Prologue, the WordPress.com theme that mimics Twitter like functionality has undergone a series of updates. The updates are as follows: The front page now shows a stream of recent updates instead of one update per user Pages now have their own template and look much better Avatars are only shown once for sequential posts by the same author (front page and tag pages) Post titles are no longer empty, they are generated based on the beginning of each post Works out of the box for WordPress.org 2.3.2 Probably the biggest update is the fact that Prologue now works out of the box for WordPress 2.3.2. It didn’t work before because of a function that was used within the author template which wasn’t available in 2.3.2. Because of these updates, Prologue which is now at version 1.2, will have the changes reflected in Subversion (for self hosted WordPress.org blogs) and is […]
[Continue Reading...]
Author Archive
Today, we have a moderately critical SQL Injection Vulnerability that was discovered by HouSSaMix in the “WP-Cal” plugin version 0.x for WordPress. According to the Secunia Advisory: Input passed to the “id” parameter in functions/editevent.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Users with a malicious intent can conduct SQL injection attacks which may result in the retrieval of usernames, password hashes, and email addresses for users and administrators. However, the malicious user must have knowledge of the database table prefix. So far, version 0.3 has been confirmed as having this vulnerability with other versions possibly being affected. Secunia states that the solution involves editing the source code to ensure that input is properly sanitised. Click here to read the original advisory which provides an example of the exploit as well as the vulnerable […]
[Continue Reading...]WordCamp is a conference type of event that focuses squarely on everything WordPress. Everyone from casual end users all the way up to core developers show up to these events. These events are usually highlighted by speeches or keynotes by various people. For example, WordCamp Dallas will feature the following speakers Matt Mullenweg on WordPress 2.5 and Beyond 45 Ways To Power Up Your Blog by John Pozadzides How to prevent, detect and stop content theft by Jonathan Bailey Cali Lewis and Neal Campbell C’mon, Let’s Talk! Building influence and interaction with blogging by Liz Strauss WordPress Power Tips by Lorelle Van Fossen SEO For Bloggers by Chris Smith Aaron Brazell A panel of people to discuss the business of blogging: Mark Ghosh, Liz Strauss, and Aaron Brazell Testing With WordPress by Jacob Santos WordCamp is a spin off from the popular BarCamp which was a spin off of FooCamp. […]
[Continue Reading...]I recently wrote an article that explained how to configure permalinks in WordPress. In that article, I go over a few different reasons why you would want to use pretty permalinks instead of using the default linking structure. Well, Ted Clayton published an article that took the other side of the permalinks argument. Ted goes into detail on why and how WordPress uses the default linking structure and explains that it’s not as bad as some would make you think. It’s an excellent read and I thank Ted for bringing up the other side of the equation. There is, in truth, a maze of trade-offs & counterpoints involved in selecting a strategy & tactics for making nicer, people-friendly URLs, for each & every website. Yes, many typical blog-sites will be able to adopt typical, easily-identified Permalink configurations. In the end, though, only you can do it right for your site. […]
[Continue Reading...]Calais which is a metadata generation web service that is powered by Reuters is offering up a $5,000.00 bounty to anyone who can develop a plugin that meets the following criteria. Tag auto suggestion: Using the content of the blog entry the plugin will provide a list of suggested semantic tags. For example, if the post talks about company “a” buying company “b” the plugin would suggest “Acquisition”, “Company A” and “Company B” as potential tags Semantic cloud: We all love tag clouds and we’d like to take it a step further. The plugin should support the generation of a configurable semantic tag cloud of entities and facts derived from the blog’s content GUID Incorporation: The Calais web service returns a Globally Unique Identifier (GUID) for each document submitted. The plugin should modify the RSS feed for the site to incorporate the GUID in a TBD location. Calais looks like […]
[Continue Reading...]According to an advisory released by Packetstorm, a fellow by the name of g30rg3_x has discovered two bugs within Dean’s Permalinks Migration Plugin version 1.0. The first bug relates to XSRF and can allow an attacker to force a user to perform an unsolicited action that when combined with an XSS bug that has also been discovered, allows the attacker to gain valid credentials. g30rg3_x actually provides a detailed explanation into the problem: Since the variable $dean_pm_config[‘oldstructure’] its not correctly sanitized (when retrieving), this allow any user to store/save “malicious code” inside the database and later be injected this “malicious code” when the data is retrieved. Using the XSRF as a “combo” we can create crafted pages that will force users to conduct this injection and steal some valid credentials to the WordPress based CMS. g30rg3_x has tried to contact the author of the plugin but has not had any […]
[Continue Reading...]Netenberg has released version 2.10.4 r12 of their popular one click install package called Fantastico De Luxe. Fantastico De Luxe is the most widely used application installer throughout the webhosting industry. One of the reasons why it is so popular is that it gives users the ability to skip the process of uploading files and configuring databases and instead, replaces the process with a much simpler one step process. Many WordPress installations have been performed through Fantastico. However, there are a few disadvantages when installing WordPress in this fashion. First, when WordPress releases an update, the folks at Netenberg have to go through the update and add it into the new version of Fantastico. The amount of time this takes can vary, but I believe if the release contains significant security patches, the Netenberg team tries their best to get the update out as soon as possible. Another disadvantage is […]
[Continue Reading...]As January inches to a close, WordCamp Dallas is approaching from right around the corner. WordCamp Dallas is managed by Charles Stricklin who is known as being the host of the popular podcast, (The WordPress Podcast). The event will begin on Saturday, March 29th, 2008 from 9:30 AM-5:00 PM and on Sunday, March 30th, 2008 from 9:30 AM-4:00PM. WordCamp Dallas will be held at the Frisco City Hall which is located at 6101 Frisco Square Blvd Frisco, Texas 75034. At the time of this writing, there were 261 tickets remaining. Each ticket costs $20.00 and nets you the following: coffee and munchies both mornings lunch both days t-shirts to take home (or to wear one or both days!) So far, the list of confirmed speakers are as follows: Matt Mullenweg Cali Lewis and Neal Campbell Alexander Muse Aaron Brazell Lorelle VanFossen Mark Ghosh John Pozadzides Thats right folks, your very […]
[Continue Reading...]Matt Cutts has published an article which highlights three different ways to secure your WordPress installation. The first tip involves locking down your Admin directory. Matt configures his .hatccess file so that only his IP address is allowed to access the WP-Admin directory. For the second tip, you should create a blank index.html file to place into your wp-content/plugins directory. Not doing so allows your plugin folder to be wide open, giving nosy people an idea as to what plugins you have installed. Matt’s third and final tip involves subscribing to the official WordPress development blog – http://wordpress.org/development/feed/ As we should all know by now, this is the best way to stay up to date. Matt also offers a bonus tip where he suggest removing the line of code within your header.php file that publishes your WordPress version. All of these are excellent tips. But what do you do to […]
[Continue Reading...]About the Author
- Jeff Chandler
Categories
- bbpress
- Best of WordPress
- Blog Templates Blog Skins Blog Themes
- Blogging
- Blogging Essays
- Blogging News
- brainstorming
- buddypress
- Business of Blogging
- CMS
- Code
- Cold Fusion
- Community Interviews
- Cool Scripts
- General
- HOW-TO
- LinkyLoo
- Movable Type Plugins
- Photolog Script
- Podcasting
- QuickLinking
- Spam
- SXSW
- TLA
- Tutorials
- User Reviews
- Web Design
- Web Ethics
- Weblog Add-Ons
- Weblog tools blog tools blogging tools
- Weekly Plugin Review
- WLTC Community
- wordcamp
- WordPress
- WordPress Discussions
- WordPress FAQs
- Wordpress for Beginners
- WordPress Hack
- WordPress News
- WordPress Plugin Competition
- WordPress Plugins
- WordPress Polls
- WordPress Security
- WordPress Templates WordPress Skins WordPress Themes
- WordPress Tips
- WordPress Tools
- WordPress Troubleshooting
- WordPress Weekly
- WordPress Widgets
- WordPress WishList
- XHTML Tips
Obviously Powered by WordPress. © 2003-2013
