Author Archive

Theme Malware Anatomy

25
responses

One of the biggest problems facing users of WordPress today especially when it comes to themes is malware. I’ve seen my fair share of websites using themes whose functions.php file contains base64 encrypted code that when decrypted, shows spam links. However, there also a number of themes that have code within them that installs malware onto the web server. After Chip Bennett, one of the Theme Team Reviewers noticed at least one of his themes were being made available on a website that claimed to have free WordPress themes, he discovered that something was not right. All of the themes available on the website contained some sort of malware that would be installed onto the users site once enabled. Otto does a great job going in-depth and explaining exactly how this particular piece of theme malware works. Most of the explanation is over my head but it gives you a […]

[Continue Reading...]

Goal: Not To Be Acquired

5
responses
by
on
December 9th, 2010
in
LinkyLoo

Matt Mullenweg and Toni Schneider both whom are in attendance for the LeWeb 10 conference were recently interviewed by TechCrunch reporter, Alexia Tsotsis. The interview doesn’t go into much detail but we do get a glimpse as to how things are going for Automattic as a company. WordPress.com is getting about 300 million unique pageviews a month from 30 million publishers that make up 10% of the websites on the web. In terms of revenue, Automattic is breaking even but as a company, they make a little under $1 million per month with all services combined. TechCrunch figures that this equates to $10 million a year. Perhaps it’s just me but if that is correct, that number seems pretty low considering how large WordPress.com is. However, the best part of the interview comes down to the final question regarding any potential exit potential for the company. Their response: “Our goal’s […]

[Continue Reading...]

Comment Rating Plugin Fixes Security Vulnerability

No
responses
by
on
December 8th, 2010
in
WordPress Security

If you use the Comment Rating plugin for your WordPress powered site, you are highly encouraged to upgrade to the latest version as it fixes a security vulnerability. More specifically, a Cross-site Request Forgery attack. According to the report at OSVDB.org which is an Open Source Vulnerability Database: The flaw exists because the application does not require multiple steps or explicit confirmation for unspecified sensitive transactions for the admin function. By using a crafted URL (e.g., a crafted GET request inside an “img” tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification. There is no known workaround for versions lower than 2.9.21. Kudos goes to KrebsOnSecurity for reporting […]

[Continue Reading...]

Changes Slated For Akismet

21
responses
by
on
December 7th, 2010
in
WordPress Plugins

Joseph Scott who is working on the Akismet plugin for WordPress notified everyone via the WordPress core development blog that there would be some changes coming to Akismet, starting with version 2.5. In version 2.5 of the plugin, there will be some new files added such as admin.php, akismet,css, akismet.js, and widget.php. There will also be a test mode included with 2.5 which can be activated when WP-DEBUG is set to TRUE or when AKISMET_TEST_MODE is set to TRUE. When test mode is enabled, comments marked as spam will not be sent back to the Akismet servers for learning. There will now be a spam check history section where each comment and interaction that occurs with Akismet will be displayed. Each comment will also have an indication as to what Akismet did with the comment. There are a number of other improvements as well mentioned in the blog post. Anything […]

[Continue Reading...]

One Image Shows The Power Of WordPress

16
responses
by
on
December 6th, 2010
in
WordPress

The fine folks over at Testking.com have created and shared an info-graphic that displays the power of WordPress. The image contains interesting information that can be found within the Codex but has been displayed in a nice, visual form. Notables include: time line of releases and major milestones from 2003 to 2010, web usage of WordPress, percentages of websites using different versions of WordPress, daily user activity and much more. Some of this information seems to be WordPress.com based so keep that in mind. Despite the information at some point being dated, this would still make a great snapshot to use as a poster. The Power of WordPress

[Continue Reading...]

The Groupon Story Started With WordPress

1
response
by
on
December 3rd, 2010
in
WordPress

Andrew Warner who produces the video show Mixergy has published his interview with Andrew Mason, founder of Groupon. While Groupon has recently been given a 5 billion dollar acquisition bid by Google, it wasn’t easy getting started. In fact, Andrew cobbled together scripts and blog posts on a WordPress powered website to get things off the ground. All we did was we took a WordPress Blog and we skimmed it to say Groupon and then every day we would do a new post with the points embedded. It was totally ghetto. We would sell t-shirts on the first version of Groupon. We’d say in the right up, ‘This t-shirt will come in the color red, size large. If you want a different color or size, email that to us.’ We didn’t have a form to add that stuff. We were just, it was so cobbled together. It was enough to […]

[Continue Reading...]

Open-Source Motivations – What’s Yours?

46
responses
by
on
December 2nd, 2010
in
WordPress Discussions

Alex King who’s been a fantastic member of the WordPress community since the creation of the project has published what I consider a fascinating post on his blog regarding his open-source motivations. The post contains his answers to questions provided by David Hobson who is currently performing research into the business/financial models as well as the motivations for open-source projects. There are a number of things that come up during the article that are worthy of discussion. I used to get about $100-200/month in the way of donations through my website. Unfortunately due to changes in the way plugins are presented on WordPress.org that has dried up to about $5/month. While that quote may look like Alex King is looking to rake in some money via donations, the truth is, the Plugin pages have been redesigned and the donation link is now housed within the FYI box with a tiny […]

[Continue Reading...]

WordPress 3.0 Template Tag Reference Guide

3
responses
by
on
December 1st, 2010
in
WordPress Tools

For those developers out there who would like a quick and easy way to reference Template tags in WordPress, you now have another choice. This reference guide was created by DBS Website which is a web design company based in Louisville, Kentucky. There are two versions of the guide. One for WordPress 2.x and another for the 3.0 branch. The guide is set up so that the quick links to various tags show up on the left while information regarding the tag shows up within the center of the page. When you click on a tag, a drop down appears showing information related to the tag as well as a short description. The guide itself does not contain any information that you couldn’t find by browsing the Codex but simply presents an organized look at the various Template tags WordPress has to offer. There are a number of other resources […]

[Continue Reading...]

WordPress 3.0.2 Released, Mandatory Upgrade

11
responses
by
on
November 30th, 2010
in
WordPress Security

Just moments ago, WordPress 3.0.2 was released to the public. This version is a mandatory security upgrade. According to the release notes: This maintenance release fixes a moderate security issue that could allow a malicious Author-level user to gain further access to the site, addresses a handful of bugs, and provides some additional security enhancements. It’s been awhile since we’ve seen one of these types of releases. However, thanks to automatic upgrades built in, upgrading is a pretty easy thing to do.

[Continue Reading...]



Obviously Powered by WordPress. © 2003-2013

page counter
css.php