Blog

If you have come to this page via the theme credit link in the footer of another site, please understand that I am just the author of the Wordpress theme. Please do not contact me about the site you came from, as I am not affiliated with the site in any way.

Tag Archives: WordPress

Hidden Tags WordPress Plugin

This plugin allows you to specify a list of tags or categories to keep hidden: These will no longer appear anywhere on the site, such as in the tag cloud or on the list of post tags. This is useful when using tags to control behaviour of your blog with other software, or when you wish to maintain groupings of posts out of the public eye.

Read More »

Also tagged | Comments closed

Twitter Image Host for WordPress

See the new version, Twitter Image Host 2, which stores images as actual WordPress posts, for more easy customisation and management. It can be run at the same time as Twitter Image Host, for easy migration.

Twitter image hostKeep your traffic in the family! Host Twitter images on your own site, with support for comments and trackbacks, image resizing and thumbnailing with Lightbox.

Twitter doesn’t yet come with its own inline image support, so we tend to be limited to using image hosting services, and linking to them with short URLs. So, services like Twitpic host the image, and we direct traffic to them in return.

Better to take advantage of that traffic, and host images on your own site. This way, viewers come to your site, instead of someone else’s!

Posted images are displayed in your normal WordPress template, with support for comments and trackbacks, without any setup required. Most themes should work with this, but if not, or if a different layout is required, a custom theme template can also be provided (see ‘Creating a Template’).

Provides an HTML form for posting image content, as well as an API modelled on that of img.ly, compatible with Tweetie (for iPhone) and any other Twitter clients that speak this protocol and offer configuration of custom image hosting services.

Uses Twitter’s authentication and a list of authorised accounts, so you can let others use your image host too. You can even post status updates to Twitter while submitting images.

Provides a widget and shortcode to display uploaded images. This supports filtering by Twitter account, styling with CSS, and Lightbox/Thickbox. Read More »

Also tagged , | Comments closed

Links for June 3rd through June 18th

Links for June 3rd through June 18th:

Also tagged , , , , | Comments closed

Flickrpress: WordPress Flickr widget

Flickrpress screenshotFlickrpress is a widget/shortcode function to display items from Flickr in the sidebar or within pages and posts. This widget supports:

  • Flickr RSS feeds
  • Photostream
  • Filtering by tag
  • One or more photosets
  • Favorites
  • Displaying random items

Other features:

  • Choose from three different thumbnail types
  • Lightbox/Thickbox are supported
  • Data is cached locally to lower server load
  • Secure Flickr API used, to eliminate the risk of damage to your server, unlike some other Flickr widgets
  • Flickrpress is a multi-widget, so you can use more than one instance (e.g., one in your sidebar, one in your footer)
  • Use as a shortcode to insert into posts and pages — multiple instances supported in the one entry

Flickrpress uses the excellent phpFlickr library. Read More »

Also tagged , | Comments closed

Firming up WordPress’s security

There’re thousands of articles out there describing how to secure WordPress better against attacks, but I still had a little difficulty with the nuts and bolts, so I thought I’d detail the process I underwent here.

I recently had a bit of a security breach – some lowlife broke into my account and injected some phishing stuff into my personal webmail software. Consequently, I went on a bit of a security binge and deleted some apps I wasn’t using much, changed all of my passwords to ridiculously long strings, and set up layers of HTTP authentication on my WordPress login/admin pages, the latter of which is described here.

The general idea is to make it hard to get to the login/admin pages in the first place, which should block some attacks.

The AskApache password protect WordPress plugin will do all of this for you, unless it thinks your webserver doesn’t have the supporting software. It failed for me on Site5, saying I lacked HTTP digest authentication support, which is actually not true, as it’s enabled. I couldn’t be bothered debugging it though, so I proceeded with the manual route.

Create the password file

First, I created an htpasswd file, containing a login and password. There’re many sites describing how to do this, but on the terminal, it’s fairly easy:

htpasswd -c /path/to/.htpasswd myusername

Note that it’s a good idea to put the .htpasswd file somewhere outside the web root – your account’s home directory is one option.

Protect the login page

I opened up the .htaccess in the WordPress root folder, and added the following:

ErrorDocument 401 default
 
AuthUserFile /path/to/.htpasswd
AuthName "Blog"
AuthType Basic
 
<Files "wp-login.php">
    require valid-user
</Files>

Note that ‘ErrorDocument 401 default’ line – this is in place to avoid getting a ’404′ error whenever you load up the login page. I’m not entirely sure of the details, but it seems that if the rewrite module is used (the thing that allows WordPress to define an arbitrary website structure, without needing physical files), then this causes problems with HTTP authentication.

Also, if you wish to protect access to the XMLRPC access point as well, you can add the following:

<Files "xmlrpc.php">
    require valid-user
</Files>

However, if you do this, I’m pretty sure pingbacks (the WordPress-specific version of trackbacks) will no longer work. I think trackbacks will still be functional – as far as I know, they use a different access point. If you use a desktop blogging app, you’ll want to make sure it can handle HTTP authentication. I know ecto can.

Protect the admin area

Finally, I created a new .htaccess file in the wp-admin directory, which looks like this:

ErrorDocument 401 default
 
AuthUserFile /path/to/.htpasswd
AuthName "Blog"
AuthType Basic
 
require valid-user
Also tagged | Comments closed

Private Tags WordPress Plugin

The “Private Tags” WordPress plugin allows users to specify a list of tags or categories to keep hidden from the public – all posts within the specified tags/categories, and the tags/categories themselves, will not be visible to anyone but the original author.

Alternatively, in ‘inclusive’ mode specify a list of tags/categories to make public – all other tags/categories will remain hidden.

Read More »

Also tagged , , , | Comments closed

Great Elegant Grunge mods

200903302038.jpg

I came across this beautiful Elegant Grunge modification today, at Gawariel.com. Fantastic!

Here’s another cool one by Rodrigo Muñoz:

_3585_3350962677_59c4701a7d.jpg

And one from Nistha Tripathi:

200905210921.jpg

Tagged | Comments closed

Elegant Grunge PSD

Due to popular demand, I’m making available the Elegant Grunge PSD, so that users can make modifications more easily. It can be downloaded here (5.5 Mb):

Download Elegant Grunge.psd.zip

A note on contacting me: Please don’t make direct contact asking about customisation, as I don’t have the resources to help you. These kind of questions should be directed to the WordPress forums. Thanks!

If you like Elegant Grunge, please consider buying one of my products.

Also tagged | Comments closed