WordPress users, listen up, Alison Gianotto has a few suggestions you should listen to (and maybe prepare for ahead of time) to do when your WordPress blog gets hacked.

It happens to most bloggers at some point your Wordpress blog gets pwned, and you're not sure where to even start. [...] This article will deal with how to restore your Wordpress install, and perhaps more importantly, where to look to try to determine the nature of the attack so that you can make sure it won't happen again.

She talks about what kind of impact a hack could entail - lost time spent restoring, site downtime, etc - and a few things you can do to help minimize these problems:

• Keep Wordpress and Plugins Up to Date
• Ask Your Web Host Where Your Log Files Live
• Backup, Backup and Backup again
• Early Detection Equals Better Reputation Damage Control

She also talks about what to do in the aftermath - finding out exactly what happened, disable all incoming traffic, check modifications dates and record the information. Only then should you restore from backups and keep an eye on the logs for anything suspicious.

Right along with some of the other posts about the "best practices" that Google recently post, the PHP group has also responded to dispel some of the recommendations Google gives.

With regards to the new article posted at http://code.google.com/ speed/articles/optimizing-php.html, all of the advice in it is completely incorrect. We at the PHP team would like to offer some thoughts aimed at debunking these claims, which the author has clearly not verified.

The group through each of the five things Google recommends and tells why they are incorrect including the fact that, while some of the recommendations might have been true back in PHP3, they aren't at all true of the current PHP5 releases.

Chris Jones has changed his stance on something he's been recommending PHP users compiling the OCI8 libraries into their installation - the use of enable-sigchild.

I am no longer blindly recommending using --enable-sigchild when configuring PHP with the OCI8 extension. I used to do this as a catch-all. It might have saved some users grief, and did little harm. With changes in recent versions of Oracle and my gut feel about common usage, it will be less confusing not to mention it as a general suggestion.

The point of using the compile flag was to help with the opening/closing of connections to Oracle server processes, but there's a better way he recommends now - using a "BEQUEATH_DETACH" option of "YES" in the sqlnet.ora/Apache config. If that doesn't work, then look into recompiling with the enable-sigchild option.

After having moved servers just recently, Manuel Lemos has a few helpful hints for anyone out there considering a web site/web server move in the near future:

Despite the benefits of migrating to a better server, the actual migration is a complicated process that can fail in so many ways that I thought it would be a good idea to share what you need to be concerned if you need to migrate your servers too. You need to go through several steps that need to be done in the right order to prevent major headaches.

Here's his ten steps/recommendations of things to keep an eye on during the move:

• Prepare your DNS
• Setup the new server
• Tune the server file system for performance and integrity
• Install the base applications
• Initial data migration
• Put the old server in migration mode
• Bring your new server to life
• Double check your server security
• Epilogue (the final miscellaneous startup/setup items)
• The forgotten step that you remembered

The PHP::Impact blog has a recommendation for those using the memcache functions in their PHP applications - be sure your hashing strategy matches what your script does.

If you are using the Memcache functions through a PECL extension, you can set global runtime configuration options by specifying the values within your php.ini file. One of them is memcache.hash_strategy. This option sets the hashing mechanism used to select and specifies which hash strategy to use: Standard (default) or Consistent.

The recommendation is to set it to consistent to allow for the most flexibility on adding and removing servers from the caching server pool without the need for outside intervention.

Brian DeShong has posted an update for his Zend_Log_Writer_Mail component of the Zend Framework - its now "Ready for Recommendation".

Almost a year ago, I proposed a really simple Zend Framework module, Zend_Log_Writer_Mail. [...] I've received a great deal of feedback, and have only recently committed myself to really pouring over that feedback to polish up the proposal. Thanks to everyone that commented! So, as of tonight, I polished the code up, made what I felt to be the most worthwhile changes, and marked it as "Ready for Recommendation."

You can find out more about the component and leave your own thoughts via the proposal page on the Zend Framework site.

code:diesl has posted their list of the top six books that can help you master the PHP language:

If you are new to PHP or are thinking of moving to PHP form other language then the following list of books will provide you with the required knowledge to become a seasoned PHP programmer. Of course, the list is subjective and you may have a different list of books in mind.

Their list is made up of:

• Zend PHP5 Certification
• PHP in Action
• PHP and MySQL Web Development
• PEAR
• PHP Cookbook
• SQL for MySQL Developers

Matthew Weir O'Phinney has a great new blog post today on the topic so many developers don't even think about when working up their applications - making apps that aren't "loners" and are embeddable.

"Why embed?" you ask. Simple: if I'm creating a site that has one or two of these applications, but also my (or my company's) own custom functionality, I may want to ensure that certain elements are present on all pages, or that I can control some of the content in all pages: a unified header and footer, ability to inject statistic tracking javascript, etc.

The predominant attitudes are either, "Don't embed our app, embed your app in ours," or "Just modify the templates." Neither of these solutions is acceptable.

He proposes a few helpful hints to those developing applications right now to have them be that much more "embeddable" like:

• When using configuration files, use a configuration component that doesn't require use of the global namespace
• Have your bootstrap script call on class methods or functions to do their work
• Better yet, use an MVC pattern in your apps
• Make sure your templates are easily modified to allow developers to strip out header, footer, and menu elements
• Create an API to allow retrieving necessary javascript and CSS
• Don't use $_GLOBALS ever.

In his latest blog post, Tobias Schlitt shares a bit of a book review about one of the latest (German) PHP-related offerings from O'Reilly - PHP Design Patterns.

I seized the time on the tram yesterday night to take a look at it and I have to admit I'm quite impressed. Stephan managed to write down a lot of practical experience in respect to the implementation of OO patterns with PHP.

Tobias talks about the structure of the book (recommending it to anyone looking to learn OOP in PHP), and mentions some of the chapter topics including:

• New OOP features in PHP5
• Basic OOP concepts
• Generation Patterns (Singleton, Factory, etc)
• Behavior Patterns (Subject/Observer, Visitor, Iterator)

While some books only touch the theory of design patterns and avoid giving practical examples to the user, Stephan manages very good to combine both.