Update: It now appears that the kcyap theme competition was a complete hoax and the site owner made off with 188 WordPress 2.0 specific themes! The site itself has disappeared, the owner doesn’t respond to any questions nor does he make any attempt to restore the posts, etc. You can read up on some of the discussion in the Wordpress Support Forums. I have removed the links to the hoax site so-as to not generate any additional traffic or inbound links for the jerk.

I ask that all theme designers who applied to the scam competition now enter the new, legit one — and also would be extremely grateful if you would submit your themes to me, as well. While I’ve nothing to offer in the way of prizes (wish I could, but hopefully some fame and the knowledge that you’re helping the community will be inspiration enough), I am extremely eager to create a Comprehensive List of WordPress 2.0 specific themes (and have plans to create a blog specifically about themes to make it much easier for folks to find the theme of their dreams). Please email all theme info to howtoblog @ gmail.com with a subject of WP 2.0 theme — thanks!

On March 5th, the WordPress 2.0 Theme Design Competition that was being hosted by kcyap.com claimed that it got hacked (and that his entire database was erased):

“Very regret to announced that this competition blog website had been hacked. I have no backup for all this data and not sure if the server admin did have a backup on it or not. I am very sorry for this incident.

The prizes will still be the same and i will upload once again all the submitted themes on by one from now. This may takes quite some time, please be patient.

The result for this competition will still be announce don the 10th March 2006.”

This should be a reminder to everyone to BACKUP YOUR DATABASE ON A REGULAR BASIS (I’ll write a how-to post on this shortly).

And as many commenters pointed out, it was unacceptable for a site hosting a theme competition of this level to not have backups. Other commenters suggested the site owner use the Google cache to try to retrieve the old posts.

However, the big question that’s on my mind - and which was brought up by CountZero is how did this happen??

“But the really more important task than assigning any guilt to anyone on this case, I suppose, is to find out how the hacker could compromise the machine. Did he use some undiscovered WordPress vulnerability, did he make use of those being published just about a week ago, or did he make use of other security issues on your server? Is it sure that these loophole(s) are closed now, and can you make sure there is no backdoor/rootkit left on the machine now?”

I hope the WordPress team is taking a good look at this to ensure that it wasn’t the result of some previously unknown security vulnerability in WordPress. Was the kycap Theme Competition Blog running on WP 2.0 or WP 2.0.1? And if he was running the latest version (WP 2.0.1), did the hackers get in through a WordPress security flaw, or through some other method related to his specific hosting situation? Or perhaps he had spyware on his PC and they had a keylogger which gave them access to his password so they could just easily log into his account. (Which reminds me that everyone should have Microsoft’s free Anti-Spyware software installed on their Window’s PCs)

Additionally, there has also been speculation that the whole Theme Competition was a hoax (to gain google pagerank?). Many commenters have found it rather suspicious that even if the database was wiped that there still wouldn’t be backups of all of the themes that designers had submitted - after all, they sent them in through email. And what of all the ‘unnamed judges’ (which I always thought was a little shady..) - shouldn’t they have copies of the themes and their descriptions, as well?

IMHO, the Theme Competition site owner (Justin) owes it to the WP community to work with both his webhost and the WordPress team to discover just how that site got hacked, and then reveal that information to everyone - both to restore his credibility and so that we can all know whether we need to be worried about the same thing happening to us - and learn from his situation about how to protect ourselves. Specifically, we need to know whether the hack stemmed from a problem with WordPress security. I’ll rest easier once this information is known, especially since I’m still entrenched in hoards of hours in porting How to Blog over to WP from TypePad (it was easy to import the posts, but there’s all this minutiae that’s taking hoards of hours to deal with as part of the transition).

I’ve decided to use FeedBurner for my feeds for a number of reasons (which I’ll list in an upcoming post), and used Ordered List’s FeedBurner plugin for WordPress to set up a redirect in the .htaccess file so that all calls to my WordPress feed would be automatically redirected to my FeedBurner feed.

But apparently I didn’t get the setup quite right the first time (thanks to Robin for emailing me to let me know my RSS feed wasn’t working!) so I apologize to those of you who tried to subscribe and got error messages.

However, it is now fixed, so please do subscribe to my RSS feed using your preferred news aggregator!

Well, it’s official! I’ve finally gone ahead and done what I’ve been wanting to do for ages now — I ported “How to Blog” from TypePad to WordPress and it now resides happily at http://www.emilyrobbins.com/how-to-blog/

Please update all of your bookmarks and feed subscriptions to reflect the new location!

I’m very excited to have the site powered by WordPress for a number of reasons:

• I can reopen trackbacks on all my old posts (which I’m still in the process of doing) and allow pings on all new posts because WordPress’s anti-spam plugins will delete all the crap (meaning I’m not stuck wading through hundreds of spam a day trying to find legitimate trackback pings) and you will soon be able to trackback to any and all of my posts, restoring full blogging functionality to How to Blog (since you all know I think trackbacks are essential to the blogging experience!) It may be a day or two before all of the posts have been updated to allow pings — in the port from typepad, WP used typepad’s settings and had pings turned off for all posts and unfortunately I haven’t been able to find a plugin that will allow a mass change to all posts to allow pings (developers - there’s an idea for ya!) so I’m sitting here manually going through each post and checking the ‘allow pings’ box, so bear with me
• I can have subcategories!!!!!!!!!!!!!!!!!
• I can finally have pagination controls (previous page, next page), making navigating the blog much easier (and something that TypePad was sorely missing).
• I can have an Archives page which displays Archives by month, by category, as well as an entire archive of every posting on How to Blog, essentially creating a sitemap so that you can more easily find what you’re looking for
• Speaking of sitemaps, I can use the Google Sitemap plugin to automatically generate a Google Sitemaps compliant sitemap of How to Blogand automatically ping Google everytime a create or update a post
• I can save time by using plugins like Jerome’s Keywords to automatically create my technorati tags for me based on the keywords I’ve entered
• I can save time by using the autolink plugin to automatically setup the hyperlinks for me on phrases that I often use, like WordPress
• I can allow people to subscribe to my blog by email using the Subscribe2 plugin, where you can choose how often you want to be notified by email when I create new posts, and you can even specify which categories of posts you want to be notified about
• I can get MUCH better stats, since I’m running wordpress on my dedicated server on my webhost (Prohosters.com) and I get really detailed stats through the use of Sawmill
• I have a seemingly endless number of wordpress themes to choose from (I haven’t had time to figure out what I want to go with for the long haul — I really like the look of Semiologic, but it’s very hard to customize because it requires serious PHP knowledge and whatever theme I choose will likely be heavily customized when I’m done with it — OR, I might just take the plunge and create my OWN theme )
• I can allow people to subscribe to comments on any particular post, and they will then receive subsequent replies to that post through email
• I’m sure there are a million other things I’m forgetting, and I’ll write about them in due time. The one thing I am gonna miss from TypePad is their excellent WYSIWYG editor — WordPress’s is rather disasterous and I recommend that all users disable it. If you still want a wysiwyg interface for blogging, there are several excellent tools available including the Performancing extension for Firefox, the windows client BlogJet, etc

For now, I’ve got to get back to the ultra mundane task of updating all of my old typepad posts one at a time to show the new URL of where the post can now be found and turn of commenting on those posts. Then I get to go through all of my posts in WordPress one at a time and check the box to allow pings. Then I get to email all the people who have linked to my old site and ask them to update their bookmarks. And I get to pray that I don’t lose all of my traffic and the great search engine rankings that I had on my typepad version of the blog.

By the way, I do realize that blogging.typepad.com is certainly an easier URL to memorize than www.emilyrobbins.com/how-to-blog/ - however, I wanted to have it on my emilyrobbins.com domain - but not in the root of the domain as How to Blog is only one part of who I am. And, when I experimented with porting the typepad blog over to wordpress, google immediately started indexing the URLs (something I hadn’t anticipated to happen so quickly - especially since I hadn’t made a final decision as to what I wanted the URL to be - should I use a subdomain or a subdirectory, or should I give it it’s own domain) and rather than having to set up 301 permanent redirects I decided that this must be what fate wanted as the new How to Blog location - so here we are, and I look forward to being able to get back to posting (and I have many posts which need some updating including my theme list) when the drudgery involved with making the move is completed!

Sorry that it’s been ages since my last post, and I haven’t been as good as I’d like about responding to e-mails, but this past month has sucked royally as I’ve been getting migraines almost every other day (which I’m going to start a separate blog about when time permits…)

The good news is that I saw a neurologist at UCSF and I officially do not have a brain tumor (thank God!)

The bad news is that I do suffer from classic migraines, which have been increasing in frequency and severity lately (grrr) and while my doctor prescribed some preventative migraine medications to try, get this: possible side effects of the preventative migraine medications are… MIGRAINES (I have to laugh about it because otherwise I’ll just cry). Needless to say, the first preventative medicine that I tried (Norvasc) was clearly causing me to have more migraines, so I’m now trying preventative medicine number two (Verapamil), but you can only take a half dose for the first 10 days as your system gets used to it (during which time I got plenty of migraines– Joy), and then you can ramp up to the full effective dose. So far I’m on day 13, and am keeping my fingers crossed (it’s been two days without a migraine!!). wish me luck.

More to come later..