Live blogging comes to WordPress

[UPDATE: Venturebeat reports that a serious bug exists in this plugin. It seems that the developers created the plugin and tested it on a pre-release version of the next version of the WordPress software. My recommendation: don’t use the plugin until you have installed an updated version that has been verified that it corrects the deadly issue(s). Hat tip for the news to Julio Romo.]

If you use the self-hosted WordPress open-source blogging tool and content management system, a new feature has just been launched by its developer, Automattic, that let’s you live-blog an event in real time, using only your blog.

This short video succinctly explains how the new WordPress plugin works:

(If you don’t see the video embedded here, watch it at WordPress.)

Key features:

  • Post updates right from the front-end of your site (no need to use the /wp-admin dashboard).
  • Viewers of your Liveblog get new entries served to them instantly and automatically, without needing to refresh their browser.
  • Your authors can drag-and-drop photos right into the Liveblog area, without needing to navigate to separate browser tabs or windows.
  • There’s no need for a separate site dedicated to liveblogging: every post can be a liveblog, even existing ones.

Automattic says the plugin was developed primarily with its paying WordPress VIP hosted customers in mind, typically large organizations including media companies who pay for enterprise-class hosting services, and who need different guarantees of service and levels or support than, say, a small business or individual blogger.

The plugin is also available to anyone with a self-hosted WordPress blog, as a free plugin you just install. As it’s been open-sourced, it’s also available on Github, the collaborative software development resource and code-hosting service.

I remember when live blogging service CoverItLive launched in 2008. Wow, I thought, a terrific way to to live blog an event, in real time as it happened, using a full range of rich media content: text, audio, video, images, etc, that you can include into each additional text you write. You’d also have a ‘recording’ of your content for access by anyone after your event.

A plugin that let you tweet to your WordPress blog came in 2009. I tried it, thought it was terrific, but it was unreliable and the developer didn’t continue to support it.

A lot more has happened since then, with the advent of many other tools to enable anyone to live blog an event. It’s a role that free tools like Twitter, Tumblr and Storify have fulfilled in many instances, often complementing live-writing and -updating traditional blog posts on the fly – effective, though rather cumbersome and clumsy.

In addition, CoverItLive changed its business model that saw it move to being a wholly-paid service.

I think such an add-on to enhance the functionality and use of WordPress will be warmly welcomed by bloggers, journalists and other writers who like to cover events or do so professionally (thinking of you, Adam Tinworth, especially). Those events don’t necessarily mean big product launches or media happenings: they can just as easily be seminars, workshops and conferences – anywhere that something’s happening that you’d like to get the word out to a wider audience as it happens.

Automattic just disrupted the market.

(Via TNW Apps)

[Later:] Following Andrew Spong’s observation, I’ve edited this post to clarify an important point that the plugin is not for hosted WordPress.com blogs except the paid WordPress VIP service, and for self-hosted WordPress.org blogs. (I get confused with the different WordPress naming sometimes.)

I also came across GigaOM Liveblog, a free plugin “to produce a fully functional, scalable solution that could be used for future events that should be live-blogged.” It doesn’t look comparable to Automattic’s offering, but it might be worth a look as well.

Related posts:

The pros and cons of dedicated WordPress hosting

wp341dash

Some web hosting companies specialize in delivering services dedicated to very specific types of software. WordPress is one example of popular open source software that a hosting company may feature. There are both advantages and disadvantages to this type of hosting.

Some of the advantages include:

  • Expertise in the software you want to use. The company knows WordPress well because that is all it does. This means, at least in theory, that you will get good support if you have any problems with the software.
  • Guaranteed compatibility. Since it is their only product, the host will make sure WordPress runs well and installs without any problems. As such, you will never have to worry about compatibility issues.
  • Additional tools. Presumably, a host dedicated to WordPress will also provide useful tools and plugins to enhance the experience, as that is the only way the host can have a real edge over competition.

Some of the disadvantages are:

  • Limited exclusively to WordPress. Yes, this advantage can also be a disadvantage. If you ever want to switch to another content management system or blogging platform, you will have to look for a new host. If you ever want any other type of software installed, it may or may not be allowed by your host.
  • Narrow support. This host may be good at providing support for WordPress-specific issues, but anything beyond that, even if they allow it, will likely not be supported.
  • Not unique. While exclusivity might sound like a plus, it really may not present any real advantages over a host that offers the same features in addition to support for other software. A good host that can install WordPress and many other web applications may give you more for your money.

Hosts that specialize in WordPress hosting may know some of the caching and content delivery tricks that less-experienced hosts may not have encountered. The true advantages, however, pretty much stop there.

In the end, it is a better idea to search for a host based on standard criteria, such as the quality of service, customer support, and technology. Many will offer the same features as WordPress-exclusive hosts while also offering so much more.

This post was first published on the WebHostingBuzz blog on June 30, 2012, as What are the benefits of using a web host that is dedicated to WordPress hosting?

WebHostingBuzz offers a wide range of hosting services – web hosting, business web hosting, reseller hosting, virtual private servers and dedicated servers – as well as specialized services such as WordPress, Joomla, Magento and Drupal hosting plus e-commerce hosting. The company says it has over 30,000 customers worldwide, in over 200 countries, hosting more than 100,000 websites at datacentres in the US and in The Netherlands. Check out what they offer: US | Europe

WebHostingBuzz is a sponsor of NevilleHobson.com (which runs on WordPress).

Hosted by WebHostingBuzz

No frills for a while

If you’re a previous visitor to this site, you’ll probably notice that it looks very different today compared to your last visit. What you see is the look and feel of the default WordPress theme known as Twenty Eleven that’s included with the latest version of the content management system, instead of the customized Thesis theme with colourful banner at the top that has defined the appearance of this site for over four years.

Why the sudden change? Reverting back to default is a start point in troubleshooting an issue that’s been plaguing the site – and me, and maybe you as well – for the past few months. Take a look at this chart:

vpsresourcescharts

It shows memory and processor usage over the past month on the virtual private server I use at my hosting service DreamHost. To summarize it all very simply, the red and blue lines constantly spike into areas well outside what I’m allocated to use. This results in frequent site downtime among other things.

That means you get errors when you try to get here. No content. Or, very slow page loading. According to Pingdom which monitors the site for downtime, this site has suffered 14 outages totalling 8 hours 59 minutes and 58 seconds between September 1 and October 2. That’s a full working day when nothing here was accessible by anyone.

And that doesn’t include the frequent outages for just a few minutes which have been happening every single day in recent weeks, especially whenever I publish new content via Windows Live Writer.

I have some helpful suggestions from DreamHost technical support which I’m now going to implement. Part of that is starting by reverting to defaults on most things including the theme. I’ve also deactivated (and will uninstall) nearly all plugins – I had over 40 running.

Probably all a bit much really.

So no frills for a while as I see if DreamHost’s recommendations and my execution of those over time solve the problems.

Of course, if you only read content here via an RSS subscription or other means of remote consumption, you probably won’t notice any difference. But thanks for reading this anyway, published in the interests of timely communication.

How to protect your blog from viruses, backdoor Trojans and other nasty stuff

id4virusIf you’ve ever been hit with a virus on your computer, you know how difficult it can be to thoroughly clean the machine, even when you have security software that does all the heavy work.

Take that picture and apply it to your blog and you have a migraine-inducing situation, precisely what I’ve experienced during this past week with an iframe virus and a malware attack involving a backdoor Trojan that temporarily created some havoc on this WordPress blog until they were eliminated.

What I learned from this experience is simple things any blogger can do to help ensure the security of your site.

I became aware that something wasn’t right when publishing a post using Windows Live Writer produced an access error. Likewise, accessing the blog via the WordPress app for Android on my phone also gave an error. I thought it might be related to a known error with XML-RPC and PHP that I encountered a few years ago. But a quick peek at the source code of the home page showed me a different likelihood.

viewsource

Notice the string of text highlighted in red that starts line 1 – code to create an iframe and then access another website on every page load. Given that I hadn’t inserted that code, nor had it anything at all to do with WordPress, then the chances were pretty certain it was done by someone who had gained unauthorized access to my server.

Line 1 should start with this –

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

A simple search on Google and a chat with my hosting service, DreamHost, speedily confirmed the worst: the blog was infected. Identifying precisely with what, and fixing it, was a clear priority.

Looking around the web produced lots of helpful posts recounting the experiences of others who have addressed similar issues as mine, all of which were very useful in the actions I took to rid my site of this most unwelcome visitor.

Immediate three steps:

  1. Change the passwords and log ins for all blogs and my hosting account.
  2. Review list of users who have admin authority on the blog. If there are any there I don’t recognize, either delete them or at least change their access levels to one which gives no ability to write content on the site. For all others, disallow their admin rights temporarily
  3. Change the password for my own FTP access account and cancel access of every other FTP account.

If the hacker had got in via a lax security measure – like a weak password or FTP access – then that simple route was now blocked.

Now, some detective work.

[Read more…]

Trust is key to avoiding a bad WordPress theme

beautystore

A red flag waving is how I saw Siobhan Ambrose’s post a few days ago on why you should never search for free WordPress themes in Google or anywhere else.

What Ambrose presents in her post is the result of some credible and compelling research she carried out into what could be going on behind the scenes and unknown to you in the WordPress theme you might be running on your blog if you obtained that theme as a result of, well, googling for one.

With copious screenshots (including the one above), Ambrose analyses ten WordPress themes that showed up in the search results when she typed the phrase into Google “free wordpress themes.”

Most of the the themes she downloaded, installed on a local test server and then ran through builtBackwards Theme Authenticity Checker and Donncha O Caoimh‘s Exploit Scanner showed that the theme authors concerned very clearly didn’t have your blogging interests at heart when they wrote and made available their themes.

Here’s one of her conclusions that’s typical of most themes she analysed:

[…] Nice themes but contain 5 backlinks to random people who you probably aren’t interested in linking to. It goes so far as to tell you that if you remove the links your theme won’t work. Of course, we know that this isn’t true – but a beginner WordPress user might think twice about removing them. As for the eval function, well it could be harmless but I don’t know enough about javascript (probably like many average WordPress users) to tell you if in this case it is or it isn’t.

My suggestion

Avoid!

Much of the issue with the themes that Ambrose writes about is that it’s hard to tell whether the stuff she uncovered is malicious or not. A lot of it is to do with Base64, an encoding scheme commonly used when there is a need to encode binary data that needs be stored and transferred over media that are designed to deal with textual data. This is to ensure that the data remains intact without modification during transport, and which may have a legitimate purpose. (That concise explanation comes from a detailed Wikipedia entry which you can read if you’re inclined to immerse yourself in a relatively complex technical subject.)

tac-resultsStill, as Ambrose points out, why would a theme developer include hidden code in a theme, with no explanation or notation about it anywhere in the theme documentation, including code that hides itself where you need a special software decoder to uncover it?

As a simple test, I ran the Theme Authenticity Checker plugin on my own blog. The themes I have installed including the one I’m currently using all came up clean: nothing going on in the background that rang any alarm bells. (Whew!)

I’m convinced that one reason for that is simple – every theme I have used in the past few years and use now are from trusted sources. That means either the WordPress Theme Directory or what I’ve discovered from friends’ recommendations.

So if you’re looking for a new theme for your blog, here are three tips:

  1. If you’re running a recent version of WordPress, use the search capability within your WordPress dashboard. You’ll find it under Appearance -> Themes -> Install Theme. What that does is search the WordPress Theme Directory, a place you should have confidence in. Or just browse or search the directory directly (but doing it from within WordPress is likely easier for you as theme installation that way is automated).
  2. If a friend or colleague has a design that appeals to you, ask them where they got it from (hopefully not by googling “free wordpress themes”).
  3. Never download and install a theme that you find by googling “free wordpress themes” or variations of that – I googled “wordpress themes” and some of Ambrose’s results showed up there.

Check Amrose’s post for additional information including links for decoding tools, plugins and further reading.

Make sure you trust your sources. Stay safe!

How to automate your copyright year

footercopyrightThe other day, I noticed that the copyright notice I display in the footer of this blog still said ‘2010.’ So I dived into the code in the footer template in the WordPress theme I use and made the change so that the copyright year now correctly states ‘2011.’ Then I tweeted it as I’ve noticed many other blogs still showing last year, suggesting people hadn’t thought about it.

Earlier today, I had one of those slap-on-the-forehead moments after reading Marcie Bell’s tweet that WordPress automates copyright automatically. I think that means WordPress.com hosting and depends on your theme. Still, it was the word ‘automates’ that gave me the "d’oh!" moment as doing this manually is a little ridiculous when there are easy ways to automate it, and it’s simple to set up yourself even if you know little about PHP coding.

What I did was edit my blog’s footer template (called, logically ‘footer.php’) to include this standard PHP date code where I have the copyright text:

<?php echo date("Y") ?>

The full copyright text in the footer looks like this:

Original content copyright 2011 by Neville Hobson. Some rights reserved: see Creative Commons license for information.

In terms of what you see, nothing’s changed with the substitution of the PHP code for the actual year, 2011. The point is that, come January 1, 2012, the copyright statement will update automatically to reflect the new year now that the PHP date code is there.

The underlying code that renders the above text looks like this:

Original content copyright <?php echo date("Y") ?> by Neville Hobson. Some rights 
reserved: <a href="http://creativecommons.org/licenses/by-nc-sa/2.0/uk/" alt="
Don't steal content!" title="Don't steal content!">see Creative Commons license</a> 
for information.

You can do this yourself on any blog platform – not only self-hosted WordPress, the one I use – that lets you directly edit the code of your blog template files. There are a number of ways to do it. With WordPress, for instance, it’s easy to edit the footer.php file from the theme editor you can access from your admin dashboard. Or you could edit the file remotely and then upload it via FTP to your server. Or, perhaps you have a theme that offers user-friendly editing of some of the theme components via a choice on a theme-specific admin section in your dashboard.

However you do it, it’s automatic simplicity.