Okay … i assume that you’ve installed another spam filtering system like Akismet, or Akismet in conjunction with Spam Karma that behave exactly like Defensio (a centralized spam filtering solution except for Spam Karma of course), so what’s the point to switch into another spam filtering solution if you ask me ?

The answer is easy, Defensio has better management interface so you can easily distinguish spam comments and innocent comments that is caught by your spam filtering solution, so you can restore those comment easily if there are innocent comments get caught by Defensio. And like most (if not everyone) knows that there are no spam filtering solution that gives you 100% accurate result (heck even GMail spam filtering mark message sent from WP mailing list as spam) so in the end it’s up to the users itself to mark the message manually, and in this case Defensio gives you a good user interface so you can manage your spam list

(you can sort by spaminess, post date or comment date)

But what if i already use another spam filtering solution that has good management interface (Spam Karma for example) ? well than the answer is depend on your decision, but if it’s for me … i prefer a centralized solution / remotely hosted solution that doesn’t take up any unnecessary server resources especially in this case

Other than that, Defensio also gives you two rss feeds (one for spam comment that get caught by Defensio, and the other one is for innocent comment) that you can check via your favorite rss reader … but since that is private, i can’t show you on how it look like

That’s all about their positive points, and now here comes their negative point :

• I sometime get a small number (usually between 1 – 6) of comments in my moderation area that Defensio can’t process (most of them were spam), although i’m not sure on why this is happening but after reading their post i can assume that probably their server was down or something. But thanks God because of the process button … i can process all of them easily …
• You’ll need to train it first (which is true especially on your very first day of using Defensio) in order to get optimal result … or at least that is based on my experience

And that’s it basically about their negative point, but as a side note, when i first activated their plugin i get an error message saying that Defensio can’t be activated because they use short open tags at one of the file, although this can be fixed easily but i’m not sure if casual users who use shared hosting and using strict php configuration (that is defined by their host) can fixed this (for most people first impression does matter) ;)

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 5 comments

0x87485B96 | Tags : Webmaster Tools, Wordpress

Related posts:

• Interesting Spam Message
• Spamato Spam Filter System
• Webcleaner a Filtering HTTP Proxy
• Spam .. spam .. spam
• Technorati is good at fighting Spam

While personally i do not have any problems when upgrading Wordpress, but i thought it’d be best to share these tips especially to those who want the easiest way to upgrade their wordpress installation even when you’re going to upgrade to another major version (such as from 2.0 to 2.1, 2.2 to 2.3, etc)

And here are the tips :

1. Know how to backup and restore your wordpress database by yourself and don’t depend to someone else to do it for you. Because if you know how backup and restoring your wordpress database you can always revert to your previous installation just in case the upgrade process failed. You can read Lorelle’s post about this process

2. The less plugins you’ve installed, the more easier for you to upgrade. While this is not really a big deal to those who know what they’re doing (read: tech savvy users), but for most people it’d be best for you to install plugin that you think best for you and you feel necessary to install that plugin. A good example of this is, i think most people know that back then Wordpress (before 2.3) doesn’t have the Tag features built-in into the Wordpress core, and in order to get that features most people use a plugin in order to satisfy their need to use tags on their blog … and the next thing that could happen to your blog is just like what Everton from Connected Internet just experienced on his test blog (but i’m sure that he can handle that problem later)

The most worrying aspect of my test WordPress 2.3 upgrade, was that my categories disappeared from my sidebar. Has anybody else had any upgrade problems? I think I’m definitely going to stay on 2.2 for a while, at least until the tagging functionality improves.

3. Use only simple themes, that doesn’t need to be upgraded even when you’re going to upgrade your wordpress installation. A good example of this is the Wordpress K2 Theme (i don’t mean any offense though). While K2 is a good theme, but i often read that many people keep having problem with it, from performance problems, or they just simply having issue when they just upgrade their Wordpress installation to another major upgrade

4. Always keep KISS Principle in mind ;)

Basically if you keep things simple, you don’t need to worry about anything when upgrading your Wordpress, so point #4 is the most important thing of all

Note : The above point is of course can be considered as not a big deal especially to the tech savvy users

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 3 comments

0x87485B96 | Tags : Guide, Wordpress

Related posts:

• Wordpress 2.1.3 and 2.0.10 has been released
• Upgrade your Wordpress 2.1.1 into 2.1.2 ASAP
• Another Wordpress Upgrade time
• Reaper Mangos Installation / Upgrade Guide
• Testing Wordpress 2.3 RC 1 … without getting any error message ?

And that’s because i do not want my visitors to see lots of beautiful MySQL error message when viewing every page of this site (i’m quite sure you feel the same way too) because of the recent database schema changes in Wordpress 2.3, but … how to do that ? if you ask me …

The answer is simple, as long as you have access to edit your .htaccess file (some web hosting company doesn’t allow you to edit the .htaccess file, and that’s why i said so) :)

And here are the complete instruction :

1. Create a new html page saying that this site under maintenance or anything you like :) , and save it as maintenance.html (this is just an example, feel free to use another filename)

2. Edit your .htaccess file in your root public_html directory

and add these lines :

RewriteCond %{REMOTE_ADDR} !^123\.456\.789\.0
RewriteCond %{REQUEST_URI} !/maintenance.html$ [NC]
RewriteRule .* /maintenance.html [R,L]

Note : Replace 123\.456\.789\.0 with your own ip address

And here are the description about what the above line does :

1. The first RewriteCond is used so that you can still access your site, by detecting your ip address
2. The second RewriteCond is used so that every request to maintenance.html file will not be redirected, this is used to prevent infinite redirect loop
3. The third RewriteCond is used so that others that is trying to access your site in any page will be redirected automatically to your maintenance.html page using temporary redirect so that search engine robot will check again later

3. Now you just need to upload the above file into your public_html directory and continue the upgrade process

But what if you’ve finished upgrading your wordpress, and you want your visitors will able to view your site again ?

Simple … you just need to remove the above .htaccess rules, and to make sure that your site visitors will be automatically redirected to your main page, you can add below line to your .htaccess file

Redirect 301 /maintenance.html http://www.yourdomain.com

And you’re done :)

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 3 comments

0x87485B96 | Tags : Guide, Software, Wordpress

Related posts:

• Redirecting Wordpress Feed into Feedburner
• Using redirect to trick google sitemap verification
• Hardening Wordpress with Mod Rewrite and htaccess
• Hiding Affiliate Links using htaccess
• Explanation about Addon Domain and using Modrewrite on it

Another case is … when i’m trying to test posting a comment to my own local server which is obviously can’t be accessed by anyone, by simply using Test as nickname, with test@test.com as it’s email address and http://test.com as the url address .. it’s still being marked as spam ! and with 192.168.3.1 as it’s ip address !

At first i thought that the ip address that i’m currently using (i’m on dynamic ip address) already marked as spammers ip by akismet, but if local ip address gets marked as spam, i’m sure there’s something more to it (like user agent detection, referer, etc)

I know that you can mark yourself as not spam, so that Akismet can learn to fix it’s mistake … but perhaps it’d be better if Akismet check if the user already logged-in or has administrative privilege and automatically bypassing the spam checking mechanism for that user

Perhaps … it’s just me … but after getting marked as spam and need to unmark myself for about 4 – 5 times today, and that’s not including yesterday … i feel kinda bored about it … beside when i gets marked as spam, i didn’t put any links on my comment

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 6 comments

0x87485B96 | Tags : Opinion, Personal, Wordpress

Related posts:

• Spam .. spam .. spam
• Dave the Stupid Spammer
• Defensio Spam Filtering Solution
• Referer Spam Hit My Site
• Interesting Spam Message

The first thing i noticed when opening my local test server is … i get various MySQL related error message which is basically saying that some table can’t be found (obviously) because of the recent database schema changes. And of course the next step would be running the upgrade script in order to fix that error message (simple isn’t it ?) … and everything seems to be okay again, i didn’t see any mysql error message get displayed on my test server … which is quite strange (at least for me)

Based from what i’ve read so far from Spencerp.net, Wordpress 2.3 are going to drop some of tables that’s used previously like post2cat, link2cat as example. Beside i confirmed this myself because after upgrading to 2.3 RC1 i didn’t see those tables listed in the database. And from what i’ve read that any plugins that use those tables are going to fail, and in my case i’m using one plugin that’s using post2cat and that’s the Wordpress Category Tagging plugin and listed as incompatible with Wordpress 2.3 from the Wordpress 2.3 Plugin Compatibility page

But … in my case … i didn’t see any problem or whatsoever, because it works just fine :(

Well … i guess it’d be better for me to wait for the Final version of Wordpress 2.3

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | Add a comment

0x87485B96 | Tags : Journal, Wordpress

Related posts:

• Frequently Asked Questions about WoW Mangos Error Message
• 4 things you should know to simplify your Wordpress Upgrade process
• WordPress 2.0.6 RC1 Released
• Wordpress 2.2 Released
• Using Temporary Maintenance Page when Upgrading Wordpress

The plugin itself comes in two flavours, the first flavour is to those who’s using XCache as their opcode caching solution, while the second flavour is to those who’s using eAccelerator as their PHP Opcode caching solution

And if you read the above paragraph carefully, you’ll see that this plugin need XCache or eAccelerator in order for it to works, which mean that if your site hosted on shared hosting that doesn’t allow you to install PHP Opcode cache program, you can only use the normal wordpress object cache (i’m using this before when hosted at Hostgator shared hosting)

The installation process itself is really easy, you just need to upload the object-cache.php file in your wp-content directory, adjust your php configuration and then restart your webserver process and you’re done

But how do you know if this plugin really works ?

The simple way to do this is by installing the Wordpress Cache Inspect Plugin, and then go back to your homepage (in logged in status), and you’ll see some random numbers under the loaded data

So … if you’re looking to optimize your wordpress blog even more, you should try this plugin … or you can also read my previous guide on speeding up your wordpress blog via the normal way

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 4 comments

0x87485B96 | Tags : PHP, Wordpress

Related posts:

• Wordpress Object Cache or WP-Cache ?
• Self Hosted Wordpress vs Free Wordpress Account
• How to speed up Wordpress blog
• Tips on searching for a good Blog Hosting
• PHP-FastCGI, Suexec, and XCache Installed

Here’s some excerpt from the Official Wordpress Dev Blog

2.2.3 is a security and bug-fix release for the 2.2 series. Since this is a security release, we suggest you upgrade immediately. Two of the fixes are high priority.

You can see the bugs fixed for this release from here, and to those who’s prefer to upgrade only changed files from Wordpress 2.2.3, you can see the changed file list from here

Or if you just want to get the changed files in zip version, you can get it from Viper007Bond site

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | Add a comment

0x87485B96 | Tags : Open Source, Wordpress

Related posts:

• Upgrade your Wordpress 2.1.1 into 2.1.2 ASAP
• 4 things you should know to simplify your Wordpress Upgrade process
• Wordpress 2.2.1 Available for Download
• Wordpress 2.1.1 and 2.0.9 Released while bbPress going into 0.8.1
• Wordpress 2.1.3 and 2.0.10 has been released

But first as a reminder, this is not a perfect way to secure your wordpress installation (because of various reasons / factors), but at least it’s going to harden your wordpress installation

And as a note, this is tested only on Apache Web server, and you’re allowed to override the configurations using .htaccess file and lastly … you need to have mod rewrite installed and activated (don’t worry if you can use Custom Permalinks that mean you’ve mod rewrite enabled on your hosting / server)

Okay without further ado … here are the tips :

1. Disable Directory Indexing

By disabling directory indexing, you can prevent people seeing through your directory structure

Step to Disable it :

Create or edit .htaccess file on your public_html directory and add this into your htaccess :

Options -Indexes

2. Removing Wordpress version number

Some people think that hiding your wordpress version number is not necessary, so feel free if you want to implement it or not

Step to Remove it :

Remove this line from the header.php file of your currently used theme :

<meta name="generator" content="WordPress <?php bloginfo('version'); ?>" />

also if you’re feeling a little bit adventurous, you can also remove the generator line from wp-includes/feed-*.php. Because by default wordpress is going to show your wordpress version number from your blog feed

3. Protecting WP-Admin Directory

In this example i’m going to tell you how to protect your wp-admin directory by checking your IP Address (it can be used even on dynamic ip address)

Step to Protect it :

3.1 If you’re using Static IP Address

Create new .htaccess file inside your wp-admin directory and add these lines into the newly created .htaccess file


<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^123\.456\.789\.0
RewriteRule .* http://www.domain.com/ [R,L]
</IfModule>


3.2 If you’re using Dynamic IP Address

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^123\.456\.
RewriteRule .* http://www.domain.com/ [R,L]
</IfModule>

What the above configuration does, is checking your IP Address first to see if you’re allowed to any file inside the wp-admin directory or not and if you’re not allowed to view it, you’ll be redirected automatically to specified address (you can use any address) by using 302 Found Header (Temporarily Moved)

As a side note, if you want the easiest way to password protect your wp-admin directory you can use this plugin by askapache or if you prefer to do it using the manual way … you can check blogsecurity website

4. Protecting wp-login.php and wp-register.php or any file you choose

Now you’ve protected your admin directory … but there’s one more step to do, especially if you’re the only person on your blog and also disabling user registration.

So this time we’re going to protect wp-login.php and wp-register.php, and here are the step to protect it :

Step to do it :

– Open the .htaccess file on the root of your public_html directory and choose which method that you like

4.1 Deny Access to wp-login.php by showing forbidden message


<Files wp-login.php>
Order deny,allow
Deny from All
Allow from 123.456.789.0
</Files>


4.2 Deny Access to wp-login.php by redirecting it to the specified address :


<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_URI} wp-login.php
RewriteCond %{REMOTE_ADDR} !^123\.456\.789\.0
RewriteRule .* http://www.domain.com/ [R,L]
</IfModule>


As a note, you can also use Dynamic IP Address just like on Protecting WP-Admin Directory Method

That’s it … you’re done … hope this small wordpress tips can be useful for you

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 14 comments

0x87485B96 | Tags : Guide, Linux, Wordpress

Related posts:

• Hiding Affiliate Links using htaccess
• Using Temporary Maintenance Page when Upgrading Wordpress
• Digg Protection using htaccess
• Guide to import posts on wordpress into new host
• Wordpress <= Adminpanel 2.1.1 XSS Vulnerability

This new release mainly fix security related issue and several bugs. Of course when it comes to security release it’d be best for you to upgrade your Wordpress powered platform as soon as possible

And here’s some link, just in case you’re interested on looking what has been fixed with this new release :

• Bugs fixed for Wordpress 2.2 Series => Click Here
• Bugs fixed for Wordpress 2.0 Series => Click Here

So it’s better to upgrade it asap ;)

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | Add a comment

0x87485B96 | Tags : Open Source, PHP, Wordpress

Related posts:

• Another Wordpress Upgrade time
• Wordpress 2.1.1 and 2.0.9 Released while bbPress going into 0.8.1
• Wordpress 2.1.3 and 2.0.10 has been released
• WordPress 2.0.5 Ronan Released
• WordPress 2.0.6 RC1 Released

Well … if bug fixes is still not enough for you to perform the upgrade on your wordpress installation immediately, then you should try to read this (it’s really serious especially if you have user registration enabled) also this issue :

• Remote shell injection in PHPMailer
• Unescaped attribute in default theme

so the conclusion is … upgrade your wordpress blog immediately especially to those who’s using wordpress 2.2 series ;)

Copyright © Reaper-X Technology – www.reaper-x.com | Permalink | 3 comments

0x87485B96 | Tags : Open Source, PHP, Software, Wordpress

Related posts:

• Wordpress 2.1.3 and 2.0.10 has been released
• Another Wordpress Upgrade time
• Upgrade your Wordpress 2.1.1 into 2.1.2 ASAP
• Wordpress Vulnerabilities
• Wordpress HTML Injection Vulnerability