How do I upgrade my version of WordPress?

Since WordPress version 2.7 there is a built-in automatic upgrade feature that can be found a couple of ways.  First and most obvious is on the dashboard.  On the home admin page of WordPress it displays the version of WordPress that you are currently using and an option to upgrade if there is a newer version.  Second, click on the tools option on the left-hand side and then choose upgrade.  If you are running an older version than 2.7, which does not have the automatic upgrade feature, then read this.  Please don’t wait, upgrade immediately.

How can I tell if I’ve been hacked?

If the permalinks to your posts look like:

you’ve been hacked!

What do I do if my WordPress site has been hacked?

First, upgrade WordPress to the latest version.  Then, find if there are any “hidden” administrators.  If you don’t have lots of registered users the easiest way to find users is in the table “wp_users” (assuming you used the default “wp_” during WordPress install) in your WordPress database.  To validate that the user you found has admin rights take the number from the “id” column in your “wp_users” and then look for this id in the “wp_usermeta” and match it to the “meta_key” column.  If the “meta_value” contains administrator, then this user has administrator rights to your WordPress blog.

I found another great article from Journey etc explaining a different way to find a hidden user.

Then, update your permalinks back to the way they were.  This should get your site functional again.  However, since you’ve been hacked and administrative rights have been compromised, I suggest you keep looking for other pieces of code that may have been inserted.

I also read a great article about this at Lorelle on WordPress.

1. How to display a login button on WordPress that doesn’t send users to the backside of WordPress
2. How to display the logged in users first and last name

Step1

The default login page for WordPress is http://yourdomain.com/wp-admin.  When you login to WordPress using this URL it immediately takes you to the backside of WordPress (not very user friendly).  The URL to allow a user to login and be sent back to the home page of your website is

 and the URL to allow users to logout and be sent back to the home page is

Step2

Now that the user can login/logout,  all that’s left is getting their First and Last name.  The code to get their name is

Conclusion

Now, to put all that together is

Of course, you can use any div name that you want instead of “menutop”.  Below is the CSS that I used for my div

BTW…I placed all of this in my header.php file.

• FTP client – I recommend FileZilla.  It’s best feature is how easy it is to use.  It works on multiple platforms (Windows, Linux, BSD, Mac OS X).  Also, it’s FREE!!!
• Text editor – I recommend Notepad++ for this.  It understands many programming languages and can help with syntax highlighting.  Also, it’s FREE!!!
• Zip extractor – I recommend 7-Zip.  Also, it’s FREE!!!

There are 3 main steps to setting up your WordPress site:

Step 1 – Create a database

Login to the control panel of you hosting provider and select the option to create a new MySQL database.  Setup a userid to have full access to this new database.  Depending on the provider your web server may be able to access the database by the host name of “localhost” or it may have to use the full name like “mysql123.hostingcompany.com” (this will be important during the next step).  Make sure to take note of the Database Name, username that you gave full access to, password of the DB user, and the hostname of the DB server because this information will be used in step 2.

Step 2 – Upload the WordPress code

You can get a copy of the latest version of WordPress here.  You will need to download this to your local computer and then unzip the contents to it’s own folder using 7-Zip mentioned above.  Once 7-Zip is installed you can just right-click on the zip file and there will be a new 7-Zip option, then choose ‘extract here’.

Next, find the wp-config-sample.php file and rename it to wp-config.php.  Edit this file with Notepad++ mentioned above and modify the following lines:

define(‘DB_NAME’, ‘dbname‘); // The name of the database
define(’DB_USER’, ‘dbusername‘); // Your MySQL username
define(’DB_PASSWORD’, ‘dbpassword‘); // …and password
define(’DB_HOST’, ‘localhost’); // 99% chance you won’t need to change this value

Replace the variables ‘dbname‘ with the name of the database, ‘dbusername‘ with the username that you gave full access to the database, ‘dbpassword‘ with the password of the DB userid you created, and ‘localhost’ only if your web server needs to access the database remotely (you might have to ask your provider).  Note: do not replace the tics ‘ marks on either side of the variable.

Now your ready to upload the files, but where you put them depends on whether you are planning on using WordPress for your entire website (http://www.example.com) or install WordPress as a subsection (http://www.example.com/wordpress).  Most people just use WordPress for their entire site, which I also recommend.  If you want WordPress to be your main site just upload the content to the root of your domain.  So, the directories in your root should be wp-admin, wp-content, wp-includes, along with other numerous files and any other files/folders that were provided by default by your hosting provider.

Step 3 – Finish the install

Hang in there, you’re almost done.  Now, you need to open the browser of your choice (Internet Explorer, Firefox, Safari, Chrome) and go to http://www.yourdomain.com/wp-admin/install.php.  Of course, replace “yourdomain.com” with the name of the domain where you are installing WordPress.  It’s amazing, but that’s all there is to the install.  Make sure that you write down the password that presented at the end of the install so because that’s the only id/password to manage the install.  If, for some reason, you didn’t write it down or lose it later you can always go into the MySQL database and change the password.  I wrote a blog How to recover lost WordPress Admin password or E-mail.

Post setup steps

I have written a few blogs about some additional steps that most installations will need after the first login.  I will list some of them below.  I will also be adding more to the list over time.

• Using permalinks to make your posts SEO friendly
• How to change “posted by admin” in your WordPress theme
• How to widgetize your WordPress theme

How Executable PHP Widget works

This is a very simple plugin and installs just like any other plugin.

1. Download the zip file and unzip.
2. Upload the folder that it creates to the <webroot>/wp-content/plugins folder
3. Login your WordPress admin panel and enable the plugin
4. Click Design, Widget, and drag the PHP Code: widget to your sidebar
5. Insert the code into this widget and you’re done

The default permalink settings for WordPress is “domain.com/?p=123“, who wants that?  How would you like to try to explain that URL to someone.  It’s definately not Search Engine friendly.

I’m one of those people that doesn’t read the owners manual for something new.  I typically fumble around pushing buttons to figure out what it can do.  It’s usually only when I get stuck that I resort to the owners manual.

Well, with permalinks I had to break out the manual.  There are 4 default settings available from WordPress on the admin page: Default (example above), Day and Name, Month and Name, or Numeric.  I didn’t want any of these choices and found out that there really aren’t a lot of options, but I found one that I liked better than the default offerings.  If you don’t like the default 4 that are offered you can choose the custom structure and put any combination of the 10 variables available.  I’m currently using /%category%/%postname%/.

Below are the 10 variables from WordPress:

%year%
The year of the post, four digits, for example 2004
%monthnum%
Month of the year, for example 05
%day%
Day of the month, for example 28
%hour%
Hour of the day, for example 15
%minute%
Minute of the hour, for example 43
%second%
Second of the minute, for example 33
%postname%
A sanitized version of the title of the post (post slug field on Edit Post/Page panel). So “This Is A Great Post!” becomes this-is-a-great-post in the URI (see Using only %postname%)
%post_id%
The unique ID # of the post, for example 423
%category%
A sanitized version of the category name (category slug field on New/Edit Category panel). Nested sub-categories appear as nested directories in the URI.
%author%
A sanitized version of the author name.

I found out that the person was using the border feature in their CSS.  This blog assumes that you already know a little bit about CSS.  Whether you’re experienced or not, the first thing you should do is backup your CSS before making changes to it.  You can really do harm to your website by misconfiguring your CSS.

First, locate your CSS.  It should be located in the <webroot>/wp-content/themes/<yourtheme>/
Second, locate the selector that you wish to update (ie. “.post a:link“)
Third, add the following lines below:

• border-bottom: #666666;
• border-width: 0px 0px 1px 0px;
• border-style: none none dotted none;

Now, re-upload your newly updated CSS to your site and test it out. 

There is a great tutorial explaining CSS at W3Schools which gives other examples of border types such as: dashed, solid, double, groove, ridge, inset, and outset.

Good luck!

The install is easy but be careful to read the directions closely.  Most WordPress plugins are placed into their own folders so I assumed that this one could also be placed into a folder.  Well, I was wrong.  The instructions are to put the files directly in the “<website root>/wp-content/plugins/” folder.

This plugin will can only be deployed using php code.  Therefore,  in order to use this plugin in a widget you need another plugin (executable PHP widget), which I have blogged about “How to add PHP code to a WordPress widget“.

Unfortunately, there can only be 1 flash per WordPress site with this plugin.

1.  The first way includes 2 steps.  The first thing is to change the nickname of your user id.  You must click save before trying the next step.  The second step is to change the “display name publicly as” to the name that you want displayed on each of your posts.

2.  The second way requires making changes to a few of your themes php files.  From the WordPress admin page click on Design, Theme Editor, and then locate the index.php (Main Index Template).  From the text editor locate the template tag “the_author” and replace it with “the_author_nickname”.  Then, repeat this step for each of the following files:

• Posts.php
• Page.php
• Categories.php
• Index.php (already listed above)

There is a list of all the template tags provided by WordPress.

You could simply click the “Lost password” link on the admin page.  This will send an E-mail to the address that is listed for the Admin.  But what if you don’t remember what E-mail address you used for the Admin?

You’re OK as long as you have access to the database for your WordPress install.

• Login to the control panel that is hosting your web server
• Launch the PHP MyAdmin
• Select the database that is for your WordPress install
• Select “wp_users” from the list of tables on the righ-hand side
• On the main screen will be a list of registered users from your WordPress install.  Find the one that you want to change the password for and edit that entry
• Now, simply past the string “$P$Bq8Zk0hCxoUDcKV8jcmymS1Q10dQbz0″ into the password field

This has set your password back to “password”.  Now you can login and change your password to something else.

You can also change the E-mail address of a user account using steps 1-5 above and just change the E-mail field instead of the password field.  This might be useful if you need to change the E-mail address of a user on you blog without changing their password.