Continue reading »]]> I’ve noticed a huge upswing in attempts to crack the admin account for my blog lately. Way more than usual. Its no secret I monitor my log-in records. Its an easy way to spot people up to no good. I use a legacy hack from an old version of WP. It records your key strokes at log-in, your IP, how many times you fail to log in, etc. If I notice someone with too may attempts they get a friendly email (if I recognize them) or their IP blocked (If I don’t).

I can’t help but wonder if my last post might have spurred them on. hehehe  I keep a pretty good password on my admin account already. Plus, you only get 5 tries before the system blocks you anyway.¹  If you can crack it in 5 or less tries, I probably deserve to be hacked.

As an extra precaution, I switched over to a different user account. You probably won’t notice anything different on your end. I figured one extra layer of protection wouldn’t hurt. The administrator account with WordPress comes with a default administrator account and you can’t delete it. That said, there is no reason you have to use it either. You can simply set the password to something incredibly complex and create your own account with admin privileges. Tip: If you use the same plugin mentioned above (or a similar one), incorrectly log into your default admin account until it locks up. Now its permanently locked until you reset your password by email or change it from your newer admin account. Most savvy bloggers do this already.²  I confess after I switched over to my new database last year I never got around to it. I know, BAD MOBY! lol

1. courtesy of a little plugin called User Locker
2. Or they should!

Continue reading »]]> Trying to get on the easy log-in bandwagon, I finally found a plug-in that allows (and actually works) users to log in using 3rd party accounts like Google, Yahoo, Openid, Blogger, etc. You’ll notice on the right side of the page a new section called 3rd party log-ins. I tested it and found it to be functional with a few caveats. If you are already a registered user, your log-in will still function from the sidebar or the log-in page.

Caveat #1

If for some reason leaving a comment invokes the captcha test, you will see the captcha but you’ll see some funny code regarding my header failing to load.  Don’t fret, after you pass the captcha just reload my blog page and you’ll see your comment. This was already happening as I use a hack to rotate my header images.

Caveat #2

Sadly,I could not get the Facebook login to work. I tried very hard but it was beyond my understanding and I didn’t have the time or patience to sort thru it. I may revisit it later, but I have removed that option for now. Anyone familiar w/Facebook’s API’s and/or the RPX plugin I’m using, feel free to help a brother out. :p ***Update – I got it working, you can log-in using Facebook. It will not currently post activity to your wall but its a start. ***

Caveat #3

And lastly, none of the social log-ins will allow you access to hidden content on my blog. Gasp! I know. lol  I can’t change that at current. There is no hand-off built in to allow private content on WordPress. Not that it really matters as I haven’t really been adding much of anything in that arena lately.

If you have any trouble, please email me directly at my email link, bottom right of page.

Continue reading »]]> When attempting to leave a comment, you will now notice a tiny checkbox below the “add comment” button.

I added a nifty little plug-in that allows users to subscribe to a particular post’s comments.¹ So now anytime you comment on a post, follow up comments will be emailed to you, if you so choose. This is a post by post option and you have to post your comment for it to function.

I find this a very useful feature on other blogs as it saves me the effort of having to track other user comments to my replies. I figured why not add it here as well.

I had a little confusion this morning as it only shows the checkbox if you are NOT the administrator. I kept thinking it wasn’t working. Live and learn.

1. Keep in mind this has nothing to do with subscribing/registering as a user.