http://www.exploit-db.com lists vulnerabilities found in various wordpress plugins.
It is always the ‘old’ stuff that gets you.
I thought I had done such a great job tightening up things and then seemed to get hit with some repetitive trackback spam notifications. Since the notifications are coming from one of MY websites, they don’t get marked easily as spam.
A few minutes of googling and a timely post at question-defence.com, published a few days ago pin pointed the problem (Many thanks to google for thier quick search index updating!.. remember the old days?)
Ping status = ‘open’
Many existing posts still had their ping status set to open. So to stop trackback spam in it’s tracks (ha! lqtm), take action as follows:
- Go to WordPress settings > Discussions >
- untick “Allow Link Notifications From Other Blogs”
- Hop into your phpmyadmin
- Find your posts table, note the name with your sites prefix
- Goto the SQL view, type in
and you are done. All posts and custom post types now set to NOT accept trackbacks.
Looking to set up a website using WordPress, one of the world most popular content management systems?
Assess your skills (ftp, html, css, php) and what you are prepared to do yourself, and how good you are at educatng yourself using the web. Then consider your options.
- easy to get going even if no skills
- free, or can add premium feaures (they add up)
- videopress ($60/year)
- custom css for own styling or tweaks ($30/year)
- post or moderate using your phone (usa only)
- can map your existing domain there ($12/year), or register a domain through them($17/year)
- they’ll keep you up to date with wordpress at least.
- language aspects are pre-loaded
- if you want to allow comments, wordpress.com has good antispam built in, althoiugh you can also add that feature (akismet) in to a self hosted site.
- you’re hosted by wordpress.com – so you are on a server where all the sites are running wordpress
- limited to their themes, although premium themes available ($45)
- totally reliant on them – if they disappear, so do you (unless you have figured out a way to keep own backup of your site and can arrange hosting, reload of site and repoint your domain name. That said, this is what you would have todo on a self hosted site anyway.
- cannot display ads, unless you revenue share advertising (high volume clients only)
- have to pay extra NOT to have ads ($29.97)
Self Hosted WordPress PROS
- Total control (along with that comes the requirement that you be able to manage that control)
- own themes, plugins
- customise functionality and style as you like
- Cheap if you have the skills! Good wordpress hosting is available from $72/month
Self Hosted WordPress CONS
- You need to purchase your own domain name and web hosting
- If you don’t know what you are doing, you either need to hire some one or you will get into trouble.
- Have to do/arrange WordPress upgradesm plugin and theme upgrades
- Hiring people can get expensive
- Have to add in what comes automatically at wordpress.com.
- add in askimet anti-spam
- add in own backups to your own pc (your host should do backups, but you should also have your own)
- spikes in traffic may be a problem
- With shared hosting (own server costs approximately $200/month), you are sharing the server – this reduce costs but if the other guys are up to no good…. That said a good wordpress host will normally switch servers for your promptly if you suspect a problem.
What to do:
- your skill levels
- website requirements and it’s implications (eg:membership, comments – you need anti-spam)
- how much you are prepared to pay for someone to assist you if you need assistance.
It is free to open a wordpress.com site, so give it a go – you’ll need it anyway if you want to use their anti-spam service askimet, or the wordpress.com stats via the jetpack plugin.
If you are comfortable with doing many things yourself or are prepared to hire the skills you need, and know how to test your website and any plugins you add, consider going with a self hosted solution. You can either do it yourself – there are heaps of guides out there.
If you want to get going quickly, I can have you up and running within a day if you use icdsoft as your host