WordPress 2.5 is definitely the top news, along with some serious security vulnerability issues. WordPress 2.5 has been downloaded over 300,000 times so far. WordPress.com has gone WordPress 2.5. Tons of Plugins have been updated to work with WordPress 2.5, with more coming out daily. And there is some non-WordPress 2.5 news, too.
WordPress 2.5 Released: WordPress 2.5 was released last week. Last week, I published WordPress Wednesday Special Edition: WordPress 2.5 listing some of the blogs talking about the new version of WordPress. Here are some more:
- How To Upgrade To WordPress 2.5 In 5 Minutes
- WordPress 2.5 Released [Reflection on upgrade and SVN]
- WordPress 2.5 Early Reactions – Sticky Post + WordPress Automatic Upgrade Plugins
- WordPress Codex page with 2.5 features
- Cool New WordPress 2.5 Feature
- Dougal Gunters – WordPress 2.5 Released
- WordPress 2.5 Released Today
- Knowing Your Way Around the WordPress 2.5 Write Panel
- WordPress 2.5 Upgrade Guide(s)
- FAQ On WordPress 2.5 Version 2
- WordPress 2.5 ist da!
- Lorelle’s WordPress 2.5 Upgrade Preparation Checklist
- WordPress 2.5, Things You Must Know
- How to enable Gravatar on WordPress 2.5
- A Workaround for Uploading Pictures/Media to Your WordPress Blog for Ubuntu/Linux AMD 64 Users…
WordPress 2.5 FAQ List: Dion, a WordPress Community Volunteer, offers “Answers to Questions about Version 2.5″, which was published on Weblog Tools Collection crediting noted Codex volunteer, MichaelH, by mistake. The revised version is at FAQ On WordPress 2.5 Version 2 with a lot of great information on WordPress 2.5.
WordPress 2.5 Media Library Browser Bugs: The new Media Library features in WordPress 2.5 has a Internet Explorer browser bug and some trouble with old versions of Flash with fixes on the way in WordPress 2.5.1 soon.
Talk of WordPress 2.6 and more: Ryan Boren is taking a short break and then work begins on WordPress 2.6 as well as WordPress 2.5.1, which should have most of the fixes and fine tuning in process before the release. WordPress 2.6 is anticipated for release in August.
WordPress 2.5 in Spanish: Aaron Brazell of Technosailor offers WordPress 2.5 en Español for Spanish speakers and readers.
WordPress or WordPressMU – Which to Choose? JD Web Dev offers WordPress vs. WordPressMU, an analysis and chart listing the differences and similarities between the full version of WordPress and the multi-user version called WordPressMU.
Do You Need Help with WordPress? I’m finding a lot of people still asking for help with their WordPress and WordPress.com blog by blogging their request. This is really dumb, folks. You don’t know who is reading or how qualified they may be to help you. Or you might never get the help you need. Please, go to the WordPress Support Forums for help with the full version of WordPress and the WordPress.com Forums for help with WordPress.com blogs. Get the help you need directly from those who can help you.
Joseph Scott of Automattic Talks about WordPress: Joseph Scott of Automattic and WordPress spoke on Couchcast recently on WordPress projects, Google Summer of Code, and being an Automattic employee.
WordPress Podcast Live From WordCamp Dallas: The WordPress Podcast: Episode 39 was done live at WordCamp Dallas and covered a wide range of questions and answers on WordPress 2.5, the future of WordPress development, and other WordPress news and excitement.
How WordPress and Automattic Makes Money From WordPress.com: In an interesting article, Changing Way explores how Automattic makes money with WordPress.com, as well as how Automattic makes money in general, in an interesting analysis of the “give-it-away” economic model Matt Mullenweg and his team is using to revolutionize the web.
WordPress Blog Social Media Success: In Social Media Marketing at SeaWorld by Digital Podcast, they report on a successful marketing program using WordPress. The campaign involved SeaWorld San Antonia’s pre-launch campaign for the new Journey to Atlantis ride at the park. With a WordPress blog and uploaded images to Flickr and YouTube, the worked online communities based around the blog, using social networking to capitalize on the event. Shel Israel of FastCompany.tv videoed the event as a case study.
Do You Want to Help with WordPress Development and Community? If you would like to help with the WordPress Codex, the official online user manual for WordPress users, we need you. If you would like to contribute to WordPress as a volunteer in the WordPress Support Forums, testing, coding, and more, see Contributing to WordPress. If you would like to help improve WordPress by reporting bugs, please report them via the WordPress Bug Report form. Your help is needed to ensure WordPress works.
Last Week’s WordPress Wednesday News: Can’t get enough WordPress news and tips? There is so much news coming out about the latest version, so you can catch up with the past news in last week’s WordPress Wednesday News report which covered WordPress Wednesday Special Edition: WordPress 2.5.
WordPress on Your Calendar
WordCamp Dallas: Dallas WordCamp was a resounding success. Information on the event will be out tomorrow.
WordCamp Utah: A planning meetings will be in Draper, Utah, for the first WordCamp Utah on April 10. If you would like to be a part of this special event from the start, get involved.
WordCamp Worldwide: While WordCamp Europe in Milan is going for a UN-style WordCamp, European WordCamps are popping up all over including WordCamp Paris on May 3, 2008 (WordCamp Paris BarCamp site), and WordCamp UK (wiki). Australia is also working on a WordCamp.
WordPress Meetup or WordCamp Near You? If you are putting together a WordPress event, please email me so I can publicize it here. If there is a WordCamp near you, go. If you are interested in setting up a WordCamp, stay tuned for news and information on to bring a WordCamp event near you.
- The New York City WordPress April Meeting – April 19, 2008
- Nashville WordPress Meetup – April 26, 2008
- iBlog4: The Fourth Philippine Blogging Summit – April 26, 2008
- BlogIn – Indiana Blog Unconference – April 26th, 2008
- European WordCamp in Milan, Italy – May 10, 2008
- WordPress fans social gathering in Austin, Texas – May 13, 2008
- PodCamp Atlanta 2008 – May 17, 2008
- WordCamp 2008 in San Francisco – July or August 2008
- WordPress 2.6 – August 2008
WordPress Security News
Upgrade to WordPress 2.5: Nothing like a sensational name to get your attention. There are a lot of security issues that have been popping up all over the web including one labeled the “WordPress Blog Spam Cancer, analyzed by Arachna, who also calls this a WordPress Pandemic, spreading wildly but ignored by the WordPress Community. Reality is that most security scares are scams or nuisances, so people are desensitized. Yes, there are some serious security concerns and WordPress 2.5 is also a mandatory security release, but WordPress 2.3.3, 2.1.3, and WordPress 2.0.11 have also addressed the security vulnerabilities (See the WordPress Release Archive for past versions). If you have upgraded to those versions, you should be okay. For those who have not paid attention to the security announcements and mandatory upgrades, do so now.
WordPress 2.5 Most Secure Version So Far: According to BlogSecurity, WordPress 2.5 has added strong security features and is one of the most secure versions so far.
Technorati Taking On “Vulnerable” WordPress Blogs: While Technorati is responding to the growing concerns of splogs and scraper blogs overwhelming its indexes, Technorati is refusing to index “vulnerable” WordPress blogs after they’ve recently requested WordPress blogs upgrade due to security issues. According to their announcement:
Blogs that have been compromised by this security vulnerability are typified by having links to spam destinations inserted onto the blog page. These link insertions may be invisible to casual observations; the links are often obscured by style attributes that render them invisible. These links are still seen by crawlers such as Technorati’s, Google’s and Yahoo’s. You can find these links by viewing the source of the blog pages or, when using Firefox, looking under “Tools” -> “Page Info” -> “Links”. Blogs hosted on wordpress.com are not affected by this issue; only blogs hosted on their own installations of WordPress from wordpress.org require concern.
Because of this ongoing problem, we’re discontinuing processing crawls of blogs that exhibit common symptoms of being compromised.
How they are going to track which blogs qualify as “vulnerable” is still being debated.
How Do I Know if My WordPress Blog is Vulnerable and Has Been Attacked? Your WordPress blog is vulnerable if it is not versions 2.5, 2.3.3, 2.1.3, or 2.0.11. Upgrade now. See the WordPress Release Archive for past versions.
There are a variety of ways to test if your WordPress blog is vulnerable to security issues and/or has been attacked. Here are some simple techniques.
- Install and run the WP Scanner WordPress Plugin from Blog Security.
- In FireFox, go to Tools > Page Info > Links (not available in FireFox 3 Beta) and check each link to ensure you put it there and it goes to sources you trust.
- Manually view the page source code of your blog (View > Page Source) and check to ensure each link is trustworthy.
- Examine your WordPress Theme template files, especially the
footer.phpfor unwanted content and links.
- Check random posts on your blog for unwanted content and links. Edit these out through the Administration Panels to remove the unwanted content from the database.
- Search your template files and database (MyAdmin) for
height:0as these are common styles used to hide unwanted content and links. Remove them from the posts or files accordingly.
Worried About Security Issues? While WordPress seems to be the flavor of the year for hackers and evil doers, WordPress is not alone on the chopping block. Drupal, LiveJournal, MovableType, all of the other blogging and CMS platforms have long had security issues and continue to do so. Even the Mac is no longer invulnerable to security attacks. If you are worried, or have been a target in the past, consider using the WPIDS – WordPress Intruder Detection System Plugin to help you monitor your blog for intruders and attacks. Updated WordPress, and update your WordPress Plugins and Themes on a regular basis.
Security Alerts, Reports, and Rumors: The following are some of the alerts, reports, and rumors going around about various WordPress security vulnerabilities. Please double check with experts before spreading the news of unverified security issues:
- Automated WordPress Hacking Tool Cached by Google
- Cyberinsecure – WordPress Doorway Spam Attacks
- Dougal Gunters – Upgrade or else!
- WP-Download SQL-Injection
- WordPress 2.5 Admin Login SQL Injection Rumour
- There’s Never Been A Better Time To Upgrade WordPress
- Protecting WordPress from Magic Include Shell
- Jason Tan – WordPress Security Vulnerabilities
- Smackdown – WordPress 2.3.3 Exploit Vulnerability
- WordPress 2.3.3 probably a 0day exploit
- Psion Mark – The Great WordPress Attack
- Security Focus: WordPress ‘wp-download’ Plugin ‘dl_id’ Parameter SQL Injection Vulnerability
- Web developers, fix thy Flash
- WordPress Spam Inject Honeypot
WordPress Plugins and Themes News
WordPress Plugins Updated Furiously: Any WordPress Plugin that features an Administration Panel subpanel or interaction requires updating to work with the new interface. WordPress Plugins are being updated all over the place, so I can’t include all of them here. Please check in with your favorite WordPress Plugin’s author’s blog for the latest news on whether or not your favorite will continue to work or requires updating before you upgrade your blog to WordPress 2.5.
Breaking the Language Barrier: This year, my soap box has been to challenge web and browser developers to break down the language barrier, opening up all blogs in all languages to those speaking and reading other languages. Here’s one hero working to help break the barrier with a WordPress Plugin. Duane Storey offers the WordPress Without Borders WordPress Plugin, a new translation program that takes advantage of Google AJAX languages API to dynamically translate post content between languages, supposedly on the fly. This is an exciting Plugin and is discussed further in WordPress Without Borders and WordPress Without Borders, Round Two.
Customizable Post Listings WordPress Plugins Updated: The long awaited and popular Customizable Post Listings WordPress Plugin has been updated to work with WordPress 2.5. To celebrate the update of the new Plugin, Scott Reilly started 14 Days of WordPress Plugins last week, with many new and updated WordPress Plugins.
WP Contact Forum Updated: The popular Ryan Duff’s WP Contact Form has been updated by Peter Westwood to work with the most recent versions of WordPress including 2.5. Peter will be adding new features and taking advantage of the powerful features and functions in WordPress 2.5 to boost this much loved Plugin.
WordPress Development Plugins: Pressing Pixels wrote 10 Plugins To Use In WordPress Development, an interesting collection of Plugins to consider adding to your blog during the blog building stage.
Testing WordPress Themes: Donncha O’Caoimh has found the best way to test new WordPress Themes with his Theme Tester WordPress Plugin. It allows you to try out various WordPress Themes without annoying your readers by changing Themes on them.
Alex King Updated WordPress Plugins: Alex King, author of many popular WordPress Plugins, has updated most of them to work with WordPress 2.5, including Alex King: WP Mobile Edition 2.1, Alex King: Shortcut Macros 1.2, Alex King: Delink Comment Author 1.2, Alex King: Comment License 1.2, and Alex King: 404 Notifier 1.2.
Plugin Styles Guides: We now have two WordPress 2.5 Plugin Style Guides to help WordPress Plugin authors. Epicalex – WordPress 2.5 Plugin Style Guide and Joost De Valk – WordPress 2.5 Plugin Settings Pages Style Guide.
Making Plugins Easier to Make: the WordPress Plugin Maker WordPress Plugin is an interesting twist on a twist. There have been other Plugins and tools to help Plugin authors write WordPress Plugins, and this Plugin claims to be one of the easiest to work with. It is designed for those who “love Cut and Paste and hate FTP” and want to make a WordPress Plugin fast.
Comparing Akismet with Defensio: Viper007Bond.com reports on using Defensio Anti-Spam WordPress Plugin, the competitor for Akismet, and admits that it worked fairly well, though differently. Like Akismet, it works with a community-feedback core, but on a per blog basis as well as a community basis. It includes charts and graphs unlike Akismet to help you get a visual feel for your blog comment spam attacks. He also reports a higher false-positive accuracy over time.
Gamerz WordPress Plugins Updated: Lester Chan of Gamerz has updated all his Plugins to be compatible with WordPress 2.5. He has an awesome collection of some of the most popular WordPress Plugins around, including WP-Ban, WP-DB Manager, WP-Polls, WP-Post Ratings, WP-Post Views, WP-Print, WP-Relative Date,and WP-Sticky.
Tracking WordPress Compatibility: It’s often difficult to track what Plugin and Theme is compatible with which WordPress version. In the WordPress Codex are two “master” pages that list all the various compatibilities: WordPress Theme Compatibilities and WordPress Plugin Compatibilities. No matter which version you are using, and in preparation for the next version of WordPress, add these to your WordPress resource list to check before you upgrade.
Plugin and Theme Compatibility Issues for Authors and Designers: If you have a WordPress Plugin or Theme, see Migrating Plugins and Themes for tips on updating your Plugin or Theme for the latest version of WordPress. Once updated, make sure to include it on the WordPress Compatibility lists so users will know which version is updated and ready to work with the latest WordPress.
Suggesting Content for Your WordPress Blog: TechCruch has featured a content suggestion engine for WordPress blogs using Zemanta. With a FireFox extension, an Ajax box is added to the Write Post Panel to offer suggestions on content to add to your blog from real time media publications. It monitors keywords and adds it live to the content box.
WordPress Techniques and Tips
Ultimate Guide to the WordPress Loop: Theme Lab presents The Ultimate Guide to the WordPress Loop, a step-by-step look at the code that generates WordPress blog posts and offers some tips and techniques for manipulating the content on your blog. See also in the WordPress Codex, The WordPress Loop and The Loop in Action, and Weblog Tools Collection’s Global Variables in the WordPress Loop.
Other interesting WordPress articles and tips include:
- Zaissian Logic – 6 Things I Learned Designing a Custom WordPress Theme
- Applying New Themes to your WordPress Blog Video
- WordPress Blog Custom Header How To Video
- Tutorial: A category based archive on WordPress
Want to Write a WordPress Tip and See It Here? If you would like your WordPress tip and technique included in this list, see Tips For Writing Good WordPress Tips and Writing and Publishing Code In Your WordPress Blog Posts. When its ready, contact me at firstname.lastname@example.org.
WordPress Help: If you are looking for help on using WordPress, begin by visiting the WordPress Codex, the online manual for WordPress Users, then searching the WordPress Support Forums or WordPress.com Forums, depending upon your version.
WordPress.com Goes 2.5: In an announcement last week, WordPress.com switched to the WordPress 2.5 version with a little fuss and fan fare publicly, but a lot of issues on the WordPress.com support forums over the new Administration Panels interface. There are still some issues that need to be cleaned up and fixed, but so far, WordPress 2.5 is working fairly well for the majority of the 2+ million users. The new gallery is a favorite feature, though those using IE are reporting Flash and IE browser bugs. A fix is on the way.
WordPress.com March Stats: The announcement also included the March stats for WordPress.com blogs including 381,855 new users, 3,225,059 posts and 1,420,975 new pages, 5,622,696 comments, and 983,703,444 pageviews total.
WordPress Community News
Using WordPress in Your Blog’s Name: It’s about respect. Please use WordPress names right because WordPress is a trademark and you are not allowed to use WordPress in your blog’s domain name or URL unless you have permission of Automattic and WordPress. Also, remember, it’s spelled “WordPress” not “WordPress”. Oh, and Plugin is Plugin, not plug-in (what you put into a wall electrical socket).
Vote for WordPress Ideas: There is still time to get your vote in for ideas on upcoming versions of WordPress in the The WordPress Ideas section. Why not take advantage of it and add your voice to the vote.
WordPress Installed For Free: Installing WordPress for Free (aka Install4Free WordPress) is a free, volunteer-driven service is limited to personal blogs only, and they help only with installations, not upgrades.
Even More WordPress News?
Past WordPress Wednesday News Reports
- WordPress Wednesday Special Edition: WordPress 2.5
- WordPress Wednesday News: Sneak Peeks of WordPress 2.5, Beta Released, WordCamp Dallas Next Week, and More WordPress News
- WordPress Wednesday News: WordPress 2.5 Due March 17, Administration Plugins May Break, Tons of Plugins Updated, Add Buttons to Toolbar, WordPress Dallas and Now Milan!
- WordPress Wednesday News: WordPress
WordPress News Sources
- WordPress Planet
- WordPress Development Blog
- WordPress.com Blog
- Weblog Tools Collection
- BloggingPro’s WordPress News and Tips
- The WordPress Podcast
- Lorelle on WordPress
- Planet WordPress from Planet Ozh
- WordPress Publisher Blog
If You Are Reading This: If you are reading this blog post NOT on the Blog Herald or from within your feed reader, it is being used against the copyright policy of the copyright owners. Please report it immediately so action may be taken to break some heads and feed scraping blogs.
Each Wednesday on Blog Herald is WordPress Wednesday, featuring the news around the WordPress Community. If you have a WordPress news item or tip to suggest, please contact me at this special email address: email@example.com