When I woke up this morning, I noticed an email from this site, congratulating me on setting up a new blog. Wondering what the hell that was supposed to mean, I went to this site, only to be greeted with the WordPress install page (wp-admin/install.php), as if no blog existed.

I figured the MySQL on this server had crashed. I wasn’t too worried about it as I’d backed up all my data late last week anyway. I figured I’d give it an hour for the host to sort out and check back later.

By the time I got to work, the site was indeed back up. I logged into WordPress and immediately noticed that the blog title that usually runs the top of the dashboard was now some long URL with words like “casino” and “gambling in it. All my posts seemed to be there, so I poked around a bit and noticed that the admin email had been changed to a hotmail address.

I quickly fixed this and continued to snoop around, but didn’t find anything else out of the ordinary.

I’m figuring that early this morning, some bot attacked all or a few of the WordPress blogs on my server, ramming it with requests until MySQL bailed. Then, it used the install.php file to try and create a new blog and change the password/contact address. Of course, it failed for the most part, but still…

So, no harm done, but I’m definitely wiser. After an initial blog is created, there’s no reason to keep install.php in your files. I deleted that as well as put several restrictions in place. Much Better.

Here’s a decent list of things you can do to harden and lock down your WordPress install.

I got my very own WordPress t-shirt in the mail yesterday. I am the envy of my block. With this shirt, I crush my enemies, see them driven before me, and hear the lamentation of the women. I drink the blood of virgins from the horn of a ram. I kill, I maim, I destroy…I sit in the corner with my laptop and super-dork shirt, typing passive-aggressive blog posts. Fear me.

The sidebar section containing all the links, categories and archives was getting way too cluttered for my liking, so I freed up some space by moving the largest of the sections, the archive list, to it’s own separate page, whicch you’ll notice is now listed in the sidebar under “Navigate”.

This evening, I made a switch to a new plug-in to handle my Technorati Tags. Since the move to WordPress 2.0, I’d been having problems with my old tag manager, Bunny’s Technorati Tags and Ultimate Tag Warrior came highly recommended, so I decided to give it a try and see. Immediately I noticed that it was in a much bigger league and even though Bunny’s has just recently been fixed with 2.0, I made the call and switched.

So I’m liking this new plug-in and everything looks sunny and joyful, except for the fact that all my tags that were assigned in the past via Bunny’s are no longer around. That sincerely blows, but whatever. There’s a way to rescue them, but as of this moment a bit to A.D.D. to manage it slogging through help files and forums. When I do get it down, I’ll note how I did it here. For now, I just wanted to post something, just to see UTW in action. Sweet.

Update:

Now I am seriously impressed. Within ten minutes of posting this entry, the creator of UTW popped on by and clued me in on how to rescue all my old tags. That is way cool. Thank you Christine D. UTW is a great plug-in and it’s developer made my day!

A reader who for one reason or another is not able to use RSS feeds wrote to me asking if there was another way to be notified when a new post is made to this site. Ever the intrepid do-gooder, I enabled readers to sign up for email notifications using this fine plugin. You’ll notice that in the lower part of the right-hand sidebar, under Syndicate, along with the RSS feed links, you now have a form to input your email address. If you are able to use RSS, I recommend you stick with it, but if not, you now have another option. Rest assured, daveb will not share your email for any reason and you may unsubscribe at any time. If you do sign up, yet are not receiving the notifications, let me know.

If you glance to your right at the sidebar, under the heading of Navigate, you’ll see a new link called ‘Photos‘. Clicking this link will allow you to browse a shitload of pictures I’ve taken in the past 4-5 years. All the images are actually hosted on my Flickr account, but I am using a WordPress plugin called Falbum that makes use of Flickr’s API. It’s neat. It’s purty. I likes it.

I’ve got everything working, but please bear with me as over the next couple days I tweak things here and there with this photo album.

##Update##
The domain name has transferred and everything seems to be up and running correctly. Please let me know if you encounter errors.
#########

Please bear with me over the next couple of days as I once again change webhosts. I’m setting the new site up today and the domain transfer should be finished in 48 hours or less. It’s likely that the whole move will be unnoticeable.

My current host, hostinglite.com, is completely unreliable and it’s one of those things where at least once a week, something on their end fucks up. They’re cheap as hell, so I guess I’m getting what I paid for, but I need a site that works and is not consistently down because of SQL problems and nameserver issues, so if I have to pay more, so be it.

This time I am taking the easy route and selecting the host at the top of the recommended list on WordPress.org. If I pay a year up front, it’s only a dollar more than what I pay now for my lame-ass service. BlueHost.com, let’s hope they pull through.

If you’ve visited this site recently and noticed a big fat WordPress connection error instead of my blog, I apologize and ask you to please bear with. I switched hosts recently and apparantly they are having problems with their MySQL. They tell me they’re working on it so I’ll give them a couple more days, but if the issue’s not resolved, I’ll be moving this site elsewhere. If you visit and do happen to get the error message, try checking back in a few minutes, it usually remedies itself. Again, sorry for the trouble.

Since I’m already on a roll with the whole making lists of favorite things, I thought I’d post my most favorite of the plugins I use with WordPress. I made the switch to WordPress from Movable Type about a month ago and since then I’ve been using quite a few of the hundreds of plugins out there. While I’m sure there are a whole bunch of great ones I’m missing and there might be better versions of plugins that I’m using, in my limited experience, so far, I’m loving these plugins. Try them out or let me know if you’ve found better.

1. Spam Karma 2: I hate spam. I hate the spammers that send spam. I have been blasted by comment spam for years and have employed various methods and tools to stop them. Spam Karma seems to be the mother of all comment moderators. It works on a scoring system, running each comment through a battery of tests dependent on several factors such as inclusion in RBLs, number of links, IP address and much more. Honestly, since installing WordPress, the spammers that were giving me headaches have gone, but I’m not stupid enough to think they’re not going to come back after their spider finds the new comment system. So the big tests lie in the future, but so far, it’s worked very well and people I know that are using it vouch for it. I’m impressed.
2. Bad Behavior: Prevents spambots from accessing your site by analyzing their actual HTTP requests and comparing them to profiles from known spambots.
3. Google URL Redirector: This plugin strips URLs from your comments and uses the Google “nofollow” redirector to prevent comment spammers from taking advantage of your pagerank. A basic, necessary plugin.
4. Referrer Bouncer: The other half of the blog/spam nightmare is referral spamming. I get slammed by these assholes around the clock. My referral stats are not public, but to check them routinely shows that my top referrers are gambling and loan portals. Fucking scumfucks. It’s tricky stopping this too. Referrer Bouncer is a plugin that helps you edit your .htaccess file to block the bad guys and bounce referrer spammers back to their own sites. . Like I said, it’s a tricky business and nothing works perfectly, but it’s better than nothing.
5. WP-ContactForm: Allows you to ad a customizable contact form to any page or post. It works perfectly and I use it on this site.
6. Backup Restore: Makes backing up your theme and SQL database a simple, one-click procedure.
7. XFish Meta: Allows you to enter per-post meta keywords and descriptions.
8. WP Email Notification: Some people are just resistant to RSS. For those who prefer the old fashioned way to be notified of updates, this plugin manages a mailing list that will email users the site updates automatically.
9. RunPHP: Allows you to put PHP code into a post and have it eval()’d.
10. Google Sitemaps: Google has a new service called Sitemaps. Basically, by creating an XML file that functions as an RSS update notification to let Google know when your site has been changed and helps the bot crawling your site to do a better job. This plugin took care of all the work for me.
11. Simple Search and Replace: This lets you search for and replace text sitewide, throughout all of your posts. This came in REALLY handy when I switched to WordPress and was tackling the project of making all the posts on this site valid XHTML.
12. WP-CC: Not like you couldn’t just manually put the Creative Commons license info into the footer yourself, but this plugin does the job for you. Hey, why not? More importantly, it also adds CC info to the headers and to your RSS feeds.

There’s a few other plugins I’m currently using, but have not decided whether they are truly necessary. All the above plugins I feel I have an actual use for. If anyone knows of better versions or a good plugin that I’m missing, let me know and I’ll check it out.