As a large hosting provider we use a lot of different applications, and we try to keep them all as secure as possible. Unfortunately, we can only win so many battles at any given time, and we do require help from you, the customer at times to ensure your system is safe. Wordpress, as great as it might be as a blogging platform, seems to find itself getting hacked more than most applications that we host. Now, I’m not saying that Wordpress is a bad application by any means, but with it being such a large platform it draws a lot of unwanted attention.

As such, there are quite a few hackers and script kiddies out there that will try to compromise your Wordpress based website. We’re hoping that with this article we can further educate Wordpress users on how to protect their sites. Here’s a few helpful tips we can provide, some of which you can have us do, and some things we’ll recommend that you do:

5. Please, please, please don’t use a user name of ‘admin’! I know that’s the Wordpress default, and it’s just easy to use it, but what user name do you think is in every brute force attack? You guessed it, ‘admin’. We’d recommend using a unique user name for administration purposes, like ‘mark.rogers’, or ‘mrogers’. Of course, you can use your own name if you don’t like mine I suppose.

4. Remove the Wordpress version number from any headers, footers, css, etc, etc. Leaving the version number in your page source is a dead giveaway to would be vandals to dig through google to find ways to exploit your specific version. Granted this is the equivalent of leaving your lights on at home while you’re away, but if it deters someone, then consider it a victory! It’s just too easy to use the version number to find exploits for your site, as Wordpress exploits become public knowledge too often.

3.Let us put basic Apache authorization on the /wp-admin section of your blog! We’d be more than happy to do it, and it’ll make every php file in the /wp-admin path even harder to get to. Granted it can be a bit of a nuisance to double login, but not nearly as big of a nuisance as restoring from that backup you took last week right? We can also limit access to the wp-content, and wp-includes directories as well. Plus we can lock it down by IP, or user name/password combos.

2. I know it should go without saying, but please choose hard, random passwords. I know a lot of blogs, my own included, started off really small, and I never worried about getting hacked. My blog never got big, but maybe yours will! Either way, play it safe, and go with a hard password from the get go. That way if your little playground gets bigger one day, or if you land on Digg by accident, you’ll be at least somewhat prepared.

1. While the above options are great for helping secure your instance of Wordpress, there’s one piece of the puzzle that is probably the most important. That piece? Keep Wordpress up to date at all costs! There isn’t an option that can replace this critical piece, because Wordpress being the giant of blogging that it is, is constantly being updated to fix security flaws. Staying up to date is a way of staying ahead of the game, and it’s generally a ten minute ordeal that we’ll take care of for you if you’re a customer of ours! Look at it this way, if you’re running a year old version of Wordpress then you’ve given vandals a year to figure out how to hack you. Why give them that edge? Most Wordpress upgrades are painless, and you know we’ll gladly work with you to schedule it for a time that’s best for your company’s needs as well.

Hopefully this helps answer some question on how to protect yourself from would-be hackers in regards to Wordpress. The fun part is that this applies to quite a few PHP applications in a general sense. Drupal, Simple Machine Forums, and so on can all benefit from these security tips, especially security tip #1! As always customers, drop us a line at support@contegix.com with any question you might have.

Did you know that right now, while you read this, there’s a sleeping giant sitting unopened in your Confluence instance? While your wiki might be a wealth of information for your enterprise business, for your project in development, or for whatever you might be using Confluence, it can also be used as a platform for an enterprise (maybe social?) networking. Now I know what you’re saying, “I don’t want my company’s Confluence instance to become a MySpace clone!” That’s understandable, and it doesn’t have to be; however, it can bring your team closer together with a variety of plugins found in your Plugin Repository. This means, your Confluence instance literally just a few clicks away from unleashing new functionality in your Confluence instance.

Just remember, happy employees that have fun together tend to work harder together. As an employee who wants to have fun while working hard, bias is in full effect:

5. IM Presence Plugin

This plugin is valid in all Confluence version from 2.0 up through 2.7.2. Plus, it’s an official Atlassian Supported Plugin. By adding this plugin, you enable a new macro which allows you to show a user’s status on a variety of instant messaging clients within Confluence. All you need to do is enable the plugin via the repository, create a dummy user for Confluence to use, and that dummy user will query the user found in a macro tag such as the following:

{im:my_username@hotmail.com|service=MSN}

Afterwards, the user, in this case ‘my_username@hotmail.com’, will receive a message from the newly created dummy user. After ‘my_username@hotmail.com’ accepts the request, you’ll be able to see that user’s status anywhere the above mentioned macro tag is placed!

4. Google Maps Plugin

Want to make sure nobody gets lost on their way to the big meeting coming up? Perhaps you’re having a company event soon? Well I can’t personally think of a better way to get everyone on the same page than the illustrious Google Maps! This plugin allows you to slap a map from Google right up on the Wiki, and even allows the Satellite image view as well.

3. Mail2News Plugin

Don’t feel like logging into Confluence? Have an email you want to turn into news? This plugin should do the trick for you, much the same way you can do with applications such as Wordpress. You setup an email account for Confluence to access, and keep it preferably hidden, install the plugin, and configure it to grab news from the email address you created. If the email address created supports wildcards, you can even direct the news via email straight to specific Confluence spaces!

2. Calendar Plugin

I would assume most people know about this plugin already, but it’s just too useful to ignore. With this you can create calendars, or subscribe to an iCalendar thus keeping everyone on the same schedule! I know you probably have other calendar applications you prefer to use, but accessing a global calendar with a few clicks is incredibly convenient.

1. Sudoku Plugin

Now, I’m completely incapable of playing Sudoku, it makes my head hurt. I’ll be happy to make sure this plugin gets installed for you, but we’re not your hint line when you get stuck alright? That aside, it is a fun a little diversion you can add to your wiki if you so please. Is it useful in any major way? Well, no, not really. At least they’ll be playing on the company site, rather than trying to get out to Yahoo Games right?

We’ll continue to keep you up to date with new plugins, macros, tricks, and other fun Confluence related information. If you have any hot tips you’d like to drop on us, feel free! We’re always in the hunt for improvements to our favorite wiki application, Confluence!

In the past few months, nginx (pronounced “Engine X”) has become The Little Engine That Could. This is most evident in Rails deployments and in Zimbra 5, where it replaced perdition for IMAP/POP3 proxying. For Rails, it is typically replacing Apache 2.2 proxy_load_balancer as a front-end to Mongrel.

One of our engineers, Joe Williams, decided to put both system to the test with a Battle Royale. Check out the results.