Attack on WordPress – is WordPress secure?

wordpressSecurity firms are reporting a very large attack on what seems to be all sites using WordPress. One WordPress host reported an increase of an average of 40k failed logins per month to 77k failed logins per day! The failed logins are coming from a large amount of different IP-numbers and is therefore hard to block. The advice from Matt Mulleweg, creator of WordPress, is: remove the old standard admin-account (if it still exists), use a strong password and as always, keep your WordPress installation up to date!

This brings up the question “is WordPress a secure platform?”. In my opinion the answer is a resounding YES! If the hackers have a bot network at their disposal and the means of attack is a brute force password attack then there really isn’t much you can do about it. Had WordPress had any known single fatle flaw the hackers would have used that instead. Apparently it doesn’t!

Any platform large enough will be the target of hackers, much like Windows is under heavy attack as a operating system. There have been known bugs in WordPress, allthough the latest such vulnerability was acctually a bug in a popular templates subclass and not in WordPress in itself. The WordPress community quickly responded and fixed the bug.

I feel secure to continue to use WordPress as my main platform for my blogs, so should you!

WordPress 3.0.1 ute

Så kör jag bloggen på nya WordPress 3.0.1! Den nya version tre känns vid första anblick inte speciellt annorlunda från tidigare versioner, dock känns det dagligen som man hittar någon ny liten finess.

En av de mer välkomna nyheterna är den anpassningsbara menyn. Detta öppnar för nya möjligheter att utveckla mallar med special-menyer för olika ändamål.

WordPress as a simple CRM

I recently started a new business where I really want to focus on taking care of the customer needs, being proactive rather than reactive to them. As such I need a simple Customer Relations Management (CRM) tool to keep track of my promises and contacts. There are probably many simple CRM tools available but I decided to try out WordPress as a CRM tool.

First I installed WordPress on an internal server with no external connection. I set the firewall to block that server from traffic with the outside network and then I started to do my internal “company blog”. To structure things I decided to follow some simple rules:

  • I make one post for every type of contact (e-mail / phone / order etc) I do every day, if several contacts to the same company / person occurs the same day they still only get one.
  • Several types of contact to the same company / person will get multiple posts the same day
  • Categories are other authorities, companies and/or persons
  • Tags are techniques, events, frameworks etc.

On average I get three to four posts every day, usually covering a broad area. Some days there are big events which often are reflected in the blog/CRM by only having one post for that day. Amounts of posts per day is therefore irrelevant. I keep the posts very short, they are mainly thought of as references to other information like an e-mail or something else. If it was a phone conversation I usually take down a few simple sentances of what the discussion was about.

Three months later I now use this internal blog alot! It helps me keep track of events that I might have forgotten about. When I had a tax issue recently I could quickly click the “tax authority” category and see which days I had communicated with them and leave as a reference in my future communication.

One thing that also helps me is the simplicity of clicking a category to bring up all the communication with that customer. When someone calls I quickly click their category and all my previous conversations with them are recorded. It helps me quickly remember what we where talking about, just like a CRM should.

There are of course limitations, WordPress was never intended to be used this way. There are no way to search for inactive customers for example, should the need for this arise a plugin for WordPress could most certainly easily be developed. Furthermore you need to be very careful about where you install the software so you do not publish all your information on the Internet. I run my business alone but this setup would work very nice also with a few employees I would imagine. Everyone could be an author in the same blog and you can access what the other persons are working on should a customer call when they are out.

The simplicity of WordPress makes this a great choice for me!

Having fun with the WordPress Database

Today I’ve improved the starting page of this domain, It looked very booring and I thought I’d have to do something with it but at the same time I knew I was to lazy to acctually maintain some interesting subjects there as well. The solution was simple! Use my blogs to feed the information to the starting page! Here are some of my php and sql code used, in case you want to try something similar yourself.

First of all, if you’ve never done any PHP before, do not fear, it’s super easy! Without explaining it, here are my open and close database files (I keep them seperate since they will most likely be included in many pages):


$dbhost = ‘localhost’;
$dbuser = ‘username’;
$dbpass = ‘password’;

$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die                      (‘Error connecting to mysql’);

$dbname = ‘dbname’;



Just modify these files with the values for your database and you are ready to do some mysql-powered-php-scripting! Next simply include these files in the file where you want to use the database, in my example index.php:

<!DOCTYPE html PUBLIC “-//W3C//DTD HTML 4.01 Strict//EN” “”>
<?php include ‘open_db.php’; ?>

<?php include ‘close_db.php’; ?>

Now lets make the MySQL database print something to the index-page! Here is an example:

$query  = “select now() as mysqltime”;
$result = mysql_query($query);
while($row = mysql_fetch_array($result, MYSQL_ASSOC))
echo $row[‘mysqltime’];

This will print a timestring from your MySQL. I used this as an example just because it should work everywhere. Now simply substitute the query with something you want from your database and the printout inside the loop with what (and how) you want it printed!

To take a WordPress example, I want to use the tags/categories as keywords for the META-tag of my start page. I use a cleaverly written SQL query that will give me all the unique keywords for all my three blogs sorted in order of usage:

$query  = “SELECT name,`count` FROM tech_terms t join tech_term_taxonomy tt on (t.term_id = tt.term_id)
union distinct
SELECT name,`count` FROM game_terms t join game_term_taxonomy tt on (t.term_id = tt.term_id)
union distinct
SELECT name,`count` FROM 3wp_terms t join 3wp_term_taxonomy tt on (t.term_id = tt.term_id)
order by `count` desc limit 0,50;”;
$result = mysql_query($query);
$keywords = array();
while($row = mysql_fetch_array($result, MYSQL_ASSOC)){
$keywords = array_unique($keywords);
foreach ($keywords as $key){
$meta_key_string .= $key.”,”;
<meta name=”keywords” content=”<?php echo $meta_key_string ?>fireflake”>

This will make my home meta tag always up to date with what I write about! The keywords will also be listed in order of relevance since they are ordered by “count” from the database.

Another great little script takes out the latest posts in a blog and prints them (and links it to the main article):

$query  = “select * from tech_posts where post_status = ‘publish’ order by post_date desc limit 0,2”;
$result = mysql_query($query);
while($row = mysql_fetch_array($result, MYSQL_ASSOC))
echo “<h3><a href=”” . $row[‘guid’] . “”>” . $row[‘post_title’] .”</a></h3>”;
echo “<p>” . str_replace(“n”,”<br />n”,$row[‘post_content’]) .”</p><br clear=”all”>”;

There are probably lots of fun you can have with the WordPress database, it’s very simple and easy to learn so it’s very easy to start writing code like this!

Hope you found something useful here!