WordPress ten years on

WordPressTen years ago, on May 27, 2003, WordPress was released.

It wasn’t the first software that enabled anyone to write their thoughts down and publish them online for the world to see. But its free and open source credentials along with its extensible plug-in architecture made it an easy choice for anyone to start blogging at a time when the landscape was dominated by blogging software and platforms that were somewhat complex to learn and most cost money.

Ten years ago, I was using Blogspot, the paid blogging service from Blogger that was acquired by Google in February 2003. I moved to TypePad in mid 2004 – that site is still live, kept as an archive -  experimented with Movable Type along the way until settling on WordPress in early 2006.

So much has happened in these ten years in a constantly- and rapidly-evolving landscape, one that has expanded massively and globally and that offers would-be content publishers, individuals and organizations, myriad choices of methods to get your thoughts out there, connect with others and join that phenomenal conversation that’s going on.

Pioneers like Matt Mullenweg, the co-founder of WordPress, deserve recognition and thanks for the architecture they have created, upon which you see the many platforms of today.

Among it all, though, WordPress stands out as a worthy example of a real ecosystem – embracing platform, developers, users, fans and critics – that still is true to its original free and open source ideals. That’s crystal clear to see in Matt’s words yesterday extolling WordPress.

And in the practical sense, WordPress is just easy to use: easy to set up, manage, change your blog, add to it, use it on any device… In sum, I love WordPress.

Here’s to noble ideals, great content, conversations and longevity!

Additional reading:

[Later:] Some great metrics on WordPress over the years in this concise infographic from Statista via VentureBeat:

WordPress Turns 10

Related post:

Refreshing design

A Bank Holiday weekend is a good quiet time for a web project and to roll out a new look to NevilleHobson.com.

The look and feel of a website – whether it’s a blog like this one or a corporate site like any you can think of – is a key element in the overall experience someone enjoys (or not) when they come to your presence on the web. It plays a role in your brand presence, whether it’s personal or corporate. (Ask Jakob Nielsen about web usability.)

In thinking about the reader experience, the focus in my mind was on putting the content front and centre. Consuming content in a blog or wherever else primarily ought to be about that: what the consumer experiences and whether that experience is worthwhile for him or her.

With that in mind, I present the new NevilleHobson.com.

The new look

Lots of white space, a pleasing serif typeface for the text, an overall uncluttered look.

The new look is a bit of a departure from the busy, newsroomy one it’s replaced.

The old look

The major feedback I’d had about the old look was in reference mostly to the typeface – sans-serif and too small – and how cluttered everything seemed to be. It largely reflected my own thoughts, too.

Both the new and old looks are WordPress child themes  – eleven40 and News respectively – that run on the Genesis Framework. I installed and enabled them myself.

With the new look, what you see is pretty much out of the box. I’ve made a few changes and tweaks here and there, mainly in the CSS. There will probably be a bit more tweaking in due course.

The structure of the site has not changed although I have simplified the navigation menu system, getting rid of a lot of clutter there, and retired some out-of-date content (static pages, not blog posts). I’ve also removed the background image that appeared every time you loaded a page. It looked nice but it had a huge negative impact on page-load times.

Importantly, I wanted to continue the responsive web design aspect of this blog that the Genesis Framework developers have made easy. It works well on whatever device on which you access it – whether it’s a 24-inch widescreen desktop monitor, an iPad or other 10-inch tablet, a Kindle Fire or other 7-inch tablet, or any modern smartphone with their 3- to 5-inch screens.

Let me add that as this blog runs on WordPress, changing a theme typically is a simple process that doesn’t require you to have much knowledge or skill in PHP coding or even HTML. The actual work I had to do to get to what you see now – from installing the new theme on a test blog, testing it, changing some elements, updating some content here, the other changes I mentioned earlier, etc – took me about five hours spread over this weekend.

And finally, if you read this blog’s content in an RSS reader, in your email program or via a syndicated service, you may not notice the design at all never mind a change in it if all you see is the text. That’s great! But, if you have five minutes to spare, do pop in and have a look around.

If you have any thoughts you’d like to share, I’d welcome your feedback, thanks.

How to secure your WordPress site against hacker attacks

WordPress under attackOne of the easiest content management systems to set up and use is WordPress, the largest self-hosted blogging platform in the world, powering more than 60 million websites worldwide.

That fact may be a key reason why WordPress is in the news right now as the subject of a large-scale attack from a huge number of computers from across the internet  – known as an automated botnet attack – attempting to take over servers that run WordPress.

Some are saying that this current attack is the precursor of a botnet of infected computers vastly stronger and more destructive than those of today. That’s because the servers have bandwidth connections that are typically tens, hundreds, or even thousands of times faster than botnets made of infected machines in homes and small businesses.

WordPress’ popularity comes at a price in a situation like this, as a perceived vulnerability in the platform’s ease of use is weak security by users.

That weak security typically means continuing to use the word ‘admin’ as a user name – this is the default administration account that’s created when you first install WordPress – along with a password that brute-force attempts to guess are likely to succeed, which is what’s happening with this attack.

If you’ve disabled the default ‘admin’ account in your WordPress installation – or, even better, you’ve deleted it – and have something else in its place as the main administrator of your WordPress dashboard, that will likely take you out of the immediate target area of the attackers.

And if you’ve set a strong password – at least eight characters and in a combination of upper- and lower-case letters along with numbers and extended characters – you’re in a good position to be passed by if or when a botnet comes calling at your WordPress front door.

Don’t be complacent, though – this attack serves as a great reminder that securing your WordPress blog or website so that no one can get into it unless they’re invited is something you do need to be sure about.

So what can you do to make your site secure enough right now to deter such attacks in the future?

First, make sure you have the latest WordPress version installed. As of today, that version is 3.5.1.

If you still have an administrative user called ‘admin,’ there are two steps to take:

  1. Create a new admin account with a different name and give it a strong password.
  2. Delete the ‘admin’ user account; during that procedure, you’ll be asked by WordPress which other account should you assign posts, pages, etc, created by ‘admin’ to. Choose the new admin account name you just created.

Next, enable two-step verification for each user in your WordPress account. The simplest such service for a WordPress user to install and implement is the open source Google Authenticator. If you have that enabled for your Google account, or other services such as Dropbox or Amazon S3, then you’ll be familiar with how it works.

WordPress login with Google AuthenticatorAnd you’re in luck for your self-hosted WordPress site as there’s an excellent plugin that sets it up for you – Google Authenticator plugin for WordPress.

Grab it now, either by downloading it from the WordPress plugin repository or installing it via the ‘add new plugin’ function in your WordPress dashboard.

You’ll need the free Google Authenticator app for your smartphone in order to use this security feature. There are versions for Android, Blackberry and iOS.

And if you then follow the excellent “How To Enable 2-Step Authentication On Your Self-Hosted WordPress.org Site” guide published last week by Techfleece, you’ll be up and running in no time with a WordPress site that will give you more peace of mind than you had before.

In my view, this is the bare minimum you should have set up in your self-hosted WordPress site that gives you a good level of security for your peace of mind. It would make it more difficult to hack into your site.

There’s a lot more you can do as well including steps to take to better secure the server on which your WordPress platform is installed. There’s a great tutorial on the WordPress Codex that can tell you more.

Don’t let spammers, hackers or botnets mess up your presence on the web. You can be secure.

This post was first published on the Official WebHostingBuzz Company Blog on April 16, 2013. Founded in 2002, WebHostingBuzz is a web hosting company based in Auburn, MA, USA and in the UK. It offers web hosting, reseller hosting, VPS hosting, and dedicated hosting services from data centres across the United States and in Europe. WebHostingBuzz is a sponsor of NevilleHobson.com.

If your WordPress site runs at WordPress.com – it’s hosted by that service, not on your own server – follow this guide to set up two-step authentication: Greater Security with Two Step Authentication.

See also:

A fix for Windows Live Writer to ‘see’ a WordPress theme

windowslivewriterI’ve used the Windows Live Writer content creation and publishing tool for blog posts and pages from Microsoft since it first appeared in beta form in the mid-00s. In my experience, it is the best offline blog editor for Windows bar none.

It’s not perfect, mind you, with probably the biggest frustration being that of configuration with a theme on your blog, often manifesting itself  when you change the theme from one to another.

When WLW doesn’t recognize your theme, it means that you don’t get almost-true WYSIWYG when you write or edit content. So you don’t see your writing as you would when the post or page is published on your blog.

It is frustrating when you can’t see what you’ll get either in WLW’s edit mode or, more importantly, in its preview mode. What you have to do is publish the post to your blog as a draft and then view it in preview there if you want to see what it will look like when actually published, before you hit the ‘publish’ button.

What a performance – one that frustrates many bloggers enormously and can seem a huge deal if you do a lot of blogging.

If you search for solutions online, you’ll find no end of suggestions: this one, for instance, which talks about setting a static page – a suggestion I’ve seen quite a bit.

I tried it, but it didn’t work for me for my self-hosted WordPress blogs (meaning, it might with other blog platforms).

I experienced the issue myself this week when I changed the theme of my primary WordPress blog. WLW worked fine with the previous theme, but wouldn’t ‘see’ the new one. As I ‘ve been through this quite a few times before with mixed results on resolving it, I decided to live with it this time after being unsuccessful with the suggested solution I mentioned above.

Yet a thought occurred to me today that, when I tested it out, proved to be a solution to the problem. When writing in WLW, I now see a post as it will closely appear when published as this screenshot shows.

wlwtheme

The fix was very simple. I don’t really know why or how it works but it does.

One thing I noticed when researching a solution this time was references in some of the ideas I encountered to how WLW works when it tries to detect your blog theme.

A common view I saw that was that when WLW publishes a temporary post to your blog as part of its detection process – which, btw, it asks your permission first – it publishes that temp post to the category ‘Uncategorized,’ which is the default category set by WordPress when you first install that platform.

That was the key in my case – the default category was set to something else. Here’s what to do:

  1. In your WordPress admin dashboard, go to Settings -> Writing.
  2. Check in the dropdown list that the default post category is set to ‘Uncategorized.’ If not, select it.
    writingsettings
  3. At the bottom of the page, click ‘Save Settings.’
  4. Then, in WLW, try to detect your blog theme again.

(While you’re on that page, double-check that the check box for ‘XML-RPC’ in the Remote Publishing section is actually checked.)

In my case, it then worked. As I mentioned, I don’t know how or why it worked as ‘Uncategorized’ wasn’t set as the default category with the previous theme I was using: WLW had detected that theme just fine. Maybe it’s something in a particular theme as well.

Still, if you’ve been experiencing this issue, and whatever WordPress theme you have, maybe this fix is worth a try to see if it works where other suggested fixes haven’t.

If it works for you – or doesn’t – I’d love to know.

Incidentally, it looks like the future of Windows Live Writer in terms of Microsoft’s continuing to develop it is in doubt with changes to Windows Live Essentials (the software suite in which WLW forms part). It would be a shame if WLW falls by the wayside in terms of development as blog platforms evolve and become ever more functional, where an offline editor that lets you take advantage of that becomes even more an essential tool.

I’ve always thought that WLW ought to have been an integral element in Microsoft’s Office suite. You can write blog posts in Word (did you know that?)

wordblogpost

A far from satisfactory tool or experience, though, compared to Windows Live Writer.

Boost your WordPress blog with Jetpack

jetpacklogoIf you self-host a WordPress blog, one of the most useful plug-ins you can install is Jetpack, created by WordPress publisher Automattic originally for blogs built on the hosted WordPress.com service

The Jetpack plug-in has recently been updated to version 2, which now makes it an indispensible part of your blog presence on the social web.

Jetpack offers a huge range of features, services and functionality that enhances your WordPress experience – both yours as the content publisher and those who interact with your content.

With version 2, Jetpack currently brings nearly two dozen modules that you activate to use in your WordPress site.

jetpackdashboard

Once you install the plugin, it created a dashboard in your WordPress admin through which you manage all aspects of it.

You will need an account at WordPress.com even if you don’t have or plan to have a blog there, as the plugin connects with data and services in the WordPress cloud. Opening an account is free of charge.

You use the Jetpack modules you want, which may not be all of them. I have some activated, not all; the ones I find very useful are these:

  • Comments: enables your visitors to use WordPress.com, Twitter, or Facebook accounts when commenting on your site.
  • Subscriptions: Allow users to subscribe to your posts and comments to receive a notification via email.
  • Contact Form: Easily insert a contact form any where on your site.
  • Sharing: The most super duper sharing tool on the interwebs. Share content with Facebook, Twitter, and many more.
  • Shortcode Embeds: Easily embed videos and more from sites like YouTube, Vimeo, and SlideShare.
  • WP.me Shortlinks: Enable WP.me-powered shortlinks for all of your Posts and Pages for easier sharing.
  • Mobile Theme: Automatically optimize your site for mobile devices.
  • Enhanced Distribution: Share your public posts and comments to search engines and other services in real-time.
  • Custom CSS: Customize the appearance of your site using CSS but without modifying your theme.

I’ve dispensed with other plugins where Jetpack offers similar or better functionality. It’s definitely a core plugin that will give any self-hosted WordPress blog a boost.

Live blogging comes to WordPress

[UPDATE: Venturebeat reports that a serious bug exists in this plugin. It seems that the developers created the plugin and tested it on a pre-release version of the next version of the WordPress software. My recommendation: don't use the plugin until you have installed an updated version that has been verified that it corrects the deadly issue(s). Hat tip for the news to Julio Romo.]

If you use the self-hosted WordPress open-source blogging tool and content management system, a new feature has just been launched by its developer, Automattic, that let’s you live-blog an event in real time, using only your blog.

This short video succinctly explains how the new WordPress plugin works:

(If you don’t see the video embedded here, watch it at WordPress.)

Key features:

  • Post updates right from the front-end of your site (no need to use the /wp-admin dashboard).
  • Viewers of your Liveblog get new entries served to them instantly and automatically, without needing to refresh their browser.
  • Your authors can drag-and-drop photos right into the Liveblog area, without needing to navigate to separate browser tabs or windows.
  • There’s no need for a separate site dedicated to liveblogging: every post can be a liveblog, even existing ones.

Automattic says the plugin was developed primarily with its paying WordPress VIP hosted customers in mind, typically large organizations including media companies who pay for enterprise-class hosting services, and who need different guarantees of service and levels or support than, say, a small business or individual blogger.

The plugin is also available to anyone with a self-hosted WordPress blog, as a free plugin you just install. As it’s been open-sourced, it’s also available on Github, the collaborative software development resource and code-hosting service.

I remember when live blogging service CoverItLive launched in 2008. Wow, I thought, a terrific way to to live blog an event, in real time as it happened, using a full range of rich media content: text, audio, video, images, etc, that you can include into each additional text you write. You’d also have a ‘recording’ of your content for access by anyone after your event.

A plugin that let you tweet to your WordPress blog came in 2009. I tried it, thought it was terrific, but it was unreliable and the developer didn’t continue to support it.

A lot more has happened since then, with the advent of many other tools to enable anyone to live blog an event. It’s a role that free tools like Twitter, Tumblr and Storify have fulfilled in many instances, often complementing live-writing and -updating traditional blog posts on the fly – effective, though rather cumbersome and clumsy.

In addition, CoverItLive changed its business model that saw it move to being a wholly-paid service.

I think such an add-on to enhance the functionality and use of WordPress will be warmly welcomed by bloggers, journalists and other writers who like to cover events or do so professionally (thinking of you, Adam Tinworth, especially). Those events don’t necessarily mean big product launches or media happenings: they can just as easily be seminars, workshops and conferences – anywhere that something’s happening that you’d like to get the word out to a wider audience as it happens.

Automattic just disrupted the market.

(Via TNW Apps)

[Later:] Following Andrew Spong’s observation, I’ve edited this post to clarify an important point that the plugin is not for hosted WordPress.com blogs except the paid WordPress VIP service, and for self-hosted WordPress.org blogs. (I get confused with the different WordPress naming sometimes.)

I also came across GigaOM Liveblog, a free plugin “to produce a fully functional, scalable solution that could be used for future events that should be live-blogged.” It doesn’t look comparable to Automattic’s offering, but it might be worth a look as well.

Related posts: