One of the biggest problems facing users of WordPress today especially when it comes to themes is malware. I’ve seen my fair share of websites using themes whose functions.php file contains base64 encrypted code that when decrypted, shows spam links. However, there also a number of themes that have code within them that installs malware onto the web server. After Chip Bennett, one of the Theme Team Reviewers noticed at least one of his themes were being made available on a website that claimed to have free WordPress themes, he discovered that something was not right. All of the themes available on the website contained some sort of malware that would be installed onto the users site once enabled. Otto does a great job going in-depth and explaining exactly how this particular piece of theme malware works. Most of the explanation is over my head but it gives you a […]
[Continue Reading...]
Author Archive
Matt Mullenweg and Toni Schneider both whom are in attendance for the LeWeb 10 conference were recently interviewed by TechCrunch reporter, Alexia Tsotsis. The interview doesn’t go into much detail but we do get a glimpse as to how things are going for Automattic as a company. WordPress.com is getting about 300 million unique pageviews a month from 30 million publishers that make up 10% of the websites on the web. In terms of revenue, Automattic is breaking even but as a company, they make a little under $1 million per month with all services combined. TechCrunch figures that this equates to $10 million a year. Perhaps it’s just me but if that is correct, that number seems pretty low considering how large WordPress.com is. However, the best part of the interview comes down to the final question regarding any potential exit potential for the company. Their response: “Our goal’s […]
[Continue Reading...]The fine folks over at Testking.com have created and shared an info-graphic that displays the power of WordPress. The image contains interesting information that can be found within the Codex but has been displayed in a nice, visual form. Notables include: time line of releases and major milestones from 2003 to 2010, web usage of WordPress, percentages of websites using different versions of WordPress, daily user activity and much more. Some of this information seems to be WordPress.com based so keep that in mind. Despite the information at some point being dated, this would still make a great snapshot to use as a poster. The Power of WordPress
[Continue Reading...]Andrew Warner who produces the video show Mixergy has published his interview with Andrew Mason, founder of Groupon. While Groupon has recently been given a 5 billion dollar acquisition bid by Google, it wasn’t easy getting started. In fact, Andrew cobbled together scripts and blog posts on a WordPress powered website to get things off the ground. All we did was we took a WordPress Blog and we skimmed it to say Groupon and then every day we would do a new post with the points embedded. It was totally ghetto. We would sell t-shirts on the first version of Groupon. We’d say in the right up, ‘This t-shirt will come in the color red, size large. If you want a different color or size, email that to us.’ We didn’t have a form to add that stuff. We were just, it was so cobbled together. It was enough to […]
[Continue Reading...]Alex King who’s been a fantastic member of the WordPress community since the creation of the project has published what I consider a fascinating post on his blog regarding his open-source motivations. The post contains his answers to questions provided by David Hobson who is currently performing research into the business/financial models as well as the motivations for open-source projects. There are a number of things that come up during the article that are worthy of discussion. I used to get about $100-200/month in the way of donations through my website. Unfortunately due to changes in the way plugins are presented on WordPress.org that has dried up to about $5/month. While that quote may look like Alex King is looking to rake in some money via donations, the truth is, the Plugin pages have been redesigned and the donation link is now housed within the FYI box with a tiny […]
[Continue Reading...]Just moments ago, WordPress 3.0.2 was released to the public. This version is a mandatory security upgrade. According to the release notes: This maintenance release fixes a moderate security issue that could allow a malicious Author-level user to gain further access to the site, addresses a handful of bugs, and provides some additional security enhancements. It’s been awhile since we’ve seen one of these types of releases. However, thanks to automatic upgrades built in, upgrading is a pretty easy thing to do.
[Continue Reading...]About the Author
- Jeff Chandler
Categories
- bbpress
- Best of WordPress
- Blog Templates Blog Skins Blog Themes
- Blogging
- Blogging Essays
- Blogging News
- brainstorming
- buddypress
- Business of Blogging
- CMS
- Code
- Cold Fusion
- Community Interviews
- Cool Scripts
- General
- HOW-TO
- LinkyLoo
- Movable Type Plugins
- Photolog Script
- Podcasting
- QuickLinking
- Spam
- SXSW
- TLA
- Tutorials
- User Reviews
- Web Design
- Web Ethics
- Weblog Add-Ons
- Weblog tools blog tools blogging tools
- Weekly Plugin Review
- WLTC Community
- wordcamp
- WordPress
- WordPress Discussions
- WordPress FAQs
- Wordpress for Beginners
- WordPress Hack
- WordPress News
- WordPress Plugin Competition
- WordPress Plugins
- WordPress Polls
- WordPress Security
- WordPress Templates WordPress Skins WordPress Themes
- WordPress Tips
- WordPress Tools
- WordPress Troubleshooting
- WordPress Weekly
- WordPress Widgets
- WordPress WishList
- XHTML Tips
Obviously Powered by WordPress. © 2003-2013
Comment Rating Plugin Fixes Security Vulnerability
If you use the Comment Rating plugin for your WordPress powered site, you are highly encouraged to upgrade to the latest version as it fixes a security vulnerability. More specifically, a Cross-site Request Forgery attack. According to the report at OSVDB.org which is an Open Source Vulnerability Database: The flaw exists because the application does not require multiple steps or explicit confirmation for unspecified sensitive transactions for the admin function. By using a crafted URL (e.g., a crafted GET request inside an “img” tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification. There is no known workaround for versions lower than 2.9.21. Kudos goes to KrebsOnSecurity for reporting […]
[Continue Reading...]