Last week another of my favorite plugins died. It’s called Compfight, and it’s what I used to pull in images for all of my blogs from Flickr’s Creative Commons. If you look at the first image on a post from two weeks ago you’ll see that it shows the name, and if you hover over the first link below the image you’ll see it goes back to Flickr.
Since last Thursday is I’ve been getting this particular message on all of my blogs:
The Flickr API returned the following error: #100 – Invalid API Key (Key has expired) Continue reading →
This post about the Limit Login Attempts plugin for WordPress blogs was initially written back in 2009. However, at that time I didn’t really talk all that much about how it worked or its settings, nor did I put images on my blog back then.
This is one of those things where, based on a lot of things I’ve been reading, it’s not only good to republish a piece, since most of the content is changing, but upgrading it so that it reflects more of what I want to tell you about since it’s still pertinent to our needs and security.
As stated before, the plugin is called Limit Login Attempts, and its purpose is to dissuade hackers from attempting to use their nefarious software from gaining access to our blog’s username and password. I keep coming across more folks who’ve had their blogs hacked, including some of the more famous names, and there’s usually two ways their sites get hacked. One is that a hacker’s found a backdoor way of getting in, possibly via old themes you’re not using anymore that you didn’t remove from your Appearance tab. The other is them figuring out your username and password by hitting it multiple times with their bots.
Most of us are too lazy to change our username from Admin, or forget to change it to something stronger when we first create blogs; heck, many don’t even know they can do that.. I used to be bad at this, but I’ve taken care of both that and my password with my newer blogs. Still, against automated software, you need something stronger to protect your property. That’s why I love this plugin so much.
Obviously, the first thing you have to do is install it via the install plugins link. It should pop up pretty quickly, and you should feel pretty safe using it since. One thing that violates my norm is that it hasn’t been updated in about 5 years, but it’s been uploaded way over a million times and people are still using it. I read some of the latest reviews and it seems that most people love it, but nothing’s ever 100%. However, people who are having problems with it either tried to modify it or have already been hacked, which is a totally different issue.
As you see in the image above, the first two things you get are options you don’t have to take any interest in. They’re stats that tell you how often idiots have tried to get into your blog, which I’ve never reset, and how many active bots are trying to get in now. I have to admit it’s freaky realizing that 34 of these morons are trying to break into my account right now; it’s not going to happen in their lifetime. 🙂
Before I go any further I need to warn you that whatever settings you set also apply to you. So, you’ll either need to feel confident in knowing and typing correctly your username and password unless you have it set to automatically put it in on your browser, which you probably don’t have set up if you’re doing it away from home. Just so you know, if you lock your silly self out (because you’ll feel pretty silly if it happens), you can always get back in by FTP’ing into your account on the back end, deleting the plugin, and once you get back into your blog adding the plugin and starting again.
You need to decide how many login attempts you’ll allow before it shuts down for a certain number of minutes. It’s defaulted to 4, but I’ve made mine 3 times for this blog since it’s my most popular. I have it on 4 times for my business blog and all my other blogs 5 times because I’ve been known to forget what those passwords are; sigh! lol
The second is how long you want to make people wait before they can try it again if they get it wrong whatever the number of times you set it for. The default is 20 minutes, but that didn’t feel strong enough for my tastes. I have mine set at 4,500 minutes, which is 75 hours or just over 3 days. I figured that was enough to frustrate the normal hacker who’s not all that bright.
The third is how many times you want to allow someone to try to get it and locked out again. The default is 4 more times and an increase to 24 hours. Since I’d already decided on 75 hours up front, 24 hours would have made it easier for the hackers. Once again I thought that was too generous, so I changed mine to 2 more times and 300 hours, which is 12 1/2 days. At this level the hackers have had just over a month to try to break into my blog; that’s not a bad deterrent I’d say.
This last one is the biggie though. It’s nice of the folk who created it to still give you a chance to have it automatically reset after a certain period of time. Their default was 12 hours; once again that seemed deficient from where I stand. I decided to up the ante and go with 900 hours, which ends up being 37 1/2 days before a reset.
The next two things are the default settings, and I’ve left them alone because, truthfully, I’m not sure what they really mean. Even on their page they don’t really tell you what it means, but they recommend we stick to the default.
The last two are kind of a crapshoot, depending on what kind of information you want to see.
I told mine to log all the IP addresses, and it’s been listing them since I initially added the plugin in 2009. They’re all listed just under the Change Options button, almost 15,000 of them. lol Actually, that’s not quite true, because many of the IP addresses tried multiple times to get in. You get to see all that information, which can be intriguing, but for most of you it’s probably unnecessary.
I also told mine to stop sending me email, which is the default setting. I initially wanted to get email alerts when I first installed it, but after a couple of weeks my stress level was rising and I decided I didn’t want to know. lol After this one, you hit that Change Options button to save your settings and you’re good to go!
I feel that I have an extra layer of protection, and that helps me sleep better. You’ll still want to add a backup plugin just in case someone figures out how to get into your blog and you need to restore it, as well as a firewall plugin just in case something’s already on your blog and you want to block the weasels who got it on there from activating it. This one is definitely a must to have if you ask me… so go add it immediately! 😀
With all the traffic most of us hope to get coming to our blogs, it makes the act of making sure you’re doing blog maintenance all that more important. Truth be told, most of us get things moving along the way we want it to and almost always seem to miss something. As time goes along, we add and remove things that also ends up affecting how our blogs work.
With that said, I’m going to talk about 6 areas that we need to check our blogs for to make sure they’re maintained well. Some of these are going to be things you probably know but need to decide if it’s what you really want to do, whereas others you might not have thought about. Let’s see if I can do this without turning it into another tome. 🙂
1. Broken Links
I wasn’t going to start with this one initially but it seems it’s the only time on this blog that I wrote on this specific topic. Broken links will mess up your blog in more ways than one. First, it’ll irritate your visitors if they click on a link that you’ve put in only to find it doesn’t work. Second, if there are too many of them it’ll irritate search engines and they’ll start picking on you. Neither of those things are pleasant.
The only plugin I know that works here in Broken Link Checker. It’ll find all broken links if you let it run for a while, which is a good thing. However, you don’t want to run it all the time because it’ll slow down your blog and mess up your blog speed and mobile speed. I try to remember to run mine at least every 3 months or so because you never know when people or news sources have removed content from their sites. You need to be cautious though because sometimes the content is still there but the site is having issues.
Still, it’s something you should be checking on a regular basis. By the way, if your blog is old and it’s the first time you’re running the plugin, it’s best for you to set it to go to work and you go off and do something else; trust me. 🙂
2. CommentLuv Link Checker
Since I’m talking about links, I’ll mention this one now. If you’re using CommentLuv it’s possible that the domain link is the same but the link to the blog post has gone bad. That often happens when people change their permalink structure but it also happens when someone has decided to make a post private (such as if they were running a contest that’s now over). This plugin only looks at those CommentLuv links, so it runs faster and easier than the above checker (which doesn’t look at these links). However, you still don’t want this plugin running all the time.
Now, since I mentioned CommentLuv above I might as well talk about this plugin itself. Most people don’t know this but Andy Bailey, the creator of this plugin and the GASP Anti-Spambot plugin, is very sick and is unlikely to ever update it again. This becomes problematic in two ways. One, as WordPress keeps evolving there might come a time when it won’t work with most themes anymore, and there’s nothing else like it on the market (well, anything that works well with the traditional WordPress commenting system). Two, if you have any questions and need some support, all you’re going to get is a form letter offering some things to look at since he can’t do it (although it seems to capture everything you need if you’re tech savvy enough).
Therefore, it’s important for you to keep an eye on how it’s working on your blog. For instance, there are multiple blogs I visit where, no matter what you do, you don’t get that CommentLuv thing to show you any of your previous post options to share; you might not even get your latest post. I’ve already shown people how to fix Parsing JSON error their own blogs (since sometimes it’s the visitor’s fault it doesn’t work) so that one’s been taken care of. If that’s not the issue then it’s definitely the blog owner’s fault.
Sometimes it stops working because you’re experimenting with other plugins, as I was doing when trying to get my mobile speed up to snuff. It turns out that Autoptimize and Async JS & CSS don’t always work with each theme, independently or together, and you’re not always sure which one is affecting your plugins. For CommentLuv, it seems it didn’t like Autoptimize on this blog, but I needed it to reach a good mobile speed level. It hadn’t been working for weeks, but no one who commented had mentioned it so I didn’t know until I started noticing that none of the comments seemed to be showing it anymore (I was slow in maintaining that; I slapped myself lol).
My fix was to change themes, since this blog’s theme was really old, and thus went to one that I already use on 3 of my other blogs. Now I’m running both plugins and CommentLuv is doing it’s thing and all is right with the world again; whew!
Well, except for this one thing. I can never update to the last version of CommentLuv on this blog because to get it to work, Andy forced part of it to process through the blog footer… and I’d removed mine years ago because it was getting on my nerve, and even though now my updated software has a footer, it still won’t work with it. Oh well, I’m good for now. 🙂
4. Plugins in general
Since I’ve talked about two plugins already (are you sensing a pattern?) I guess it’s time to call out plugins in general. Many of us don’t pay attention to our plugins to realize that some of them don’t work properly with our themes or our software or have basically sunset without any notice to us about them.
For instance, I used to run a plugin on this site called WordPress Thread Comments. It worked great for years, even though it’s never been updated. When I went on my quest for higher mobile speed I found that it was slowing down my sites so I removed it. Once I updated this blog I thought I could bring it back… alas, I started getting error messages. So that bad boy is gone forever here; sniff! Before anyone says it, I know it’s built into the WordPress software but it’s never worked on any of my blogs; no idea why.
It’s good to always check your plugins to see what’s been updated or not and see what’s still working and what’s not. If it still works well and is important enough (like Limit Login Attempts), then it’s all good. If it’s not working or doing anything at all, it’s best to deactivate it and then remove it. That’s an important piece; if you deactivate a plugin you’re never going to use again, totally remove it, just as I advised years ago when talking about free themes you’re not ever going to use.
5. Protecting the core of your blog
Since I mentioned Limit Login Attempts, let’s talk about protecting your blog overall. I use that plugin because those lousy creeps who try to break into blogs use software that will try to figure out your username and password thousands of times and you’ll never know it… and eventually they’re going to get through unless you’re protecting yourself. By using this plugin, I can limit how many times someone gets to try to break in to 4 times, then they have to wait so many days to try again, and if they try it for more times I can limit them to trying it again in months. This is probably the most valuable plugin there is in protecting your blog up front.
The second is some kind of firewall protection, just like what you use for your computer. I use WordPress Firewall 2, but I know there are others out there. Firewalls electronically block access into your system just in case something’s slipped through and these weasels try to activate it remotely.
The third is a plugin that does a regular backup of your blog, just in case your information gets lost (which happens all the time unfortunately). I use WP-DBManager, which backs up the entire database once a week and emails it to me. I also have WordPress Database Backup, which allows me to do an immediate backup; it might be overkill but after 11 years of blogging I don’t want to take any chances.
The fourth is a plugin that will help to optimize your database files and tables, which you should be doing on a regular basis anyway. I use WP-Optimize, which is also the plugin I recommended people use for that JSON parsing issue above.
The fifth is trying to protect your blog from a lot of spam or malware. I mentioned GASP Anti-Spambot above and that’s a good one, but there are a number of plugins one can use to help out in this regard.
This section is probably the most important maintenance you should be doing for your blog. Although I feel content is the most important aspect of blogging in general, making sure your blogging space is secure and safe is the most critical thing to think about.
This second one is a two-part lament I always have. The first part is getting an immediate response from blogs that want me to subscribe to comments, which is about 30%. If I’ve already commented I don’t, and won’t, subscribe to it; that’s just redundancy I’m not in the mood for. The second part, which is never getting notified of a response at all, is about 60%; that’s the most irksome thing of all. That last 10% are the people who never respond to comments at all; it used to be higher on my list when there was less technology involved in commenting.
If you’re using these things, using commenting systems like Disqus, or using Captcha-like junk, and you’re not getting the amount of comments you’d like, you know where your problems lie; change them! As much as I hate spam, unless I was getting 500 comments a day and most of them were spam I wouldn’t think of using any of these things. If you are, please at least check them every once in a while to see if they’re working and if you’re getting what you want from them.
We’ll stop there because that’s a lot of content for you to absorb. If you think you can handle more, check out my post about 30 mistakes you’re making with your blog; just make sure you have your favorite calming drink with you before you start reading. 🙂 Also, if you want to share your thoughts on other plugins than what I’ve mentioned above, please feel free. Happy blogging!
I actually received an email asking me to write on this topic, which is a first. The request was more for what I use to stay productive or what I use for financial purposes though. I don’t use any of that stuff for the blog, so those won’t be things what I talk about. Instead, I’m going to mention 10 plugins I don’t think I could do without, some of which I believe you should be using also.
1. Ajax Edit Comments. Let’s face it, no one’s perfect. Sometimes you make a mistake of some kind while writing your comment. This plugin allows people to edit and correct their comments within 5 minutes. If it took you longer than that to figure out you made an error, unless you left a truly epic comment, you’re out of luck.
2. All In One SEO Pack. Everyone has their favorite SEO plugin but I’ve stuck with this one. I used to hate it but I figured out how to configure it to give me what I want. The best feature is being able to write a description in if you don’t want the search engines posting the first so many words of your blog post instead.
3. Anti-Backlink. I wrote about this one so if you want to know a lot more you can follow the link. What it does is give you tools to approve or disapprove people for a variety of reasons (if your comment doesn’t immediately show up and you don’t have a gravatar, it’s because of this one).
4. CommentLuv. I have the premium version, which is the only way you can get Anti-Backlink. Whether you decide to pay for it or not, its best feature is showing current or previous blog posts of your commenters. It’s what helps folks, including myself, decide whether we want to visit those blogs to read what the writer has to say.
5. Compfight. This is what I use to find images for my blogs if I’m not using my own. You just put a word into the search area and it’ll find images you can legally use via Flickr. You also get to change the default settings for image sizes, and if you know a little bit of code, you can add your own (which of course I did lol).
6. Limit Login Attempts. You know hackers are always trying to get into your blog right? It’s one reason why it’s always recommended that you change your admin name and have long passwords. This plugin allows you to set how many times a person gets to try to get in before it shuts it down for however many hours you set it for. Also, after so many sessions you can shut it down for… well, 999 hours if you wish. Sure, they might have it automated, but even with that it’ll take them forever to get in, even if your username and passwords are weak.
7. Simple Share Buttons Adder. You need to have share buttons on your blog to make it easy for people to share your stuff. After AddThis decided to go wonky and make you create an account on their site (so they can charge you for stuff later on) I found this one and it’s perfect. You can even customize how it looks.
8. WebReader for Word Press. You see that little “listen” button at the top left of this post? That allows you to listen to the post instead of reading it. It’s not perfect and yet I know some people like to listen instead of read, especially if it’s a long post.
9. WordPress Firewall 2. Using a firewall for your blog is the same as having one for your computer. It helps hide your blog’s IP address from those folks so that they might never find you to try to hack into your computer in the first place. There are a couple of versions of this that read close to the same, but I’m using the version created by Matthew Pavkov.
10. WPtouch Mobile Plugin. You’ve heard that Google is now looking for websites to be mobile friendly correct? This plugin does the trick. If you don’t change a thing just adding it makes your blog pass muster. There are a few font choices you can make, but it turns out a couple of them takes you out of their good graces.
The best thing about free stuff is that it’s free. The worst thing about free stuff is that they can indiscriminately change it up, mess it up, make you do things you didn’t want to do if you want to keep using it and pretty much ruin your life… okay, that last point is a bit over the top, but it did mess up the blog. lol
Today’s gripe is about a plugin called AddThis, which had been recommended to me in 2013 as a great social sharing program. Lots of people were using it, and it allowed me to get rid of the 4 independent plugins I had for Facebook, Twitter, Google + and LinkedIn, the only 4 sites I share stuff to. I liked its design and how easy it all seemed to be.
Then they went and changed things up. Deciding it wasn’t so convenient for them to allow you to make changes on your own blog, they set it up with their 4.whatever update that you now had to create an account on their website and manage things from there. I assume they did that so they could pitch other services to you that you’d be charged for, since I saw something there where you could get certain types of reports and education.
All of that might not be bad; I don’t know. What I knew was that I didn’t want that kind of change. I’m kind of an insular guy; I like fooling myself into thinking I’m controlling my own stuff. Thus, I didn’t want to go to another site to take care of my business.
That wasn’t the biggest issue though. The big problem is that the widgets disappeared from the blog. Right at the point where I’d had a blog post go live reminding people how hard it was for their content to be shared if they didn’t have these buttons, mine disappeared. Well, that was slightly embarrassing; actually, I wasn’t embarrassed since I didn’t know for a day or two and, when I discovered it, knew I hadn’t done anything wrong.
Actually, that’s kind of a misnomer. I did was most of us do, which was to immediately upgrade when WordPress said “Hey, there’s something shiny and new”.
I should know better. There are upgrades when it makes sense to immediately do it. For instance, if you have version 3.5.2 anything (just as an example) and the upgrade is 3.5.7, that’s almost always just a bug or security fix that doesn’t change the version any, and you should go ahead and upgrade. However, if the upgrade goes to the immediate next number, such as from version 1.1 to 2.1… that’s when you should take a moment, go to the website and find out what’s being added or what’s changing.
After things disappeared on this blog I went to check my other blogs, all of which were running the same plugin, and my widgets had disappeared from all of them; sigh… Oddly enough, within a few days they came back on one of my blogs but not all of them. I complained on Twitter, then went to Google to do some research, thinking that maybe it was an issue with me, and found that there were lots of people who were complaining about the same exact thing… it’s true, sometimes, that misery loves company. 🙂 And I wrote on Twitter how bad it was that a company didn’t respond to so many 1-star reviews.
Lo and behold they did finally respond to me, after I’d written them something on their website, and asked me to explain my issue. So I did, and they responded that it was their intention that everyone go to the website now to manage their tools, and asked why I’d had a problem doing that, which I had.
Here’s the thing. You don’t take something that was relatively simple and change it to where your users need a crash course. In my case I did try creating an account and going to the site where I was presented lots of different links, none of which said “manage your tools here”… at least I couldn’t find it. Course I was in a state of frustration so maybe I just couldn’t see it.
No matter. I’ve inactivated it and deleted it and now on this blog I’m using something called Simple Share Buttons, which was the 4th plugin I tried because, for some reason, the first 3 I tried after I shut down AddThis wouldn’t show up here. The look is a bit different but I like it, and it works!
Because, when all is said and done, the other good thing about free is that you’re always free to find something else that works for you without lamenting your waste of money. Who’s with me on this one?