WordPress 2.3.3 is a mandatory security release. WordPressMU also upgraded. WordPress Plugins face security issues – have you checked yours recently? New WordPress Podcast out. Getting excited about automatic upgrades coming to the next version of WordPress. And more WordPress news.
Mandatory Security Upgrade: WordPress 2.3.3 is a mandatory security upgrade covering a vulnerability in xmlrpc.php and includes a few bug fixes. A mandatory security upgrade is not option. It is a required upgrade for the security and safety of your blog.
WordPress Plugin Security Issues and Announcements: In the section below, there are a lot of new WordPress Plugin security issues and announcements for various WordPress Plugins. If you are using any of these Plugins, please follow the recommendations for fixing, upgrading, or deactivating them from your WordPress blog. Once these are public knowledge, hackers can easily track them down and take advantage of them. If you are a WordPress Plugin author and developer, it is essential that you learn what these security flaws and vulnerabilities are in order to protect your Plugin users from known security issues.
WordPressMU Mandatory Upgrade: In accordance with the mandatory security upgrade for WordPress 2.3.3, Donncha O’Caoimh has announce the release of WordPressMU 1.3.3 based upon that security release.
WordPress Podcast: The latest episode of the WordPress Podcast is out and includes information on WordPress 2.3.2, the jump to WordPress 2.5, Automattic’s new funding, security issues, free custom-designed WordPress Themes for high PageRank blogs, WordCamp Dallas, new and updated Plugins, and a lot more WordPress news.
Automatic WordPress Upgrade The issue of making WordPress easier to upgrade is back on the front burner again with the discussion, Integrate Automatic Upgrade, on the WordPress trac list. The developers are working hard to get the automatic upgrade feature into the core by WordPress 2.5, though it might be delayed until the next release, and to make it as secure and easy-to-use as possible.
Last Week’s WordPress Wednesday News: Last week’s WordPress Wednesday News report covered WordCamp Hamburg Success, Automatic Upgrades Coming, $5,000 Bounty, Prologue Theme, and WordPress Wins Again, if you would like to catch up with the news on WordPress.
WordPress Security News
WordPress Plugin Security News: The following is a list of recent announcements about security issues found in WordPress Plugins.
- Weblog Tools Collection reports a vulnerability in the WP-Forum WordPress Plugin.
- Blog Security reports the following WordPress Plugins have known security issues: dmsguestbook, WordPress TextLinkAds Plugin, st_newsletter 2.x, WP-footnotes 2.2, and WordSpew WordPress Plugin.
- Weblog Tools Collection reports vulnerabilities in Adserve WordPress Plugin v0.2 and WP-Cal WordPress Plugin.
- Blog Security reports Fredrik Fahlstad Plugins are vulnerable, specifically fGallery 2.4.1 and WP-Cal WordPress Plugin.
- Blog Security reports on a vulnerability in the Democracy WordPress Plugin, the popular polling Plugin.
The most recent news on general WordPress security issues includes:
- Blog Security asks if “WordPress is Insecure by Design?”
- Noted web designer, David Airey.com had his blog and email hacked. While WordPress was probably not the issue in this case, some bloggers are getting their WordPress blogs hacked because they continue to not upgrade their version of WordPress. Don’t wait.
- BlogSecurity reports on “Defeating Audio Captcha Systems” which explores how the CAPTCHA system does not work, in any form.
WordPress on Your Calendar
Automattic’s Publisher Blog has some news on the upcoming Dallas WordCamp in Texas on March 29-30, 2008. Registration is filling fast and the The line-up of speakers includes some of the best in WordPress.
Coverage of WordCamp Hamburg continues to appear, mostly in German and some in English, with participants eagerly sharing new tips and ideas for using WordPress and making the most of their blogs. If there is a WordCamp near you, go. If you are interested in setting up a WordCamp, stay tuned for news and information on to bring a WordCamp event near you.
- The New York City WordPress February Meetup – February 16, 2008
- The Nashville WordPress February Meetup – February 23, 2008
- WordPress 2.5 Release – March 24, 2008
- WordCamp Dallas – March 29, 2008 (Registration Required)
- WordPress Denmark Meetup for WordPress 2.5 at Advice – April 6, 2008
- PodCamp Atlanta 2008 – May 17, 2008
- WordCamp 2008 in San Francisco – July 2008 (should be great)
Content Theft and WordPress and WordPress.com: There is a lot of confusion about WordPress and WordPress.com blogs and content copyright violations – is WordPress responsible and which WordPress. I wrote about this in Content Theft and WordPress and basically, WordPress.org is not responsible for copyright violations, but WordPress.com will help you with copyright violations as they are a web host and work under the DMCA laws in the United States. The article includes tips from the WordPress.com support staff on how to report copyright violations on WordPress.com blogs.
Three Gigabytes of Free Storage on WordPress.com: The WordPress.com blog has announced all bloggers on WordPress.com is now entitled to 3 gigs of free storage, a six-fold increase. This will allow users to upload podcasts and video without much distress. If you need more, the paid storage is now increased from one gig to five gigs.
New To WordPress.com: If you are new to blogging on WordPress.com, check out this basic guide on What Do I Do With My New WordPress.com Blog?.
WordPress Plugins and Themes News
WordPress Theme PDF Chart: Dorobantu offers a PDF file called WordPress Anatomy to help with developing a WordPress Theme.
Reset Query in WordPress Themes and Plugins: Nerdaphernalia discusses automated indexes and wp_reset_query() and how WordPress Theme and Plugin authors should take advantage of the
wp_reset_query() to the WordPress Loop to avoid conflicts with other code running in your templates.
Tracking WordPress Compatibility: It’s often difficult to track what Plugin and Theme is compatible with which WordPress version. In the WordPress Codex are two “master” pages that list all the various compatibilities: WordPress Theme Compatibilities and WordPress Plugin Compatibilities. No matter which version you are using, and in preparation for the next version of WordPress, add these to your WordPress resource list to check before you upgrade.
Guide to WordPress Theme Offerings: Dawud Miracle offers The Ultimate Resource for Free WordPress Themes, a listing of sources for WordPress Themes that appear to be free of hidden and unwanted code and links.
Interesting WordPress Plugins: I’m constantly amazed at how many creative and useful WordPress Plugins are released each week. Aren’t you?
- The Randomizer WordPress Plugin creates a random list of posts to the WordPress Theme’s footer on every page load.
- WordPress Google Calendar Plugin allows integration of your Google Calendar into your WordPress blog.
- Get Category Base Removal WordPress Plugin removes the /category/ from your WordPress pretty permalinks. It also permits the addition of the HTML extension on the page names such as
article-name.htmlin the URL.
Plugin Authors: Take Advantage of the WordPress Plugin Repository: Weblog Tools Collection reports on the WordPress Plugin Repository working in combination with Plugins on the WordPress Plugin Directory, which gives Plugin authors the ability to post and assign bug tickets to their Plugin and have an easier way of reporting and monitoring bug reports.
Writing to WordPress Standards: If you are developing WordPress Plugins or Themes, your first step is to visit the WordPress Codex, the online manual for WordPress Users, especially the WordPress Coding Standards and Writing a Plugin articles.
WordPress Techniques and Tips
Here are some featured articles and videos from around the WordPress Community and the WordPress Codex, the online manual for WordPress Users, the source to turn to first for your WordPress help.
NOTE: If you would like your WordPress tip and technique included in this list, see Tips For Writing Good WordPress Tips and Writing and Publishing Code In Your WordPress Blog Posts.
- Designing Themes for Public Release – WordPress Codex
- Templates – WordPress Codex
- Theme Switching – WordPress Codex
- How to Spotter – How To Fix Broken WordPress Blog
- 16 Things To Do After Starting A New WordPress Blog
- Likoma Videos – Adding Content, Images (G2 also), Files, changing Timestamp
WordPress Community News
Automattic Official WordPress “News” Blog: Published by Automattic, the WordPress Publisher Blog showcases sites using WordPress and WordPress.com in ways that push the limits of what WordPress can do, and offers other news and information on using WordPress from WordPress developers.
Vote for WordPress Ideas: There is still time to get your vote in for ideas on upcoming verisons of WordPress in the The WordPress Ideas section. Why not take advantage of it and add your voice to the vote.
Using WordPress in Your Blog’s Name: WordPress is a trademark and you are not allowed to use WordPress in your blog’s name or URL unless you have permission of Automattic and WordPress. Also, remember, it’s spelled “WordPress” not “WordPress”. Oh, and Plugin is Plugin, not plug-in (what you put into a wall electrical socket).
WordPress Installed For Free: Installing WordPress for Free (aka Install4Free WordPress) is a free, volunteer-driven service is limited to personal blogs only, and they help only with installations, not upgrades.
If You Are Reading This: If you are reading this blog post NOT on the Blog Herald or from within your feed reader, it is being used against the copyright policy of the copyright owners. Please report it immediately so action may be taken to break some heads and feed scraping blogs.
Even More WordPress News?
Past WordPress Wednesday News Reports
- WordPress Wednesday News: WordCamp Hamburg Success, Automatic Upgrades Coming, $5,000 Bounty, Prologue Theme, and WordPress Wins Again
- WordPress Wednesday News: Happy Birthday WordPress, Automattic Wins and Gets Lots of Money, Security Concerns Over Plugins and Core, WordCamp Hambug and Hating the Name WordPress.com
- WordPress Wednesday News: WordPress 2.5 On Track, Uninstalling WordPress Plugins, Premium WordPress Themes Debated, Permalinks, and More WordPress News
- WordPress Wednesday News: WordPress 2.4 is 2.5, Release Delayed, Security Release Issued, WordPress Groups Group, Talking to Plugin Authors, and More
WordPress News Sources
- WordPress Planet
- WordPress Development Blog
- WordPress.com Blog
- Weblog Tools Collection
- BloggingPro’s WordPress News and Tips
- The WordPress Podcast
- Lorelle on WordPress
- Planet WordPress from Planet Ozh
Each Wednesday on Blog Herald is WordPress Wednesday, featuring the news around the WordPress Community. If you have a WordPress news item or tip to suggest, please contact me at this special email address: firstname.lastname@example.org