Behind the Scenes – Page 6 – How We Keep the Tripawds WordPress Multisite Blog Network Hopping Along

Add ChipIn Widget To Tripawds Blogs

Let’s talk about widgets. Specifically, the 2010 Tripawds Campaign widget popping up all over the Tripawds community recently.

Tripawds is a user supported community, but we hate having to ask the community for support to keep this site up and running. So, the sooner we can reach our campaign goal, the sooner we can remove this annoying widget:

And here’s how you can help. In fact, here’s how you can add any widget to your Tripawds Blog sidebar. But let’s take a step back …

We are always happy to see new members join and create their own Tripawds Blog. But we are always surprised to see some of those same new blogs still have their default sidebars months later. We recommend all new bloggers view their blog and follow the helpful links provided in the default sidebars for doing things like changing the custom header, uploading user and blog avatars, and yes… updating the sidebars and widgets!

All blog themes available to Tripawds Bloggers include at least one sidebar. Widgets are sections that can be added to these sidebars from the Appearance menu of your blog dashboard. Standard widgets include a calendar for archived posts; lists for post categories, blog pages, or favorite links (your blogroll); recent posts and comments; meta information; or any arbitrary text.

NOTE: Keep the Meta widget in your sidebar for easy access to your blog dashboard. If you remove it, you can always visit your dashboard at yourblog.tripawds.com/wp-admin

Simply drag the widget you want to the preferred location in your desired sidebar, and “drop” it. Configure any available settings, click save and visit your blog to see the changes.

The text widget is the one we’ll be using in our example here. Follow the instructions below to help show your support for the 2010 Tripawds Community Campaign by adding the ChipIn widget to your sidebar.

How To Add Chip In Widget to Blog Sidebar

Copy the ChipIn embed code by clicking the “copy” link in the widget above.
Visit your blog Dashboard -> Appearance -> Widgets tab.
Expand the sidebar where you want to add the widget (If it is not already visible).
Drag the Text widget to the desired location of your sidebar. (A dotted line will represent where it will appear.)
Release the widget and an expanded field will appear.
Add a title to your new widget. (i.e.; Help Support Tripawds!)
Paste the entire ChipIn code you copied into the content area of the new widget.
Click Save, and view your blog to see the changes.

You should notice the new sidebar widget in your blog, just like in the right sidebar of this blog. (NOTE: If widget is missing here, the campaign must be over!) Don’t forget to remove the widget when we reach our campaign goal so we can stop begging for help. Thank you for yor continued support.

Any questions? Ask with a comment below or in the Tripawds Tech Support forum so we can share the answer with the community. If you’re wondering what the heck ChpIn is, click the “about” link in the widget or check out the Tripawds ChipIn Page for complete details.

New features in WPMU 2.9.1

In his post about how to add commentmeta tables to your WordPress MU database, Donncha said …

…nothing quite like the stress of upgrading and finding that something has broken.

So true. I’m just happy nothing broke during our recent upgrade to WPMU 2.9.1, because apparently the upgrade function can choke when creating all those tables. We have over 160 blogs and all went well, but Admins for large MU sites should take care to run the script Donncha provides before upgrading. Then they should also skip ahead to WordPress 2.9.1.1.1.1.1.1.1.1.1.1.1.1. Supposedly this will be the last release before the big merge.

WordPress MU 2.9.1 New Feature Overview

What does all this mean for Tripawds community members? Just that we are successfully running on WPMU 2.9.1 now, which includes some great new features in addition to various bug fixes.

Video embedding made simple

WordPress 2.9 introduces native video embedding! Now all Tripawds Bloggers can easily insert a video from sharing sites like YouTube, simply by adding the video URL to their post …

See! It’s that simple. Just copy and paste the video page URL onto a new line in your post and the video will be automatically embedded. It is important that the video URL be on a line by itself and that the text is not wrapped in any tags, so don’t style it or link it to the video page itself. Native video embedding supports the following video sharing web sites: YouTube, Vimeo, DailyMotion, blip.tv, Flickr (both videos and images), Viddler, Hulu, Qik, Revision3, Scribd, Photobucket, PollDaddy, Google Video, WordPress.tv.

Viper’s Video Quicktags Enhance Embedded Videos

So what does this mean for Tripawds Supporters who have been using the Viper’s Video Tags plugin? Just that they now have advanced control over how their videos appears if they choose to continue using it. Viper wrote the new native object embed code, so his plugin is completely compatible. Supporter blogs can still embed movies and have additional video sharing sources to choose from. Supporters also have the ability to embed raw Flash video files, and have much more control over how their videos display …

Viper’s Video Quicktags plugin allows embedding from the following video sharing web sites: YouTube, Google Video, DailyMotion, Vimeo, Veoh, Viddler, Metacafe, Blip.tv, Flickr Video, IFILM/Spike, MySpaceTV, Flash Video (FLV).

Viper’s Video Quicktags plugin has been disabled. WordPress now supports auto-embedding of videos.

WordPress MU Blog Dashboard Trash Can

Tripawds Bloggers will also now notice a Trash link when managing posts and comments on their blog. This allows for the removal of items without immediately deleting them. The Trash can (and should) then be emptied periodically to permanently deleting the unwanted items. This protects bloggers from inadvertently deleting valid comments or valuable post drafts.

Issues with New WordPress Image Editor

One of the most anticipated feature enhancements has to be the new Image Editor built right into the WordPress Media Library. There have been a number of reports, however, regarding difficulties so we will report back with an update on that. For now, feel free to provide feedback in the forums.

Who needs domain mapping?

I wonder just how many Tripawds Bloggers might consider upgrading with a Supporter subscription if they could have their very own custom domain mapped to their blog. And by that, I mean how many would like the idea of blogging about their pups at yourblog.com instead of yourblog.tripawds.com.

The answer will determine whether or not we implement the Domain Mapping plugin from WPMU Dev Premium here. It integrates with the Premium Supporter plugin we use, and would enable Tripawds Supporters to enter their registered domain name and have their blog appear online at that address instead of here at theirblog.tripawds.com. Domain registration would be necessary of course, with just minor edits to the DNS record at the registrar.

So, really cool new feature? Or, more hassle than it’s worth?

In the meantime, I’ll explain what I did to redirect our parked domains to this WPMU install. Any WordPres MU site admin who searched and found this post may now be saying, “You can’t do that” and they are right. That’s why we’re considering the Premium Domain Mapping plugin. At which point they may now be saying, what about Donncha’s free WordPress MU Domain Mapping plugin? Well, as I mentioned, we’re considering adding this to our list of Supporter Blog features. But there I go digressing again …

How to Redirect Parked Domains to WMPU Site

After discovering that our parked domains were redirecting to the WPMU sign-up page instead of the primary blog index as expected, I searched the WordPress MU support forums and discovered that this was actually expected behavior after all. So I did some homework and figured out a work around.

Remove parked domains…

The first thing to do when redirecting parked domains to a WPMU site is to unpark them. Access your your cPanel account and remove the parked domains you want to redirect to your primary blog, assuming they are already parked there.

Next, click the Addon Domains button in your cPanel account. Here you will create add-on domains for all those you have registered and want to redirect to your primary blog.

cPanel Addon Domains

Once you have added the domain, return to Addon Domains and select Manage Redirection. Redirect the new domain you just added to the root of your primary blog (or wherever you desire) and click Save. That’s it!

You will notice in the screenshot that I renamed the file directories in my document root to keep folders for all the addon domains nice and tidy together. They will all reside in the public_html directory where you installed WordPress MU.

This method proved quick and simple for me. And you will now notice that tripawds.org and tripaws.org now both successfully redirect to tripawds.com. It’s a workaround, and it’s not true domain mapping as you will notice in the address bar, but it does the trick for us. If more than a handful of members are interested in upgrading to have custom domains for their blogs, I can just remove these Addon domains and install the Domain Mapping plugin.

How to automatically redirect web pages

Another option I considered before figuring out this workaround, was to set up hosting accounts for the parked domains and add static pages for auto redirection. Below are a few methods for doing that if anyone is so inclined.

Manual URL Redirect…

The simplest way to redirect visitors from any web page to another is with a manual URL redirect, forcing them to click a link to proceed:

Please follow <a href="http://www.example.com/">link</a>!

Redirect Domain using Refresh Meta tag…

Using the “meta refresh” method, it is possible to specify the URL of the redirect page, thus replacing one page after a specified time by any other. A timeout of 0 seconds means an immediate redirect:

<head> <meta http-equiv="Refresh" content="0; url=http://www.example.tld/"> </head>

Auto-Forward web page using PHP…

In PHP, header() is used to send a raw HTTP header to the browser. Using the location function, this can be used for auto-redirection. Note that header() must be called before any actual output is sent:

<?php header("Location: http://example.tld/"); ?>

Redirect web site using .htaccess…

There are many methods to redirect a web site using the .htaccess file. Adding this to the .htaccess file of the domain you want forwarded is the most basic:

# redirect entire website to another domain Redirect 301 / http://example.tld/

Permanent redirect HTTP Status C0de 301…

Adding the HTTP 301 Status code to any web page before the opening <head> tag will result in immediate and permanent redirection:

HTTP/1.1 301 Moved Permanently Location: http://www.example.org/ Content-Type: text/html

How to extend Supporter Blog subscriptions

Tripawds Supporter Blog subscriptions are automatically renewed via PayPal, based on the renewal term selected when upgrading the blog. If a PayPal subscription is canceled before the renewal date, enhanced Supporter blog functions will be deactivated upon the renewal date, no sooner.

This is all made possible using the Supporter plugin available with our WPMU Dev Premium membership. But it puts site administrators – that’s me – in a position to wonder about how to handle early cancellation of a Supporter subscription if the blogger has been generous enough to contribute to Tripawds with a separate donation. This happened recently – thank you Maggie! And here’s what I did to modify the renewal date that appears in the Supporter tab of her dashboard.

Any WordPress MU site administrator who wishes to extend a Supporter subscription for longer than the 365 day maximum allowed via the Admin panel:

Access your WPMU database with PHP MyAdmin
Find the wp_supporters table and click Browse
Find the blog ID* with the date you want to modify and click Edit
Enter your desired Unix timestamp** in the expire field and click Go

*The blog ID is the first digit(s) of the Custom Number field in the Supporter subscription announcement email. For example, blog ID #294 with a 3 month $10 subscription is identifed by Custom Number: 294_3_10.00_USD_1234567890

**The Supporter Subscription expiration date is identified by Unix time, or POSIX time, which is a system for describing points in time, defined as the number of seconds elapsed since midnight of January 1, 1970. Many Unix Time Conversion tools can be found online.

For additional help using Supporter 2.o please visit the WPMU Dev Premium Support forums.

The Ongoing Fight Against Spam Blogs

The fight against Spam Blog registrations for any WordPress MU site administrator – that’s me – is an ongoing battle, that often seems to have no end. But at the risk of jinxing things I would like to think we are finally winning the war against these splogs, which are much worse than any old Spam.

Splogs - Even Worse Than Spam!

Tripawds members can feel free to report questionable blogs here in the Tech Support discussion forum. Just keep in mind, that said blogs may very well be deleted by the time you do so since we are always doing our best to immediately get rid of any that actually get created. We just can’t do so in our sleep. Thank Dog there are tactics that can!

WPMU site administrators may be interested in the available anti-splog options and these steps we took to slow the flow of splogs here at Tripawds …

Restrict WPMU User and Blog Registration

The only bulletproof way to keep splogs out of your WPMU site is to disable registration, and require users to email requests for signup. We’re not about to do that since we want all new users to have immediate access to our canine cancer discussion forums, and be able to start sharing their three legged dog stories right away.

The Secure Invitations WPMU plugin stops access to your signup page, except where the visitor has been invited and clicked the link in their invitation email. This seems like a great solution for stopping automated splog signups on private or corporate installations, but it would not work for us. Too many people find Tripawds when searching for help to allow registration on an invitation only basis.

Edit .htaccess to Stop Automated Spam Blogs

One sure fire way to stop automated spam blog registrations is to ban any signups resulting from POST requests (form submissions) for wp-signup.php that have not been sent from a web page within the WPMU site itself. D’arcy Norman makes this easier than it sounds.

For complete details, or to ask any related questions, please visit his original post about how to stop WPMU spam blogs with .htaccess file edit. Be sure to read the comments there as many concerns have been addressed.

To summarize, however, adding the following to your .htaccess file will indeed stop most if not all automated spam blog registrations:

# BEGIN ANTISPAMBLOG REGISTRATION RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteCond %{REQUEST_URI} .wp-signup\.php* RewriteCond %{HTTP_REFERER} !.*yourdomain.tld.* [OR] RewriteCond %{HTTP_USER_AGENT} ^$ RewriteRule (.*) http://die-spammers.com/ [R=301,L] # END ANTISPAMBLOG REGISTRATION

All you need to do is change yourdomain.tld to the domain of your WPMU website, and change die-spammers.com to wherever you want potential spammers redirected. We send them here for an explanation, since there may be a rare occasion when legitimate users might get blocked – if they clicked the signup link from an email they were sent, for instance.

Another more serious tactic to deploy is banning any spam blog registrations from specific ip addresses. This can also be done by editing your .htaccess file. Check your server logs or new registration emails to find out where they’re coming from and then block their IP addresses in your .htaccess file by adding the following:

# BEGIN IP ADDRESS BAN order allow,deny deny from 192.168.44.201 deny from 224.39.163.12 deny from 172.16.7.92 allow from all # END IP ADDRESS BAN

Or, block a range of IP addresses:

# BEGIN BAN IP ADDRESS RANGE order allow,deny deny from 192.168. deny from 10.0.0. allow from all # END BAN IP ADDRESS RANGE

Please note that the IP addresses shown are examples only! Special thanks to Sarah over at WPMU.org for this one, and other tips to get rid of spam blogs once and for all.

Stop Common Spam Users in Their Tracks

Using cPanel …

At this point, I thought we had defeated the sploggers. But alas, before long we had more Money Making Tips for Tripawds. After getting tired of editing our .htaccess file, I took to banning IP addresses directly from cPanel using the Quick Deny feature of csf – ConfigServer Firewall. This is much quicker, and enables me to easily search for banned IP addresses should a legitimate user get blocked, which has not happened yet.

Banning known spammers …

Some of the most common spam blog registrations come from easily identifiable sploggers. One such known malicious username format is fullname#### – such as geraldmason1976. No such users will ever register for Tripawds Blogs ever again thanks to our WPMU Dev Premium membership. With our membership, I am able to particiapte in the WPMU Dev Premium Support Forums where I helped test this Splog Check for Known WPMU Spammers…

Within the wpmu_validate_user_signup function, I added the following hack to disallow any username ending in four digits:

// BEGIN 4-DIGIT USERNAME BAN $tmp_user_name = substr($user_name, -4); if (is_numeric($tmp_user_name)) { $errors->add('user_name', __("Username not allowed")); } // END 4-DIGIT USERNAME BAN

Special thanks to Dr. Mike for this one. For detailed instructions, and to take advantage of many other benefits including Premium WPMU plugins and themes, please sign up for a WPMU Dev Premium membership. And if anyone is wondering why they couldn’t join Tripawds with a username ending in four digits, that’s why!

But it still wasn’t enough to keep me from deleting far too many spam blogs every morning. It was time to edit some core files…

Reword Signup Page to Confuse Sploggers

Many sploggers use Google to find WPMU signup pages by searching for their default content. Once they find pages including phrases like “Gimme a blog!” or “Just a username, please.” they know where to go to create their next blog for stretch mark creams or making money online.

By rewording the content within our wp-signup.php file, we were able to thwart some more spam blog registrations. Here is the default content from the lines I edited to re-phrase:

#157: 'Get <em>another</em> %s blog in seconds'
#178: "If you’re not going to use a great blog domain, leave it for a new user. Now have at it!"
#241: 'Get your own %s account in seconds'
#254: 'Gimme a blog!'
#257: 'Just a username, please.'

Be sure to use proper HTML entities where necessary, and do not edit any PHP code – like %s whatever that means. Keep a copy of the original file to be safe! And for the record, this information is based on WPMU 2.8.6 – line numbers and code may or may not change in future revisions!

This alone was still not quite enough to keep the sploggers at bay. More extreme measures measures were necessary…

Rename WPMU Signup Page to Stop Splogs

Savvy sploggers know to search for the signup page by its file name. A simple Google search like “Gimme a blog!” inurl:wp-signup.php will result in numerous sites to attack, for instance. Nefarious automated spam bots also know to go directly to wp-signup.php for immediate registration. Renaming the WPMU signup page was the final step we took to slow splog registrations to a crawl here at the Tripawds Blogs community.

There are a few important steps, however, to keep in mind when taking this measure to stop spam blogs.

If you rename wp-signup.php there are five core file locations where the link must be updated:

wp-signup.php: rename file and update link to match on lines #26, #179, #242, #311, & #391
wp-login.php: update link to match on line #390
wpmu-settings.php: update link to match on line #154

Again, these are the line numbers in WPMU 2.8.6 – future revisions might differ. Now, the reason I put off doing this for so long was because we had linked directly to our signup page in numerous blog posts and discussion forum topics. Had I renamed the signup page to anything other than wp-signup.php all these existing links would be broken.

So, after discovering the following SQL query to easily search and replace terms via PHP MyAdmin, I went for it:

UPDATE wp_{id}_posts SET post_content = REPLACE (post_content, 'wp-signup.php', 'wp-renamed.php')

Simply replace {id} with the ID number of the blog you want to search. And replace ‘wp-renamed.php’ with whatever you renamed your signup page. To run the same search and replace query within SimplePress Forum posts, just replace wp_{id}_posts with wp_{id}_sfposts. Also, be sure to edit any theme files or sidebar widgets you may have that point directly to your signup page.