HTTP Error – WordPress Media Upload/Image Upload

At least few of the WordPress users might be familiar with this error “HTTP Error ” on WordPress admin area while uploading Images to Media library. It’s a known issue and I am going to give you the simplest way to resolve this error.Http-error-wp

This usually gets fixed by increasing upload limit in php.ini which has to be uploaded in wp-admin folder.

If that does not help then it can be easily fixed by switching the default image editor to GD. For this, we will have to create a plugin manually from your cPanel and enable it from WordPress admin area. The steps are as follows; Go to your “plugin” folder of your wordpress installation through your cPanel FileManager or FTP. “yourdomain.in/wp-content/plugins/“ Create a folder “default-to-gd“ Get into the folder and create a file called “default-to-gd.php” inside the folder. Paste the following lines of codes into the file and “Save” it. The following codes will set GD as your default Image Editor instead of Imagemagick.

==============================

<?php
/*
Plugin Name: Default to GD
Plugin URI: http://wordpress.org/extend/plugins/default-to-gd
Description: Sets GD as default WP_Image_Editor class.
Author: Mike Schroder
Version: 1.0
Author URI: http://www.getsource.net/
*/
function ms_image_editor_default_to_gd( $editors ) {
$gd_editor = ‘WP_Image_Editor_GD’;
$editors = array_diff( $editors, array( $gd_editor ) );
array_unshift( $editors, $gd_editor );
return $editors;
}
add_filter( ‘wp_image_editors’, ‘ms_image_editor_default_to_gd’ );

==============================

5. We have created the required files for the Plugin and now login to your WordPress admin area and Go to “Plugins Or Manage Plugins“.

You should see a plugin called “Default to GD” that we have created from File Manager just now. Click on “Activate the Plugin” and activate it.

Your default image editor has now been changed to GD once you activated the plugin perfectly. Try uploading your Images to your Media now, it should work.

How to Protect Your WordPress

As many users are probably aware, WordPress is one of the premier open source blog software available on the internet. It has gone far beyond the standard weblog and is now an excellent foundation for just about any type of website. However, the internet itself is fraught with inherent dangers which leave users open to attack by unscrupulous hackers.wordpress protect

It must be understood that it is impossible to prevent every attack, but there are many steps that can be taken to protect WordPress users and their websites. WordPress users have found the software to be highly configurable with an excellent support community available. Because of these features, users can expect considerable levels of security by adhering to the following recommendations outlined below.

How Your WordPress Blog is Affected

In the past, the goal of web hackers was simply to disable websites. These criminals, however, discovered that taking a website down did not produce any benefits. Today, their new mode of attack is to hijack websites for their own gain. WordPress hackers accomplish this primarily through link injection. They hack into the user’s web files and insert lines of code that attach unwanted links to practically every web page. The two primary negative effects of link injection are:

Time and resources involved in cleaning up the attack

Decrease of search engine page rank

WordPress users invest a significant amount of time, energy, and financial resources to set-up and maintain their blog. A blog may be used to generate substantial income for the WordPress user. Page rank is affected when search engines notice excessive links and flag a website. When search engine page rank is adversely impacted by an unwanted link injection, a user may face lost web traffic and, in turn, income.

How to Protect Your WordPress Blog

The goal of protecting a WordPress blog is to prevent outsiders from accessing a user’s web files. By taking the following measures, users can be proactive in the fight against hackers.

Standard Blog Maintenance 

An essential component of proper blog maintenance is to make certain that plugins and themes come from a trusted source. The best way to ensure this is to choose only those found in the WordPress.org plugins and themes directories.

Additionally, regular updates of plugins, themes, and the WordPress installation are also necessary for effective blog maintenance. These updates repair bugs and security vulnerabilities that have been discovered in the programs. It is best to update plugins and themes before updating the installation as compatibility issues may arise otherwise.

WordPress users should be aware that it is extremely important to backup the entire installation on a regular basis. Users should make themselves familiar with the process of restoring backup data in order to minimize down time if a problem occurs. The ideal backup system will be off the primary server and include redundancy.

Password Security 

A strong password is one of the first lines of defense against hacker attacks. A strong password may be defined as a password that is not easily guessed and contains both numbers and letters. The most secure passwords are random strings of letters and numbers, which may require the WordPress user to store this password in a secure location. There are internet sites that generate these random strong passwords at no charge.

To further maximize password security, WordPress has included the option of using secret keys. A secret key is a hashing salt that adds random elements to the user’s Key.

Creating a Secure User Name

The default administrator account for WordPress installations is given the user name “admin.” Most hackers are aware of this, and as a result, have half of the information necessary to access a user’s data. The only other piece of information hackers need is the user’s password. To protect a user’s account, this username should be changed to something unique. This can be accomplished in one of two ways depending on the user’s familiarity with MySQL.

Those familiar with MySQL can use a frontend program like phpMyAdmin or the following command: UPDATE wp_user_login=’new user’ WHERE user_login=’admin’.

For those that are unfamiliar with MySQL, the following steps should be taken:

Create a new user with a unique username

Assign an account to admin role

Log out and then log back in using the new user account

Delete the admin account

Recommended Security Plugins

There are several plugins available to WordPress users that can assist with blog security. The following are recommended security plugins for WordPress users:

WP Security Scan

This plugin searches the user’s installation for weaknesses that enable hackers to gain access to the user’s files. It also suggests the actions that will correct these weaknesses. The WP Security Scan may be initiated occasionally and need not be active at all times.

WordPress Exploit Scanner

By scanning a user’s files for evidence of a hacker intrusion, WordPress Exploit Scanner can alert the user to problem areas. Similar to the WP Security Scan, this plugin may be initiated occasionally and does not need to be active at all times.

WordPress File Monitor

This plugin constantly monitors a user’s files and alerts the user to any changes that are made. The user should be able to easily identify changes that are the result of attacks by hackers. To work effectively, WordPress File Monitor should remain activated at all times.

Login Lockdown

Limiting the number of times a login may be attempted, this plugin prevents hackers from guessing a user’s password through multiple efforts. The lockdown time can be set to the user’s personal preference. The Login Lockdown feature should be activated at all times.

Folder Permissions

Another method by which hacker attacks can be thwarted is to make sure the user’s folder permissions are set properly. Many blog hosts allow folder permissions to be set through the control panel. If not, stand alone ftp programs offer users the ability to change these permissions. A good rule of thumb for folder permissions is to set files at 644 and folder at 755. This should provide most plugins and themes the access they require. If the user finds that there are folder access problems, permissions may be increased as needed.

Change WordPress Table Prefix

The default installation of WordPress sets the database tables with the prefix wp_. This is another bit of information that hackers know well. Database files may be hidden by making the table prefix unique. This is accomplished by changing the wp-config.php file. Prior to installing WordPress on the user’s server, the wp-config.php should be changed. Changing existing tables can be quite complicated if these adjustments do not occur before WordPress installation.

.htaccess Lockout

While this method of security can become somewhat tricky, it is very effective at preventing a hacker attack. The goal is to specify the IP address or range of IP addresses that can access the administration section of WordPress. To do this, create a .htaccess file in the wp-admin directory on the user’s WordPress web hosting account. The file should contain the following information:

AuthUserFile /dev/null

AuthGroupFile /dev/null

AuthName ‘Access Control’

AuthType Basic

order deny,allow

deny from all

#IP address to Whitelist

allow from xxx.xxx.xxx.xxx

Users may specify as many IP addresses as they like, and change the IP addresses easily. There is a drawback to this type of security measure, however. If there are many computers accessing the administration portion of WordPress, there will be many IP addresses to coordinate. For some users, this could present a substantial difficulty.

Force SSL Encryption

WordPress users can force their installation to use SSL encryption at the login or administration pages. This can be accomplished by modifying the wp-config.php file. In the file, add the following lines:

For the login in page – define(‘FORCE_SSL_LOGIN’, true);

For the administration page – define(‘FORCE_SSL_ADMIN’, true);

In order to use this security function, users must ensure that their server is set-up and configured for SSL encryption.

You Can Protect Yourself From Attack

The threats of hacker attacks on a WordPress blog are real, but there are ways to prevent nuisances such as these. With diligent maintenance and judicious preventative steps, a user can head off all but the most virulent hacks. Following the aforementioned recommendations will provide a high level of security for any WordPress user.

How to Update WordPress to the Latest Version

How to update WordPress: Automatic update

We usually recommend to take backup of wordpress and if possible for complete site for safety before proceeding.

In WordPress 4.1.x you can easily update your application directly from the admin area. When a new version is available, you will see a notification in the WP admin area.wp19

Before you proceed with the upgrade, we strongly advise you to make a backup of your WordPress.

When you are ready, click Please update now to proceed with the upgrade.
On the next page you can choose whether to upgrade automatically or manually.

wp20

 

Click Upgrade Automatically :)

If everything goes smoothly, your WordPress will be successfully upgraded.wp21

How to Upgrade WordPress: Manual upgrade

Step 1: Backup the Database Tables and Files including .htaccess.

Step 2: Deactivate Plugins

Deactivate all the Plugins you use from the plugin management page.

Some plugins might not work with the new WordPress version and in order to avoid discrepancies it would be best to deactivate all plugins. This will ensure that you won’t end up with an upgraded but broken installation of WordPress after the upgrade process.

Step 3: Overwrite Files

Overwrite option 1: Get the latest WordPress version from WordPress download page and upload it to the WordPress directory, overwriting all the files that exist there. This will preserve your images and themes.

Overwrite option 2: Deleting your old files on the server and uploading the newer files from the new version you’ve downloaded is an alternative which will ensure that the files on the server have been replaced for sure.
Which option is better?

Generally, it is a good idea to delete whatever is possible because the uploading (or upgrading through cPanel) process may not correctly overwrite an existing file and that may cause problems later.

DO NOT DELETE these folders and files:

wp-config.php file; wp-content folder; wp-images folder; wp-includes/languages/ folder–if you are using a language file, do not delete this folder; .htaccess file–if you have added custom rules to your .htaccess, do not delete it; Custom Content and/or Plugins–if you have any images or other custom content or Plugins inside the wp-content folder, DO NOT delete them.

DELETE these Files and Folders:

wp-* (except for those above), readme.html, wp.php, xmlrpc.php, and license.txt; files; Typically files in your root or wordpress folder. Again, don’t delete the wp-config.php file. wp-admin folder; wp-includes folder; If using a language file remember don’t delete the wp-includes/languages/ folder wp-content/cache folder; You only see this folder if you are upgrading FROM WordPress 4.0.

Step 4: Run the upgrade script

Visit your blog’s Upgrade Page (http://yourdomainname.com/wp-admin/upgrade.php) and follow the instructions that are displayed.

Step 5: Reactivate Plugins one by one

Activate your plug-ins, one by one, at the Plugin Management Page. Check if everything works as expected.

If any plugin does not work, deactivate it and then you might contact the plugin author to encourage the author to upgrade the plugin.

Using nice sliders in WordPress

Chances are, in your design, that you will use a slider, even if there is some noise that says sliders are not good for SEO most designers feel that the site can show quick and different content in the same space.
It is a common use lately, and most of the clients will agree to have one, so, how do you have one?Slider

You can have sliders or carousels within the theme you will use, or you can have 3rd party sliders that you can add to your site.

Within the themes

I am not going to talk about the theme itself, or the design, I will show some free themes that can have a slider, but obviously You can google for more options.

Oxygen from Alien WP looks quite simple http://alienwp.com/themes/oxygen/  with nice features the slider it is used in the Home page, and it will feature the content in your site. Triton from Tocwfiq i – they have lots of free themes with nice sliders. Also SiteOrigin had great themes that use nice sliders.

The most important thing on a slider is that let you show any content you want to show, that may be, Images, from a folder, from a post, from pages, or content, not just images, but also a little bit more from the posts or pages you intent to show. And there will be some cases that you might need 3rd party sliders, there are free, but most of the better one are premium.

Easing Slider :

Easing Slider is an easy to use slider plugin. Simple and lightweight, is makes creating beautiful WordPress sliders a breeze. Is not that updated like Meta Slider, it has 8 months old the last version but has great features, the backend editor is visual so you can easily see the style that you are trying to customize

Smooth Slider :

It looks promising but has some bad reviews, I didn’t test it so far, so I can not fully recommend it, they have a free version so you can test it without problems and if does not work for you uninstall.
Like the rest of the plugins you can use it to show posts, categories, pages and dynamic content.

As you can see there are many choices to have a slider displayed on your site, you can also use premium plugins like Smart Slider 2 from Extend they are reportedly working on a new version with huge new features) or Revolution Slider That I did’t review them here since you have to pay for it with out any download Demo.

 

Understanding WordPress XML-RPC

It is a good time to write about XML-RPC as there has been a lot of controversy in the last several weeks about DDOS or Brute Force attacks to this WordPress interface.

What is XML-RPC and what it is for?

According to the WordPress Codex, “With WordPress XML-RPC support, you can post to your WordPress blog using many popular Weblog Clients. The XML-RPC system can be extended by WordPress Plugins to modify its behavior.”
XML-RPC functionality is turned on by default since WordPress 3.5, you can easily find it in “Writing -> Remote Publishing”

So what do you need XML-RPC enabled and what can you do with it?

A plugin or App (Like the Mobile WordPress app) can do many of the things that you can do when logged into WordPress via the web interface. These may include:

Publish a post
Edit a post
Delete a post.
Upload a new file (e.g. an image for a post)
Get a list of comments
Edit comments
If you disable XML-RPC you will loose the ability To do that remotely, you will need to log in in your WordPress dashboard and do any of those things listed before.

The Problem :

Thing is, XML-RPC seems to be not so secure at all. In fact there were some controversy in the WordPress trac ticket (Some sort of WordPress developers ticketing system) Regarding a WordPress core developer Andrew Nacin that suggested to XML-RPC needed to be removed entirely. That was 3 years ago, nothing really happened and the interface is still here with us.

But lately, like a couple of months ago, The Funders of Securi and Wordfence (two great and reliable security Plugins sistems for WordPress “confirmed the reports that a new type of Brute Force login attack was being carried out on a massive scale against WordPress sites around the world using XML-RPC. Apparently, hackers have wised up to the fact that wp-login.php is often well protected”. You can read both articles here and here

Some hosting companies started to permanently Block XML-RPC because the problems didn’t seem to stop, and many hosting companies followed that suggestion.

The solution :

You don’t need to disable it at all, you can use a plugin like WordFence (There are others like iThemes, but I use WordFence and it works for me), to stop hackers to attack your XML-RPC interface in your site, even the free version of Wordfence can do that, so if you want to help your hosting, go to wordfence.com read about it, learn a little and use it. You will be helping your hosting company to help you better.