No More Smelly Facebook Blogs

Tripawds is a user-supported community. Thank you for your support!

We just disabled the Smells Like Facebook premium theme we had activated for use on Tripawds Supporter blogs. In fact, we deleted the theme files altogether because we don’t intend to bring it back. Why? Because we don’t want to smell like Facebook around here anyway.

Smells Like Facebook Copyright InfringementI just read over on the  WPCandy WordPress News blog about how Facebook sued the theme developer over copyright infringement. As if a simple cease and desist letter from such a behemoth wouldn’t do the trick, the company filed three charges against the theme developer with a maximum penalty of more that $220,000. Cough.

As a small user supported community, we don’t care to go anywhere near there. Facebook has every right to protect their intellectual property, but to sue some guy who gave away a free blog theme for six figures!? I’m just sayin’ …

What I am sayin’ for any Tripawds bloggers who may have activated the Smells Like Facebook theme on their site is, don’t panic. If you see a blank white screen when trying to view your site, it is not broken. Simply visit the Appearnace tab in your dashboard by visiting yoursite.tripawds.com/wp-admin and selecting a new theme.

Who knows how Zuckerberg may unleash his legal dogs on all those sites out their unknowingly using a theme that infringes on his copyright. But I do now how Facebook came up with the huge penalty. That’s probably what they had to pay their lawyers to file the charges!


To remove ads from your site and others, upgrade to a Tripawds Supporter blog!

How to Fix TimThumb Theme Script Security Exploit

Tripawds is a user-supported community. Thank you for your support!

Don’t panic. Security Breach Averted!

I first learned about the zero day vulnerability affecting many WordPress themes today on LinkedIn. Plenty has been written about the security flaw found in the timthumb.php script used by many themes that could result in a serious security breach by allowing the upload of malicious scripts to your server. I won’t go into detail, because these fine folks already have:

See the above links for plenty of information, opinions, and fixes. I’ll just quickly outline what I did to ensure we remained safe here at Tripawds.

  1. Log in to cPanel account for domain
  2. Access File Manager
  3. Search all files for “timthumb”
  4. Note location of file(s) if found
  5. Delete timthumb.php*
  6. Repeat for any other domains

*Note: Deleting the TimThumb script may break certain themes, or at least affect how they manage and display images. I chose to just delete any themes using the script.

If you need the TimThumb script running on your site, upgrade to the latest version. This issue has already been addressed. If, like me, you find some merit in the many discussions about the safety – or lack thereof – of allowing any scripts on your server to access data from third party sites, then delete the file. Or, follow these steps to remove the vulnerability:

Line 21: Ensure this constant is false:
define ('ALLOW_EXTERNAL', FALSE); // allow external website (override security precaution - not advised!)

Line 27: Remove all domains from this array:
$allowedSites = array();

What the TimThumb Issue Means for Tripawds Members

Nothing, really. Because we’re on top of things.

If, however, you are a Tripawds Supporter and had activated either of the premium themes, Magazeen or Mystique, you will need to activate a different theme. If you were using either of these themes and you cannot access your blog, again, don’t panic. Point your browser to yourblogname.tripawds.com/wp-admin/themes.php and select another of the more than 135 themes we make available to Tripawds bloggers.

What makes Tripawds run?

When we first started Jerry’s original three legged dog blog to share the news about his osteosarcoma treatment and recovery, we never in our wildest dreams expected tripawds.com to grow into such an incredible community of support for so many people facing a bone cancer diagnosis or amputation for their dogs.

While installing Simple:Press to power the Tripawds Discussion Forums was the first of many content enhancing improvements, it was our migration from WordPress to WPMU and subsequent transition to our current WordPress Multisite network that make the site such the valuable resource it has become.

Tripawds Three Legged Dog Blogs WordPress Multisite Network

In fact, Tripawds was recently added to the acclaimed WPMU Dev Showcase among some of the leading WordPress MultiSite communities online!

Best WordPress Multisite Plugins & Themes

So what exactly makes this network work? Simply said, it’s our WPMU Dev Premium subscription that enables us to offer such amazing functionality. Here’s a rundown of some of our favorite WPMU Dev plugins and themes that power the Tripawds community.

Admin Ads: We provide a row of dashboard “Quick Links” to many of our community’s most valuable resources using this simple plugin. It also allows us to notify bloggers of pending upgrades and other special announcements.

Admin Help Content: This provides a simple interface for creating the custom content we provide in users’ dashboard Help drop-down menu, instead of confusing them with the default WordPress support forum links.

Anti-Splog: This ultimate spam blog plugin and service stops nearly all splogs from even being created in our WordPress Multisite network. If a splog does get created, no posts are visible to the community, and an easy interface allows us to moderate or delete them.

Avatars: Ths is how we allows users to upload ‘user avatars’ and ‘blog avatars’ which then appear in blog / forum comments and blog / user listings throughout the Tripawds community.

Blogs Directory: This plugin provides a paginated, fully searchable, automatic and rather good looking directory of all of the blogs on our WordPress Multisite installation.

Members Directory: This creates and automatic directory of all Tripawds users, with avatars, pagination, and a built in search facility with extended customizable user profiles.

Invite: Allows all Tripawds bloggers to invite their friends and colleagues via email to check out their blog and register for a Tripawds account.

Recent Comments: This widget lets us display a list of recent comments from all Tripawds blogs throughout the News blog.

WPMU DEV - The WordPress ExpertsRecent Global Posts Widget: This widget shows recent posts from all Tripawds blogs, with user avatars.

Sitemaps and SEO: Automatically generates and submit Google sitemaps for all blogs on this network

Supporter: Lets us easily offer paid Tripawds Supporter Blog accounts with automatic upgrades including premium themes, premium plugins, extra storage space, the ability to instantly remove banner ads and more.

Terms Of Service: This plugin places the Tripawds  Terms of Service on the signup with an approval checkbox users must select in order to continue their registration.

The WordPress Popup Plugin: Allows us to display a simple ad directing new visitors to the valuable information in our first Tripawds e-book, Three Legs and a Spare – a Canine Amputation Handbook.

Update Notifications: This keeps us automatically updated of any WPMU Dev plugin and theme updates for best security and functionality!

WPMU Nelo: The custom homepage CMS WordPress theme we customized to improve navigation and address site performance issues.

What’s next?

I often turn to the WPMU Dev support forums for quick answers whenever I need help tweaking things behind the scenes here. I have requested development of a couple things that might help us continue enhancing the Tripawds experience. For instance, I’d like to have a Map plugin that would automatically generate a map page with member locations based on profile data.

With all this that we already offer in mind, what other new features might Tripawds members like to see?

An Overview of the New Tripawds

We did it! The long awaited theme overhaul for Jerry’s main Tripawds News blog is complete, and the votes are in. The majority of members agree that the site is easier on the eyes with a vast performance improvement.

WordPress, Multisite and BuddyPress Plugins, Themes and Support - WPMU DEVUpcoming posts here behind the scenes will detail the various new site enhancements, but here’s a brief rundown of the new and improved Tripawds Blogs community site:

Easily implementing all these new features were only possible with our WPMU Dev Premium membership. Most noticeable, however, is the site’s new look and feel.

We are now running WPMU Nelo as the active theme for the main site where we maintain the News Blog, discussion forums, chat room, galleries, videos and other health tips and resources.

With the help of WPMU Dev Premium developer richie_ks, I was able to customize Nelo to meet the needs of this community. Top concerns were an easier way to navigate the vast resources available, less clutter, and above all, better performance.

This makeover was a long overdue major undertaking. Over the past four years our original theme had become bloated and outdated, seriously impacting page load times. By customizing the already slim Nelo code-base, however, we were able to enhance the user experience while vastly improving overall performance.

While it is impossible to please everyone all the time, it seems at first glance that we have achieved the primary goal of this overhaul which was to speed up the forums. We look forward to hearing your feedback with a comment below or in this Tripawds site makeover feedback topic.

Stay tuned for complete details about all the new features, and how we did it. Or, read on if you’re a WordPress multisite administrator who may be interested in how we customized the Nelo CMS theme… though this project was yet another crash course in PHP and CSS for yours truly, below are just a few hacks I’m particularly proud of.

How to Add WordPress Site Stats to Theme Header

We liked how site statistics were displayed in some other WPMU Dev themes, but that wasn’t built into Nelo. With the get_sitestats function being native to WordPress, here’s how we added it the header.php template file to show the current members and users with links to each directory on every page.

<!-- stats -->
<div><?php
$stats = get_sitestats();
echo 'Currently home to <strong>'.$stats[ 'users' ].' <a href="http://tripawds.com/members/" title="Active Tripawds Members Directory">members</a></strong> and <strong>'.$stats[ 'blogs' ].' <a href="http://tripawds.com/blogs/" title="Active Tripawds Blogs Directory">blogs</a></strong>.'; ?></div>
<!-- stats -->

Easiest way to add Random Header Images

The WPMU Nelo theme allows for custom header image upload, but Tripawds members like to see the rotating photos. After searching far and wide for a random header image solution to match my programming skills, I found this simple random header image tutorial to keep these by disabling the theme’s header image options and editing header.php with this little bit of magic…

<!-- Random Headers -->
<img  width="900" height="200" alt="Tripawds Three Legged Dog Heroes" src="http://tripawds.net/wp-content/themes/wpmu-nelo-child/headers/header_<?php echo(rand(1,24)); ?>.jpg" />
<!-- Random Headers -->

In this generated image url, the rand(x,x) echo will randomly show images titled header_x.jpg, where x is any number from 1 to 24. Name your header image files following this protocol and let the script do it’s magic.

Edit Nelo Profiles Panel for Easy Site Management

One of the best new features the Nelo Theme offers is an optional Login / Profile Panel above the sidebar. Editing the profiles.php template file will make your changes appear on every page showing the panel. And since the identified user’s name already appears as a link to his or her profile, I added a direct link to the user’s main dashboard screen.

A Bit about child themes

Finally, Nelo is constructed with a parent / child theme structure. This will facilitate future theme updates by preserving any customization edits.  By editing the child-style.css file for instance, I was able to add nice rounded corners and a soft shadow to the site container, which you will see in Firefox and Safari, but not if you’re still using Internet Exploder.

Here’s what I did to properly use my customized version of nelo, while preserving edits during future updates:

  1. Upload both Parent and Child theme folders to wp-content/themes
  2. Activate child theme for site*
  3. Copy any template files from parent to child directory and make desired edits.

For complete details and ongoing theme support, I highly recommend a WPMU Dev Premium membership.

*We will not be offering Nelo as an available theme to Tripawds Bloggers, so I activated the Child theme from the Edit Site tab as Super Admin. This keeps it hidden from the Themes tab on all sub-sites.

Supporters Demystified

wpmu premium supporter wordpress menu tabTripawds community members may have some questions about the enhanced features enabled for Supporter blogs. WordPress MU site administrators might be interested in how the upgrade function works.

I hope to shed some light here on all of the above. So, let’s talk about Tripawds Supporters and the WPMU Dev Premium Supporter plugin.

As a reminder, all free Tripawds Blogs include basic comment spam protection – using the TypePad anti-spam plugin – and 25MB of upload space for storing photos. Free blogs also show banner ads at the top and bottom of every page. The Supporter mu-plugin allows us to automatically increase a Supporter’s upload quota to 1GB and turn on enhanced blog features by activating additional plugins on that blog. It also immediately removes the banner ads from upgraded blogs, and allows Supporters to turn off ads on other Tripawds blogs. Best of all this is all done automatically upon upgrade, which can be done via single payment or recurring subscription.

I would like to think I was at least a little helpful in identifying certain issues with the new Supporter v. 2.0, but I can take absolutely no credit for the amazing development work and quick update release. We are now running Supporter v. 2.0.2 and I am happy to say it’s new features are impressive. How does it work? The mu-plugin includes various files, some required, others optional, all of which are simple to install if you can follow the clear instructions. Let’s take one feature at a time…

Hiding Ads on Supporter Blogs

For Site Administrators: a small snippet of code is used in conjunction with an optional component (supporter-ads.php) to show or hide whatever text you want, wherever you want. We use it to hide Google ads in the header and footer of Supporter blogs. Simply wrap the AdSense HTML within this snippet where indicated, and it will only display if the the blog is not a Supporter. The exact opposite can be done with a different bit of code, showing any desired text only on Supporter blogs. There are also admin settings for the number of blogs – from 0  to 100 – on which ads that can be disabled by Supporters.

For Tripawds Members: There is no need to anything to remove ads from your blog, other than upgrade to Supporter status via the Supporter tab in your blog dashboard. Ads will immediately disappear upon upgrade. An added plus for Supporters is the ability to turn off ads from displaying on up to 10 of their favorite other Tripawds blogs. After becoming a Supporter, simply visit your Blog Dashboard -> Supporter -> Disable Ads. Simply follow the instructions there to search for blogs on which you wish to turn off the ads. Add them to your list, and you will no longer see ads when visiting those blogs.

Activating Premium Pugins

For Site Administrators: The new Supporter admin menu now includes plugin management features very similar to the free WPMU Plugin Manager mu-plugin. No surprise really, considering it was built by the same developer. Many kudos to Aaron for adding functionality for admins to enable plugins on non-supporter blogs. But using the Premium Plugins menu, admins can simply select which plugins they want Supporters to have, with the following options:

  • None: Plugin is available for activation by site admins only
  • Anyone: Plugin can be activated by any member blog
  • Supporters: Plugin is only available on Supporter blog
  • Supporters (Auto-Activate): Plugin is automatically activated on Supporter blogs upon upgrade

For Tripawds Members: For non-supporters, the Blog Dashboard -> Plugins tab will show the TypePad Anti-Spam plugin, which should be activated if it is not already. This will help reduce the spam comments received through your blog. There will also be a list other plugins available upon Supporter upgrade. Here is a rundown of the plugins we currently offer Supporters, and their status upon upgrade:

  • WP-SpamFree (Auto Activated): This powerful anti-spam plugin will virtually eliminate comment spam. Includes a spam-free contact form that can be easily added to your blog. Visit plugin website
  • Viper’s Video Quicktags (Auto Activated): Easily embed videos from various video websites such as YouTube, DailyMotion, and Vimeo into your posts. Visit plugin website
  • Subscribe To Comments (Auto Activated): Allows readers to receive notifications of new comments that are posted to an entry after they have commented on the post. Visit plugin site
  • All In One SEO Pack (Requires Activation): Comprehensive Search Engine Optimization options for your blog. Visit plugin website

Offering Premium Themes for Supporters

For Site Administrators: Much like Premium Plugins, the new version of Supporter now allows site admins to make certain blog themes only available to supporters. All members would be able to preview how their blog looks in the Premium theme, but they would be presented with a message about upgrading upon an attempt to activate it.

For Tripawds Members: We have not yet implemented Premium Themes as we are still seeking feedback about which themes might be considered, well … premium! We offer more than 100 blog themes and in all honesty have only tried out a handful. A whole bunch of new themes are in the works so stay tuned.

What does it cost?

For Site Administrators: All of the WPMU Dev Premium plugins, themes, videos, and support are included with a WPMU Dev Premium membership subscription. Site admins can set the price for Supporter upgrades for one, three, and twelve month subscriptions or for the single payment method. An option for setting the number of free days blogs have with Supporter features is also available. The new Supporter sign-up page even includes daily cost calculations to show members what they can save by upgrading for longer periods.

For Tripawds Members: A Tripawds Supporter blog upgrade subscription costs only $25 a year. A one month subscription costs $5, and we offer three months for $10, so savings are clearly realized with the annual option. We chose the subscription method (over single payment) since Supporter features are automatically disabled upon the expiration date. We don’t want any members getting surprised by deactivated plugins, so we went with the automatic renewal.

NOTE: Be sure to cancel your PayPal subscription before it expires if you do not want to pay for another year of enhanced blog features!

Believe it or not, this just brushes the surface of all the new features available in Supporter 2.0, but hopefully it explains a few things for our members. We would love to hear your feedback, so please leave a comment below. Or, feel free to ask any questions in the Tripawds Technical Support discussion forum. We’re especially interested in what Tripawds members think about the subscription vs. single payment method for Supporter upgrades, and whether anyone is interested in using the new optional Amazon payment gateway.

For the record, as of today there are eight active Tripawds Supporter blogs. With nearly a thousand members, and operational expenses in the thousands of dollars, please don’t think we actually making money here. We offer plenty of tips to make the most of free Tripawds Blogs, and use these Supporter features to thank those members who generously show their support.