URL Smashing

We run a few WordPress sites – some for us, and some for others. One of the things that we noticed on a couple of sites was that long URLs were visually irritating, at least to us. They seem to get in the way of the content, and sometimes ‘bleed over’ the content areas.

So we went looking for a solution – a plugin. And all the ones we found were not simple enough. They required you to enter special codes, or other irritating things. We wanted one that worked automatically. And we couldn’t find one that we liked.

The result – our second WordPress plugin – “URL Smasher”. It uses the goo.gl shortening service, so requires a Google API account, but those are free and easy to get. Once you set it up by adding your Google API key, and checking two boxes, any content that is saved – posts, pages, or comments – that have URLs get them automatically shortened.

It works quite well. Like the URL for the previous post. I entered the actual URL as text: http://goo.gl/zONLF7 ,  and as a link. Each is automagically shortened when I save or publish the post.

You’ll find the plugin here at https://goo.gl/uJFb67 (also shortened).

We are quite impressed with ourselves.

Design Changes

I spent a bit of time making a few minor changes to this place. Among them, a new logo up there.

There was also some tweaking of the ‘responsive’ styling of this place. A bit of new CSS code here and there.

Not that I have any special graphic skills. But the ‘look’ is a bit cleaner than before, I think.

Database Cleanup for Security

Several of my web sites use custom databases. Some of those web sites are gone (on purpose). But the databases were still there.

So I spent a bit of time deleting some unused databases and database users. It’s a security thing: there might be some personal information on some of the databases, and deleting unused data is a ‘good thing’.

Database security is important. Here are a few things to think about:

  • Do you have unused databases anywhere?
  • Is there public/personal information in the data tables?
  • Have you secured the user rights to those databases — not giving full access to a user out of convenience?
  • Do you have backup copies of the databases?
  • Are databases that contain personal information encrypted?

Any other considerations? Let me know in the comments.

Domain Responsibility

Another site that I look at often had a complaint from a reader about losing their domain name when it expired and wasn’t renewed. The reader said that they didn’t get the renewal notices, the automatic renewal didn’t work, and they had to pay quite a bit of money to get it back.

When a domain expires, it reverts back to the registrar (in this case GoDaddy, but this is common practice). The registrar can then do what they want with the domain name, often making it available for anyone else at a premium cost. If the original owner wants to get it back, it will cost much more than the original domain cost. Again, all of this is common practice among just about any domain registrar.

The owner claimed that GoDaddy didn’t notify them of the expiration. The Security Dawg has just about all of our domains registered through GoDaddy. That puts me on their mailing list. I get several emails a month from GoDaddy about their latest promotions, in addition to renewal notices.

I am the owner of record for those domains. You are required to have a valid email address (and other contact information) for all domains you own. And, once a year (or more often), you will get a notice from the domain registrar about verifying your contact information.

The reader claimed that they didn’t get any of those notices. I find that difficult to believe, when I get multiple emails a month from GoDaddy. I suspect that those notification emails were either ignored, or got routed to the person’s spam folder.

The reader claimed that they had the domain set up for auto-renewal, using an on-file credit card. If the renewal didn’t work, as when the credit card expired or was invalid, the registrar would have sent emails about that. That has happened to me: I have let a few domain names purposely expire, and I get multiple notices for renewal along with notices about expiration.

So the reader was quite incensed when they realized their web site with that domain name was no longer working. No more email (all email went through the same domain name). And then they had to pay a big premium to get the domain back.

They thought that was quite unfair.

The Security Dawg disagrees. If you are the owner a domain name (for any reason), then you have a responsbility to protect that domain name.

  • You need to make sure that all contact information is proper for the domain name
  • You need to make sure that the email addresses associated with that domain name work properly.
  • You need to ensure that the billing information (credit card number) is current.
  • You need to ensure that you get emails from the registrar – that they don’t get into your spam folder.

If the domain name is important to your business or for personal use, then you have a responsibility to ensure that you properly manage that domain name. This applies to domain name registrars, web site hosting companies, your web site code (do you have backup copies of your web site?) the whole works.

If you fail to be responsible, then you can’t complain when your domain name goes away.

The domain name belongs to you (and maybe your business). Treat it like any other valuable asset.

If you own or manage a domain, you might consider verifying that all your contact information is current. And keep an eye on expiration dates. This applies to web site hosting. And backups – you should be able to reconstruct your web site if something goes wrong (that’s another post).

We’re Mobile Friendly

Google is implementing a search ranking protocol this week that will penalize web sites that are not mobile-friendly. If a site is not ‘responsive’ (able to adjust to varying screen widths and devices to keep the screen readable), then it’s search results ranking will be demoted in favor of responsive site.

The Google have been warning about this for a couple of months, and have provided guidance to web developer dweebs on how to make sites responsive.

This page https://www.google.com/webmasters/tools/mobile-friendly/ will allow anyone to test the responsiveness of any site. And the page also provides the guidance and information on how to make a responsive site.

But many sites might see their search rankings (and therefore traffic to their site) get demoted for visitors using a mobile device for searching. Note that a desktop search will not result in affected ranking, although I suspect in the future.

I do a lot of web sites. This site passed the test: it shows that the page is “mobile-friendly”

But anyone that has a web site that relies on search traffic (and revenue) will see reduced search visitors because of this new ranking algorithm for mobile searches. They will need to scramble to get into a responsive mode.

FormSpammerTrap for Comments WordPress Plugin

My new WordPress plugin to block form spammers/bots is now publicly visible at https://wordpress.org/plugins/formspammertrap-for-comments/ . It blocks comment spam from ‘bots’ with a simple technique. It doesn’t have captchas, hidden fields, silly questions, or other things that don’t work. It just looks for ‘human activity’ on the comment form, and if a ‘bot’ tries to submit a comment, they immediately get sent to my FormSpammerTrap web site.

It uses the same techniques that I use for comment forms (more info about that here and here and here ), but now it is a WordPress plugin, so it is quite easy to install and configure. And it is quite effective…I’ve never gotten any ‘bot’ spam on any site that I have installed it.

The whole plugin coding process was interesting, and a good learning process. I’ve already got some enhancements in mind for newer versions. But I was quite proud of myself for getting this one to work…and that it is now available among the millions of other WordPress plugins.

Two New Web Sites

I’ve finished two new web sites, and continue with updates on a few more. I am also working on a WordPress plugin to prevent spam-bots from abusing comment forms. That one is a bit more tricky, but useful knowledge.

The two new sites are WordPress-based.

John D Brown Author Site : this is the author’s official site. I found his site when I read his book “Bad Penny”. It is a thriller, with a “Jack Reacher” type character. I enjoyed it, and went to his web site to see if there were other books in a similar vein. While on his web site, I emailed him to suggest a few design changes for his site. And ended up doing a customized rewrite of his site into a ‘responsive’ site that looks good on any device – laptop, phone, desktop, etc. Along the way I increased my WordPress customization expertise, creating changes in a child theme plus adding additional customized functionality. He and I were pleased with the results. And it let him concentrate on writing the next book with the same character as “Bad Penny”.

The Hot Box Grills site is an e-commerce site that sells a nice tailgate/picnic portable grill. Well made and sturdy, and works quite well as a portable grill, according to his satisfied customers. His previous e-commerce site wasn’t working well, and was hard to manage. The new place has a responsive theme, and I am working on his SEO stuff. If you are looking for a great portable BBQ grill for picnics, camping, or sporting events, check it out.

Changing WordPress Admin Email Settings

(for my notes, but useful information)

This code block will set the email name and address that is used by WordPress admininstrative emails, like password reset requests or other notifications. Change the values as shown; the ‘notes’ explain everything.


change the from name/email on all site emails
 based on http://premium.wpmudev.org/blog/wordpress-email-settings/
        - by Rick Hellewell, Cellarweb.com, 21 Jan 2015
        - Copyright (c) 2015 by Rick Hellewell, Cellarweb.com
        - change two variables for the name and email address to be used in site/admin emails
        - place this entire code in child theme functions.php
            - we do not recommend changing the functions.php file in your theme, as a theme
                update will eliminate this additional code
        - note that the email address should be valid and match your site domain
            or emails may end up in the recipient's spam folder
        - the 'from-email' is set in the Options, General screen, and stored in the admin_email
            row in the options table
        - there is no corresponding field in the options table for 'from_name', so we use the
            wp_mail_from_name filter to add our 'from_name' value to be used in admin email, 
            rather than the default 'WordPress' that is built into the pluggable.php core file

// --------------------------------------------------------------------------------------
$from_name = 'PUT YOUR NAME HERE';

function set_email_name($from_name) {
    return $from_name;
function set_email_email($from_email) {
    return $from_email;
    add_filter("wp_mail_from_name", "set_email_name",9);
    add_filter("wp_mail_from", "set_email_email",9);
// --------------------------------------------------------------------------------------


Web Sites

With all my extra time (now that I am retired), I have been working on various web sites. Most (if not all) of the web sites are for my own amusement, but there are a couple that are more widely read. (You could count the readers of my personal blogs – or visitors to my web sites – on the thumbs of one hand.)

I helped Dr. Jerry Pournelle launch a reboot of Chaos Manor Reviews (at www.chaosmanorreviews.com). This is a continuation of the computing columns that he started at the now-defunct Byte magazine back in the 1970’s. I have enjoyed reading them over the years (yes, I am that old), and rebooting the columns into a new format was fun.

I also maintain his “View from Chaos Manor” site at www.jerrypournelle.com/chaosmanor . Both are WordPress sites, with a minor bit of customization.

I have been increasing my knowledge of WordPress theme styling with a relaunch of the “FoodieFeeds” site (at www.foodiefeeds.com). This takes RSS feeds from enrolled food blog sites, and displays excerpts of their content. I only grab the first 50-odd words from the site (along with one picture, if available), and then link back to the food blog site. The site uses the ‘masonry’ design, which is similar to what Pintrest uses, and I think it looks much nicer than the previous incarnation of the site.

The FoodieFeeds site is using a ‘child theme’, which allows me to more easily customize a theme. This is turning out to be a good thing to do on my various web sites.

I also have another site that amuses (only, apparently) me. It got a redesign also, just in time for the fall/Halloween season. It contains rules that you will need to know during the upcoming Zombie Apocalypse. The site is “Rules for Zombies” at www.rulesforzombies.com .I am amused by the content, and also the blood-splattered design.

I am also working on an update to the Form Spammer Trap (at www.formspammertrap.com), which is a form spammer bot-blocking technique that I have developed. I think it is quite successful in blocking form spam content. (It is implemented on this site.) Wherever I have put it, the form spam stops immediately.

I also modified the commenting system of the Chaos Manor Reviews site to include that Form Spammer Trap functionality. I plan on figuring out how to implement that as a WordPress plugin.

So, I am kept easily amused by the various web sites I have. Along with changes to my personal lifestyle (no, not that) due to my recent Type 2 Diabetes diagnosis. You can read all about that on my personal blog site at the Digital Choke site here http://digitalchoke.com/digitalchokeblog/ .

Gmail Password Breach? Not !

Ignore all the breathless media panic about Gmail passwords being exposed. See the Google Security Blog here: http://googleonlinesecurity.blogspot.com/2014/09/cleaning-up-after-password-dumps.html

Do follow the recommendations in the Google Blog: enable two-factor authentication, use a strong password, don’t use the same password, etc.

The only site to check if your email address has been ‘found’ is https://haveibeenpwned.com/ . This site is valid and honest.