How to write unique contents using WordPress plagiarism checker

If you are writing blog posts and actually copying content from other sites – you’ll not be doing any good (if not bad) to your blog from SEO perspective. The math is simple – if the content is not yours – do not put it in your website.

Now the question is how are you going to get unique contents? Simple – write your content yourself. To make sure your content is not matching that with someone else’s – you may check your content with Plagiarism checker. While there are standalone system for plagiarism check – there is a plugin for WordPress – which does it right from the wordpress editor. Moreover, it is FREE.

free plagiarism checker plugin for wordpress for unique content

However, if you are not working with WordPress and would like to use something like this – here is a link where you can do so: http://smallseotools.com/plagiarism-checker/

 

Restrict Search Engines from finding your website

While everybody is busy getting their website more and more exposed to the search engines (SEO) – you might want to restrict search engines to crawl your website.

You may have your own development website or may have your company’s web based HR system – which you don’t want to expose to the world. Search Engines will find your website if you do not restrict them. If you want to restrict the complete website just upload a file named “robot.txt” in the root folder and add the following line in it:

User-agent: *
Disallow: /

If you want to restrict a specific part (files in a specific directory) – add the following line:

User-agent: *
Disallow: /yourdirectory

If you want a certain Search Engine to be restrcited – (for example Google): add the following line:

User-agent: googlebot
Disallow: /yourdirectory

Some of the other Search Engine Bots are as follows:

MSN/Bing: bingbot
Yahoo: Yahoo Slurp (Currently using bingbot).
Baidu: Baidu Spider

How to remove Malware from WordPress sites

WordPress has made the web designers’ lives easier. It has reduced the web development time & cost drastically. The CMS is so powerful that more and more people are converting/migrating their sites to WordPress. With ease comes the danger of being compromised. If compromised – your site will not function properly. It may leak your confidential information, give access to spammers and use your hosting account for spamming, give access to hackers who may upload files to run phishing attack.

Let us first know why a wordpress website gets hacked – gets infected to malware.

WordPress website becomes vulnerable due to the following reasons:

1. WordPress is not updated
2. Plugins are not updated
3. The administrator username passwords are too easy.
4. The computer used to administer the wordpress site (Admin area & cPanel/FTP) is itself infected to viruses.
5. Use of nulled / pirated templates or Plugins – in which codes are embedded which gives the hacker the access.
6. Presence of other hacked script/website in the same hosting account.
7. Unsecured Web hosting. (Poorly configured server, easy guessable passwords etc).

How to identify your WordPress website is hacked or have malware in it?

The website will start behaving abnormally. The website may go blank, break or become very slow. The hackers may get access of your web hosting account and may upload their own scripts and start spamming or create phishing pages. Your web hosting account will be exhausted and your hosting company may suspend your account for resource over usage and spamming. These are some of the symptoms your WordPress is being hacked. If you dig deeper and want to be sure – you need to check the files of your WordPress system. You may find unknown folders (Directories) and files. That’s not it!! Many of the php files (Mostly theme & Plugin files) may contain malicious code in those.

How to clean the WordPress website:

1. First and most important step is – make your computer / work station secured. This includes – having a very good antivirus / Internet security system. Get one (Kaspersky, Bitdefender, AVG, Norton … bla bla bla) if you do not have it yet. Make a full system scan and get rid of any threats (viruses, Trojans).

2. Download the WordPress website in your computer (using FTP or Control panel File Manager). To reduce the time – you may Zip (compress) the full site if you have a control panel in your hosting and if it allows compressing.

3. Extract the folder – if you’ve downloaded a zip copy. Keep the zip file as backup and do not delete it – so that you can use it if anything goes wrong when you try to fix the site. Take a backup of your database too. Now, go into the extracted WordPress folder.

4. The next part is cleaning the malicious code. This is a bit tricky part. There may be hundreds of hundreds of files which may contain malicious code (hacker embedded code). Mostly the php files in the Themes and plugins get infected. But php files in other directories may get infected to. I will show you a trick which will help you get rid of these codes within few seconds.

a. You’ll need Adobe’s Dreamweaver tool or something with similar features. You can download Adobe Dreamweaver Trial from this link.

b. Now you need to find a file which contains malicious code. Go to the active theme folder under “wp-content” >> “Themes”.. Then open the index.php file using Dreamweaver. The malicious code should be either at top or at the bottom and should look like this:

malicious code in wordpress php files

Malicious Code

All the infected files should contain the same code. If you carefully look in the picture above you’ll notice that the malicious code starts and ends with “//###==###”. The code can vary from what you see in the above picture – but it will be something like this. You’ll need to remove this chunk of code from all the files.

Copy malicious code in wordpress php files

Copy Malicious Code

c. You have to use the Find & Replace function in Dreamweaver. Copy the malicious code (starts and ends with “//###==###” in this case). Now press “CTRL + F” and the Find & Replace option should appear.

d. Paste the malicious code in the “Find” box and keep the “Replace:” Box empty. Now you have to choose “Folder..” option from the drop down menu “Find in” and “Source Code” option from the drop down menu “Search:”.

search and replace malicious code in wordpress php files

Find and Replace malicious code with empty box

Now you have to choose the search Destination Folder:

search and replace malicious code in wordpress php files in destination folder

Selecting the folder in which it will search for malicious code.

Choose the root directory of wordpress site from your local machine. Now press the “Replace All” as shown in the “Find and Replace malicious code with empty box” image. This will wipe off the malicious code from all the files. Now you need to save all the files from “File”>> “Save All” option. You are done with Malicious code removal!! Congrats…

5. The next step is cleaning all the hacker uploaded folders. Your basic wordpress website should have 3 folders in the root folder. wp-admin, wp-content and wp-inlcude. You might have a look at other folders in the root directory and consider removing those if you are sure those doesn’t belong to your website. You can replace all the files and folders from a fresh copy of WordPress except the wp-content folder and wp-config.php files. Remember, If at any stage the website breaks – you have the zip file (mentioned in step 3) as backup.

6. Now you’ll have to prepare your hosting account for re-uploading the cleaned website.
a. The first thing you need to do is – delete all the files of your wordpress site from your hosting account.
b. Change the password of your hosting accounts and change the password of any other FTP accounts in that hosting account.
c. Upload the cleaned WordPress files.

7. After re-uploading the site if it runs properly do the following:
a. Update the wordpress to the latest version.
b. Remove any unnecessary plugin. If you are unsure about which ones are unused – you may skip this step.
c. Update all the plugins & Templates.
d. Change WordPress username and password to a complex one. Do not keep “admin” your username.

8. You need install some third party plugin to harden the site security. For example, you may consider installing ALL IN ONE WP SECURITY & FIREWALL. It will require me to write another similar post to describe the features and performance of this plugin – For now, let me assure you that this is one plugin which will make your website very secure.

all in one wp security and firewall for wordpress protection

It will show you, protect your site and will keep your sites and plugins updated automatically. It can also change the admin directory of your wordpress site changing the admin login link– which will reduce the Admin login attack in your site. There may be other similar plugins with same functionalities. You need to implement this kind of plugins to make and keep your site secured.

9. Take help from professional WordPress malware solution provider: You can take help from professionals who provide WordPress malware removal solutions. WPMalwares is such a provider. These guys are wordpress security specialists and can solve your problem at a very low price. You can save your time for something more important and leave your headache to these guys. They will fix your site and will provide you free support for one year. Moreover, they will add extra layers of security on your website.

wpmalwares.com WordPress Malware removal

For details – please visit:  WordPress Malware removal

Feel free to comment if you think I have missed any point or if there are better ways to clean and protect wordpress websites. I will include your suggestions in the main post with your name and link.

wp-goodluck!! 🙂

Determine if the storage is SSD or HDD – using linux command

You’ve purchased a Cloud server or a Virtual server. The server provider says it comes with an SSD (Solid State Drive). Now you definitely would like to verify whether the storage is indeed SSD or is it simple HDD (Hard Disk Drive). If you’re server is running on any version of Linux OS (kernel version 2.6.29 onwards) – just run the following command:

cat /sys/block/sda/queue/rotational

Linux command to identify if a storage is ssd or hdd

The result will be Either 1 or 0 . If it is “0” – Congratulations – your storage is indeed an SSD one and if the result is “1” – your storage device is an HDD.

I ran the above command in one of my VPSs. The result is “1” – that is the storage device used here is an HDD.

SSH commands to check Hard Drive usage information in Linux Server

Login to your Linux server using SSH Client (ie, PuTTy)

Once you are connected to your server:

Use to following command to check Hard Drive and partitions:

(without the “#”)

# df -h

It will show you output like this:

Filesystem Size Used Avail Use% Mounted on
/dev/simfs 489G 42G 447G 9% /
none 7.8G 4.0K 7.8G 1% /dev
none 7.8G 0 7.8G 0% /dev/shm

The Size is shown in GigaBytes.

If you’d like to see the usage volume of a particular partition (ie, “/home”), use the following command:

(without the “#”)

# du -sh /home/

It will show you the usage in Gigabytes (or in Megabytes if usage is below 1 GB)

If you’d like to view the directory size in a particular partition (ie, “/home”):

(without the “#”)

# du -sh /home/*

The above will show you the size of all the directories in that partition.

Beware of Unlimited Space / unlimited bandwidth Web Hosting.

“UNLIMITED” – a well known term in web hosting industry now a days. Unlimited emails, unlimited databases, unlimited aliases etc were some of the features heard for a long time. Now competition has driven the companies to offer Unlimited web space and Unlimited Bandwidth.

I have spoken to many hosting provider support team and asked how could they provide “Unlimited” web space when this web space is actually Hard disk drives installed in the server and which has its capacity limit. The answers are always tricky. Most of the times the answers are: “we do not provide any limit on the web space as long as it complies with our Terms & Condition”. The tricky part is “Terms & Conditions” or “Terms of Service” or “Acceptable usage policy” etc. We need to understand a little technically in this issue.

When we host a website in a web server, it occupies a certain web space. When the website is running or are being browsed by the web site visitors – it consumes web server processor and RAM capacity. Besides many other restrictions (irc server, running bots) the web hosting service providers restricts the resource usage per website in shared servers. Okay – now since I stepped into the term “Shared Server” – let me tell a few things about it. Shared server means a server which is being shared by many users or websites perhaps. The websites share the total hard drive, Ram usage, Bandwidth port etc. Normally there are a lot of websites hosted in a shared server. Assume there is a one Terra Byte Hard Disk, 4 GB Ram installed in the web server and there is a 100 mbits/s port connected to the server. Again assume there are 200 websites hosted in that server. Those 200 websites will share the total capacity of the server.

Now as days progresses, the server components are getting cheaper and the bandwidth cost is also going down. But it hasn’t gone so down for which any one may offer unlimited webspace and bandwidth when there is nothing called unlimited. Now a days companies offer unlimited webspace even at a cost of $2 per month.

A Xeon server (average) in some big data centers costs atleast $200 per month. It may consists of 2 TB hard disk, 16 GB Ram and a 100 mbits/s uplink port. Now if some web hosting companies sell around 100 such unlimited hosting accounts they will be in the break even point. And to make profit they will require to sell even more accounts in that very server. Due to server virtual environment web hosting service providers can create web hosting accounts allotting unlimited space and bandwidth. This is actually called “Overselling”. The lower the price of hosting account is – the more the server will be oversold. But ultimately all such unlimited space accounts will be using that 2 TB Hard disk.  How can 100 or more unlimited space accounts be fitted in 2 TB?? Well, when some one buy a web hosting account he/she is allotted unlimited space (although it is impossible), but some one may only upload a 100 MB or 1 GB website in the server. The server usage will depend upon the actual usage by all the websites, not what is allotted. Now if someone’s website starts using more space and more server resources – the real face of the webhosts are revealed. They will start matching the Acceptable usage policy and will start telling you your website is using more resources than it should and that it is no longer suitable for a Shared Server. You need to buy a dedicated server. Therefore this purchase turns out to be something like you purchased some services which you are not allowed to use with its full potential.

The situation is getting alarming as almost all the major webhosting service providers are also getting into such business. My suggestion will be to read the Terms & Conditions properly before you buy hosting and better if you can avoid unlimited space/bandwidth – because there is nothing called unlimited space/bandwidth and you’ll never be able to use it.

If you ever need a high volume/heavy duty website to run from a web server – think of your own Dedicated server or virtual dedicated server.

Moving Joomla Site – VirtueMart problem – frontend and admin panel points to old path.

I recently encountered a problem with a Joomla website which had VirtuMart in it. I moved the whole joomla site from a demo server to an active server with the actual domain pointing to it. Everything worked fine as I did the required changes in the configuration.php of the joomla folder. But the VirtueMart component was still pointing to the old demo server path. I then googles a bit and found a very good solution. I changed the config file of the virtuemart component located at:

/administrator/components/com_virtuemart/virtuemart.cfg.php

The following two paths need to be changed with the new path:

  1. define( ‘URL’, ‘http://demoserverURL/joomlafolder/’ );
  2. define( ‘SECUREURL’, ‘http://demoserverURL/joomlafolder/ );

Instead of the “demoserverLink/joomlafolder” use your actual joomla folder link.

You might face a new problem while doing this. If you are using ftp to download the file “virtuemart.cfg.php” and re-upload it with the changed path, you may get an “Permission Denied” error. There is a good solution for this too. Install a joomla component named “Extplorer” or “JoomlaXplorer“. This component is a joomla admin panel component that gives you the power to upload/delete/edit files in the joomla site. After installing any one of these two components just browse through the file and edit the above mentioned two lines of the “virtuemart.cfg.php” file.

I could get rid of the problem this way, I hope the solution will be useful for anyone facing the same problem.

Hosting websites at Local webservers.

Most of the Bangladeshi website are hosted either at USA or at UK servers. There are many reasons for that. Those web servers are secured, fast, reliable and can handle much traffic and process load. Besides, those are powered by high speed internet connection yet at lower price than anywhere else. Those hosting service providers are experienced and technologically far ahead. Probably this is the reason why everybody prefers USA or UK servers.

Since the demand for web services are growing day by day, it is becoming an important issue to ensure data security and privacy. Think of a government site where it will consists of data which is confidential. Hosting such sites in other country’s web servers will definitely be a catastrophic decision. Fortunately in Bangladesh, the government sites are hosted locally (at BTCL web servers).

Now that web services and E-commerce sites are becoming popular the importance of where these are hosted – becoming an important thing to consider. In many cases the target user group of these sites are solely Bangladeshi users residing in Bangladesh (e.g. bdjobs.com). Hosting these types of websites locally will not only ensure confidentiality and security but also maximum up time for the local users. How? We have seen our national pride the submarine cable snatched a lot of time. We are disconnected from the sites that are hosted at USA or UK servers. Instead, if the sites are hosted locally these will still be available for the Bangladeshi residence although the submarine cable is down. That’s because locally hosted servers will still be available and the DNS servers will still be able to point us to the locally hosted sites. It will actually act like an intranet service inside the whole country. Besides these, if the sites which provide download services like mp3 download, Drama download etc, are hosted locally, a huge amount of bandwidth pressure on the submarine cable will decrease resulting more bandwidth available for other usage.

I remember when I used Sirius Broadband they used to provide users an intranet site/server from where the users were able to download movies, mp3s, natoks, softwares, videos etc. Normally if that service wasn’t there the users would download those from other sources using internet. But the above intranet server could save Sirius Broadband precious bandwidth by restricting users by diverting them to intranet server.

Now If we consider the Bangladesh Submarine Cable Company Limited to be the national ISP, they will be able to save bandwidth if the sites are hosted locally since the traffic requests and sources are both running locally. It will somewhat act as what Sirius Broadband did.

Now let’s focus on what are the hurdles. The bandwidth cost in Bangladesh is too high to run an web server smoothly. Although the above procedure will hardly use the submarine cable bandwidth the ISPs have to pay to BSCCL (Bangladesh Submarine Cable Company Limited) since BSCCL acts as an Internet Exchange (HUB). I am not sure about whether govt has given the charge to any other company to maintain the Internet exchange through which all the ISPs and other companies willing to have local web servers will be interconnected among themselves in the same way the telecom companies are connected. Rather than buying only Submarine cable bandwidth they will be buying local bandwidth through which one ISPs will be able to transfer information with websites hosted at other ISPs end. Submarine cable connectivity will still be required since website browsing request can still be generated from outside the country. For example, the trace route from http://visualroute.visualware.com in the following image.

trace route from a server situated outside the country

It is like the telecom industry. All the local and NWD calls are generated and terminated at the telecom operators end except for ISD calls. Only ISD calls require outbound bandwidth to connect with telephones in other countries. All the local and NWD calls are routed through multiexchange servers through which all the telecom operators are interconnected among themselves. Only for ISD outgoing/incoming calls these operators depends upon BTTB which has the only connectivity with international exchanges.

There fore local bandwidth is to feed requests from Bangladesh and submarine cable bandwidth to feed requests from outside the country. The local bandwidth should be in negligible cost. Thus people will be encouraged to host websites in local servers. Moreover this will ensure maximum uptime causing maximum exposure for e-commerce sites. This is the way how the e-commerce culture in Bangladesh can really emerge.

I am not sure whether this methodology has already been established or not, but this really can be a boom. Many companies will come forward with an intension to have a website or web based online operation system. This will not only automate and increase the total output but also will create opportunity for web developers and software firms.

Disclaimer: The above statements are sort of top view of a system and I really can’t dig any deep because of my knowledge limitation. It is possible that the system has already been deployed and I am unaware of it. Constructive replies will be encouraged pointing out whether I was wrong in any point or if the recommended system is not deployable at all.