Dealing with Sucuri Alerts

If you own a WordPress website and have the Sucuri plugin installed, there’s a good chance you may have received email alerts stating there was an attempted login with the following message like this:

Explanation: Someone failed to login to your site. If you are getting too many of these messages, it is likely your site is under a password guessing brute-force attack [1]. You can disable the failed login alerts from here [2]. Alternatively, you can consider to install a firewall between your website and your visitors to filter out these and other attacks, take a look at Sucuri CloudProxy [3].

Sucuri gives you a few options to deal with these annoying attempts to gain access to your website. One of the options is to install their Website Firewall. This is a great recommendation as this can prevent these attacks from ever even hitting your site at the WordPress level. But if you have multiple websites like I do, this can start racking up quite a monthly expense.

An alternative option is to add password protection on top of your wp-login.php page. Listed below are a few steps you can follow but if you don’t do it right you can get a “500 – Internal Server Error”. This can be remedied by taking the following steps to protect your login area:

Step 1: Create a .htpasswd file by using the .htpasswd generator here. Make sure to take note of your user name and password otherwise you won’t be able to login to your own site.

Step 2: Follow the directions here and add the suggested script to your .htaccess file in your WordPress root folder. Make sure to switch out the user name to the one you made in the .htpasswd file where it says “require user mysecretuser”

Step 3: Once the .htpasswd and .htaccess files have been updated and added to your hosting account try to log in to your website at domain.com/wp-login.php to see if the new popup window works. Enter in the new user credentials you created in step 1. If you see the WordPress login fields after the popup window you did it right.

But if not, this is where it might have gone wrong. The line “AuthUserFile ~/.htpasswd” needs to be changed to the proper full file system path. If it’s incorrect, you will most likely get an annoying “500 – Internal Server Error”.

Here’s what you need to do next. Create a file called anything dot php. For this example simply call it root.php. Add this code to the file, save and upload to your root folder:

<?php
echo $_SERVER[‘DOCUMENT_ROOT’];
?>

Go to your domain.com/root.php and you’ll get the exact full file system path. Copy and paste it into “AuthUserFile ~/.htpasswd”. It should now look something like “AuthUserFile /home/yourhostingaccountname/public_html/domain.com/.htpasswd”

Update your .htaccess file and you should be good to go. If the code above doesn’t work, go here to grab the code instead.

Once everything is working properly, make sure to remove your root.php file!

Remove the following redirect chain if possible:

A client had concerns that their WordPress site loaded really slow on mobile. A recent speed load test on Pingdom returned a lovely “D” performance grade for the client’s site.

After closer inspection, “Remove the following redirect chain if possible:” was one of the “F” Performance Insight’s that dragged their performance grade down.

You may see some of the following scripts in the redirect chain:

Remove the following redirect chain if possible:

  • http://dx.bigsea.weborama.com/collect?touchpoint=4&url=http%3A%2F%2Fwww.clientdomain.com%2F&dsp_id=2&eid=CvQMC1hIk40AAAAQWjkEAw==
  • http://dx.bigsea.weborama.com/collect?touchpoint=4&url=http%3A%2F%2Fwww.clientdomain.com%2F&dsp_id=2&eid=CvQMC1hIk40AAAAQWjkEAw%3D%3D&bounced=1&rn=205014
  • http://idsync.weborama.fr/fcgi-bin/idsync.fcgi?d.A=rd&d.u=http%3A%2F%2Fdx.bigsea.weborama.com%2Fwam_sync%3Feid%3D%7BWEBO_ID%7D
  • http://idsync.weborama.fr/fcgi-bin/idsync.fcgi?g.bo=OK&g.rn=872131&d.A=rd&d.u=http%3A%2F%2Fdx.bigsea.weborama.com%2Fwam_sync%3Feid%3D%7BWEBO_ID%7D
  • http://dx.bigsea.weborama.com/wam_sync?eid=Dfk2qbcNUwAN

Remove the following redirect chain if possible:

  • http://idsync.rlcdn.com/386076.gif?partner_uid=CvQMC1hIk40AAAAQWjkEAw==
  • http://idsync.rlcdn.com/386076.gif?partner_uid=CvQMC1hIk40AAAAQWjkEAw%3D%3D&redirect=1
  • http://ib.adnxs.com/getuid?http%3A%2F%2Fidsync.rlcdn.com%2F52154.gif%3Fpartner_uid%3D%24UID
  • http://ib.adnxs.com/bounce?%2Fgetuid%3Fhttp%253A%252F%252Fidsync.rlcdn.com%252F52154.gif%253Fpartner_uid%253D%2524UID
  • http://idsync.rlcdn.com/52154.gif?partner_uid=2132406831221398315

Remove the following redirect chain if possible:

  • http://rc.rlcdn.com/398646.gif?n=1
  • http://dpm.demdex.net/ibs:dpid=477&dpuuid=a3d428a467ed9d8173d606ff28e2f158b76047351072ea60b89b0817ffcdc2e9b0da87c991749652&redir=http%3A%2F%2Fidsync.rlcdn.com%2F362248.gif%3Fpartner_uid%3D%24%7BDD_UUID%7D
  • http://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=477&dpuuid=a3d428a467ed9d8173d606ff28e2f158b76047351072ea60b89b0817ffcdc2e9b0da87c991749652&redir=http%3A%2F%2Fidsync.rlcdn.com%2F362248.gif%3Fpartner_uid%3D%24%7BDD_UUID%7D
  • http://idsync.rlcdn.com/362248.gif?partner_uid=80195589080884352633452367386776861963

The list goes on and on.

Turns out the “Share This” plugin is total bloatware. Deactivate the plugin and you’ll likely bump up a grade. Not convinced, check out the Share This reviews and decide for yourself.

For an alternative to the Share This plugin, try the “Add To Any” plugin instead. They have 300,000+ downloads with 4.7 out of 5 stars.

Hopefully this will help you out if you’re getting the lovely “Remove the following redirect chain if possible:” on Pingdom.

Remove the following redirect chain if possible

Remove the following redirect chain if possible

How to Uninstall CGAPlay

In the course of searching for video editing software, I came across CGAPlay aptly titled “Video producer editor/maker. Film studio” on Sourceforge. After reading the description, I installed CGAPlay and had some quick realizations:

  1. It did not seem to work
  2. It was not a good fit if it did
  3. It installed in my localhost
  4. It does not have an uninstall function

DesktopServerWhile I appreciate developers that are willing to spend time creating apps and open sourcing them for all to use, this suddenly became a nuisance to me. Why? Because I develop WordPress sites locally using a really cool app called DesktopServer made by ServerPress. CGAPlay suddenly blocked DesktopServer from working.

It took a while to figure this out but after looking at my downloads folder and identifying the download date for “Movie-Animation_studio.Setup.oud.exe” on 9/20/2015, I was able to search for files and folders added the same day. There were two folders added: “php” and “Apache Software Foundation”.
Apache Software Foundation

Here’s how to uninstall or stop CGAPlay from creating havoc on Xampp or Xampplite on your PC.

First things first. Make sure Apache is not running. Open up Task Manager and end any instances of Apache HTTP Servers.
Apache HTTP Server

Once Apache is stopped, go to C:\Program Files\Apache Software Foundation\ and rename the folder to anything besides “Apache Software Foundation”. I usually add a capital X so I can quickly scan folder and file types and see that I’ve made a change to them. This should resolve any conflicts between Xampplite and or DesktopServer. Once you are sure this won’t break anything else, you should be able to delete the folder.

Renaming or deleting the “php” folder in the C:\ folder should not affect DesktopServer one way or another. Rename and check it first before deleting.

I hope this helps you save some time and effort in removing CGAPlay from your localhost.

Options to Manage Multiple WordPress Installations

If you have multiple installations of WordPress sites across various hosts and are tired of managing and updating them one site at a time, look no further. The following is a list of solutions to help you update all of your WordPress installations all from one location.

Application 10 sites 30 sites 50 sites comments website
CMS Commander $12 $20 $30 Offers many options more info
iControlWP $15 $29 $49 Charges .85 to $1.20 for each additional site more info
InfiniteWP free free free Self hosted and has upgrade options more info
iThemes Sync $50 $50 $90 Offers 10 site updates for free more info
JetPack Site Management free free free Requires JetPack plugin and WordPress.com access more info
MainWP free free free Offers paid extensions more info
ManageWP $21 $60 $75 Offers variable pricing depending on qty of sites more info
My Sites Manager free free free Utilizes a plugin and is currently free more info
WP Remote free free free Plugin hasn't been updated and no support more info
WP SiteStack $37 $37 $37 Updates only one host instance more info
WPDash $18 $30 $100 Has auto updates; no middle ground pricing more info
WP Pipeline Charges $9.97 a month more info

*Note: Not all price options fit into the 10, 30, and 50 site updates.

Of course updating WordPress isn’t the end all requirement to manage WordPress. Many of the applications above offer upgraded services which provide automated backups, up-time notifications and monitoring, analytics, client reporting, post content and more.

What’s your favorite application to manage multiple WordPress installations?

Customizing WordPress Themes

I recently presented “Customizing WordPress Themes” at the local San Diego Word Press user group run by Glenn Bradley.

The talk was on how to include jQuery into your own WordPress themes. The slideshare presentation probably makes great reference notes for those in attendance but not so much for those who are viewing it as a standalone document.

Here are my notes to go along with the slides…

Customizing word press themes for San Diego WordPress user group

Slide 1: Really simple, WordPress is awesome for blogs, basic sites, and brochure type sites. They are able to be themed and implemented relatively quickly. I like them much more than static HTML sites. No more wondering which version of content is the latest.

Slide 2: We’ve all spent way too much time looking through free themes on WordPress. There never exactly what you need or they cost too much. Template Monster is nice but frankly, when I’m working on my own theme I don’t want to spend a dime so I just wrangles WP’s twenty ten theme into my own custom themes as needed.

Slide 3: Most people using WordPress should know, changing the theme within WordPress admin is under Appearance > Themes section. In hosting the WordPress theme is under domain.com/wp-content/themes/name of them folder. Simply upload the theme into the directory and choose it within the admin themes section.

Slide 4: One really cool thing about WordPress themes is you can create multiple page templates and select which theme you want to use within your WordPress page.

Slide 5: A few examples of WordPress themes using jQuery image sliders were used in this presentation. Three of the four sites are live at the time of this blog post. Pro Restaurant Design is a recent site I launched targeting owners of restaurants. This WordPress theme is uses the Anything Slider. San Diego Sport and Spine uses Auto Image Rotator and Mindful Design uses Avia Slider.

Slide 6: There are a ton of sliders out there, including WordPress plugins using jQuery, MooTools, and Script.aculo.us. Finding one that fits you or your client’s needs isn’t easy as it seems. Searching for terms like jQuery Image Slider usually yields decent results.

Slide 7: If you’re not sure on how to implement JavaScript on a site, Kevin Miller put together a great how to example on his new site P51 Labs. Make sure the scripts you’re trying to implement work on static HTML sites before adding them to the WP themes. This will help alleviate you the pain whether it works at all or in the WordPress theme itself.

Slide 8: When customizing your own theme, start from the basics. Make sure you know where your blocks of content go before you start CSS’ing and DIV’ing them out. Wireframe your site layout first.

Slide 9: As you fill in details, keep in mind where your JavaScript files are going to reside. Typically within the header.php file but not always.

Slide 10: There are several files you need to consider when themeing WordPress templates. They are index.php, page.php, and single.php are the main ones, then archive, search etc. are also needed to be themed. Get your main pages in order first then you can update the others later.

Slide 11: The standard index.php file from the Twenty Ten theme uses the get_header () ;  call.

Slide 12: Change get_header () ; to get_header (home) ; and it will call the header-home.php file instead. In this file (header-home.php) you can modify the contents within the <head> area and add your specific .js files accordingly.

Slide 13: On any other page templates, all you’ll need to do is grab the dynamic content and wrap the CSS around it.

Slide 14: Customizing Widgets is easy. Just add this first set of code wherever you want the widget to show up on your site. Open up the functions.php file. Copy and paste the existing widget code, rename every instance of primary-widget-area and respective text to something you’ll recognize later and you should have a function custom named widget in your admin > appearance > widgets section as well as you page template.

Slide 15: Going back to the header file(s), simply add the code from your jQuery script. Best way is to grab it from the demo, strip out all unnecessary code and make sure it works on a static file, then migrate it over to your WordPress theme. Makes sure to comment code out everything as best as possible.

Slide 16: Using one of the HiFi, Page.ly Multi-edit, or More Fields plugins are a great way to get content on a page. Specifically HiFi will allow for scripts, CSS and other code to be injected into the header or footer files. Multi-edit and More Fields almost act like widgets. You can add content through the page admin area. You’ll have to find the correct snippet of code into the template though otherwise they won’t work at all. HeadCleaner helps clean up some of the code in case something breaks. Sometimes it works, sometimes not.

Slide 17: Use Firebug! What else can I say. Learn it, use it, love it.

Slide 18: As a digital content provider, I frown when my content gets plagiarized or stolen so I don’t like using this code. However when a client really really needs something to be cleaned up, CSS display none can work wonders: footerdiv {display:none;}

Slide 19: Conclusion…know CSS otherwise custom themeing won’t be fun. Test all pages like the search page, archives page and 404 pages and make sure to cross browser check your CSS including making sure you’re w3 compliant.