The problem: You’ve used .htaccess / .htpasswd to restrict access to the wp-admin directory of your WordPress installation. However, when someone accesses wp-login.php, they can simply click “cancel” or press the escape key in the authentication dialog to reach the WordPress login page:
Click on “Cancel” here……and you still reach the WordPress login page (doesn’t look great, but works).
The solution
You also have to explicitly protect the wp-login.php file. Open the .htaccess file in the root directory (not in the wp-admin directory) and add something like this1:
You’ll have to replace path/to/.htpasswd with the path to your .htpasswd file (which should exist if you’ve already restricted access to your wp-admin directory).
Now, if someone cancels the authentication dialog, they’ll be directed to the default “Error 401” page:
Note: You may still want to install a WordPress security plugin like Cerber. This is how I discovered that I had forgotten to protect wp-login.php on one of my websites.
Clicking on the JetPack sharing buttons in WordPress opens a new window with the parameter ?share=... added to the URL. However, instead of being redirected to twitter or Facebook or wherever you wanted to go, you’re redirected to the post itself again.
The solution:
In my case, this was caused by the “Redirect ugly URL’s” setting in the popular Yoast WordPress SEO plugin (marked as “not recommended”, obviously for good reasons):
After unchecking this option, sharing worked as expected.
If you don’t want to disable this feature, adding “share” to the list of variables not to clean should also fix the issue:
Missing from the discussion is the fact that unencrypted content and unscrupulous ISPs present a small, but growing threat to Google’s business model. Google depends on ad revenue, and insecure connections allow third parties to tamper with data while in transit. ISPs can use this to their advantage by injecting their own ads. This is already happening: see here or here and this topic on reddit. It was also briefly mentioned in one of the comments under the original “ranking boost” announcement:
HTTPS ensures data integrity and would make ad injection not only technically far more difficult, but also most certainly illegal. This also explains why Google says that even simple “content sites” should use HTTPS: they might not collect any user data, but they can still serve ads.
“Being a good citizen of the web” and making the web safer for everyone sounds nice and is certainly something many people working at Google have in mind. However, it would be naive to assume that Google isn’t also looking out for it’s own commercial interests.
As you can see, most of my visitors where looking for , which is a pet supply franchise chain. That’s because I blogged about how badly ‘s Luxembourgish website sucks. Not only is it configured in a way that omitting the “www.” will get you nowhere, even if you make it to their website it’s difficult to locate their biggest store unless you know where to find it on a map (or keep zooming out). This quickly became the most popular post on my blog (pathetic, I know) which means that I’m obviously not the only one who had trouble finding what I wanted on their site.
So here’s a quick reminder of the very basic content you should put on your website (examples are geared towards a brick and mortar store).
The 5 friggin’ Ws – things you should definitely put on your website
Let’s simply take the well-known 5 Ws from journalism and reinterpret them from the perspective of a website visitor looking for information (which should also get us pretty close to the perspective of a search engine trying to determine your website’s ranking). Apparently these basics are so obvious that they’re often forgotten (either that or many people just have no clue of what to put on a website).
Who?
Who are you? Example: We’re “Zombie Megastore”, Luxembourg’s leading store for all you zombie needs.
What?
What exactly is it that you do? Example: We carry a large selection of… well, maybe I shouldn’t have chosen the zombie store example. Anyhow, here’s where you list the things customers can find in your shop so that 1. they’ll find you when searching for your city + a certain item or brand on a search engine and 2. they don’t have to call and ask if you sell product XYZ item before taking the trip to your store.
When?
Opening hours. If you’re closed on certain days, put this on your website. If you’re closing your shop for vacation, put this on your website (yes, I’m looking at you, Luxembourgish shop and restaurant owners who like to take long summer vacations).
Where?
Your address (you might want to include your phone/fax number, email, link to contact form, etc.).
Why?
This is the place where you might think you’ll have to come up with a wonderful story to justify why you’re doing what you do (“when my grandfather turned into a zombie, I realized there was no shop where I could buy thinks to make his… uhm… ‘life’ just a bit better”). That’s cute, but I suggest staying with the customer perspective and just answering the old basic “why should I buy from you”-question. It can be as simple as “we are the biggest store for zombie supplies in the entire state”.
That’s it, the basics. Of course a website can do much more than just answering these questions, but not answering them means you’ll lose potential visitors/customers every day.
Double-u double-u double-u is one of the few things you can say much faster if you say it in German (just say “v v v”). I’m German, so I continuously strive for efficiency (nah, possibly I’m just lazy), which is why it annoys me that I still have to type “www” in front of some domain names to get to the desired website!
I mean, it’s 2008, the World Wide Web has been around for a while, so please, dear webmasters, could you make sure that your website works as http://www.example.com and http://example.com?
Here’s a list of offenders from the past few days (off the top of my head):
Now before you leave a comment and say “why don’t you just use bookmarks or press Ctrl-Enter in Firefox”, let me point out that there’s more to consider: If you can actually reach the same content with and without “www”, so can the search engines. Different URIs for the same resource might mean trouble (“duplicate content”).
AFAIK, the best way to handle both issues is a 301 (permanent) redirect. On Apache, make sure the domain with and without “www” points to the same directory and place an .htaccess file with the following content there (requires mod_rewrite):
RewriteEngine On RewriteCond %{HTTP_HOST} ^example.com$ [NC] RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]
This will redirect users to URL with “www”. BTW, this code was taken from the excellent book “Building Findable Websites: Web Standards SEO and Beyond” [affiliate link]. It also has a chapter about weblogs which I think I should read. 😉
