If you are currently using the latest release of the WP-Forum plugin, listen up. The websec security team has discovered a vulnerability within this plugin that can be exploited by malicious users to conduct SQL injection attacks. According to Secunia: Input passed to the “user” parameter in the WordPress installation’s index.php script (when “forumaction” is set to “showprofile” and “page_id” to a page with the “<!–WPFORUM–>” tag) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This vulnerability when exploited successfully allows the individual to retrieve usernames, password hashes, and email addresses for all users, including administrators. However, the user has to have knowledge of the proper database table prefix. This vulnerability has been confirmed in version 1.7.4 which is currently the most recent version available for download. Description: WP-Forum is a WordPress plugin that enables […]
[Continue Reading...]
Author Archive
Compete has released a list of the fastest growing and declining sites of 2007. These stats are made up of the top 1,000 domains in between December of 2006 and December of 2007. Among those domains that grew the most (and that are safe for work) include, iamfreetonight.com, podshow.com and techcrunch.com. The domains that saw a negative change of at least 90% include bolt.com (due to bankruptcy) broadcaster.com and octanetv.com. However, WordPress.com appears to have grown by 523% with 24,393,457 visits. WordPress doesn’t appear to be slowing down anytime soon and thats some positive news.
[Continue Reading...]Quite often, we hear of the terms (permalinks or pretty permalinks) which can also be called SEO-friendly URLs. These URLs are not only SEO friendly, but I believe they are human friendly as well. By default, WordPress uses URLs that look like a mishmash of letters and numbers with a few question marks mixed in for good measure. These types of links are frowned upon by search engine spiders and as a human being, they are also hard to read. Fortunately, WordPress provides a way for us to change this linking structure to something understandable. WordPress calls these Permalinks. Permalink settings can be configured a number of different ways. One of the ways to quickly configure permalinks is by choosing one of the Common Options. These common options include: Default – http://www.domain.com/?p=123 Date and name based – http://www.domain.com/2008/01/15/sample-post/ Numeric – http://www.domain.com/archives/123 There is no sense in using the default option […]
[Continue Reading...]First off, I want to thank each and every one of you who put your thinking caps on and came up with some awesome ideas and solutions for this perplexing problem. I think its time to consolidate the ideas that we came up with, and review what the underlying problems are. Nick was first out of the gate For both of my plugins, I provided uninstall capability. Whenever the user deactivates the plugin, it is effectively uninstalled, removing all data related to the plugin. The user could then do whatever they wanted with the file containing the plugin. It was easy to do it this way because WordPress provides a hook for action upon deactivation of a plugin. The problem that I and many others have is that, deactivating a plugin should not have the same affect as uninstalling it. This is wrong. Who wants to reconfigure their plugin after […]
[Continue Reading...]When you think of uninstall, do you think of completely removing something? The official definition for the word is as follows, (uninstall) To remove completely from a system. I ask this question because I have discovered a problem that needs to be addressed by WordPress plugin authors. Over the lifespan of a WordPress installation, there may be a number of plugins that are installed and subsequently uninstalled. Typically, the installation of a WordPress plugin consist of uploading files, folders and then activating the plugin within the admin panel. However, some plugins include a bonus. These are the plugins that create database entries either in the form of tables or data. I’ve used WordPress for over 7 months now, and for those 7 months, I believed that when I deleted the folders and files that were attributed to a plugin, that it was in fact, uninstalled. Only now have I come […]
[Continue Reading...]As discussed in the developer mailing list, the next release of WordPress will be in March instead of January because of the holidays and the amount of changes that will take place in the codebase as well as the admin section. The decision was made to consider 2.4 a skipped December release and move straight on to 2.5. The reasons for the change in the schedule include some good things cooking in the oven and the developers do not want this to become a rushed release. So to sum things up. There will be no 2.4. Instead, we will see 2.5 which is scheduled for release in March. Various official docs and roadmaps will be updated in due course.
[Continue Reading...]Welcome to part two of a two part series of articles that will guide you through the process of installing a fresh copy of WordPress or your public WordPress blog to your local machine. The first part of this series covered the installation and configuration of WampServer. Now it’s time to move on to the hard, technical stuff. Installing WordPress Fresh: One thing you must know before we move on is that, by default, your database username is ‘root‘ and the default password is blank. In other words, there is no password assigned to the username of root. This would be extremely insecure if this web server were made available to the public but because it’s assigned to the local address of your machine, you have nothing to worry about. To begin, left click on the WampServer icon and select PHPMyAdmin. Where the text labeled CREATE NEW DATABASE is located, […]
[Continue Reading...]Welcome to part one of a two part series of articles that will guide you through the process of installing a fresh copy of WordPress or your public WordPress blog to your local machine. The first part of this series will guide you through the installation and configuration of a piece of software called WampServer. Why would you want to do this you ask? Having your WordPress blog installed on your local machine not only acts as a backup, but it gives you the option of really digging into the inner workings of your blog without having to worry about it breaking and therefor, rendering the thing useless to the public. Not only that, but it’s much faster to play with things on your local machine than it is with a LIVE site on the internet. For this article, I am using Windows XP Service Pack 2 and something called […]
[Continue Reading...]About the Author
- Jeff Chandler
Categories
- bbpress
- Best of WordPress
- Blog Templates Blog Skins Blog Themes
- Blogging
- Blogging Essays
- Blogging News
- brainstorming
- buddypress
- Business of Blogging
- CMS
- Code
- Cold Fusion
- Community Interviews
- Cool Scripts
- General
- HOW-TO
- LinkyLoo
- Movable Type Plugins
- Photolog Script
- Podcasting
- QuickLinking
- Spam
- SXSW
- TLA
- Tutorials
- User Reviews
- Web Design
- Web Ethics
- Weblog Add-Ons
- Weblog tools blog tools blogging tools
- Weekly Plugin Review
- WLTC Community
- wordcamp
- WordPress
- WordPress Discussions
- WordPress FAQs
- Wordpress for Beginners
- WordPress Hack
- WordPress News
- WordPress Plugin Competition
- WordPress Plugins
- WordPress Polls
- WordPress Security
- WordPress Templates WordPress Skins WordPress Themes
- WordPress Tips
- WordPress Tools
- WordPress Troubleshooting
- WordPress Weekly
- WordPress Widgets
- WordPress WishList
- XHTML Tips
Obviously Powered by WordPress. © 2003-2013
