I’m excited to announce the new WordPress Featured Images In RSS plugin. It adds a site’s blog post featured images to the RSS feed of the site, with options for image size and positioning. I’ve seen lots of blog posts cover how to add this functionality to a theme by editing the theme’s functions file and manually adding the code (including one I wrote for Fandom Marketing), but 99% of the folks I talk to don’t understand how to do that. So, this plugin was born. I’ve also seen a few other plugins that do the same thing, but none with the size and positioning options, instead asking you to edit the plugin directly to make those changes (which is a terrible idea – it’ll get overwritten with any update).
Once the plugin is installed, and then activated, you can view and change the two options under Settings. The first option is the size of the featured image to be included in the RSS feed: thumbnail (default), medium, large, or full size. These sizes are references to actual media pixel dimensions that are set and can be customized under your Media Options. The second option is the position of the image, either on the left above the text (default), centered above the text, or left with the text wrap to the right of the image. For RSS-to-email campaigns in Mailchimp or other email marketing providers, I recommend the default settings.
The options page links to the Media Options page to raise awareness of those settings, and also conveniently links to Feedburner’s ping page, which refreshes the feed, if that service is being used.
I’d love to have you try the plugin on your site, and leave a comment with your thoughts.
The plugin is not available in the WordPress plugin repository (yet), but can be installed by downloading it using the link below, and then uploading it through the Plugin -> Add New -> Upload interface in your WordPress dashboard.
You can download the plugin here. (Once it’s in the repository, I’ll update this post.)
As you’re reading this, there’s almost a hundred thousand computers across the globe in an automated “botnet” attack against any WordPress installations they come across, trying to repeatedly guess the password of “admin” usernames, and a few variations of admin usernames, over and over hundreds of times per minute, until they gain access. Once they gain access, the code infects the installation with back door access and that site joins in the attack. It’s this behavior that causes me to label this attack the WordPress virus.
It’s affecting all web hosts, big and small, and some hosts have gone to extremes, locking out their own customers from their WordPress dashboards. Ouch! I wanted to raise awareness of the issue, communicate how Web Wizards is addressing the issue, and make some recommendations for site owners that want to secure their sites further. I want to clarify that this type of attack doesn’t mean WordPress is any less secure than any other platform, it’s simply more popular, and so it’s more targeted. Any platform can be attacked in a similar brute-force attack, and this WordPress botnet attack is similar to a botnet attack that happened in late 2012 against US financial institutions.
To manage this WordPress attack on our servers, our mighty system administrators have implemented specific firewall restrictions at the network level, so our servers are not affected by the load these repeated login attempts can cause. We’ve also implemented login limitations, so that any username attempt fails more than 3 times in 30 seconds gets blocked at the IP address level for one hour. We can adjust those timings as needed to what best protects the servers and your web sites. We’re doing everything we can to eliminate the threat before it reaches our servers, contain it if it does, and protect our servers and your sites from any performance issues arising from this attack.
To help further secure your site, the first and foremost thing you can do immediately is log in to your WordPress site and change the password on all Administrator role accounts to something very strong, using numbers, upper and lower case letters, and special symbols such as # $ % ! @ ^ & etc. For more details, see Selecting A Strong Password. (Do this with your email and FTP passwords, too, since those are always targets of automated scripts and spammers. Always use a strong password, and never on multiple sites.)
There are other things you could do to help eliminate your web site from being subject to these types of attacks, such as making sure your WordPress installation does not use the username “admin”. You can’t change it within the WordPress dashboard, but it’s easy by editing the WordPress database itself using a tool like phpMyAdmin, details here.
You can also install any number of WordPress security plugins, such as Better WordPress Security. Using a plugin to ban IP addresses after failed logins is probably ineffective for this attack simply because the IP addresses are so numerous and change so frequently, it would cause more server load to process and block all those… and we’re doing more at the firewall and router level that these IPs should be blocked already.
Please leave a comment with your thoughts, and reach out if we can help you secure your WordPress site better. We offer WordPress consulting beyond our normal hosting support… we can migrate your web site to our servers if you’re not hosting with us, set up local caching plugins such as WP Super Cache, harden your WordPress site (see this codex.wordpress.org article), and we can help you set your site up on Cloudflare or Incapsula, too.
For more information on this attack, here are some other good posts: Krebs On Security, Sucuri Security,
There’s no doubt that WordPress is the dominating content management system, powering well over 73 million web sites, per WordPress’ Stats, with about half of those being self-hosted.
Royal Pingdom released their 2012 update earlier this month, reporting that WordPress powers 48% of the Top 100 blogs, an increase of 32% from their findings just three years ago. Self-hosted WordPress sites make up 39% of the share, with hosted (both the free wordpress.com and WordPress’ SaaS VIP services counting as hosted).
Other platforms have therefore shrunk, with TypePad dropping the most, from 16% down to 2%. In addition to TypePad, I expect to see more and more people moving to WordPress from Drupal, Blogger, Movable Type, & BlogSmith. So does Matt Mullenweg, founding developer of WordPress and founder of the company behind WordPress, Automattic, saying:
”The last few years we’ve really focused on both the usability and flexibility of WordPress, which has resulted in accelerating growth in both big and small sites. I expect even higher adoption among the largest sites and blogs over the next year.”
If you’re interested in making the switch to WordPress, we’d love to help you.
WordPress Guest Blog Series
I am guest blogging for sister company Fandom Marketing on Blogging For Business, covering some unique WordPress topics.
Here’s a summary of a recent post, with the link to the full article:
“WordPress SEO can be maintained when moving domains or redesigning your blog using 301 redirects. It’s a vital step to keep existing search engine links working. Follow these instructions to maintain your search engine optimization on your website or WordPress blog.”
Read the full post at:
How to Set Up 301 Redirects to Maintain WordPress SEO
Here’s how to get your WordPress web site optimized for search engines to index and display your site with the keywords and descriptions you want. With a few tips and tricks, you can make WordPress very search engine friendly, and customize it’s design to rank much better than a default WordPress site ever would.
The first tip would be to host your WordPress site yourself, not on wordpress.com. The reason for this is because a self-hosted site is completely customizable, and can include additional plug-ins and other custom code that really makes a difference. We offer WordPress hosting very inexpensively, and provide help if you ever get stuck or need help with doing something you can’t figure out. Here’s more information on all the possibilities for customizing your self-hosted WordPress site:
The most popular plug-in for WordPress is “WordPress SEO”:
A quick overview of WordPress SEO is:
- Change your Permalinks to “/%postname%/”
- Optimize your Titles for SEO: “%%title%% – Blog Title”
- Optimize your Descriptions to add “%%category_description%%”
- Optimize the More text to be keywords from each post
- Image Optimization: Add ALT and Title tags to images using the SEO-Friendly Images plug-in.
These quick tips above give you the most bang for your buck right out of the gate!
Some links to plug-ins, helpful info, and more detailed explainations:
Let us know if you have any SEO tips to share in the comments, or reach out to us for more SEO help.