WordPress Guides and Stuff

Some say that their Contact Form-7 plugin won’t work on BlueHost, but it actually will work if setup properly. Here’s how to fix your Contact Form-7 to Work with BlueHost.

There are two rules:
1) You MUST use an email address that exists in your “Email Accounts” icon in your cPanel. If you didn’t create the email address in your cPanel, it won’t work. (Note that, even if BlueHost isn’t handling your mail/MX, this will still work as long as you create the email address in the Email Accounts icon)

2) You MUST specify the above-mentioned email address in your FROM header in the “Message body” section of Contact Form 7.

By default, the setting is:

FROM:  [your-name] (your-email)

Setup an email account in your cPanel, and then replace [your-name] (your-email) with any name you desire, and the email address you have created.

In the image below, notice how I set my From to be:

From: Eddy <steady@wordpress.shadowlantern.com>

As long as your From uses a valid email address which exists in the Email Accounts icon in your cPanel, then your form should work properly.

BlueHost recently increased domain pricing from their long-standing $10.00 per domain up to $11.95 for all domain registrations and renewals.

As much as this is bad for us, as customers, it is also bad for them  (Or FastDomain, their registrar). As a registrar, the cost per domain from the registry increases steadily each year–in fact, there’s been around a 35% increase in that cost over the last few years. Many hosting companies change domain registration prices a lot to try to match this. Some, like BlueHost, seem to have tried to hang on to the old prices as long as possible, simply choosing not to pass down the rising rate to the customer. Apparently the latest increase was significant enough that, in order to keep the cost of other hosting services competitive, and to prevent losing revenue for each domain sale, the price was adjusted to $11.95.

This is bad for them because they’re not making anything more off the increased price, and bad for their customers because we have to spend more per domain. In addition to that, they risk losing business because of frustrated customers who have this sudden price increase thrown on them. These cost increases, though not BlueHost’s fault, are still bad for everyone around the board.

Some registrars are still keeping low prices on their domain registrations… but likely charging more in other areas, or cutting back in hidden areas or services, to make up for it. It seems that most registrars are now charging somewhere between $12-$15 per domain registration.

Ever wanted to have your own hosting company and just run WordPress sites for your customers, or let them run their own WordPress sites?

BlueHost recently launched a new Reseller program. For all those who may want to know the details, here they are, hot off the press:

Current Packages:

————————–
Sky Blue

• $19.95/month ($239.40/year), if paying 1 year up front. (20% off)
• $24.95/month ($299.40/year), if paying monthly.

* 100GB Disk Space
* 15Mbps Bandwidth (equiv 4860 GB)
* Unlimited accounts
* Free registration for Reseller’s first domain.
* Free Dedicated IP for Reseller domains.
* Free Wildcard SSL certificate

————————–
Electric Blue

• $49.95 ($599.40/year), if paying 1 year up front. (17% off)
• $59.95 ($719.40/year), if paying monthly.

* 250GB Disk Space
* 25Mbps Bandwidth (equiv 8100 GB)
* Unlimited accounts
* Free registration for Reseller’s first domain.
* Free Dedicated IP for Reseller domains.
* Free Wildcard SSL certificate

————————–
True Blue

• $99.95 ($1199.40/year), if paying 1 year up front. (20% off)
• $124.95 ($1499.40/year), if paying monthly.

* 500GB Disk Space
* 35Mbps Bandwidth (equiv 11340 GB)
* Unlimited accounts
* Free registration for Reseller’s first domain.
* Free Dedicated IP for Reseller domains.
* Free Wildcard SSL certificate

Here are all the articles I could find on their Help Center about it:

https://my.bluehost.com/cgi/help/752
https://my.bluehost.com/cgi/help/743
https://my.bluehost.com/cgi/help/745
https://my.bluehost.com/cgi/help/751
https://my.bluehost.com/cgi/help/750
https://my.bluehost.com/cgi/help/748
https://my.bluehost.com/cgi/help/747
https://my.bluehost.com/cgi/help/746
https://my.bluehost.com/cgi/help/744
https://my.bluehost.com/cgi/help/741
https://my.bluehost.com/cgi/help/739

Uh-Oh! timthumb.php has been found vulnerable. This file is uses in many custom themes, plugins, etc., and a quick Google search for it returns over 39 million results.

If you aren’t sure if you have any timthumb.php files, and if your host allows SSH access, you can find out quickly the location of any, or all, of your timthumb.php files by running the following command:

find ~/public_html -name timthumb.php

Note that some versions of this file have been named thumb.php rather than timthumb.php so you may want to run the above command looking for thumb.php also. Just be sure to check what is in the file before removing or editing it.

Sometimes people think they have fixed the issue because they deleted the “timthumb.php” files on their account. Unfortunately, several themes and plugins rename the timthumb.php file when they include it (I’ve seen it named thumb.php, thumbnail.php, resize.php, crop.php — there are probably other variations as well).

The following search will find more instances of this file:

find ~/public_html -type f -wholename "*wp-content*" -name "*.php" -print0 | xargs -0 grep -Hl "TimThumb"

This is for the latest version of timthumb.php which can be found here: http://code.google.com/p/timthumb/source/browse/trunk/timthumb.php

timthumb.php works by allowing the writing of files into a directory which visitors to your site can access. Because of this, it makes it a vulnerability just by existing. Even if no known vulnerabilities are present… there may be others just hiding and waiting to be exploited, so, if you really want to be secure, try renaming the file to timthumb.php.bad, then test to see if your site is broken, if it’s not, then simply remove the timthumb.php.bad file.

If you wish to edit the file, rather than remove it, just look for the $allowedSites line. In my file it looked something like follows:

$allowedSites = array (
'flickr.com',
'picasa.com',
'img.youtube.com',
'upload.wikimedia.org',
);

I removed my timthumb file(s) but, if you wanted to edit yours, you would edit it to look like this:

$allowedSites = array ();

Make sure the parenthesis are empty.
Stay safe, and happy blogging!

First things first.

Be aware, WordPress 3.2 has new requirements:

• PHP version 5.2.4 or greater
• MySQL version 5.0 or greater

Now, there are many many reasons why an upgrade to WordPress 3.2 might break and, unless you do not meet the above requirements, there are no known reasons that are WordPress’s fault.

The following post will save your life. (And your dog’s and/or wife’s life, too):

What breaks, and what fixes WordPress 3.2

If you use the Arras theme and are getting a fatal error code from the widgets.php, see the following article for a fix: http://wordpress.org/support/topic/theme-arras-updating-to-wp-32-generates-a-fatal-error-code