Matt Cutts: Gadgets, Google, and SEO

Unless you want registered users to be able to edit your blog posts, you should update your WordPress installation to version 2.3.3. It’s a small change, and if you want to you can just replace your xmlrpc.php file with a newer version.

By the way, if you followed the advice in my recent security tips for WordPress post, you wouldn’t have to read about the update on my blog. Instead, you would already be subscribed to the WordPress security/developers’ feed (Atom feed link) that is suitable for subscribing in Google Reader or your favorite feed reader. I highly recommend subscribing to that feed so that you’re less likely to be caught by surprise when there’s a security issue with WordPress.

Sometimes when you install Ubuntu (a flavor of Linux) and then try to install new packages, you get this annoying message:

Media change: please insert the disc labeled
‘Ubuntu 7.10 _Gutsy Gibbon_ - Release i386 (20071016)’
in the drive ‘/cdrom/’ and press enter

To fix that message, click on

System->Administration->Software Sources and uncheck the “CD-ROM/DVD” option at the bottom of the menu:

A while ago I was looking around for how to make my own comments a different color on my blog. Most of the advice was along the lines of “Add code to check if the commenter’s email is the same as the email address of the blog’s author.” Can you spot the flaw in that logic? If a commenter knows the email address of the blog author, she could use the blog owner’s email address in her comment and get her own comment highlighted. Worse yet, someone could try to discover the blog owner’s email address by trying lots of email addresses until they saw their comments change to a different color.

So I dug a little deeper and found a good answer on this support thread. The trick is simple: instead of checking the author’s email address, check their user id to see if it’s the user id of the blog owner. Pretty smart. After that, it was a simple matter of

1. Changing my theme to add an “authcomment” style

I edited style.css and near the bottom added these lines:

.authcomment {
background-color: #B3FFCC !important;
}

2. Editing my comments.php file to add a little code

My comments.php file had a line that looked like this:

<li class=”<?php echo $oddcomment; ?>” id=”comment…

and I changed it to more or less look like this:

<li class=”<?php
/* Only use the authcomment class from style.css if the user_id is 1 (admin) */
if (1 == $comment->user_id)
$oddcomment = “authcomment”;
echo $oddcomment;
?>” id=”comment…

That’s about it. Now I have a distinctive color for my own comments, so you can quickly scan a thread to see when I circle back around to leave a comment.

Update: Here’s one more bonus tip. Use the ‘m’ key to mute a conversation. Suppose you’re on a mailing list and you don’t care about what’s being discussed. The ‘m’ key will mute/murder that entire thread so that you never see that email or any follow-ups. The only way you’ll see the conversation again is if someone adds you to the “To:” or “Cc:” line of an email in the conversation. Read more if you’re interested.

Wow, I can’t believe how many people commented on my late-Friday night post about desired features for Gmail. If you want to suggest something for Gmail, that thread is the better place to do it. But looking through the comments, I saw a few requests that can already be done today. Considering that real Gmail users didn’t know about these options, I’m going to call them power tips.

1. Wayne Schulz said “I want to be able to paste images into the email.” Wayne, it’s not quite the same as pasting images into emails, but one thing that makes image attachments easier is the dragdropupload Firefox extension. You know how you can click “Attach a file” and then you’ll see the familiar “enter a file location or Browse..” form appear? With dragdropupload, you can drag any file (e.g. from your Desktop) and drop it in that text box. It’s a fantastic extension that makes it much faster to include attachments or upload files, and I use it all the time.
2. Jason Bartholme asked about “A sort that would allow for my unread messages to be at the top.” Jason, trying doing a search for label:unread label:inbox . That should show only unread messages that are currently in your inbox. By the way, did you like how I shared a search with you? That was a tip from the Gmail blog. There are other cool labels you can use as well.
3. Julian says
   

   I would like to have a feature for inserting prepared text blocks, so I dont have to write some things over and over again.

   Julian, if you use Firefox, check out the Signature firefox extension to insert text macros. That might work for you.

4. Daniel asked
   

   Crazy feature: I’d like to be able to have an easy way to migrate my entire Google account to a different gmail address, because I can’t find a step-by-step guide or anything to help me switch emails without losing various things.

   According to this post you can enable POP on your old account (look under Settings, then “Forwarding and POP/IMAP”), then import the emails (also using POP) into the new account. I think you could use Gmail’s Mail Fetcher utility to do this. To configure Mail Fetcher on the newer account, click on Gmail’s Settings link, then “Accounts” and then “Add another mail account.” Google Operating System (an unofficial blog that discusses Google often) has a couple relevant posts with a walkthough of using Gmail’s Mail Fetcher and a write-up on how to back up your Google account.

5. Sankarananad asked a related question:
   

   I would love to integrate my google apps account with my default gmail account. Although right now google allows to associate email address there is no way to integrate or link two google accounts (say one @gmail.com and another yourdomain.com powered by google apps).

   Right now the only solution is to forward mails from one box to another! If google makes integration possible we can use a single inbox to check mails from all those email address

   I’m not as familiar with the interaction of regular Gmail versus Gmail on Google Apps. This post described a scary-looking way that might work. If there’s a better way, maybe someone will stop by and let me know?

6. Search Engines Web asked:
   

   The ability to open Word, Excel, PowerPoint and PDF without going to another page and using another software

   S.E.W, this post from Lifehacker mentions that Gmail can offer HTML view or Google Doc options for Word and Excel.

7. Easton Ellsworth mentioned
   

   I’d love to be able to resize the email composition box on the default page - so instead of having to click the icon to open the whole draft in a new resizable window, I’d be able to click and drag to make the draft box bigger (especially vertically).

   Easton, check out the Resizeable text area extension for Firefox. It lets you click on the border of any form textarea and drag the border so the textarea expands. I haven’t checked how it works on the latest version of Gmail though.

8. 1001 noisy cameras said “I think the ability to open emails in new windows would be great - it would help those users who are always multi-tasking.” If you’re looking at an email look at the top-right of the page and click on “New window” to open that email in a separate email.
9. Diego asked
   

   I don’t know if this would be possible, but how about, when clicking on the compose link (or reply etc) if I hold some key as I click on Compose, it opens the new email in its own window? Same thing could go for Replies etc.

   Diego, instead of using ‘c’ to compose a new email, type ‘C’ and you’ll open a new window to compose your email. It looks like using ‘R’ instead of ‘r’ to reply will open a new email for replies too.

10. jonathon asked “Is it me or does the pop3 server sometimes stop working when downloading email from gmail?” I’ve been using getmail to back up my Gmail, and I’ve noticed that Google will only let you download a few hundred emails in one batch. If you fetch again, you’ll often catch up. So usually it’s just a matter of being patient.

I heard a lot of great suggestions that I wouldn’t even have thought of. For example, I liked the idea of a “bounce” option for unwanted emails to make it look as if your email address didn’t exist. Oh, and since so many people asked for cool features, let me add one more feature I want: let me set a different vacation message for co-workers compared to people outside Google. Maybe in Google Apps for Gmail, if you are managing example.com, let people on example.com set a different vacation message for people on example.com vs. other domains?

By the way, what was the funniest suggestion I saw? Jeff Hall won with “A USB breathalyzer kit for a friend who forgets how embarrassing her e-mails are when she gets drunk. The e-mails could be delayed until she provides a negative sample.”

And here’s your bonus tip. If you’re a Gmail power user, three links to check out are the Gmail tag on Lifehacker, the official Gmail blog, and Google Operating System. Lifehacker does so many posts per day that limiting to the Gmail tag will narrow down the posts you see. The Gmail blog is the best place to get official Gmail news first. And Google OS seems to have Gmail-related posts pretty often.

Here are three easy but important ways to protect yourself if you run a WordPress blog:

1. Secure your /wp-admin/ directory. What I’ve done is lock down /wp-admin/ so that only certain IP addresses can access that directory. I use an .htaccess file, which you can place directly at /wp-admin/.htaccess . This is what mine looks like:
   

   AuthUserFile /dev/null
   AuthGroupFile /dev/null
   AuthName “Access Control”
   AuthType Basic
   order deny,allow
   deny from all
   # whitelist home IP address
   allow from 64.233.169.99
   # whitelist work IP address
   allow from 69.147.114.210
   allow from 199.239.136.200
   # IP while in Kentucky; delete when back
   allow from 128.163.2.27

   I’ve changed the IP addresses, but otherwise that’s what I use. This file says that the IP address 64.233.169.99 (and the other IP addresses that I’ve whitelisted) are allowed to access /wp-admin/, but all other IP addresses are denied access. Has this saved me from being hacked before? Yes.

2. Make an empty wp-content/plugins/index.html file. Otherwise you leak information on which plug-ins you run. If someone wanted to hack your blog, they might be able to do it by discovering that you run an out-of-date plugin on your blog and then they could exploit that.
3. Subscribe to the WordPress Development blog at http://wordpress.org/development/feed/ . When WordPress patches a security hole or releases a new version, they announce it on that blog. If you see a security patch released, you need to upgrade or apply the patch. You leave yourself open to being hacked if you don’t upgrade.

And here’s a bonus tip: in the header.php file for your theme, you might want to check for a line like

<meta name=”generator” content=”WordPress <?php bloginfo(’version’); ?>” /> <!-– leave this for stats please -->


I’d just go ahead and delete that line or at least the bloginfo(’version’). If you’re running an older version of WordPress, anyone can view source to see what attacks might work against your blog.

Hat tip to Reuben Yau and Shoe.

Update: In the comments, Joshua Slive pointed out that the .htaccess file shouldn’t have a <LIMIT GET> around the IP addresses. That would have allowed IP addresses to POST, for example. Joshua, thanks for the pointer to the Apache docs on this point.