Weblog Tools Collection

Thanks for visiting! If you're new here, you may want to subscribe to our RSS feed. This blog posts regular Wordpress news, updates of themes, plugins, ideas, hacks, quick fixes and everything about blogging, especially about Wordpress. Go ahead, subscribe to our feed! You can also receive updates from this blog via email.

Lester Chan’s GaMerZ has announced that he has unleashed the first wave of updates for 11 of his WordPress plugins. These include:

• WP-EMail 2.30
• WP-PageNavi 2.30
• WP-PluginsUsed 1.30
• WP-Polls 2.30
• WP-PostRatings 1.30
• WP-Print 2.30
• WP-RelativeDate 1.30
• WP-ServerInfo 1.30
• WP-Sticky 1.30
• WP-Stats 2.30
• WP-Useronline 2.30

The remaining four plugins, WP-Ban, WP-DBManager, WP-DownloadManager, and WP-PostViews will be updated in wave two. Lester has stated that all of these plugins should work in WordPress 2.5 only and they have not been tested in any version below 2.5. Also worthy of note is that the folder path of some of the plugins have been fixed. Previously, the path was nested in another folder which generated a ton of hate mail for Lester because it broke automatic updates. Now that the path has been fixed, the automatic plugin upgrade feature should work correctly.

*Note* I updated my GaMerZ plugins today on my personal blog through the plugin upgrader in 2.5 and all of them were upgraded successfully.

Lester has been developing plugins for WordPress for quite some time now. We have praised Lester’s work at various occasions and we use many of his plugins actively on this site (including the post rating system you see below). He is a meticulous coder, provides extensive documentation, download options and demos and even provides his own support forums. Please be patient with his server, it takes a while to load the linked page but the downloads are mirrored, so they should be quick.

On my own blog, I’m using at least seven of his plugins. If you are using one or more of Lester’s plugins, let us know in the comments.

While reading Lorelle’s awesome post over at the blog herald entitled WordPress Wednesday I noticed a blip she mentioned about Mark Jaquith’s Subscribe To Comments plugin. Apparently, Mark has changed the way in which subscriptions are dealt with by default. In earlier versions, Subscribe To Comments would leave the Subscribe Box check marked by default, causing anyone who commented to automatically be subscribed to that blog post. This in turn created an opt-out way of thinking which has been and continues to be a bad practice.

Mark has changed this around and now leaves the subscribe box blank by default, leaving it up to the end users to decide on whether they would like to subscribe to the post or not. A much needed and welcomed change. Mark even set the plugin up so that even those who want to be subscribed to every post they comment on can do so via cookies:

I appear to have misread into Marks’ post as has been pointed out by both Mark and Lloyd Budd in the comments. What really changed with the plugin is the fact that the site admin now no longer has the configurable option of making the plugin opt-in or opt-out by default. According to Mark,

Before: option of opt-in or opt-out with default of opt-in for new installs. After: opt-in only, but with per-user checkbox stickiness. And yes, the change is old — I just have been getting a lot of e-mail about it and realized I never explained the change publicly.

I realize the change is old and the post I linked to was written in April, but because of the way I read into the post, I thought this was something that needed to be brought up due to the ethical nature of the changes that were made.

Here at WeblogToolsCollection.com, we have already discussed how you can change the color scheme in the WordPress 2.5 administration panel from Classic to Fresh. We have also highlighted an awesome plugin that was written by Kaspars which gives users up to 8 different color schemes to choose from. However, what if you want to create your own color scheme? Thanks to a plugin written by James Dimick called Easy Admin Color Schemes, users can now create their own flavor of the WordPress 2.5 back end.

After downloading and installing the plugin, you can access it by browsing to SETTINGS-COLOR SCHEMES. There are three color schemes to start you off, Classic, Fresh and Washedout. The plugin does not allow you to delete nor edit the Classic and Fresh color schemes. This makes sense as you wouldn’t want to screw up a default skin only to have to reinstall WordPress to fix the issue. However, you can edit the Washedout color scheme which introduces you to the plugins functionality.

The plugin starts off by giving you the chance to name your color scheme. Next, give your color scheme four primary colors. If you don’t know of a six digit color code, there is a small arrow to the right of the text field that will open up a color picker. Opening the color picker and then selecting a color will automatically place the corresponding color code into the text field.

Once you have your four primary colors in order, the next step which is the longest of them all is to go through all of the CSS specific code and change the color code values to something else you prefer. There at least 10 different CSS files which make up the styling of the administration panel. There are more if you want to include support for RIGHT TO LEFT text. This plugin takes all of those CSS files and puts them in one place for you to edit, which makes things so much easier. Also, for those who have javascript enabled in their browser, you can view a live preview of what the changes will look like on an active WordPress administration page. Very handy as it cuts down on the browser refreshes.

One thing that I think this plugin is missing is an easy way for users to share their creations. If a download or save link could be added to the color schemes which would automatically package the necessary files together which could then be saved to my desktop for distribution, this would make the plugin a home run.

If you are looking at adding some spice to your WordPress back end, give this plugin a try. I don’t think it could be any easier than this plugin. The only problem with creating a color scheme is figuring out where each CSS class or DIV is defined. That’s where FireBug comes in.

Good luck and if you happen to create a color scheme using this plugin, be sure to say so in the comments.

Not too long ago, a new plugin was released called WP-Crontrol. WP-Crontrol allows you to take control over what is happening in the WP-Cron system.

WP-Cron is a tangle of black magic that allows a plugin developer or a user to schedule commands to be executed. WP-Crontrol is a plugin that lets a blog owner see through that magic and figure out what’s actually going on

If you want a detailed introduction to this plugin as well as an explanation as to how to use this plugin in conjunction with WP Database Backup to create backups when you want them, be sure to check out this article: Add a new WordPress backup schedule with WP-Crontrol

Also on the radar today is a quick fix for the WordPress 2.5.x image uploader. Awsom.org is reporting that there is a no-flash plugin that is available which returns the previous image upload function from earlier versions of WordPress.

For those of you who have recently browsed to the website that the popular PodPress plugin calls home, you’ll notice that the site is gone and has been replaced by a parked GoDaddy domain page. This GoDaddy parked page has already sent many people into a frenzy. As I’ve monitored my Twitter stream, many folks were already started to think that PodPress may have up and folded for greener pastures. There have also been a forum post or two discussing the possible demise of the PodPress project.

I’ve recently got in contact with the author of PodPress and I have excellent news. The GoDaddy page is the result of a domain registration snafu. The site should be back online either as you read this, or within the next few hours.

While talking with Mightyseek, I learned that the new version of PodPress is almost ready for release. The next version of PodPress promises to be more customizable as in the way it looks on your blog. Mightyseek has also informed me that he plans on creating PodPress ports for Joomla and Drupal which should quickly follow the release.

Speckyboy has created a list of the top 10 security plugins to use with WordPress. The plugins range from AskApache Password Protect to WP Security scan. When asked about security at WordCamp Dallas, Matt Mullenweg responded by saying “The best thing you could do to make sure your blog is secure is to stay up to date with the latest stable versions of WordPress.” Using strong passwords for your administrator account along with not using the default admin account that is created during a WordPress install are also good practices.

For more information in regards to securing your WordPress installation, be sure to check out the Hardening WordPress article on the Codex.

The people over at Viddler have released a new plugin compatible with WordPress 2.5. The plugin is at version 1.1 Beta 1 and is still undergoing testing. Here are a few things you can expect from this new plugin:

• Dashboard widget You can now watch, and help promote, our daily featured videos right from within the Wordpress administration dashboard. There is a preference in the options panel to turn this off.
• Viddler videos in Add Media pop-up One of Wordpress 2.5’s flagship features is the new “Add media” pop-up window when writing posts and pages. Now, you can add Viddler videos in several ways.
• Featured videos Like on the dashboard widget, you are now able to embed featured videos quickly.
• Your videos One quick search for your username, and you can page through every public video you have on Viddler and embed them in your posts.
• SearchThe search features lets you find, and embed, any video on Viddler by searching by tag and/or username.
• Record Using your webcam, or any camera attached to your computer, you can use Viddler’s recorder to quickly record a brand-new video and embed it in your post, all without leaving your Wordpress admin.
• Fixed Wordpress 2.5 jQuery conflict Both our plugin and Wordpress use jQuery, the state-of-the-art Javascript framework, and version 1.0 of our plugin causes conflicts with Wordpress 2.5. Now that is fixed!

Last but not least, a video showcasing the new version in action.

You can download the latest version of the Viddler plugin from their Wiki Developers page.

When I recently wrote a post which pointed to an article that described a few things you should do with your WordPress blog immediately after having it installed, I noticed Collin made a comment in that, WordPress was like the Windows OS where as, it comes bundled with Internet Explorer for a browser while WordPress comes bundled with (albeit fantastic) Akismet for a comment spam blocker.

With that in mind, here are 9 plugins that you can use either as stand alone replacements or in various combinations to combat comment spam. Not all plugins work nicely with others so be sure to read the installation manual if you decide to use any of these plugins on your own blog.

1. Comments For Cookies - This plugin adds a stylesheet to your blog’s html source code. When a browser loads that stylesheet a cookie is dropped. If that user then leaves a comment the cookie is checked. If it doesn’t exist the comment is marked as spam.

2. Bad Behavior - Bad Behavior is an awesome comment spam blocking plugin. If you can imagine, Bad Behavior is like Akismet on steroids. BH is a plugin which contains a series of scripts which block comment spam, trackback spam, guestbook spam, wiki spam, and even protects your site from some malicious website hacking. It’s been rumored that Akismet combined with Bad Behavior is the ultimate anti spam configuration in WordPress.

3. WP-SpamFree - SpamFree takes a somewhat different approach at combating spam by using a combination of JavaScript and cookies. According to the plugin author, most automated bots are stopped dead in their tracks by using this method while normal web site visitors are unaffected. However, the plugin author does state that there may be a few visitors who have JS and cookies disabled who might be annoyed by this plugin but that those people would be far fewer than the 100% of people which would be annoyed by CAPTCHA’s, challenge questions and other validation methods.

4. Spam Karma 2 - SK2 is the successor to SpamKarma. SpamKarma2 developed in 2007 is a an anti spam plugin which contains a wide assortment of options with the ability to find tune it’s effectiveness. SK2 even comes with it’s own module system where you can download separate modules and add functionality to the original plugin if the default is not enough for you. Despite this plugins age, WordPressers are still chanting about how well this plugin works.

5. Comment Inbox - Developed by Mark Jaquith, Comment Inbox gives you the ease of the moderation queue with the freedom of unmoderated comments. Comment Inbox works by placing all comments except caught spam into moderation which is renamed to Comment Inbox. All comments in the Comment Inbox will show up immediately on your blog so conversations don’t become interrupted by moderation time lines. An effective way of dealing with both spam and bacn on your blog.

6. CAPTCHA-Godfather - This plugin offers four different methods of protectio. The first is a verification code which is always generated dynamically. The second is that each verification code is given a session id which is different from the PHPSESSID value. The third protection is that every session id and verification code gets their own time stamp. The time stamp works on the premise that humans need a few seconds or minutes to post a comment. The last protection involved IP addresses. The visitor’s IP is stored with the verification code and only when the comment contains the original IP it’s then saved and held for moderation.

7. Defensio Anti-Spam - This plugin is used by a number of WordPress bloggers. It works similarly in the same way as Akismet as it is an advanced, spam filtering service that learns and adapts to your behaviors and those of your readers. Defensio also includes support for OpenID, detailed statistics and more. With all of this functionality under the hood, it’s no wonder that this is one of the most popular anti spam plugins in use today, outside of Akismet.

8. Worst Offenders - Worst Offenders is a plugin that you can use to help decrease the amount of time you spend looking through messages to determine if they are spam or not. Worst Offenders analyzies messages already marked as spam and then uses several techniques to identify messages with common sources, subjects, and content. The messages marked as Worst Offenders can then be deleted all at once, leaving only a handful of messages to sift through.

9. WP Captcha-Free - WP Captcha-Free blocks automated comment spam without resorting to CAPTCHAs. It does so by validating a hash based on time (and some other parameters) using AJAX when the form is posted. Comments posted via automated means will not have a hash or will have an expired hash and will be rejected. Unlike using a captcha, this does not place any burden on the commenter.

10. Akismet - There is no way in which I am going to write about spam blocking plugins and not include Akismet. Current versions of WordPress come with Akismet installed by default. Akismet uses a unique algorithm combined with a community-created database to “learn” which comments are comment spam and which are legitimate.

The default configuration for Akismet may not be enough for some. In my own experience, I’ve noticed that by check marking the configuration option to allow Akismet to automatically discard spam comments on posts that are older than a month has dramatically lowered the amount of spam in my moderation queue.

As for myself, I am perfectly content with the performance I have received out of Akismet. However, I must note that some of the success tied into Akismet deals with the way I have configured commenting in general on my own personal blog. For example, for a comment to appear on my blog, a user must fill out the name and email text fields. They must also contain a previously approved comment. I have also configured my comment moderation settings to place comments in the moderation queue if they contain two or more links.

Everyone’s comment spam/configuration circumstances are different, so be sure to experiment with different options or techniques to figure out which comment spam blocking recipe works for you. If you would like even more information on how to combat comment spam, check out this article on the Codex.

Stats Helper Functions And Widgets
It helps you retrieve data from wordpress.com stats and puts it on your blog.

Release Page | Download

SEO Image
This plugin will optimize images in all your posts for SEO which will positively affect your image search results resulting in more traffic to your blog.

Release Page | Download

LocalCurrency
Shows currency values to readers in their local currency (in brackets after the original value). For example: If the site’s currency is Chinese yuan and the post contains 10 yuan, a user from Australia will see 10 yuan (AUD$1.53), while a user from US will see 10 yuan (USD$1.39).

Release Page | Download

Organize Series Plugin 2.0
OrgSeries 2.0 takes the “organize” in Organize Series to a whole new level.

Release Page | Download

Devowelizer
The Devowelizer plugin for WordPress replaces the vowels in most “bad language” within your own content and within comments left by visitors.

Release Page | Download

Magic Keywords
The Magic Keywords plugin generates keywords for your individual blog posts and pages. Unlike most other keyword generators, the plugin also looks for two-and three-word patterns, and also groups certain words together into one by crudely checking to see if they might have the same root (e.g. Spam, spammers, spams). Works almost like magic!

Release Page | Download

Jeremy Clarke mentioned to me about a way to search the Codex, WordPress support area and the plugin repository all from within FireFox. If you support users as I do in the WordPress IRC chat room, there are a lot of times where I do a search on the Codex to look up the page for a certain function that someone is inquiring about. Thanks to Jeremy’s tip, I no longer have to visit the actual page to perform a search.

If you visit the MyCroft page on Mozdev.org you’ll notice a number of links that you can click on. Each one of these links are a search engine plugin that was coded for FireFox. What this means is that, you can add WordPress specific search engines to the search engine tool bar within FireFox which is usually occupied by Google by default.

In order to install a SE plugin, simply click on the link that represents the search engine you want to have installed. For example, if you want the WordPress Codex to be one of the search engines within FireFox, click on the WordPress Codex plugin name. Upon clicking on the plugin name, FireFox will ask you if you would like to add the search engine to the list of search engines available in the search bar. Clicking the ADD button will add that specific SE to the list of choices within the search bar.

This tip has been an awesome time saver. Not only can I quickly answer questions in the chat room, but it is more convenient to search the plugin repository from within my browser than to actually search from the actual page.

Joost de Valk has taken notice that there may be a large amount of plugins who’s setting pages in the newly redesigned WordPress back end will look awful. Joost is currently working on redoing all of his own plugins so they look good in the admin panel and has published a post which explains what he found in his research. The post goes over details such as the Wrapper, Headings, Individual Settings, and Submit Buttons.

For all of you plugin authors out there, be sure to check out the WordPress 2.5 Plugin Settings Pages Style Guide. If you are looking to migrate your theme or plugin to WordPress 2.5, check out this article on the WordPress Codex.

This past weekend, I finally had the chance to unveil the new blog design for Jeffro2pt0.com. Because of the new design, I figured it would be a good time to reformat my WordPress installation similar to how you would reformat a PC to place a new installation of Windows on it. This gave me the opportunity to use the built in WordPress Export/Import migration tools.

WordPress eXtended RSS:

Because I didn’t want the trash in my current WordPress database to be inserted into the new database, I chose to export my content via WordPress into an WXR File. WXR stands for WordPress eXtended RSS. This WXR file will contain your posts, pages, comments, custom fields and categories. Even though it’s not officially listed as exporting your tags into the WXR file, the tags ARE included. In my case, I was exporting my content from a WordPress install that was at version 2.3.3 to a fresh install of 2.3.3. I’m not sure if earlier versions of the WordPress Exporter actually export the tags, but if you know the answer, let me know by leaving a comment.

Exporting only the CONTENT portions of my WordPress database into this WXR file saves me from having any of the trash that was within my database being inserted into my fresh install of WordPress. The export process produced a file that came in at 3.2 megs in size.

Once I jotted down a list of all of the plugins I knew that I wanted to have installed, I did a fresh install of WordPress. Let me say that, I was very surprised to see just how fast the WordPress front/back end loads with only 2 plugins installed and activated. I was tempted not to install any plugins, but alas, I trudged on.

The Import:

After installing a fresh copy of WordPress, I clicked on Manage-Import. I noticed that import files had to be 8 megs in size or lower. This is probably due to the php.ini file setting for the size of scripts that can be processed on the server. Some servers set this to 2mb while others such as AnHosting (My Webhost) appear to be a little more lenient. If your file is more than the hard coded limit, I believe you can over ride the settings via some entries in your .htaccess file or you can split the WXR file into multiple files. If I am wrong, please correct me in the comments.

Tags As Numbers Uh Oh!

After my data was imported and I checked out the front page of the blog, I noticed something strange. All of my tags had turned into numbers! They functioned as normal, but everywhere there was suppose to be a tag ended up being a TAG ID number instead. A quick search on the WordPress support forums brought me to THIS FORUM POST which explained the problem.

The current version of the WordPress exporter has a problem where it incorrectly exports the tags. The fixed WordPress exporter is already in the trunk and will be shipped with WordPress 2.5. However, thanks to Otto42 for linking to the fixed file, I was able to download the fix and apply it to my local WordPress install. The bad news is, I had to delete all of the data that the previous import put into place. However, after applying the fix, I re-exported the data from the database and then re-imported the data to my live WordPress blog and my Tags were now WORDS instead of numbers.

After the import was in place, I went through my check list and reinstalled all of the plugins that I found that I actually use. After that was finished, I had a fresh install of WordPress with fresh installations of ONLY the plugins I found valuable to my blog. I hope by now, you sort of get the drift as to why I explain this as reformatting WordPress.

Things I Learned:

Because I performed the first and second import on a live blog, this sent feed readers that were subscribed to my blog into a frenzy as it looked like my blog had over 400 new posts.

In my blog design, I like to use the EXCLUDE parameter for the wp_list_pages function. Because the importing reassigns ID numbers to all of your posts, pages, comments ect, my exclude parameter broke. I had to manually reassign the ID numbers to the exclude parameter so they matched up with the appropriate pages.

I lost my Akismet spam tracking. Before I did the reformat, Akismet had blocked over 12,000 spam messages on my blog. Because of the fresh install of WordPress and the WXR file not exporting that data, my Akismet stats have started over.

I had to re-configure a number of settings. Not everything is exported into the WXR file, so be prepared to re configure your blog if you do a fresh installation.

Your Experience:

The WordPress Codex currently has 28 different articles for explaining how to migrate content from one system to WordPress. This includes migrating from popular CMS’s such as e107, Mambo, TypePad, Typo and even WordPress into WordPress. I’ve noticed plenty of people stopping by the WordPress IRC chat room requesting assistance due to a botched export/import. Have you had the chance to go through the export/import process? If so, please share your experience in the comments below.

S@BUN is at it again, this time, reporting multiple SQL Injection Vulnerabilities within the Photo Album plugin for WordPress. According to the security bulletin:

Multiple vulnerabilities have been identified in Photo Album (plugin for WordPress), which could be exploited by remote attackers to execute arbitrary SQL queries. These issues are caused by input validation errors in the “wppa.php” script when passing user-supplied parameters (e.g. “photo” or “album”) to certain functions (e.g. “wppa_album_name()” or “wppa_photo_name()”), which could be exploited by malicious people to conduct SQL injection attacks.

Multiple security advisory services places this round of vulnerabilities as a Moderate Risk. For example, FrSIRT describes the Moderate risk as being:

Remotely and locally exploitable flaws, which could lead to denial of Service or privilege escalation.

Versions 1.1 and prior of this plugin are vulnerable. As always, it is recommended that you disable this plugin until a patch for it is released.

[EDIT] Version 1.1 is a fix for this vulnerability. Versions 1.0 and prior might be vulnerable.

When you think of uninstall, do you think of completely removing something? The official definition for the word is as follows, (uninstall) To remove completely from a system. I ask this question because I have discovered a problem that needs to be addressed by WordPress plugin authors.

Over the lifespan of a WordPress installation, there may be a number of plugins that are installed and subsequently uninstalled. Typically, the installation of a WordPress plugin consist of uploading files, folders and then activating the plugin within the admin panel. However, some plugins include a bonus. These are the plugins that create database entries either in the form of tables or data.

I’ve used WordPress for over 7 months now, and for those 7 months, I believed that when I deleted the folders and files that were attributed to a plugin, that it was in fact, uninstalled. Only now have I come to realize that this is not the case. Sure, the folders and hardcoded files for the plugin might be deleted, but if that plugin created any database entries, those are left behind unless the plugin author added the ability to delete entries made by the plugin. What does this all mean? It means that over time, your database may be filling up with garbage data that is difficult to get rid of unless your familiar with PHPMyAdmin and working with the actual database. Not to mention, playing with the actual database is risky business. All of this gook that accumulates in the database adds to its size and can cause problems somewhere down the line.

So, I got a hold of a few plugin developers and asked them what the problem was. I thought it had to do with the WordPress Core not providing a way for plugin authors to easily code in uninstall instructions. However, it appears as though this responsibility is entirely of the plugin author. When I consulted with Ronald Huereca, author of the popular plugin WP Ajax Edit Comments and asked him who was responsible for the removal of database code, he replied with:

It is the plugin author’s responsibility to delete any necessary overhead (including options and/or database tables) that a plugin might use. The plugin author can have the user do this manually or at deactivation. But at least have some kind of option.

The purpose of this post is not to chastise WordPress plugin developers but instead, raise awareness of an issue that I don’t think too many people know about. I would be grateful if any of the plugin authors out there would comment on this post and answer a few questions I had.

Why have so many plugin authors neglected to add this functionality to their plugin?

What are some solutions that plugin authors could use to easily add this option to their code?

Should there be tighter restrictions on how a plugin gets into the WordPress.org plugin database?

Looking forward to hearing your responses.

Snap released a new feature that lets you display thumbnail for links on your website. It is called Snap Preview Anywhere^TM.

I’ve released a plugin that makes it extremely easy for you to add the code to your WordPress Blog.

Presenting Snap Preview Anywhere^TM Plugin for WordPress!

As usual the plugin can be configured via WP-Admin. You can also let the plugin automatically add the code to the footer of your theme.

All you need to do is signup for SPA, get the Key and fill it in.

Read more and download »

Presenting my fourth plugin for WordPress.

It is called Open Picture Window Plugin and is based on my Open Browser Window Plugin.

Have you ever wanted to display only a thumbnail and link to the new image. However, you don’t want the image opening in the same window and you don’t want all the toolbars and more in the new window?
This is where the plugin steps in.

Using javascript you can open the image in the new window. You can specify all the properties of the new window. You can also give it a title which is used as alt and title text for the image tag.
The code that is generated is perfect XHTML compliant. Additionally, it also works perfectly if you serve your site as application/xhtml+xml.

Read more and download the Open Picture Window Plugin.

Peter has just released v1.2 of his Sociable Plugin.

It fixes a few more bugs to make it compatible with WordPress 1.5 as well as 2.0.

Social bookmarking sites allow websurfers to save, catalog, and share interesting pages they find online.

The Sociable plugin appends links for your readers to use those sites to the end of each of your blog’s posts, increasing your potential audience.