WordPress Wednesday News: WordPress 2.5, Security Issues, Plugins Updated, WordPress vs WordPressMU, and More

Filed as Features, News on April 9, 2008 10:27 pm

Repost This

WordPress 2.5 is definitely the top news, along with some serious security vulnerability issues. WordPress 2.5 has been downloaded over 300,000 times so far. WordPress.com has gone WordPress 2.5. Tons of Plugins have been updated to work with WordPress 2.5, with more coming out daily. And there is some non-WordPress 2.5 news, too.

WordPress News

WordPress 2.5 Released: WordPress 2.5 was released last week. Last week, I published WordPress Wednesday Special Edition: WordPress 2.5 listing some of the blogs talking about the new version of WordPress. Here are some more:


WordPress 2.5 FAQ List: Dion, a WordPress Community Volunteer, offers “Answers to Questions about Version 2.5″, which was published on Weblog Tools Collection crediting noted Codex volunteer, MichaelH, by mistake. The revised version is at FAQ On WordPress 2.5 Version 2 with a lot of great information on WordPress 2.5.

WordPress 2.5 Media Library Browser Bugs: The new Media Library features in WordPress 2.5 has a Internet Explorer browser bug and some trouble with old versions of Flash with fixes on the way in WordPress 2.5.1 soon.

Using the Gallery in WordPress 2.5: Matt Mullenweg and volunteers have written up Using the Gallery Shortcode in WordPress 2.5 on the , the online manual for WordPress Users.

Talk of WordPress 2.6 and more: Ryan Boren is taking a short break and then work begins on WordPress 2.6 as well as WordPress 2.5.1, which should have most of the fixes and fine tuning in process before the release. WordPress 2.6 is anticipated for release in August.

WordPress 2.5 in Spanish: Aaron Brazell of Technosailor offers WordPress 2.5 en Español for Spanish speakers and readers.

WordPress or WordPressMU – Which to Choose? JD Web Dev offers WordPress vs. WordPressMU, an analysis and chart listing the differences and similarities between the full version of WordPress and the multi-user version called .

Do You Need Help with WordPress? I’m finding a lot of people still asking for help with their WordPress and WordPress.com blog by blogging their request. This is really dumb, folks. You don’t know who is reading or how qualified they may be to help you. Or you might never get the help you need. Please, go to the for help with the full version of WordPress and the WordPress.com Forums for help with WordPress.com blogs. Get the help you need directly from those who can help you.

Joseph Scott of Automattic Talks about WordPress: Joseph Scott of Automattic and WordPress spoke on Couchcast recently on WordPress projects, Google Summer of Code, and being an Automattic employee.

WordPress Podcast Live From WordCamp Dallas: The WordPress Podcast: Episode 39 was done live at WordCamp Dallas and covered a wide range of questions and answers on WordPress 2.5, the future of WordPress development, and other WordPress news and excitement.

WP Weekly Podcast: WordPress Weekly Episode 12 with Jeffro2pt0 covers WordCamp Dallas and WordPress 2.5 news and tips. Starting this week, his show will now have its own domain at wpweekly.com.

How WordPress and Automattic Makes Money From WordPress.com: In an interesting article, Changing Way explores how Automattic makes money with WordPress.com, as well as how Automattic makes money in general, in an interesting analysis of the “give-it-away” economic model Matt Mullenweg and his team is using to revolutionize the web.

WordPress Blog Social Media Success: In Social Media Marketing at SeaWorld by Digital Podcast, they report on a successful marketing program using WordPress. The campaign involved SeaWorld San Antonia’s pre-launch campaign for the new Journey to Atlantis ride at the park. With a WordPress blog and uploaded images to Flickr and YouTube, the worked online communities based around the blog, using social networking to capitalize on the event. Shel Israel of FastCompany.tv videoed the event as a case study.

Do You Want to Help with WordPress Development and Community? If you would like to help with the , the official online user manual for WordPress users, we need you. If you would like to contribute to WordPress as a volunteer in the WordPress Support Forums, testing, coding, and more, see Contributing to WordPress. If you would like to help improve WordPress by reporting bugs, please report them via the WordPress Bug Report form. Your help is needed to ensure WordPress works.

Last Week’s WordPress Wednesday News: Can’t get enough WordPress news and tips? There is so much news coming out about the latest version, so you can catch up with the past news in last week’s WordPress Wednesday News report which covered WordPress Wednesday Special Edition: WordPress 2.5.

WordPress on Your Calendar

WordPress Events CalendarWordCamp Dallas: Dallas WordCamp was a resounding success. Information on the event will be out tomorrow.

WordCamp Utah: A planning meetings will be in Draper, Utah, for the first WordCamp Utah on April 10. If you would like to be a part of this special event from the start, get involved.

WordCamp Worldwide: While WordCamp Europe in Milan is going for a UN-style WordCamp, European WordCamps are popping up all over including WordCamp Paris on May 3, 2008 (WordCamp Paris BarCamp site), and WordCamp UK (wiki). Australia is also working on a WordCamp.

WordPress Meetup or WordCamp Near You? If you are putting together a WordPress event, please email me so I can publicize it here. If there is a WordCamp near you, go. If you are interested in setting up a WordCamp, stay tuned for news and information on to bring a WordCamp event near you.

Here are some WordPress-related dates and events to put on your calendar as found on the WordPress Roadmap and the WordPress Meetup Group Listings (subject to change):

WordPress Security News

WordPress SecurityUpgrade to WordPress 2.5: Nothing like a sensational name to get your attention. There are a lot of security issues that have been popping up all over the web including one labeled the “WordPress Blog Spam Cancer, analyzed by Arachna, who also calls this a WordPress Pandemic, spreading wildly but ignored by the WordPress Community. Reality is that most security scares are scams or nuisances, so people are desensitized. Yes, there are some serious security concerns and WordPress 2.5 is also a mandatory security release, but WordPress 2.3.3, 2.1.3, and WordPress 2.0.11 have also addressed the security vulnerabilities (See the WordPress Release Archive for past versions). If you have upgraded to those versions, you should be okay. For those who have not paid attention to the security announcements and mandatory upgrades, do so now.

WordPress 2.5 Most Secure Version So Far: According to BlogSecurity, WordPress 2.5 has added strong security features and is one of the most secure versions so far.

Technorati Taking On “Vulnerable” WordPress Blogs: While Technorati is responding to the growing concerns of splogs and scraper blogs overwhelming its indexes, Technorati is refusing to index “vulnerable” WordPress blogs after they’ve recently requested WordPress blogs upgrade due to security issues. According to their announcement:

Blogs that have been compromised by this security vulnerability are typified by having links to spam destinations inserted onto the blog page. These link insertions may be invisible to casual observations; the links are often obscured by style attributes that render them invisible. These links are still seen by crawlers such as Technorati’s, Google’s and Yahoo’s. You can find these links by viewing the source of the blog pages or, when using Firefox, looking under “Tools” -> “Page Info” -> “Links”. Blogs hosted on wordpress.com are not affected by this issue; only blogs hosted on their own installations of WordPress from wordpress.org require concern.

Because of this ongoing problem, we’re discontinuing processing crawls of blogs that exhibit common symptoms of being compromised.

How they are going to track which blogs qualify as “vulnerable” is still being debated.

How Do I Know if My WordPress Blog is Vulnerable and Has Been Attacked? Your WordPress blog is vulnerable if it is not versions 2.5, 2.3.3, 2.1.3, or 2.0.11. Upgrade now. See the WordPress Release Archive for past versions.

There are a variety of ways to test if your WordPress blog is vulnerable to security issues and/or has been attacked. Here are some simple techniques.

  • Install and run the WP Scanner WordPress Plugin from Blog Security.
  • In FireFox, go to Tools > Page Info > Links (not available in FireFox 3 Beta) and check each link to ensure you put it there and it goes to sources you trust.
  • Manually view the page source code of your blog (View > Page Source) and check to ensure each link is trustworthy.
  • Examine your WordPress Theme template files, especially the header.php and footer.php for unwanted content and links.
  • Check random posts on your blog for unwanted content and links. Edit these out through the Administration Panels to remove the unwanted content from the database.
  • Search your template files and database (MyAdmin) for display:none and/or height:0 as these are common styles used to hide unwanted content and links. Remove them from the posts or files accordingly.

Worried About Security Issues? While WordPress seems to be the flavor of the year for hackers and evil doers, WordPress is not alone on the chopping block. Drupal, LiveJournal, MovableType, all of the other blogging and CMS platforms have long had security issues and continue to do so. Even the Mac is no longer invulnerable to security attacks. If you are worried, or have been a target in the past, consider using the WPIDS – WordPress Intruder Detection System Plugin to help you monitor your blog for intruders and attacks. Updated WordPress, and update your WordPress Plugins and Themes on a regular basis.

Security Alerts, Reports, and Rumors: The following are some of the alerts, reports, and rumors going around about various WordPress security vulnerabilities. Please double check with experts before spreading the news of unverified security issues:

WordPress Plugins and Themes News

WordPress Plugins DatabaseWordPress Plugins Updated Furiously: Any WordPress Plugin that features an Administration Panel subpanel or interaction requires updating to work with the new interface. WordPress Plugins are being updated all over the place, so I can’t include all of them here. Please check in with your favorite WordPress Plugin’s author’s blog for the latest news on whether or not your favorite will continue to work or requires updating before you upgrade your blog to WordPress 2.5.

Breaking the Language Barrier: This year, my soap box has been to challenge web and browser developers to break down the language barrier, opening up all blogs in all languages to those speaking and reading other languages. Here’s one hero working to help break the barrier with a WordPress Plugin. Duane Storey offers the WordPress Without Borders WordPress Plugin, a new translation program that takes advantage of Google AJAX languages API to dynamically translate post content between languages, supposedly on the fly. This is an exciting Plugin and is discussed further in WordPress Without Borders and WordPress Without Borders, Round Two.

Customizable Post Listings WordPress Plugins Updated: The long awaited and popular Customizable Post Listings WordPress Plugin has been updated to work with WordPress 2.5. To celebrate the update of the new Plugin, Scott Reilly started 14 Days of WordPress Plugins last week, with many new and updated WordPress Plugins.

WP Contact Forum Updated: The popular Ryan Duff’s WP Contact Form has been updated by Peter Westwood to work with the most recent versions of WordPress including 2.5. Peter will be adding new features and taking advantage of the powerful features and functions in WordPress 2.5 to boost this much loved Plugin.

Viper’s Video Plugin Updated: Viper007Bond.com has also upgraded many of his Plugins for WordPress 2.5 including his popular Viper’s Video Quicktags.

WordPress Development Plugins: Pressing Pixels wrote 10 Plugins To Use In WordPress Development, an interesting collection of Plugins to consider adding to your blog during the blog building stage.

PlanetOzh Plugins Updated: PlanetOzh has updated most of his Plugins including Who Sees Ads, Absolute Comments, and Admin Drop Down Menus, along with others.

Testing WordPress Themes: Donncha O’Caoimh has found the best way to test new WordPress Themes with his Theme Tester WordPress Plugin. It allows you to try out various WordPress Themes without annoying your readers by changing Themes on them.

Alex King Updated WordPress Plugins: Alex King, author of many popular WordPress Plugins, has updated most of them to work with WordPress 2.5, including Alex King: WP Mobile Edition 2.1, Alex King: Shortcut Macros 1.2, Alex King: Delink Comment Author 1.2, Alex King: Comment License 1.2, and Alex King: 404 Notifier 1.2.

Plugin Styles Guides: We now have two WordPress 2.5 Plugin Style Guides to help WordPress Plugin authors. Epicalex – WordPress 2.5 Plugin Style Guide and Joost De Valk – WordPress 2.5 Plugin Settings Pages Style Guide.

Making Plugins Easier to Make: the WordPress Plugin Maker WordPress Plugin is an interesting twist on a twist. There have been other Plugins and tools to help Plugin authors write WordPress Plugins, and this Plugin claims to be one of the easiest to work with. It is designed for those who “love Cut and Paste and hate FTP” and want to make a WordPress Plugin fast.

Comparing Akismet with Defensio: Viper007Bond.com reports on using Defensio Anti-Spam WordPress Plugin, the competitor for , and admits that it worked fairly well, though differently. Like Akismet, it works with a community-feedback core, but on a per blog basis as well as a community basis. It includes charts and graphs unlike Akismet to help you get a visual feel for your blog comment spam attacks. He also reports a higher false-positive accuracy over time.

Dean J. Robinson Plugins Updated: Dean J. Robinson has updated many of his WordPress Plugins including Ultimate Category Cloud, Twitt-Twoo, and modMunch.

Gamerz WordPress Plugins Updated: Lester Chan of Gamerz has updated all his Plugins to be compatible with WordPress 2.5. He has an awesome collection of some of the most popular WordPress Plugins around, including WP-Ban, WP-DB Manager, WP-Polls, WP-Post Ratings, WP-Post Views, WP-Print, WP-Relative Date,and WP-Sticky.

Tracking WordPress Compatibility: It’s often difficult to track what Plugin and Theme is compatible with which WordPress version. In the are two “master” pages that list all the various compatibilities: WordPress Theme Compatibilities and WordPress Plugin Compatibilities. No matter which version you are using, and in preparation for the next version of WordPress, add these to your WordPress resource list to check before you upgrade.

Plugin and Theme Compatibility Issues for Authors and Designers: If you have a WordPress Plugin or Theme, see Migrating Plugins and Themes for tips on updating your Plugin or Theme for the latest version of WordPress. Once updated, make sure to include it on the WordPress Compatibility lists so users will know which version is updated and ready to work with the latest WordPress.

Suggesting Content for Your WordPress Blog: TechCruch has featured a content suggestion engine for WordPress blogs using Zemanta. With a FireFox extension, an Ajax box is added to the Write Post Panel to offer suggestions on content to add to your blog from real time media publications. It monitors keywords and adds it live to the content box.

Finding WordPress Plugins: For more WordPress Plugins see the official WordPress Plugin Directory, the WordPress Plugins Database, and Weblog Tools Collection Plugin and Theme announcements.

WordPress Techniques and Tips

Ultimate Guide to the WordPress Loop: Theme Lab presents The Ultimate Guide to the WordPress Loop, a step-by-step look at the code that generates WordPress blog posts and offers some tips and techniques for manipulating the content on your blog. See also in the , The WordPress Loop and The Loop in Action, and Weblog Tools Collection’s Global Variables in the WordPress Loop.

Other interesting WordPress articles and tips include:

Want to Write a WordPress Tip and See It Here? If you would like your WordPress tip and technique included in this list, see Tips For Writing Good WordPress Tips and Writing and Publishing Code In Your WordPress Blog Posts. When its ready, contact me at lorelleonwordpress@gmail.com.

WordPress Help: If you are looking for help on using WordPress, begin by visiting the , the online manual for WordPress Users, then searching the or WordPress.com Forums, depending upon your version.

WordPress.com News

WordPress.com W logoWordPress.com Goes 2.5: In an announcement last week, WordPress.com switched to the WordPress 2.5 version with a little fuss and fan fare publicly, but a lot of issues on the WordPress.com support forums over the new Administration Panels interface. There are still some issues that need to be cleaned up and fixed, but so far, WordPress 2.5 is working fairly well for the majority of the 2+ million users. The new gallery is a favorite feature, though those using IE are reporting Flash and IE browser bugs. A fix is on the way.

WordPress.com March Stats: The announcement also included the March stats for WordPress.com blogs including 381,855 new users, 3,225,059 posts and 1,420,975 new pages, 5,622,696 comments, and 983,703,444 pageviews total.

WordPress Community News

WordPress Community graphicUsing WordPress in Your Blog’s Name: It’s about respect. Please use WordPress names right because WordPress is a trademark and you are not allowed to use WordPress in your blog’s domain name or URL unless you have permission of and . Also, remember, it’s spelled “WordPress” not “WordPress”. Oh, and Plugin is Plugin, not plug-in (what you put into a wall electrical socket).

Found a Bug in WordPress? If you find a bug in WordPress, report it by following the instructions in Reporting Bugs on the , the online manual for WordPress Users.

Vote for WordPress Ideas: There is still time to get your vote in for ideas on upcoming versions of WordPress in the The section. Why not take advantage of it and add your voice to the vote.

Shop WordPress: You can now buy t-shirts, hoodies or mugs with the WordPress logo on them in the WordPress Shop.

Looking for a WordPress Expert? If you are looking for a WordPress expert, try the WordPress Consultants list the WordPress Jobs listings, and the WP-Pro mailing list.

WordPress Installed For Free: Installing WordPress for Free (aka Install4Free WordPress) is a free, volunteer-driven service is limited to personal blogs only, and they help only with installations, not upgrades.

Even More WordPress News?

Past WordPress Wednesday News Reports

WordPress News Sources

If You Are Reading This: If you are reading this blog post NOT on the or from within your feed reader, it is being used against the copyright policy of the copyright owners. Please report it immediately so action may be taken to break some heads and feed scraping blogs.


Each Wednesday on is WordPress Wednesday, featuring the news around the WordPress Community. If you have a WordPress news item or tip to suggest, please contact me at this special email address: lorelleonwordpress@gmail.com

Tags:

This post was written by

You can visit the for a short bio, more posts, and other information about the author.

Submissions & Subscriptions

Submit the post to Reddit, StumbleUpon, Digg or Del.icio.us.

Did you like it? Then subscribe to our RSS feed!



  1. By James posted on April 9, 2008 at 10:54 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Thanks for the thorough update Lorelle.

    We’re currently working on updating all of our sites to 2.5.

    I also just listened to the presentation you gave at WordCamp Dallas – you had some great tips in there!

    Reply

  2. By Robert posted on April 9, 2008 at 11:42 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Regarding the flash file uploader “bug”, one solution I’m surprised that hasn’t been spread far and wide in the WP community is a plugin that just simply disables the uploader. The link to it can be found at the bottom of this support post.

    Reply

  3. By Chris Merriman posted on April 10, 2008 at 12:17 am
    Want an avatar? Get a gravatar! • You can link to this comment

    Please also see here for a an additional post, which was written after the post linked to from here. Obviously the list isn’t at all comprehensive, but I’m hoping it will help out others unsure as to whether or not to upgrade to WP 2.5 yet.

    Reply

  4. By Sam Stevens posted on April 10, 2008 at 10:22 am
    Want an avatar? Get a gravatar! • You can link to this comment

    I read back in Feb about a XSS sec vuln in 2.0.11, posted in the WP forums about it, but never got any response. Is this vuln not accurate?

    Reply

  5. By seriocomic posted on April 10, 2008 at 5:04 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Now, I love WordPress as much as the next person, and appreciate the trove of great information listed – but was this written for humans or search engines?

    The word “WordPress” appears in:
    Title: 4 times
    Body: 291 times
    H1/H2/H3: 14 times
    Links: 134 times
    Bold: 46 times

    I’m just saying…

    Reply

  6. By Lorelle VanFossen posted on April 10, 2008 at 5:30 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    @seriocomic:

    What are you saying? That you can count? That you didn’t know WordPress is spelled with a capital letter in the middle in compliance with the respect for their trademark? Okay, so I’m kidding back at you.

    A Plugin’s proper name is WordPress Plugin. If I’m talking about WordPress News, I write that. If it is news in general, go see CNN or BBC. This is an article about WordPress news. It’s not for SEO games. However, it occurs to me that you’ve given me a challenge to see how many WordPress times I can get WordPress into this WordPress comment. :D

    Sometimes, the use of a word in an article or blog post is appropriately used. No ulterior motives. I’ve been doing this for a very long time and helped write the guidelines for the WordPress Codex and technical guides, so trust me, each usage was appropriate and accurate, but thanks for paying attention to the details.

    Reply

  7. By Lorelle VanFossen posted on April 10, 2008 at 5:34 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    @Sam Stevens:

    You will have to ask WordPress representatives. I don’t have the information on which are valid vulnerabilities or not. So many are “unimportant” in the scheme of things, but there are some serious ickies out there to which WordPress responds within very short order, sometimes within a few hours – better than most companies. If it was a serious concern, a patch would have been issued right away. But you’ll have to ask them directly.

    Reply

  8. By Bontb posted on April 10, 2008 at 6:40 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    How come you didn’t place me on that list :) goshhhhh.

    Reply

  9. By Lorelle VanFossen posted on April 10, 2008 at 11:04 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    @Bontb:

    When you do something brilliant for the WordPress Community, we’ll talk. :D

    Reply

  10. By Question posted on April 14, 2008 at 9:30 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    how are comments submitted to the wordpress software? is that some email protocol?

    Reply

  11. By Ike posted on July 4, 2008 at 1:21 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    While I truly appreciate all the support provided by codex and wordpress forums, and have myself benefited from them, I have been unsuccessful in resolving an issue with my comment box and have received no responses to my forum postings on this issue. I read forum issues on this topic but none seems to address my specific problem. Any suggstions on where I could turn would be greatly appreciated.

    Reply

  12. By Lorelle VanFossen posted on July 4, 2008 at 4:03 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    If the issue is a design one, then contact a web designer. You can also pay for help through any of the many experts in WordPress listed in the article information under WordPress Community. The WordPress Support Forum is the perfect place for help, but sometimes the question isn’t framed right so it’s hard to help when there isn’t enough information. Try again.

    Worse case scenario, find a comment form that matches what you want in another Theme and copy the code and replace your old code in the comments template file. That might fix the problem.

    Reply

  13. By Ike posted on July 4, 2008 at 5:31 pm
    Want an avatar? Get a gravatar! • You can link to this comment

    Lorelle,
    Many thanks for the advice.

    Reply

    Your words are your own, so be nice and helpful if you can. If this is the first time you're posting a comment, it might go into moderation. Don't worry, it's not lost, so there's no need to repost it! We accept clean XHTML in comments, but don't overdo it please.

    Current day month ye@r *