate” your email address, but why use something external when you can use the handy, shiny, built-in WordPress email obfuscating template tag?

To use this template tag, you need to do the following:

1. Make sure your email address is in your user profile.
2. Put the following template tag wherever you want the address to appear:

   <?php echo antispambot(get_the_author_email()); ?>

The WordPress codex says that this tag works as follows:

The function antispambot() above parses the e-mail address passed by get_the_author_email() (this is the same as the_author_email(), except it returns rather than displays the author’s e-mail address). Use of the echo command displays the output of antispambot(). An interesting feature is it encodes only portions of an address, and does so randomly so the letters encoded are different each time the page loads, adding a little more firepower to the spam protection arsenal.

My questions are:

1. Since this pulls an author related parameter, will the email address change according to the author? (Probably.)
2. Can this even be displayed in the sidebar?

It seems that if it is author related, it is not a good solution for displaying a website email address that does not belong to a specific person, like . But if you do have a multi-author site and you want to display the authors’ email addresses, this seems like a great way to do that without feeding the spam wolves.

This post was originally published at Preventing email spam with the built-in WordPress email obfuscator on WP Garage - WP Garage - wordpress tricks, hacks, and tips.

A few days ago I wrote about 38 ways to optimize and speed up your WordPress blog. One of the issues I touched on is the use of caching plugins, like WP-Cache 2 and WP Super Cache. Little did I know how important these plugins are for ensuring a smoothly running WordPress blog. Jeff Atwood at Coding Horror noticed that his tiny WordPress site was using huge amounts of CPU time. You can see the image of the results on his post. He says the following:

This is an incredibly scary result; blog.stackoverflow.com is getting, at best, a moderate trickle of incoming traffic. It’s barely linked anywhere! With that kind of CPU load level, this site would fall over instantaneously if it got remotely popular, or God forbid, anywhere near the front page of a social bookmarking website.

He then shows an image of how the blog’s CPU usage looked after installing the above-mentioned caching plugins. The improvement is tremendous, and he explains why he can’t understand why this type of caching isn’t built in to WordPress:

It’s not like this a new issue. Personally, I think it’s absolutely irresponsible that WP-Cache like functionality isn’t already built into WordPress. I would not even consider deploying WordPress anywhere without it. And yet, according to a recent podcast, Matt Mullenweg dismisses it out of hand and hand-wavingly alludes to vague TechCrunch server reconfigurations.

A default WordPress install will query the database twenty times every time you refresh the page, even if not one single element on that page has changed. Doesn’t that strike you as a bad idea? Maybe even, dare I say it, sloppy programming?

And it’s not like he’s setting higher standards for WordPress – he happily uses Movable Type which features static rendering, and he says that the .NET framework has had caching built in for years.

The point: install a caching plugin ASAP if you have not yet done so, and save yourself the problems of a sluggish, overweight site.

This post was originally published at WordPress is a CPU hog – use caching plugins! on WP Garage - WP Garage - wordpress tricks, hacks, and tips.

A few days ago I reported about a new WordPress vulnerability, and prophesied that as a result we would soon be witness to a new release of WordPress.

Well look who’s right. The powers-that-be at WordPress announced yesterday that two security-related releases are now available for users of the main 2.2 branch and the legacy 2.0 branch, i.e. versions 2.2.2 and 2.0.11. (Who’s still using the 2.0 branch – shame on you! Oh right, that would be me…don’t worry, not here!)

So get to work boys and girls! And don’t forget:

1. Back up your database!
2. Back up your theme (just in case)!
3. Deactivate all plugins!
4. Pray to your lord!
5. Upgrade!
6. Pray some more!
7. Reactivate your plugins!
8. Enter the URL of your site in your browser. Close your eyes. Open your eyes.
9. It worked!
10. or Aaarghhh – what are all these PHP errors?

Now rinse and repeat for all your blogs and clients’ blogs.

Joost de Valk says it’s much easier to upgrade from Subversion. Sounds scary to me, but for those of you who actually know what Subversion is, maybe this tip will help make this all-too-frequent event a little less painful.

Happy upgrading!

This post was originally published at I told you so…time to upgrade to 2.2.2 on WP Garage - WP Garage - wordpress tricks, hacks, and tips.

(Updated Sept. 9, 2007)

I have compiled a to-do list of plugins that I install and steps that I take to optimize and secure every WordPress site or blog that I create. This list will be updated with new developments or plugins and tips that I discover, so make sure to check back.

Must haves:

• Feedsmith – redirect all your feed subscribers to FeedBurner so that you can track your feed stats. Now FeedBurner allows you to keep your domain name in the feed address. This means that instead of your feed address becoming something like http://feeds.feedburner.com/WordpressGarage, it can be rss2 or whatever the feed address is for your site.
• Add FeedBurner feed flares to feed – make it easy for your RSS subscribers to bookmark or email your posts with Feed Flares
• Change permalink structure – use pretty permalinks for better search engine optimization. I always use the following custom permalink structure:
  /%category%/%postname%/
• Google (XML) Sitemaps - important for search engine optimization. This is not for your readers, but for the search engine crawlers that visit your site.
• Ultimate Google Analytics - this is an easy way to install Google Analytics on your site. There is another plugin that does this, but this one is “ultimate” because it also tracks outgoing links and links to downloads.
• Simple Tagging – tags are important for search engines and for Technorati. I tried all the other tagging plugins, and this is the easiest to use, and with it you can easily create a tag cloud and add related posts to each entry. Creating a tag cloud with Simple Tagging.
• Full Text Feed plugin – if you want your RSS subscribers to be able to see full text feeds, and you plan on using the More tag in your posts to create excerpts, you need this plugin.
• WordPress Database Backup - if you value your work, install this! It will send a backup file of your database to your email on a regular basis.
• WP-ContactForm: Akismet Edition – easy to use, functional contact form.
• Search Everything – if you have Pages on your site (i.e. not posts) with important information, they should show up in search results on your site. By default, WordPress excludes Pages from search results.
• WordPress Dashboard Editor – this allows you to easily get rid of all the incoming WordPress feeds that appear on your dashboard. I don’t find that they add any value for me, and I know that they would just confuse my clients, so I use this to get rid of them.
• DoFollow – if someone comments on your site, why not give them the gift of a link back to their site? Since I set up every site so that first comments from a commenter must be approved, I’m not worried about spammers getting links back to them.
• WP-Cache 2.0 – since you never know when you’re going to write that amazing post that the whole world will digg, install this so that when that day arrives, your servers(hopefully) won’t crash.
• Subscribe to Comments 2.1 – blogs are communities. Allow your commenters to follow comment threads by subcribing to comments.
• Add comments feed to header for more subscribers – this is a way to increase your comment feed subscribers by adding the Comments Feed to the list of feeds that are displayed when a user clicks on the RSS link in the browser.
• Hacked Antisocial (hacked version of Sociable) – you need to give your users an easy way to bookmark your posts. This plugin does this, while not diminishing your “link juice” – or WP Plugin: Gregarious – this is an efficient and customizable plugin that adds a little green icon at the end of posts, with wording of your choice (like “Bookmark this”), and when clicked opens a drop-down menu with a list of social sites for bookmarking, plus the option to email the post.
  
• ST Visualize Advanced Features or Advanced TinyMCE Editor – the default WYSIWYG editor in WordPress is painfully simple. A little known secret is that there are more buttons available, but they are hidden. The ST Visualize Advanced Features plugin adds a button to the toolbar that, when clicked, opens up another row of formatting buttons. The Advanced TinyMCE Editor plugin turns the toolbar into a full-fledged WYSIWYG with 60 functions!
• WP-PageNavi – puts nice pagination at the bottom of every page. This just increases usability and tells the user how many pages there are on the site, and where they are in the scheme of things.
• Yes-www – make sure that all pages are either with the “www” or without, depending on your preference. The advantage of this plugin is that it also deals with index.php requests, and redirects them accordingly.
• All in One SEO pack – optimizes titles, makes sure Google doesn’t spider duplicate content – or the SEO_Wordpress plugin – both prevent duplicate content spidering and generally improve the site for search engines. Now I use All in One SEO Pack only- it does everything, including meta keywords and descriptions, title optimization (list the post name first, and then the name of your blog, for SEO – like this: How to protect your WordPress site >> wpgarage.com. In the default installation, these elements appear with the blog name first, and then the post name).
• Viper’s Video Quicktags – the best solution for easily adding videos to posts – adds simple buttons to the advanced WYSIWYG editor for easily inserting all types of media formats in your posts and pages.
• Setting up pinging – you can enter ping addresses under Options>Writing in the admin. Here is a list of ping addresses that you can copy and paste into that box. Alternately, you can use an online pinging service, like King Ping. If you enter your blog URI on the King Ping site, it will ping 53 sites every time you post. These sites have been manually reviewed for suitability and quality.
• Submit site to Google, Technorati, Yahoo, Dmoz
• Secure the site – follow this list of directions to add greater security to your WordPress blog or site.
• Enrich RSS feed by adding copyright notice, comments and related posts

Nice to haves:

• Comment Email Responder Plugin – easily email commenters and post a comment in response in one shot
• Simple Spam Filter – more spam protection. Works in conjunction with Akismet
• Admin Themer – make modifications to the admin in a separate CSS file so they are preserved even when you upgrade.
• Landing Sites – when people come to your site from a search engine, show them other possible posts they may be interested in based on their search query
• WP-Chunk – shortens long URLs in comments so they don’t mess the layout
• WP – ©Feed – add copyright notice, related posts and comments to feed to stop sploggers and extend the reach of your feed
• Digg This – adds Digg button when your posts are digged/dugg
• Custom Query String – allows you to set how many posts will appear on different pages like Home, Search, Category
• No self pings plugin – if you link to another post in your own blog, it appears as a trackback. I don’t like these trackbacks, and delete them. This plugin stops self-pings automatically.
• Slug Trimmer – if you use pretty permalinks, they are formed from the titles of your posts. Sometimes the titles are long, and then you end up with a really long URL. This plugin trims the URLs automatically.
• SRG Clean Archives - this allows you to create a useful archive page, where the posts are divided up into months and years.
• Separate pingbacks and trackbacks from comments – makes the comments section more organized. This is not a plugin, but a hack to the template files. The TrackbackList Plugin v1.3 does this too.
• Optimize DB – Your WordPress database can get clogged with junk. This plugin optimizes your database simply and efficiently.
• Author Highlight – this highlights comments by the author of a post, making them stand out visually from the other comments. It is possible to do this by coding the template files and CSS too.
• OneClick – no more unzipping and then FTPing themes and plugins. OneClick allows you to upload plugin or theme files from the Admin panel, or right-clicking in Firefox. All you have to do is browse for the zip file and click “upload” and the plugin does the rest.

Useful:

• Sticky Menu – Sticky Menu lets you define an unlimited number of menus, in which you list the exact number of menu items you want to appear. Menu items can link to any pages, posts, etc., in your site or any URLs exterior to your site. You can define a class name for each menu item.
• Fancy pull-quotes plugin - instead of creating a style for pull-quotes, you can use this plugin to make it easier.
• TinyMCE Comments - this makes it easy for commenters to format their comment. It seemed to slow down my site a lot.
• cforms – the easies, most flexible form builder I have ever seen. You can have multiple forms on one site, add as many fields as you want, divide your form into sections, validate, style it, have email autoresponders, track submissions, and more!

Tips:

• 52 of the Best Ways to Promote your Blog and your Business

This post was originally published at Things I do to optimize and secure every WordPress site and blog on WP Garage - WP Garage - wordpress tricks, hacks, and tips.

Did you know that the standard WordPress installation is vulnerable to attacks from hackers? Well, it is, but fear not – there are steps you can take to protect your precious WordPress site/blog:

1. WPDesigner gives tips on securing your blog. This includes:
   1. Staying updated – always make sure your site is running on the most updated version of WordPress.
   2. Make sure your wp-config file is not read or writable. The wp-config file is the one that is originally called wp-config-sample.php when you download the installation files, and you rename it to wp-config.php and change the information in it to match the database you set up. If you don’t know how to change file permissions, WPDesigner points us to the WordPress codex entry on the subject.
   3. Delete install.php once you’ve finished installing WordPress.
   4. Protect yourself against comment spam. WPDesigner has links to four resources that can help you with this.
   5. Limit self-registration of users – users can subscribe to your site very easily by visiting your login page. Make sure that either you have set WordPress to not allow anyone to register, or that if you do allow registrations, they are limited to the lowest permission levels. Again, see WPDesigner for more info.
   6. WPDesigner suggests creating a new admin account with a unique password, and deleting the default admin account.
2. See the entry on Hardening WordPress in the WordPress codex for more information on securing your WordPress site or blog.
3. Securing your plugin directory: Bill Hartzer says that it is important to protect your WordPress plugins directory. He says he doesn’t want people snooping around his plugins and seeing what he does with them, but I’m guessing that it’s probably not great from a security standpoint to leave the plugins directory wide open for hackers. Since the plugins directory does not have an index.html or index.php file in its root, if someone goes to your directory, they will see all your plugins. So he provides some code for creating a simple index.html page to put in your plugins directory. Once it’s there, no one can snoop (at least not easily).
4. Update July 17, 2007: Josiah Cole gives a detailed explanation of how to create a .htaccess file that will help you secure your site, and aid the site in handling traffic and visitors. His .htaccess file will do the following:
   1. Protects itself (security)
   2. Turns the digital signature off (security)
   3. Limits upload size (security)
   4. Protects wp-config.php (security)
   5. Gives access permission to all visitors with exceptions (security, usability)
   6. Specifies custom error documents (usability)
   7. Disables directory browsing (security)
   8. Redirect old pages to new (optional)
   9. Disables image hotlinking (bandwidth)
   10. Enables PHP compression (bandwidth)
   11. Sets the canonical or “standard” url for your site (seo, usability)
5. Update Sept. 5, 2007: Follow these instructions at BlogSecurity to create an .htaccess file that restricts wp-content and wp-includes, and restricts access to wp-admin.

I am definitely going to make the above part of my list of things to do to every WordPress site. Better safe than sorry!

This post was originally published at How to protect your WordPress site on WP Garage - WP Garage - wordpress tricks, hacks, and tips.

Ramit over at I Will Teach You To Be Rich reminds us that when all is said and done, a blog’s success depends on the merit of its content, and not on the quality of its design, stats programs, or all the SEO stuff you do to optimize your site. These things help, but they won’t make or break it for you.

I hate bloggers who waste their time on stats>>

This post was originally published at The secret to a successful blog: writing good content on WP Garage - WP Garage - wordpress tricks, hacks, and tips.