Weblog Tools Collection

Thanks for visiting! If you're new here, you may want to subscribe to our RSS feed. This blog posts regular Wordpress news, updates of themes, plugins, ideas, hacks, quick fixes and everything about blogging, especially about Wordpress. Go ahead, subscribe to our feed! You can also receive updates from this blog via email.

Prologue, the WordPress.com theme that mimics Twitter like functionality has undergone a series of updates. The updates are as follows:

• The front page now shows a stream of recent updates instead of one update per user
• Pages now have their own template and look much better
• Avatars are only shown once for sequential posts by the same author (front page and tag pages)
• Post titles are no longer empty, they are generated based on the beginning of each post
• Works out of the box for WordPress.org 2.3.2

Probably the biggest update is the fact that Prologue now works out of the box for WordPress 2.3.2. It didn’t work before because of a function that was used within the author template which wasn’t available in 2.3.2. Because of these updates, Prologue which is now at version 1.2, will have the changes reflected in Subversion (for self hosted WordPress.org blogs) and is available through the Theme selector in WordPress.com

Today, we have a moderately critical SQL Injection Vulnerability that was discovered by HouSSaMix in the “WP-Cal” plugin version 0.x for WordPress. According to the Secunia Advisory:

Input passed to the “id” parameter in functions/editevent.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Users with a malicious intent can conduct SQL injection attacks which may result in the retrieval of usernames, password hashes, and email addresses for users and administrators. However, the malicious user must have knowledge of the database table prefix.

So far, version 0.3 has been confirmed as having this vulnerability with other versions possibly being affected. Secunia states that the solution involves editing the source code to ensure that input is properly sanitised.

Click here to read the original advisory which provides an example of the exploit as well as the vulnerable code.

It is strongly advised that if you are using this plugin, to disable it’s functionality until a patch is published.

The other security bulletin deals with the AdServe Plugin.

A person who goes by the handle “enter_the_dragon” has discovered a vulnerability within the Adserve Plugin version 0.2 for WordPress. The vulnerability can allow malicious users to conduct SQL injection attacks that can result in the retrieval of usernames, password hashes, and the like. Just like the other SQL injection vulnerabilities, knowledge of the table prefix is required to perform these attacks. According to the security bulletin:

Input passed to the “id” parameter in adclick.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

You can check out the original bulletin containing a detailed description of the problem as well as an example of the exploit by clicking here. As with any plugin that experiences a security bulletin, it is strongly encouraged that you disable the plugin in question until a patch is released.

The Life Cycle of a Blog Post, From Servers to Spiders to Suits — to You:

You compose a new post. You click Publish and lean back to admire your work. Imperceptibly and all but instantaneously, your post slips into a vast and recursive network of software agents, where it is crawled, indexed, mined, scraped, republished, and propagated throughout the Web. Within minutes, if you’ve written about a timely and noteworthy topic, a small army of bots will get the word out to anyone remotely interested, from fellow bloggers to corporate marketers.

I could not have described this post (on Wired) better. It is a flash animation that follows a blog post as it makes its way through the Interweb. If you ever wondered how all these disparate peices fit into the blogosphere, this is the food for thought.

One Column Themes

Stripped

Stripped is a minimalist one column theme with the text made up of red and black color. The theme contains no sidebars and the navigation is at the bottom of the page.

Demo | Release Page| Download

Two Column Themes

Forte Magazine Style

Forte is a two column theme which comes built in with lots of features. It comes with ample amount of space to do banner advertisements and tabbed content in the sidebar.

The theme is widget ready and comes with a extended sidebar in the footer.

Demo | Release Page | Download

Three Column Themes

 Ansi Y

Ansi Y is a theme which makes use of black, gray, brown and white colors. The theme is widget ready and makes use of two sidebars.

The theme looks simple and content area is big enough to allow you addition of medium width images.

Demo | Release Page | Download

Artic

A widget ready theme with one sidebar on each side of the content. The theme makes use of gray gradients given it a look like snow / ice.

The content area is small but you can use medium width images in it.

Demo | Release Page | Download

WordCamp is a conference type of event that focuses squarely on everything WordPress. Everyone from casual end users all the way up to core developers show up to these events. These events are usually highlighted by speeches or keynotes by various people. For example, WordCamp Dallas will feature the following speakers

• Matt Mullenweg on WordPress 2.5 and Beyond
• 45 Ways To Power Up Your Blog by John Pozadzides
• How to prevent, detect and stop content theft by Jonathan Bailey
• Cali Lewis and Neal Campbell
• C’mon, Let’s Talk! Building influence and interaction with blogging by Liz Strauss
• WordPress Power Tips by Lorelle Van Fossen
• SEO For Bloggers by Chris Smith
• Aaron Brazell
• A panel of people to discuss the business of blogging: Mark Ghosh, Liz Strauss, and Aaron Brazell
• Testing With WordPress by Jacob Santos

WordCamp is a spin off from the popular BarCamp which was a spin off of FooCamp. Each one of these events are smaller in nature when compared to your particular conference, but they are usually focused on a particular subject. So what can you expect when you attend a WordCamp event? Based on the numerous amounts of videos and photos taken from attendees, you can expect a whole lot of fun in an atmosphere that promotes social interaction.

The first WordCamp conference was held in July of 2006 in San Francisco. Matt Mullenweg pulled this event together in only three weeks time and ended up with about 300 people in the Swedish American Hall. The first international WordCamp event was held in Beijing China on September 1st, 2007. However, not too many people knew of the event. So the first KNOWN international WordCamp event took place in Israel on October 25, 2007. Since then, there have been WordCamps all across the world including Hamburg, Melbourne and soon to be Dallas.

You don’t have to be an expert to show up to WordCamp. In fact, the majority of folks are casual end users/fans of the open source software. The conference is great but what happens at the local pubs after a day of speeches is even better, or so I’ve heard. If you want to learn more about WordPress from those who practically have it within their bloodline, do yourself a favor and purchase a ticket and show up. You’ll be glad you did!

Two Column Themes

Sonette

Sonette is a two column theme which makes good use of the green color. The sidebar has enough space to add 125 x 125 banners. The date and comments meta information is displayed to the right of the post.

The theme is widget ready.

Demo | Release Page | Download

Gradient Brown Beauty

This is a widget ready two column theme which makes use of a mix of brown colors. There are ample amounts of advertising space and you can easily add 125 x 125 and 300 x 300 banners.

This theme also supports tabbed content in the sidebar. This theme is widget ready.

Demo | Release Page | Download

Hope

Hope is a two column WordPress theme which looks quite simple and uses fluid width. The theme uses a mix of pink and brown colors. The header looks good.

Content area and sidebar uses rounded corners. This theme is widget ready.

Demo | Release Page | Download

Futurosity Eos

This theme is built on Sandbox and has a sidebar, meta column, and a main column. The main content area is a bit small.

It is widget ready and use red color for the links.

Demo | Release Page | Download

I recently wrote an article that explained how to configure permalinks in WordPress. In that article, I go over a few different reasons why you would want to use pretty permalinks instead of using the default linking structure. Well, Ted Clayton published an article that took the other side of the permalinks argument. Ted goes into detail on why and how WordPress uses the default linking structure and explains that it’s not as bad as some would make you think. It’s an excellent read and I thank Ted for bringing up the other side of the equation.

There is, in truth, a maze of trade-offs & counterpoints involved in selecting a strategy & tactics for making nicer, people-friendly URLs, for each & every website. Yes, many typical blog-sites will be able to adopt typical, easily-identified Permalink configurations. In the end, though, only you can do it right for your site.

Permalinks - The Big Picture

Calais which is a metadata generation web service that is powered by Reuters is offering up a $5,000.00 bounty to anyone who can develop a plugin that meets the following criteria.

• Tag auto suggestion: Using the content of the blog entry the plugin will provide a list of suggested semantic tags. For example, if the post talks about company “a” buying company “b” the plugin would suggest “Acquisition”, “Company A” and “Company B” as potential tags
• Semantic cloud: We all love tag clouds and we’d like to take it a step further. The plugin should support the generation of a configurable semantic tag cloud of entities and facts derived from the blog’s content
• GUID Incorporation: The Calais web service returns a Globally Unique Identifier (GUID) for each document submitted. The plugin should modify the RSS feed for the site to incorporate the GUID in a TBD location.

Calais looks like they will be holding future bounties. However, they have yet to post any information as to what those future projects might be.Calais has opened up a forum where you can discuss the bounty and contest programs. Good luck!

According to an advisory released by Packetstorm, a fellow by the name of g30rg3_x has discovered two bugs within Dean’s Permalinks Migration Plugin version 1.0. The first bug relates to XSRF and can allow an attacker to force a user to perform an unsolicited action that when combined with an XSS bug that has also been discovered, allows the attacker to gain valid credentials.

g30rg3_x actually provides a detailed explanation into the problem:

Since the variable $dean_pm_config['oldstructure'] its not correctly sanitized (when retrieving), this allow any user to store/save “malicious code” inside the database and later be injected this “malicious code” when the data is retrieved. Using the XSRF as a “combo” we can create crafted pages that will force users to conduct this injection and steal some valid credentials to the WordPress based CMS.

g30rg3_x has tried to contact the author of the plugin but has not had any success in doing so. Instead, he has taken on the liberty of releasing his own special sub-version for the plugin which contains the necessary fixes. The plugin is called 1.1-gx and uses some of the WordPress coding standards that are suggested by WordPress developers. You can download a fixed version of this plugin by clicking here.

AutoInfo

Autoinfo is a plugin which allows you to show information such as users online, registered users, feed subscribers, number of posts, number of ping backs, top 3 commented posts, comments, comments per post, top three commentators and more.

Release Page | Download

Socialize Me

Socialize Me is a plugin which allows you to show custom messages to users visiting your site from Social Networking sites like StumbleUpon, Facebook, Digg, Delicious, Pownce, Twitter, Bebo and more.

You can customize each of the messages that will be shown to the user.

Release Page | Download

OutOfDate

OutOfDate is a plugin which shows a message above all the posts older than the specified number of months. Provides and option to customize the message, layout and number of months beyond which posts should carry the message.

Release Page | Download

Blogger to WordPress Redirection

The plugin allows you to redirect individual blogger posts to their respective posts in WordPress. The redirection will help you send search engine users to the right post on your new WordPress blog.

Release Page | Download

Admin Favicon

The plugin allows you to add a custom favicon for your WordPress Admin panel. Can help you to easily distinguish between admin and non admin tabs for your site.

Release Page | Download

AfLinks

AfLinks allows you to insert affiliate links into WordPress content. The plugin shows a little popup on mouse hover with a image and description of the product. The plugin is compatible for webmasters having an account with affili.net.

Release Page | Download

Mobile Phone Optimized WordPress: Thanks to a tip from Amit, I found a quick and painless way to optimize a WordPress blog (or any blog with a feed for that matter) for use with a mobile phone. The trick is to use Google’s excellent mobile news readers to display your blog. The resulting content is not only lightning fast, it is also well formatted and relatively easy to navigate. To see for yourself, craft the following URI in your browser.

http://www.google.com/reader/m/view/feed/[Your Feed URI]

This is the optimized mobile version of Weblog Tools Collection. Once you have the feed, just create a link on your blog for readers to follow and/or bookmark. Of note is the excellent WordPress Mobile plugin from Alex for those who like a one stop shop.

Deconstructed WP admin theme: Read about this new admin theme on BloggingPro and had to check it out. Deconstructed is a highly minimalistic simple theme for the WordPress backend that is focussed on responsiveness and cleanliness. The menu highlight is a little bright for my taste (as has been noted by others) but the theme is worth a looksee. Installation is simple via a plugin and the author welcomes changes and modifications to the original theme.

Netenberg has released version 2.10.4 r12 of their popular one click install package called Fantastico De Luxe. Fantastico De Luxe is the most widely used application installer throughout the webhosting industry. One of the reasons why it is so popular is that it gives users the ability to skip the process of uploading files and configuring databases and instead, replaces the process with a much simpler one step process.

Many WordPress installations have been performed through Fantastico. However, there are a few disadvantages when installing WordPress in this fashion. First, when WordPress releases an update, the folks at Netenberg have to go through the update and add it into the new version of Fantastico. The amount of time this takes can vary, but I believe if the release contains significant security patches, the Netenberg team tries their best to get the update out as soon as possible. Another disadvantage is the time it takes from when the new version of Fastastico is released to when your web host upgrades. Not all web hosts are on the same time frame. But I know that Fantastico does have a central server that dedicated webhosting servers can hook up to in order to pull down the latest upgrades.

At any rate, the new release of Fantastico contains an update script to take your WordPress install from 2.3.1 to 2.3.2. So be sure to check out your own Cpanel to see if the upgrade is available.

Two Column Themes

Orange and Black

This is a widget ready two column theme with contrasting colors. It makes use of orange and black colors. Content area is quite big allowing to fit in more content, sidebar is to the left of the page.

Sidebar comes built in with Recent Entries and Recent Comments so you do not have to install those plugins.

Demo | Release Page | Download

Simpleton

Simpleton is a two column theme which makes use of simple colors. The theme comes built in with recent comments and recent themes. The sidebar is big enough to fit in two rows of information.

The theme is widget ready.

Demo | Release Page | Download

UnGrid

UnGrid is a three column theme based on grids which is widget ready. The theme features an integrated banner management and a featured about section.

Font color is a bit light and could do better with a darker shade. Features a extended footer section to display more information. Comes in Greenish / Pink and Blue colors.

Demo | Release Page / Download

Three Column Themes

iPhone Theme

Widget Ready theme with vast use of rounded corners for headers. The main header area is a bit small which makes it hard to have a custom logo. Makes good use of gray color throughout the theme.

Sidebar is divided into two columns with additional space to show off 125 X 125 banners.

Demo | Release Page | Download

MackOne

A fluid theme based on dark colors consisting of red and black. The background and graphics are appealing. Makes use of white text for better visibility on the dark background.

The theme is widget ready and comes built in with related posts, Flickr support, recent comments, WordPress native tags and Socializing options.

Demo | Release Page | Download

Blue Iris

Blue Iris is a fluid three column theme with widget ready sidebars. Colors are mostly made up with variations of blue. The theme has a wide content area making it easier to add wider images.

The header section and sidebars can do with a bit of improvement. Sidebars are fitted in too close together.

Demo | Release Page | Download

As January inches to a close, WordCamp Dallas is approaching from right around the corner. WordCamp Dallas is managed by Charles Stricklin who is known as being the host of the popular podcast, (The WordPress Podcast). The event will begin on Saturday, March 29th, 2008 from 9:30 AM-5:00 PM and on Sunday, March 30th, 2008 from 9:30 AM-4:00PM. WordCamp Dallas will be held at the Frisco City Hall which is located at 6101 Frisco Square Blvd Frisco, Texas 75034.

At the time of this writing, there were 261 tickets remaining. Each ticket costs $20.00 and nets you the following:

• coffee and munchies both mornings
• lunch both days
• t-shirts to take home (or to wear one or both days!)

So far, the list of confirmed speakers are as follows:

• Matt Mullenweg
• Cali Lewis and Neal Campbell
• Alexander Muse
• Aaron Brazell
• Lorelle VanFossen
• Mark Ghosh
• John Pozadzides

Thats right folks, your very own Mark Ghosh will be in attendance as a speaker. I actually purchased my admission ticket the other night. Now all I have to do is work out the logistics. I’m looking forward to meeting Mark in person for the first time and it will be interesting to see all of these people who make WordPress what it is, outside of the blogosphere. I’m also looking forward to meeting Ronald Huereca as he will also be in attendance. You can see a full list of attendees that have registered thus far by clicking here. If you plan on going, please register as soon as possible so Charles has a good head count as to the amount of people that will be attending the event.

If you are currently using the latest release of the WP-Forum plugin, listen up. The websec security team has discovered a vulnerability within this plugin that can be exploited by malicious users to conduct SQL injection attacks. According to Secunia:

Input passed to the “user” parameter in the WordPress installation’s index.php script (when “forumaction” is set to “showprofile” and “page_id” to a page with the “<!–WPFORUM–>” tag) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

This vulnerability when exploited successfully allows the individual to retrieve usernames, password hashes, and email addresses for all users, including administrators. However, the user has to have knowledge of the proper database table prefix. This vulnerability has been confirmed in version 1.7.4 which is currently the most recent version available for download.

Description:

WP-Forum is a WordPress plugin that enables you to have a forum directly attached to your WordPress installation. The plugin is based on Simple Forum.

[EDIT] We wish the plugin author was notified of the vulnerability and given a chance to fix it, but there was no mention of it in the advisory. So until a fix is released, we suggest that the plugin is disabled and removed.

[EDIT] As pointed out in the comments, not the same as Simple Forum WP Plugin.

Three Column Themes

Blue Lily

Blue Lily is a three column theme which is quite simple and attractive, the main background is a striking blue with green color for the header. The navigation menu is right on the top of the page making it easily visible.

Content area is big enough and has a gray background. There are two sidebars which you can use to show off additional information.

Widget Ready: Yes

Compatibility: There were no issues that I saw with this theme on Firefox 2+, IE6, IE7, Flock.

Validations: Valid XHTML 1.0 Transitional | Invalid CSS with 1 error

Demo | Release Page | Download

Blue Dream

Blue Dream is a three column theme with a graphical header and rounded navigational menu on the top of the page. The theme comes built in with RSS icons on top of the page to make it easier to subscribe to feeds.

There are two sidebars which can be used to display additional information and advertisements.

Widget Ready: Yes

Compatibility: There were no issues that I saw with this theme on Firefox 2+, IE6, IE7, Flock.

Validations: Invalid XHTML 1.0 Transitional with 32 errors | Valid CSS

Demo / Download

Airborne

Airborne is a three column theme which makes use of clouds in the header and footer sidebar section as a background. The main content area is a bit small which does not allow you to add big images into the content.

There are two sidebars for showing additional content, it also has a footer sidebar where you can add more content allowing you pack all the information like top posts, recent posts etc in a single page.

Note: The release page is in German.

Widget Ready: Yes

Compatibility: There were no issues that I saw with this theme on Firefox 2+, IE6, IE7, Flock.

Validations: Valid XHTML 1.0 Transitional | Valid CSS

Demo / Download