AshokanKid

“www.ads-software.com will not even allow us to include the legacy interface with the main theme”

Shame on THEM for this… ??

Archaic and closed minded thinking on their part. This may be in part why many are either currently jumping ship from WP or simply starting right out on Wix (argh), Weebly or Squarespace or the like.

They should consider that perhaps there WAS a time when WP was for the dumbed down, point / click crowd, but more and more (again?) WP is for developers. Drupal may again be gaining ground and Drupal is NOT for the faint of heart / dumbed down user, to say the least.

WP users tend to fall somewhere in between the Wix / Weebly crowd and Drupal / J-la! web dev where HTML code (or perhaps even CSS / PHP) is not the kiss of death. The Customizer is horrid to use & horrid to look at. Abysmal POS . . .

/rant

Thanks again Bruce!

AK

Wow, come on folks, READ the thread from the FIRST post, please?

I did not create this thread to discuss common user name obfuscation and hear people yammer on about Facebook & Google & Yahoo (and every other web site) not “hiding” user names / log in email address credentials.

This is about a brand new installation of a web site / blog that INSTANTLY publishes for ALL of the world to see (Hello World) the SITE CREATOR / ADMIN user name upon DEFAULT INSTALL immediately as the very first post.

Imagine if you will, the CREATORS of let us say Facebook or Amazon, etc., contracting to someone writing code for their brand new web site and then immediately upon creation, going live on-line, the SITE ADMIN log in credentials are immediately displayed on a post that states boldly, Hello World?!?!?

L U D I C R O U S ?

Apparently not for WordPress this is not ludicrous, this is standard operating procedure, even now in 2015 when security concerns are at an all time high. Again, not just any user name, the SITE CREATOR / ADMIN name by DEFAULT, instantly and mediately upon the site going live.

Now that I am savvy to this, the very fist thing that I now do upon install is to change / add a nickname to my account and select that as the published / shown name. This is fine now that I have been burned by seeing multiple brute force password guessing attacks by those using my ADMIN name (not admin, of course).

HOW did they even FIND my Admin name so easily and quickly?!?!? We NEVER use admin as an Admin “user name”. Ohhh, DOH, it is because WordPress INSTANTLY publishes my AMDIN / log in credentials by DEFAULT right upon site creation / going live on the internet. BRILLIANT~!

Now, again, for those commenting about email addresses (as log in names) being “public knowledge” and so being available to anyone who has your email address; Not sure about anyone else (site managers / admins), but I own more than 5 email addresses (more like 10 or 20) that are used for various purposes and NEVER use my public email address as ANY site Admin log in, ever.

Besides that, please go forth and see if you can find ANY admin user name log in credential for ANY high profile site like; Google, Yahoo, Amazon, eBay, Facebook and on and on and on. Go on, I dare you, and when you DO find an ADMIN user name / log in credential for ANY high profile web site, publish it here just for fun.

Good luck with that last exercise. ??

NOT about common user names folks, this is about the main, initial SITE CREATOR / ADMIN user credentials published BY DEFAULT instantly and immediately to say Hello World, use THESE credentials to hack my site right NOW because THIS is not just any common user, this is the ADMIN of this site!

SC

Hiding the user name as a security measure is not at all what we are talking about here. Having a fresh install create a sample post with the newly created “admin” user name exactly as the user typed it into the install is just not a great way to start.

I get the feeling that I am not swimming in the right pool here. We want WP to be easy for a newbie user who for some reason in 2015 cannot figure out why their newly created blog has no posts yet (HUH?).

And yet at the same time, that sample post that the newbie somehow needs just so that they know that their blog is working (yeaay!) has the installers user name (who is also the admin) published as the author instantly and immediately by default.

Yeah, yeah, I know, user obscurity is not security, but for anyone wanting a truly secure blog / site, they just MIGHT want to create a user(s) name for blog posting (Author) and another for admin purposes, each with commensurate privileges (WHAT a concept!).

My comment is that the chosen ADMIN name is posted immediately, publicly by default. Not just any user / author, but the ADMIN / installer of the site. Again, I’m here swimming in the wrong pool, I can tell. ??

Oh well… I tried.

P.S. We can talk all day about user name obscurity not being “security” and that user names is how WP, eBay, Amazon, Google and on and on and on is how the site identifies the user, but these are USERS, and not ADMINS and I’ll bet you’ll never see a Google or Amazon admin name posted anywhere.
Default install – sample post – admin user name posted immediately by default – poor security right off the bat

Yes, I totally get and understand the “best practices” approach as well as ongoing security awareness, monitoring and updating continually.

And certainly, user names (hidden) is not actually “security” as such. BUT, again, for a brand new installation to show, by default, the newbie, brand new WP user log-in name immediately on install just seems crazy.

Drupal (by comparison) does not even create / enable a blog by default and certainly does not create a users “sample post”. That would be ridiculous.

WP has matured way past the childish Hello World stage, in my humble opinion and the default install should not contain an instant, immediate post outing the installers log in user name. That should be a choice, not a default.

Whether WP is now being updated for seasoned developers (who really don’t need a sample post, please & thank-you) or for the newbie, first time user (who may be security clueless), the Hello World sample post has long outlived it’s time.

How many new WP installers cruise the forums looking for information & discussion tagged “security” before creating their exciting new WP site? Wonderful that there is (and has been) lengthy discussion on this same topic, past and ongoing, but how about simply ditching the Hello World silliness now?!?!

All good, my friend. Thanks for the reply and assistance. I’ll keep playing with DCG and even with the slight issue, I like the results.

I’m sure that if I just made all of the images the same size / dimensions, everything would work as advertised.

All the best to you~! (Another New Yorker I guess? NY State, not NYC…)

Hi jkrytus;

Your site looks GREAT and the DCG right on the front page is really cool.

I have a similar gallery, but it seems that my pictures do not show as smoothly.
What happens is that smaller pictures that follow larger images still show remnants of the larger image “behind” the new one.

Curious as to what your settings are, if you are using the javascript / mootools or jquery method and if you customized any other display settings?

Also, are you using auto or image URLs? If you (or anyone else) wants to check my site and provide advice or feedback, we are here;

https://GuitarZoo.com

NICE plug-in, still, after having used DCG for a while now. Thanks to the creator~!

AK

Hi Frank;

All good, my friend. I can tell that English is perhaps not your first language and so syntax and grammar is forgiven.
Heck, we have plenty of “English speaking” folks who have a harder time with the English language grammar and syntax!

This plug-in is excellent from what we have seen so far for a simple, basic, no frills scheduler.
Even the free version is just about what is needed and we’ll be testing and playing with it ASAP.

Thanks for the code access tips. I’ll be going in and customizing our email notifications right away.
Meanwhile it is also great to have a developer who is listening and actively working on updates!

Since hacking into the PHP code is typically not for the end user (site owner), it would be very helpful to have Template Files easily accessible to the site owner for editing.

File Templates that would be useful for the site owner to have access to might include;
1. Pop up window for Schedule An Appointment (“Special Instruction” could or should be changed to “Special Instructions” or perhaps something customizable by the site owner, like “Comments” or “Additional Notes”, “Additional Requests”, etc.).
2. Email notifications need to be easily editable so that the site owner could easily customize the Template using their own unique language (may depend on the service that they are providing).

One more thing is that even though we have changed our Calendar Settings Start Day to Sunday, the Admin View still starts on Monday (though the public, site view begins properly on Sunday).

I’m giving this plug-in a big Thumbs Up as a work in progress and will comment more as we continue to use and test.
Thanks SO much for your hard work. This is much appreciated.

AK

Stephen, you are a Prince~!

Hmmm, perhaps I’ll have to hip our local New York musicians to the benefits of a 24 H clock, eh? ??

Of course, then there are the fans, site end users and visitors, which may be a bit harder sell!

It is a little strange that on the Admin Calendar the time can be changed to 12 H or 24 H but the Site Calendar is only 24 H?!?!

I guess that this is what you mean by eventually defaulting to the current WP install defaults for time? That would be GREAT!

Wish that I could assist with your plug-in a little more, but my code experience and capability is minimal.

Know that your work here is MUCH appreciated and your plug-in (even “as-is”) makes life SO much easier for us.

We WILL be donating and probably using your plug-in for other projects now that we have discovered you. Thanks again!

AK

Stephen, you are a Prince~!

Wish that I could assist with your plug-in a bit more, but my code experience and capability is minimal.

Know that your work here is MUCH appreciated and your plug-in (even “as-is”) makes life SO much easier for us.

We WILL be donating and probably using your plug-in for other projects now that we have discovered you. Thanks again!

AK

Indeed, and now I totally agree with you.

This would be an added and unnecessary piece of baggage.

Sorry for suggesting it and I will train my users accordingly.

KILLER plug-in, by the way, with only a few other “issues”.

Will detail in another thread. Close this one out. Satisfied! ??

Personally, I would prefer a 12 H “normal” clock, though I can understand the simpler (for coding) use of a 24 H (Military) clock.

Since I use Unix / Linux and servers, the 24 Hr clock is fine for me, but WHAT musician or event planner EVER uses the 24 H clock?!?!

When viewing the Calendar, the end user (visitor) sees the 24 H format and this is simply unacceptable from any standpoint.

Could there be a simple way (as with the date format) to change back and forth between the 12 H and 24 H clock system? Please?

OK, after looking into various work-arounds we have decided to scrap using Atahualpa in favor of a theme that is fully supported for multi-site networks.

Our feeling is that we would prefer a theme that is in production with full capability intact without using patches or fixes. Atahualpa seems fine for a single web site though.

For our network of sites we do not feel confident in using this theme until the matter of unique headers for individual sites is addressed properly. Many other themes handle this easily.

Thanks for the suggestions though.

Further specific clarification regarding my own scenario.

I have a network of sites and Altahualpa as my theme for several sites. I created a banner image for one of the sites and ULed it to the image folder where Altahualpa grabs it’s banner images from.

At the same time I had to remove the Altahualpa default images from that folder (I actually just renamed the folder “images_archive”. Now my initial site looks great with the original banner image.

The problem now arises with the SECOND site that uses Altahualpa in that there is only ONE “image” folder that Altahualpa accesses for ALL banner images on all sites using Altahualpa.

OOPS., not good. In addition, there is NO way to turn OFF using a header / banner image (that I could find?) and so my second site is loading the FIRST sites unique banner image. Oops again.

The workaround that I had to use temporarily is to tell Altahualpa that for my second site, the banner image height is “0” or zero, which causes no image to be displayed. Not a great solution.

The best way to solve this is to;

A. Be able to turn the banner image on or off in Altahualpa
B. Enable specifying a unique banner image folder for EACH site in a network within that site’s Altahualpa settings.

Am very curious as to what other users are doing in a network setting for Altahualpa banners. Perhaps they are using the Logo feature for the unique per site banner image instead?

AK

Ah, a point of clarification.

Any per-site theme options (which, IIRC, Altahualpa has a lot of), remain PER SITE even in a network.

Thanks for the assistance attempt.

Oddly enough this is exactly what does NOT happen with the banner image(s) because Altahualpa uses a GLOBAL, single banner image folder for ALL sites installed on the network.

In other words, even as many unique characteristics can be accessed and changed per site, apparently the header / banner images are in one bulk folder and affect ALL sites in the network.

This is just the opposite of what one would expect if one is customizing parameters for specific sites within a network of sites. All other settings affect the specific site EXCEPT banner image(s).

What Altahualpa needs to add (so it seems) is a way to specify the banner image folder on a per site basis so that each site can be directed to access a specific banner image folder.

This would be very useful functionality for Altahualpa in a network setting and some might say that it is critical. Without it, one is relegated to using the same images for all sites. Not good.

AK

Thanks for the feedback.

I am not sure what “Custom Header Option” means, but this issue is in regard to installing a theme on a network of sites (Multi-User) where there is only ONE theme folder that serves all the various sites.

As a result, any banner image in that theme folder gets used for ALL of the sites, which is not appropriate if one is using a custom banner image that may include the site name or specific art.

In Altahualpa particularly the theme grabs all images from the themes image folder to use as banner images and there seems to be no way to specify a unique image folder for each site.

The Network Site capability of WorgPress is very powerful and adds much needed capability. Now the themes will need to have implementation based on this new structure.

Thanks again and I will post at the BFA forum for an answer or solution. Perhaps there is a plug-in to allow for unique banner images per specific network site install?

AK