I thought I’d drop one refresher post here detailing my recent projects just so the few of you who end up here have another launch pad to rocket of!

This year I’ve been pursuing the idea of my Ikigai, trying to get closer to the best work I can do. I’m fairly sure at this point that it involves supporting fledgling entrepreneurs who are just about to, or already have made the leap. I’ve found myself mentoring new entrepreneurs naturally in the past, and have made several businesses helping them with products. Now I’m trying to hammer down even further and really work out what good I can do.

Here’s this years projects so far:

Niche Report.io

A Niche Report is going to be the first step for a new entrepreneur, (or a seasoned one entering a new niche). This new service takes 4 weeks worth of work doing market research, and rips through the process with AI, bots, data crunching and multi-exit oversight (me). In the end you get a market research report on your niche within 24 hours; and it’s got all the key signals you need to inform how you should proceed into the niche, or even if you should.

Project Pages

Project Pages is a WordPress portfolio maker, in essence. It’s a plugin I made 8y ago or so, but I’ve rebooted it. It’s focus is on helping makers, creators, and generally capable people document their creator journeys and try to connect-the-dots of their work. This runs parallel to my overall search for my own ikigai, and you can see I’ve updated my own personal project pages recently.

CoupleFlow.app

CoupleFlow is an AI Insights tool for relationship communication. It sits with you in your couples DMs on Telegram and gives you weekly check-ins which help you grow as a couple. CoupleFlow uses tuned AI which is trained on the latest relationship science to observe for the characteristics of a healthy relationship, and steer you towards it. It might help with a range of communication problems with relationships or marriages. (I will keep improving it with feedback over at CoupleFlow.app.)

I also added a Telegram Chat Analyser which gives users chat stats on their Telegram chats.

A small side project: CRM List.io – compares various CRM apps so you can find the one which fits your business.

As ever, you’ll get up to date stuff on my main website (this is an old blog which only gets an update a decade 😀 ): woodyhayday.com/blog

Here’s to all the makers and entrepreneurs! Long may we make things.

Woody

14th Oct 2024

P.S. I’d also like to mention my friend Mike Stott has started a great new blog on Content that Converts, which is also valuable to new entrepreneurs, check it out!

The post Projects 2024 first appeared on Woody Hayday | Blog.

Traditional and SMTP emails out of php’s main mail() function will often be ignored, it seems, by Hotmail (and sometimes yahoo) if the email contains character without specific mention of the correct character set. It’s irritating as every other carrier seems to just deal with it but Hotmail (and sometimes yahoo) just act like no email ever existed, there’s no bounce-back, no spam folder message – just nothing.

In any case, set the header of your email to contain the character set, and if the email your sending is html then make sure you include that in the email body meta, seems obvious but is annoyingly easy to forget.

e.g. Add this line to whatever headers you are using:

$headers .= "Content-Type: text/html; charset=UTF-8\r\n";

The post Hotmail and Character Sets: Make Sure Your Emails Get There first appeared on Woody Hayday | Blog.

Facebook-Style Photo Viewer – Social Gallery

Social Gallery is a WordPress plugin which adds a fancy “Facebook-style” photo viewer to your blog images. It’s a bit of an improvement on the existing lightbox plugins which have served their time well but really haven’t been innovated in too long. This WordPress plugin came about through the combined timing of a client requirement and a schedule collapse, but the end product has ended up working out quite nicely (you can see it in effect by clicking the image below.)

Click this:

(Photo is one of mine I found lying about in WordPress – Aberaeron, West Wales)

What your seeing is version 1.0, you can see the full website here and buy it for $14 here. Future versions will have some fancy additions such as Disqus comments (as well as Facebook comments) and more clever ways to feed content into its sidebar.

Social Gallery rides off the wave that is Facebook, using a similar photo-viewing style to give your users a better media experience as well as garnering the benefits of association with Facebook. If you think about it 900+ million users will be familiar with this way of viewing images so it makes sense for more of us to adopt it, Social Gallery is a really easy way to add this functionality to your WordPress.

Features:

• Facebook-style lightbox
• Get More Likes & More Shares
• Get More Comments
• Engage your Visitors
• Adds Facebook Comments
• Familiar to Facebook’s 900+ million users
• Easy to Install

If you want to know more just hop over to SocialGalleryPlugin.com

The post Facebook-Style Photo Viewer WordPress Plugin first appeared on Woody Hayday | Blog.

It was a busy November, but it paid off – completed a good few projects for some great clients, and whats more I won no# 1 Top Freelancer @ people per hour!

You can read more about some of my recent projects here, although there’s only a few case studies up, the most public of the projects was a great life planning app that I built to first iteration, you can check it out (DO IT NOW!) @ 5years.me – built in the cloud on PaaS, behind the scenes I have also helped develop a social media analytics platform that is a marketeers wet dream, maybe as it gets properly released I will divulge more on that. Needless to say November was a great month of good work for great clients – off the radar now until my big project in early 2012

The post Recent Projects, Top Freelancer People Per Hour first appeared on Woody Hayday | Blog.

Clock Face by tibchris
Facebook Time in PHP, who the what where?

If you haven’t tried pulling anything time-sensitive out of the graph API yet, don’t, that’s my advice. There is not a single bit of coherent explanation as to how the API hand’s out times, when I first researched it I had written on my pad “Pacific time”…great, did my past (possibly beer holding) self not remember that Pacific time is one thing half the year and another the other half? PDT/PST? Obviously not. What’s more, now when I check (post something on a page, grab it with graph API) – its giving me GMT+00 times, WHEN I’M IN GMT+01.

All I can work out is facebook have either been pleasant enough to convert the time to the users original registration locale (likely, and pleasant) and not noted it down ANYWHERE publicly, or they have chosen to use GMT. Probably the former, either way – facebook developers – we need a better solution for working with facebook times.

The post Facebook time in php – Facebook uses GMT not PDT/PST? first appeared on Woody Hayday | Blog.

You can host facebook apps on any host, but hosting somewhere unsecure (not accessible via https) will flag up the following prompt for anyone browsing to the page with secure browsing turned on (high proportion of fb users.) You CAN also use amazon cloud storage (S3) for free https file storage, up to a level, however you cannot run server side code (php/ASP.NET) without setting up a server with their EC service.

Not pretty eh? What will that do to your conversion rates? Yep nothing good.

Its not just the mavericks either, for example brands like banana republic are still running http stuff, prompting the user with this message on loading their like-capture pages.

Set up 1and1 shared hosting to host Secure SSL facebook apps/applications/tab pages

So anyway here’s the cheap, quick way to hosting your facebook apps SECURELY using 1and1 shared hosting.

1. Log onto admin.1and1.co.uk (or .com)
2. (Optional) Register a domain name which you don’t mind generically hosting your fb content. For me this is www.whfb.co.uk – this will only show up if users looked at the information for the frame, probably wont ever matter, but if you are running a whole host of different niche pages it might be worth it for simplicity/segmentation.
3. Go to domain management section and click “Shared SSL Encryption” under SSL option
   
4. Assign the Shared SSL Encryption to your generic domain/main domain you want to use
   
5. Setup a folder under your domain like you would with any facebook page, use the facebook php api to fangate or just put some html up there, bare in mind all objects referenced in what you put up should direct resources to “https” not http. That is if you reference “http://www.example.com/someimage.png”, switch the http for https (save your own copy of the file if you need to. Referencing images locally in the folder should work fine for http/https if you use the same domain.
6. Setup your facebook app (theres thousands of guides on this…) and set the following (under “Select how your app integrates with Facebook -> Page Tab”)
   
7. Add the app to your facebook fan page and visit it, (setting it as default landing page perhaps ;)) – you should not get any security messages, if you have you need to go back and check your html is pointing to any external elements via https.

Chances are if you are running 1and1 shared hosting (or any other major) then you will have SSLRelays free of charge with your package, what’s more this takes about 1 minute to setup, so test with this before you stick stuff in the cloud!

The post Hosting facebook Apps/Applications/iFrame Pages on 1and1 (SSL) first appeared on Woody Hayday | Blog.

Do you use Auction2Post [A2P]? If you don’t its a wordpress plugin which automatically implants listings from ebay as wordpress posts, including affiliate links through the ebay partner network from which you earn a commission. Its quite useful. Read my post about it here. Anyhow if you don’t use the plugin you can pretty much skip this post, unless you use a similar thing which is generating all kinds of nasty strings you don’t want in your posts

This post will show you how to sanitise your auction2post posts for annoying (and contract breaking) ebay auction strings, it even has 125 rules already in a file for import!

The problem

Auction2Post is great in lots of respects, its well written and does a prescribed job. Where it caused irritation for me is arguably after its done its job, after the wordpress plugin had created its posts. You see you can create posts via templates, which is great, it allows enough customisation for most, however I wanted a bit of text processing as often you are left with irritating auction footers and garbage text which make the user hit back or close at a displeasing rate (some of these ebay strings might actually make your Auction 2 posts sites break ebay partner network terms of service, its really worth sanitising your posts as I describe below!)

The Solution

This problem with Auction 2 Post and wordpress is one of the reasons Automated Editor was born, to give a bit more freedom in text processing, wordpress filters are great but I don’t think filtering hundreds of ebay phrases like that is effective.

If you want to cleanse your Auction2post posts of dirty ebay auction footers and the like here is how I currently do it:

1. Install Automated Editor plugin on the blog in question. (Get it here and install like a normal plugin.)
2. Go to the plugin (Auto Editor on its plugin menu) and read the disclaimer (big red box) and THEN accept it.
3. Download the rules file I have created (Get it at the bottom of this post) and unzip it somewhere.
   
4. Go to “Import/Export” on the Automated Editor plugin menu.
   
5. Choose the aforementioned rules file and hit import.
   
6. You should now have 125 or so rules in your rules list
7. Now go to Schedules on the plugin menu and then click Add New.
8. Scroll down and hit Select All (under the long list of rule checkboxes ebay1, ebay2 etc.)
   
9. Scroll down again and select Most Recent Post from the Target dropdown.
10. Make sure run option is on “After a post is published”.
    
11. Save it.
12. Turn on schedules.
    
13. Post a test post, either via A2P or manually, it should remove any of the 125 annoying (common) ebay auction strings it finds! Sorted.

Notes on this method:

• You will need the Full version (Ultra Pro) of Automated Editor, the free version is limited to 3 rules and this rules file alone has 125 ebay-string removing rules. It’s cheap though here.
• If you already have Auction2Post auction posts in the system you will have to setup a different schedule to operate on those, I usually set this up before I set any automation (it’s quite easy, just do the same thing and switch out “Most Recent post” for “all posts”, run it once then disable the schedule – you don’t want it operating on them all every time!)
• Currently this removes 125 strings I have found previously, mostly from uk auctions, I am considering writing a simplified version of this whole setup, an “Auction2Post Post Cleaner” which you can just activate and leave, perhaps with cloud rules, so watch this space. Good thing about the above setup though is you can continually improve your own rules file by adding your own strings.

Rules File

The link below offers a RAR’d version of my Automated Editor rules file which contains 125 x ebay string removal rules, yours for free Please however do use carefully, as with all automated-editor situations if you don’t understand what you are doing then don’t use it, this is for the people that understand the above problem and have the full version of the plugin.

Download Rules File
[Right click-Save as]

The post Remove unwanted eBay strings from A2P [Auction2post] posts with Automated Editor first appeared on Woody Hayday | Blog.

If you want to read more about the plugin you can check out this post on, What is the point in Automated Editor or go right ahead and get it from wordpress.org or buy the professional version at AutomatedEditor.com.

Watch this space for a few posts on how I use the plugin, (it works fantastically well when rigged up with Auction2Post.)

The post Automated Editor Released! first appeared on Woody Hayday | Blog.

function get_tag_name( $tag_id ) {

     $tag_id = (int) $tag_id;
     $tag = get_term( $tag_id, 'post_tag'; );

     if ( ! $tag || is_wp_error( $tag ) )

          return '';

     return $tag->name;

}

I am writing Automated Editor, a wordpress plugin which will give you a bunch of pro automation possibilities, in case you were wondering.

The post get_tag_name function for wordpress first appeared on Woody Hayday | Blog.

Website hacker entrance vectors (have any security holes?)

Common CMS, E-Commerce systems and forums (out of date or zero day, they all have or have had vulnerabilities) – WordPress, Drupal, OSCommerce, Gallery, PHPBB, VBulletin etc. etc. Particularly relevant here are the open source systems, but they are all susceptible – how many of these do you have installed where? For me these could of been answered with “a lot” and “some places”, clarity has now been restored but more on that later.

CMS Plugins (^^) – Often overlooked (especially by me), installed plugins can in themselves be entry vectors, often CMS’s push their communities to develop additional functionality for their system, which is a good thing, however if the system itself doesn’t deal particularly well with the security of folder structures or indeed how plugins are accessed they can offer ways in. Be careful with plugins which deal with file management and code execution (e.g. file attachers/uploaders etc.) Try to use late version highly rated plugins from reputable sources, with things like WordPress, plugins are low risk though as it has an excellent security model.

Bespoke server-side code and CMS’s – in my experience these is often LESS likely to get hacked, firstly “hackers” in this case are more likely to be script kiddies sitting in web cafes in some of the poorer world nations, they often use known exploits on common systems rather than trawl the web, searching for one off programmer mistakes. If you are behind the bespoke stuff leave out as many foot prints as possible and triple check everything. For bespoke stuff the most likely point of entry is simple SQL Injection, use SQL parameters.

FTP/WebDav – This really comes down to passwords as next indicated.

Passwords – Acquired by trojans or traffic sniffers, it becomes irrelevant what security you have in place across the whole setup if you don’t look after them properly. Avoid connecting to anything unencrypted (or at all if possible) on any network you don’t 100% trust, WIFI and wired, even if it’s a friends they could have a network sniffing Trojan on an idle machine. Install good anti-virus and protection software. Use Avast (free for private use) and Spybot Search and Destroy (these two are plenty.) Be careful with providing access to other users, whether it FTP, CMS, SSH, whatever – you may trust them but do you trust their computers?

Detection and Fixing – Realising you’ve been hit and fixing it

So after they gain entry, what would a hacker really do? Often with web hacking the motivation is kudos, money or sabotage – all are achieved through defacing, deleting or modifying web pages/logic and/or altering/downloading databases. A nightmare from the point of view of shared hosting users.

Depending on how they gain entry a hacker (or their automated executing code) may search through all of the files they can access, through ftp or server-side scripts, built to identify possible files to manipulate. They may download copies of things (e.g. databases!) but will likely set about cycling through all available webpage files and doing things such as:

• Inserting code within the page (iframes to bad websites, links to their websites – designed to improve their search engine rankings, redirect code which just shuttles people on to their sites)
• Replacing the file with a predesigned page (kudos fronts ‘this website was hacked by…’)
• Replacing common server-side functions and variables (e.g. replacing all the send values on email scripts to forward emails to an account other than the owners)

If you have a single site, or 10 or something the chances are you personally check them all every now and again, getting a little facetime at least once a week say. In this case your opportunity for hosting a hacked site is 7 days, not awful, not great – Google and browsers will start blocking your site if the hacker has inserted any code going to malware or similar, and otherwise may start to drop you down the rankings if your site now displays a ‘hacked by..’ page instead of your wholesome site.

In the case of a lot more sites on the host this can mean no detection for a longer time, if no system is in place, often first recognised through a drop in statistics/earnings (more likely earnings as in the case of iframed malware a change in the number of hits can be not hugely obvious.)

To add confusion to the mix it’s not unknown for hackers to mask their changes to you, it’s very easy with .htaccess files and php/asp headers (for example) to show content relative to its viewer. E.g. the hacker could shuttle people coming in from Google to a hacked page but people that access the site directly (typing it in) get shown the normal site. Furthermore they may not hit every site you have, perhaps a handful of random choices, some folders not others, a smokescreen like attack which could change each time.

Chances are once you get all your pages fixed and get around to looking at where the security hole is that when you recheck your sites they would have been hit again. This tells you two things, 1. The hacker is relentless (or more likely has a relentless automated program, exploiting 24/7) and 2. You have not plugged the security hole. Or if you are really unlucky you are being hacker tag teamed.

So anyway, detection. How do you go about knowing the integrity of your web portfolio? What if it spans 10 shared hosting accounts or 4 servers? Well likely if you own your own server you have spent the time/cash in locking everything down, what I suggest here would be useful to you guys but you may already have a better solution in place.

Currently there are a bunch of services which will do this for you, of which I have tried zero. “Monitoring” services are available worldwide ranging in prices drastically, for me though even the high end services didn’t offer a full set of features and were mostly hugely overpriced but for the top 50% of the portfolio, not effective for me.

The good things about using external monitoring services are obvious but none seemed to be able to offer realistic change monitoring (e.g. WordPress blogs may change content between <div id=”whatever”> and </div> every hour but the rest of the page should stay almost the same.) It is important they see the addition of malicious code to good pages and not throw constant false alarms. For ‘this website was hacked by..’ pages though they probably do a good job (as well as malware detection.) Uptime monitoring is also common as part of the packages, useful without doubt.

I suggest another way though of monitoring an established portfolio, that is the way I have resolved my recent hacker attacks, a realistic option for shared host/anywhere-in-the-world-with-a-laptop client based use. Ultimately an extension of a few older applications I wrote to manage a growing portfolio, weathered by several hacks across accounts within the past 6 months – Hard checks of every important file.

At first I wrote my system to simply allow me to take stock of the sites and CMS’s I have in place, to work out possible security holes from behind the scenes – but it turns out it works surprisingly well in identifying breaches. By checking your actual live file structure (.htaccess, index.php, default.aspx, index.html etc.) against a known correct file structure snapshot, you take the whole http part of the checking out of the loop, effectively making it a higher level integrity check than external services can ever offer.

By making Checksums of every critical file (often hackers just hit index.php, index.html, default.aspx etc.) within a given ftp/file structure and then automatically rechecking at scheduled points it becomes easy to minimise your window for financial fallout from hackers. This may seem like a time/bandwidth/processor consuming task but in actuality 100 websites with WordPress installed could be checked in a few Mb of download – in terms of modern data use that’s a few browses of a facebook photo gallery. What’s more it can run in the background, only prompting you on changes to files, as frequently as you want.

The side benefit of producing complete hosting account checksum snapshots is you are also able to accurately backup a working copy of your hosting account. Built into the checking process this means that you can then correct hackers’ malicious changes with a click of a button.

This of course does not take into account more hard-file based websites, database changes or regularly altered sites. I recommend automated screenshots to cover these or the combination of external monitoring services and integrity checking.

I have written an alpha release of this system (named Website Integrity Checker for now) and will gladly distribute/discuss it if you drop me a comment below. A beta copy might make its way out sometime.

The post Hackers wrecking your shared host account? Check your Website Portfolio Integrity first appeared on Woody Hayday | Blog.