Spam protection

In wp-comments-post.php at the top:

<?php if(!empty($_SERVER['SCRIPT_FILENAME']) && 'wp-comments-post.php' == basename($_SERVER['SCRIPT_FILENAME']) && !isset($_SERVER['HTTP_REFERER'])) : 
header('HTTP/1.1 403 Forbidden');
header('Content-Type: text/plain');
exit;
?>

Add to .htaccess:

#Security
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*gregolsen.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L]

From time to time I want to transfer a site from one host to another.  I am not saying this is the best way, but it works for me.  Some FTP/SCP clients allow you to drag and drop from window to window, but I haven't had success with that method.  Assuming I have SSH and SCP, heres what I do:

1. tar the public_html dir.  ex:  go to the public_html dir and type tar -cvf website.tar ./
2. ssh to the new host and go to the target path
3. scp root@<host>:<path to file, incl. filename> ./  ex:  scp This email address is being protected from spambots. You need JavaScript enabled to view it. :/home/site/public_html/website.tar ./  (it will prompt for password)
4. Untar.  ex:  tar -xvf website.tar
5. Fix group and ownership.  Ex:  chown -R owner.group ./
6. Next, you got to transfer databases. 
7. For this, I simply export from one side, then import at the other.  Fix configs and connection strings if necessary.

For large databases:

1. mysqldump databasename -u username -pPassword | gzip >databasename.sql.gz
2. from new host, scp root@<host>:<path to file, incl. filename> ./  (will be prompted for password)
3. gzip -d databasename.sql.gz
4. login to mysql - mysql -u username -p
5. use <databasename>;
6. source <name of .sql file>;
7. test.

I frequently come across issues where my website is not allowed to make a change to a file, or write to a file.  The issue basically comes down to file permissions.  Normally, the files will have user:user and group:user permissions.  Apache will normally be running as something else, in many cases, "nobody".

Enter suPHP.  suPHP is a tool for executing PHP scripts with the permissions of their owners.  This fixes everything!  Well, not quite.  Now, if you happened to give a file or folder 777 permissions, you're screwed.  But, then again, you shouldn't be doing that anyways.  Remember, 755 for directories, and 644 for files!

Just wanted to write this down to remember.  Using JavaScript to detect or pass in a form the keywords used on google to enter a site.

1. wait 25ms or so after the page loads in order to give the filesystem time to write the cookie. (setTimeout)
2. read and parse the _utmz cookie * __utmz tracks where a visitor came from (search engine, search keyword, link)
3. set a hidden variable if passing along in a form, or do your magic with the data.