To get started, let’s take a look at what I think is the best thing to happen to websites ever. It’s called CloudFlare, and it’s awesome.

Not only does this secure the hell out of your site, it also makes it a helluva lot faster. Plus, with the auto-minify features (just turn them on!) you boost your YSLOW/Page Speed performance ratings quite a bit without even trying. A quick list of features: killer security analytics, tracking of outbound links, keeps your website up even during blips of downtime, manages your google analytics and tools, helps to protect against DDoS  attacks, e-mail address obfuscation, challenge pages for compromised visitors, hotlink protection, and plenty more. Best thing? Totes free. But if you want to sign up for their Pro version (which is even awesome-er), then you get some more advanced security features. If it’s what you need, do it, but the basic free plan should be more than enough for most.

Next, let’s talk about spam. It’s annoying. Really annoying. It’s easy enough to prevent on blog posts (almost every CMS offers some sort of spam blocking plugin or feature). On WP, that’s Akismet, and it works really well. But what about your contact forms? Unless you run those through something like Akismet (which requires either a plugin or some code work on your end), you’re going to get hit. There’s two options I would say that you could take:

1. Use a Captcha (IMHO, very annoying)
2. Use a reverse-Captcha (IMHO, very awesome)

The Captcha is this:

…you may recognize this from a previous post. As for a reverse Captcha, it’s something a bit more subtle. You essentially setup a hidden input on your form, and then (either through javascript or server-side validation) reject the form if the hidden field is filled. That’s it! The trick is to make it a field that won’t get filled easily by people’s browser autofill, yet make it enough of a ‘honeypot’ to attract spammers. So I tend to name it something like ‘Linkz’ or ‘Addrezz’, or something that’s just off enough from a legit form field to take care of both requirements. This has been, in my experience, the best way to prevent spam via a contact form. See here to read about how to implement this with the WP Contact Form 7 plugin.

So, those are two VERY easy ways to get a whole lot of protection very easily. If you’re on WP, there are a whole bunch o’ plugins that you can use to add WP specific protection. Right now, I’m using BPS Security, but I also recommend changing the prefixes on your SQL tables from ‘wp_’ to almost anything else.

Finally, I recommend adding a little protection to your .htaccess file, if you have an Apache server. If you use the HTML5 Boilerplate (HIGHLY RECOMMENDED), it has a lot of great added protection already built in to their .htaccess file, so you will be on the right track.

Anyway, that should be enough to get you fairly secure and spam free. I’d love to hear any other suggestions people have.

I almost died when I saw this bundle of pig on the subway with me the other day.

1. I am now employed as the lead technical / front-end developer at Monaco Lange
2. I configured my first instance of an Amazon EC2 server. Pretty awesome / free for a year / superfast.
3. I am planning on learning CodeIgniter in the near future.

In any case, I plan on writing up a little tut on configuring an instance of an Amazon EC2 server, as well as accessing it via SFTP and installing WordPress. Though almost all of it is done via command line, but don’t fret! I am not a superbly amazing command line guy myself, but seriously, it’s not that hard.

I will definitely write a real blog post in the near future, but for now, I have to Brunch. Yes, it’s a verb.

For those who don’t know how a reverse captcha works, allow me to explain. We all (or most of us) know what a captcha does. For reference, here is what it looks like (this one is a recaptcha, but same idea):

Do you get annoyed when you find this at the bottom of a contact form? I DO. And I certainly don’t want potential clients having to refresh this 3 times to read it at the bottom of my contact form. I just want them to fill out the form, and send it.

So, enter the reverse captcha. Rather than checking to see if a form submitter is a human, we check to see if a form submitter is a bot. We do this by adding an invisible input tag to our form that no one will see or fill out. Only bots. That way, our contact form looks totally normal, but still can filter spam.

Unfortunately, this feature is not included in Contact Form 7 (at least, at the time of writing this post). So! We add it ourselves.

*Note* Being as I put this together rather quickly because I just wanted my spam to stop, it involves adding code directly to the plugin – which means that it will be overwritten when the plugin updates. At some point, I’ll find a way to do it and make it up-dateable, but for now, just backup your files or something.

To start, we need to add the hidden input into our contact form that is going to catch those sneaky bots (our ‘honeypot’ if you will). So go to your contact form in the WordPress admin, and add the following:

<p style="display: none;">Linkz [linkz linkz]</p>

I’m choosing to call my honey pot ‘linkz’. But you can call it whatever you want. A word of caution though – try not to name it anything that a browser’s autofill will attempt to fill, because if it does, the person will not be able to submit the form.

Ok. So now we have our hidden honeypot, so now we need to tell Contact Form 7 about it, and how to handle it. We’re going to get our hands a little dirty now – just remember that whatever you add here, you’ll need to replace ‘linkz’ with whatever you called your input. Go into the Contact Form 7 plugin folder and open up text.php (plugins/contact-form-7/modules/text.php).

First, we need to add a line that identifies the type ‘linkz’ (or whatever you called your input). Find the line:

wpcf7_add_shortcode( 'email*', 'wpcf7_text_shortcode_handler', true )

(should be near the top). In the next line, add:

wpcf7_add_shortcode( 'linkz', 'wpcf7_text_shortcode_handler', true );

Next, we need to add a line to the function wpcf7_text_shortcode_handler(). Find the line:

if ( 'email' == $type || 'email*' == $type )
$class_att .= ' wpcf7-validates-as-email';

…and add underneath:

if ( 'linkz' == $type )
	$class_att .= ' wpcf7-validates-as-linkz';

Now we need to add the validation filter. Find the line:

add_filter( 'wpcf7_validate_email*', 'wpcf7_text_validation_filter', 10, 2 )

and add underneath:

add_filter( 'wpcf7_validate_linkz', 'wpcf7_text_validation_filter', 10, 2 );

Ok last step! We need to add the test for the validation – find the if statement that beings with if ( 'email' == $type || 'email*' == $type ) and *after* it (as in, after the if statement is closed) add:

if ( 'linkz' == $type ) {
	if ( '' != $_POST[$name] ) {
		$result['valid'] = false;
		$result['reason'][$name] = wpcf7_get_message( 'spam' );
	}
}

And that’s it! Now, if a bot fills in the hidden field, they’ll be given a validation error and the form won’t be sent. But do yourself a favor and download this file for backup – that way, when you update the plugin and it gets overwritten, you don’t have to re-add it yourself. Though I’ll post an update when I turn this into something that won’t break with an update (my first plugin, perhaps?). Anyway, here’s to a spam-free contact form!

Ok, so I’m a bit late to the party. Just right off the bat, I have to say this is a great band. I’ve been on the lookout recently for some bands that really bring something new to the table, and these guys do. While some songs, such as “Sixteen”, do ring of a certain era (read 50′s blues song, ‘I Put a Spell on You’) and perhaps falls into what I would consider a more derivative style that many modern indie tracks do, they’re diverse enough throughout the album ‘The House That Dirt Built’ to more make up for it. I’m a particular fan of the more aggressive rock / funk of such songs as ‘Time’, and their more well-known song ‘How You Like Me Now’.

Ever since the music industry hit rock bottom, the trend in music has been to really tighten up musical style from track to track, with less deviations and risks in departure from their ‘sound’. I’m not sure if this is merely just playing it safe, but emphasis on the importance of an artist to maintain cohesion in an album has really permeated the music world. I disagree that it’s in the best interest of music – in the age of recycled pop homogeny and risk-free releases powered by labels and the artists sheltered safely under their umbrellas, I find bands who incorporate multiple styles throughout an album while managing to keep a thread of cohesion truly marks an artist as masterful, and the risk tends to be worth it. Take the ‘White Album’ by the Beatles for instance – while stylistically all over the place (almost every band member contributed their own songs and style for the album), it successfully maintains a consistency and balance that, in my opinion, marks it arguably as one of the best Beatles albums released – or at least, the most interesting.

‘The House That Dirt Built’ does this well. It incorporates a plethora of different styles – old James Brown style funk, 50′s blues, reggae, big beat, indie rock – it really spans the gamut. Yet it does it so well that, while each song takes you somewhere else, the balance is maintained and you never forget who you’re listening to. Not to mention the unique voice of lead singer Kelvin Swaby which is unmistakable. The execution from track to track is flawless, and the confidence and ability while transcending and mashing genres is clearly there. What more can you ask for?

Well, turns out it’s a little more complicated than that. Now, I’m not great at configuring Apache servers. I balk when an online resource tells me to change things in my httpd.conf. I don’t like to change things that I don’t completely understand – I know first hand the consequence of a mistake in configuration, and what an absolute headache it is to undo the damage you’ve done.

So, that was where I was coming from when I began to choose between the two. I just wanted to run WordPress locally, predictably, and stable…ly. Anyway. I started with MAMP – being a designer, a pretty looking GUI goes a touch further, and when comparing the two technically, they seemed similar enough (I’ve since learned). At first, it all runs well. I have it running with port 8888 and all is grand. I think to myself, ‘how nice!’.

And then, I need to run a second site, and everything screeches to a halt.

I start looking into solutions online, and they almost all involve altering my hosts file. Some involve even altering my httpd.conf. So, I followed at least 3 tutorials, setting up virtual hosts, etc. Nothing works. Finally, I figure out I can kind of hack a way around it by going into the MAMP preferences and changing the Apache settings root folder. It seems any other solution to running multiple sites involve upgrading to MAMP Pro. Not happening, especially when there’s XAMPP still to try…

Then, one day, everything just stops working in MAMP. I spent about 3 hours trying to get it up and running, but only encountered a whole bunch of 404′s with my localhost. I don’t believe that things just STOP working, and my google-fu is pretty great, so I continued to investigate, and I saw a lot of people have this issue who can’t seem to get it straightened out. That was it – I just couldn’t take another hour of troubleshooting. So I went and downloaded XAMPP – I ran it, added all the extra security settings in terminal (so nice and easy!), imported my SQL exports from phpMyAdmin from MAMP, and bang! Everything just works! Running multiple sites is as easy as just linking to another project folder (I like to keep my sites in my Sites directory). I much prefer this, rather than having to specify the folder in the preferences with MAMP and not seeing the whole link on top. It’s way more similar to how I used to work before when I was just coding basic sites without WordPress.

So, I’m really loving XAMPP. I love that they don’t push a paid version on you. I love that I don’t have to setup virtual hosts, alter my hosts file, or upgrade to pro in order to get multiple sites running. It’s only been a few days thus far, so I suppose it could all fall apart, but here’s to hoping it doesn’t (because I REALLY don’t feel like going back…).

Oh well. I plan to learn both, but perhaps I’ll start with Ruby, being as it seems more intuitive at the moment. They also have some fantastic free learning resources that I’ve found:

• Code School – really awesome. Rails for Zombies is pretty killer (no pun intended/maybe just a little).
• Try Ruby – a tribute to why’s (poignant) guide to ruby. Also built by Code School, but I thought I’d list it separately.
• Why’s Poignant Guide To Ruby – the classic. ‘Nuff said.
• Learn Ruby The Hard Way – I like it, but I think it’s a bit outdated at this point…I think the above links are a bit better, but if you want to try it all, totes give this a shot.

I’ve been checking around, and I hear fantastic things about both languages. If anyone has any preferences or input, I’d love to know!

P.S. – I’m still on the hunt for a new web host, so if anyone has input on that front as well, lemme know. I’m thinking A Small Orange at the moment….

My poor legless cat. Also known as the cloud formation.

And then, I go there 2 minutes later and it takes 9 seconds to load the f****** homepage. Not to mention the blog page. Hence the ‘oy’. Anyway, I leap into action and immediately check my Google Page Speed (A) and then my YSLOW (also, A). I even setup a CDN with Amazon AWS. And, I only even have a few plugins running (and all of them are optimizing page speed security wonderful plugins). Yet, an ungodly 10 seconds to load the blog. Wtf mate?

You probably thought that I was going to give you the answer as to why this is happening. You probably waited 10 seconds for this blog post to load. But you know what? I DON’T KNOW WHAT THE ANSWER IS. At least not yet. So apologies in advance if you’ve been caught waiting for a page to load. Hopefully my immature sense of humor has made up for the 10 seconds you waited. And if not, I’ll give you money (but I actually won’t).

Anyway, cheers. And I’ll post back when I figure out the problem. In the meantime, if anyone has anything to contribute as to WHY this might happen (I’m already speaking with my hosting company), dont be shy.

– UPDATE –

So my host (iPower) tells me that 9 seconds is a reasonable amount of time to wait for a page to load with shared hosting. Guess I’ll be moving on then.

– UPDATE II –

I went ahead and switched over to another company called A Small Orange, and have fallen in love. I’ll be sticking with them for a while.