Simple Solution to SSL (HTTPS://)

My hosting company finally got around to enabling Let’s Encrypt SSL certificates. I’d been nagging for at least a year.

I managed to move ALL my sites to SSL for free (apart from the ones I’d already bought certificates for), in one morning.

All I did was enable Let’s Encrypt for each site in turn, in PLESK, take the default options, and then use the “Really Simple SSL” WordPress plugin.

That’s it. Sorted. For Free. If your hosting company doesn’t support Let’s Encrypt, MOVE.

REMEMBER: Google promotes encrypted sites above others in search results. Chrome marks unencrypted sites as “Not secure”. You don’t want that.

Text File Widget 2.0 Released – WordPress 4.3 Compatible

I’ve just uploaded a new version of Text File Widget (2.0).

This addresses the php v5.0 constructor issue – WordPress 4.3 will throw a warning if it encounters php v4.0 contructors.

Thanks to Remy Corson for providing a working example of the correct code. Not sure why I didn’t use that in the first place..

Anyway, I’ve tested it on WordPress 4.3 Beta 4, and it worked fine – no warnings. Rah!

 

“Text File Widget” is live on WordPress.Org

My first plugin – “Text File Widget” is now live on the WordPress Plugins Repository.
It’s a proper job – complete Readme.Txt file, Banner, and Icon.
Looks great!

tfw-listed

Here’s the link: https://wordpress.org/plugins/text-file-widget/

It’s a very simple plugin, all it does is display the contents of a text file as a widget. I couldn’t believe that there wasn’t already a plugin for this, so I wrote one..

It replaces end-of-line characters with a “
” for clarity.

Here’s the plugin page: https://www.q292u.com/plugins/text-file-widget

Any problems with it, contact me via WordPress.Org (hit the plugin’s “support” link) – let’s do everything properly!

I’ve just created my first WordPress plugin!

I've just created my first WordPress plugin! Click To Tweet
I found that no existing plugin did exactly what I wanted to do: display the contents of a text file as a sidebar widget, so I made my own, from scratch.
[There was a plugin that displayed the contents of a text file whenever a shortcode was inserted, which was ok for inside pages and posts, but not widgets.]
While I was at it, I realised how easy it would be to add a shortcode handler as well, so I did.
It’s a pretty specific plugin, only for my “bashthebookies.net” site – not for general release, but it’s a start. (Look for the “Basher’s Daily Tip” widget in the RH sidebar..)

I could easily create a generic “display text file as widget” plugin, though. I’ll think about it.

I also think it would be useful to have an online “plugin boilerplate generator” that did all the boring stuff leaving only the custom code bits to do..
I may do that, too..

Any comments or suggestions gratefully accepted as usual:

Jetpack! WordPress Plugin

I’ve just discovered the joys of the “Jetpack” WordPress plugin.
It’s enabled me to get rid of all the separate “social button” plugins, the “contact-form-7” plugin, “mobile edition” and goodness know what else!
It’s also given me traffic stats in the admin area, a wordpress.com “subscribe” button, backup facilities.. blah blah.. you get the idea.
It’s written by the same people behind WordPress itself, (Automattic).
Do yourself a favour – use it.

Cut and paste | Attribution | Backlinks | CopyLink

We’ve been looking into the issue of site visitors using cut and paste to “steal” content. Not on this site, particularly, but on others.

The issue is that many visitors don’t use the built-in “share” functions – they simply copy and paste content into social media, or more often, e-mails. The problem with that is that the site doesn’t get anything back from this – no backlink, nada.

There are a couple of (paid-for) WordPress plugins which address this issue: Maxblogpress “bring my blog traffic back” (bmbtb), and “Covert Copy Traffic”, for instance.

Look a bit closer, though, and there is a FREE plugin called “copylink” which does most of the same. It may not be as polished, but hey, it’s FREE.
Copylink offers tracking facilities as well, so you can actually see who is copying, and what the actual content is. If someone IS seriously abusing your content, you can then block them.
Awesome!
We’ve rolled copylink out to most of our sites, and are monitoring the results…

We have no problem with visitors sharing content – if we did, we wouldn’t publish it on the open web. But we DO want the content to be attributed to our site.

WordPress Multisite Problems

We’re currently working on a Multisite WordPress Installation for an educational establishment. The problem is that the server is accessed via a proxy on their main domain.
Their technical people advised us to set up the wp install using the server name. We’ll call it “Gomez”. Gomez isn’t accessible from the internet, so it’s accessed via www.domain.ac.uk/proxyname. That’s fine, except that it only works internally. 🙁
Also, it switches all the URLs back to Gomez once you are through the proxy. 🙁
Using a “requestheader host” statement in the htaccess file throws a WP error – it thinks there’s a port number in the URL!
You wouldn’t believe how difficult it is to change the URLs within a WP Multisite install!
We have to use sql queries to replace all occurrences of the original URL with the new one, for ALL the sub blogs as well as the master one. After editing the wp-config file.
It looks like WP multisite has some way to go before maturity..

Jabweb – Passwords Reset..

I still have several websites registered, but not hosted at jabweb.
Last week, I received an e-mail stating that as part of their efforts to improve security, they had RESET ALL PASSWORDS on their system, and that I needed to e-mail them to find out what my new password(s) were.
So I tried it, and the e-mail BOUNCED.
I had used the address epcified in the e-mail.

So I tried logging in via their “client area”, and submitted a ticket. Eventually, they got back to me and asked me WHICH domains I was talking about? Surely they can work THAT out from my e-mail address?
*alarms bells start ringing*

Anyway, it turns out that I’m not affected, as my sites are not hosted with them. My colleague’s site, however, which IS hosted with them, and is LIVE, and commercial, and he’s STILL unable to access PLESK..

Surely, having reset all passwords for security reasons, it’s STUPID to send the passwords out via plain text e-mails? *alarm bells again*

It sounds (to me) like Jabweb have messed-up the passwords database, and had to hurriedly reset them. To make it look like it was intentionanal, they say it’s a “security issue”.. but to cock-up the e-mail address and then send out new e-mails containing passwords?

To say I’m concerned is one way of putting it. *air-raid sirens replace alarm bells*