If you’re a regular reader, you’ve probably noticed that things look a little different around here.
The last ThemeShaper remake took place three years ago — it was definitely time for an update! We crafted a child theme of Twenty Sixteen to take advantage of its fresh design and typography, while putting our own spin on it with the addition of Featured Content and footer-widget areas. A subtle grey color scheme and the Bitter and Lato Google Fonts round out the new look. Code snippets are now easier to read and our Twitter account is a little more intuitive to find, too.
We hope you like it! If you notice anything that doesn’t look right, feel free to let us know, either in the comments or by getting in touch directly.
It’s been a while but we finally changed the theme on ThemeShaper! No need to scroll to the footer it’s using Further designed by the illustrious Takashi Irie. We’ve made a few modifications using a simple child theme but it’s pretty close to the stock theme. For now. I’m sure there will be many tweaks over the next few weeks and months.
For the historically minded this is the first theme on ThemeShaper.com not designed or built by me — we should have done that sooner! That said, I hope to continue the tradition of unusual design choices here with more experimentation and the use of cutting-edge magazine themes like Further (check out the infinite scrolling on the home page).
Today marks the first day of my employment as a Theme Wrangler with Automattic and it feels great. I’m more than excited to finally let you know what I’ve been up to for the last little bit.
What can I say besides awesome, awesome, awesome? The enormous opportunity for learning and improvement; all the super-talented, friendly people; the chance to work on so many really, really cool projects—it’s almost unbelievable. This is a dream job for me.
So, yes, really excited. To say the least. And I don’t want to say too much right now so I’m going to keep this short. Though I imagine you have one very big question you’d like me to get to.
In case you didn’t hear ThemeShaper was hacked. You know what? It really sucks. I’ve got two tips and a plugin recommendation that I want to pass on to you so the same stupid thing doesn’t happen to your WordPress install. And these aren’t even my ideas! These are time tested and tried things that just plain work.
After that comes a list of some further plugins and resources that’ll help harden up your WordPress install and keep hackers at bay. So read on.
Do a Fresh Install of WordPress, Plugins, & Themes
Do a fresh install of all WordPress, your plugins, and themes. That means deleting a whole whack of WordPress files just like you were doing an upgrade. And deleting and re-installing ALL your themes and plugins. If you’ve done ANY customization to any one of these files go through them line by line or re-store a local version that never made it to your web server. And while you’re at it start keeping local copies of your edited themes and plugins that have never made it to your web server.
You’re doing this to help make sure your current setup isn’t already compromised.
Hardening WordPress with htaccess
The Blog Security blog has a great article on how to lock out anyone trying to mess with your WordPress files using htaccess. It’s dead simple to do and requires only cut-paste skills and FTP access to your server, and a quick trip to What’s My IP. Anyone can do it. Check it out now and harden your blog.
The Update Notifier Plugin
The single biggest exploitable entry point on any WordPress install is going to be outdated versions of WordPress, themes and plugins. If you don’t know how extreme this can get check out this comment from one of my readers.
I remember when something similar happened to me. Fortunately I managed to find someone willing to help who knew quite a bit more about WordPress than me. The breach was traced to a caching plugin that was out of date by about a week.
The Update Notifier Plugin helps solve this problem by checking the official repository on a regular schedule and sending you an email when it’s time to upgrade.
Update: I’ve done a mass hardening (that sounds gross) on everything here at the ThemeShaper ranch and—and it looks like we’re cool now. Let’s hope things stay that way. Hey!—at least I learned something about WordPress security, right?
I’m not sure when but some time ago ThemeShaper.com was hacked. I’m fairly sure it wasn’t a random sort of script-based bot attack but targeted directly at this site. I know this because the idiot that did this uploaded a hacked version of Thematic to a downloads folder on my site and altered the links on the Thematic landing page to point to it. Crap.
You’ll know you have a hacked version if you’ve got an sv_ss.php file in thematic/library/languages/.
If you’ve recently downloaded Thematic or are worried at all there’s a simple fix. Download Thematic again from the WordPress.org Themes directory and thank God there’s a free central repository for these sort of things.
Again, crap. And my apologies. I like making ‘the WordPress news’ but not for something like this. But I would like to assure you this is not a hack resulting from anything wrong with Thematic. Just one of those things that tends to happen to popular WordPress-based sites. It could happen to anyone.
I just wish it didn’t happen to me. Or you guys.
Now, as for the hack. I don’t know how it happened. It’s been suggested to me that it came through a weak plugin. I usually keep everything up to date here on ThemeShaper so, well, I don’t know. We’ll see, I guess. I do know that last night I discovered my wp-admin and wp-includes directories were 2 megabytes larger than they should be. I deleted them and replaced them. Here’s hoping that put an end to this.
If it doesn’t, and my site disappears suddenly, well, crap, it didn’t work.
Hey, at least the front page isn’t ThemeShaper recommended hosting right? Right?
I’ve got a new project I’m really excited to share with you. In fact, it’s all about sharing. It’s my new home for all the best WordPress stuff—Plugins, Tutorials, Themes, Good ideas—the stuff I find on my crawls through the WordPress-flavored web. It’s easy to spell and it’s fun to say.
It’s Wpazo. Check it out and then come back here to find out more about it.
ThemeShaper’s been redesigned. If you haven’t seen it yet, or want a tour of the design, click on over from your feed-reader, or empty your browser cache. Let me tell you what all the fuss is about.
The last redesign was, a little hasty. It introduced a lot of good things to this site and kept a lot of the bad. And so, for a while now, I’ve been working on a new Thematic Child Theme for ThemeShaper called, The Break.
I’m looking for co-maintainers for the Thematic project to help make Thematic one of the best WordPress themes available, free or “premium”. Specifically, I’m looking for motivated people to help with the following:
Localization: going through the template files and translation files, making sure everything is up to snuff. The future of any successful WordPress theme hinges on universal adoption and I’d like Thematic to be one of the easiest to localize.
Comments: the in-development latest version of Thematic threads comments like PHP-based Singer but I want to make sure it’s doing it the right way. It needs a once over.
Bugs: there’s still a few bugs in Thematic—one I found this morning is particularly annoying. I’m just a PHP hack. Thematic needs a committed enthusiast who likes squashing things like this.