WordPress Wednesday News: Mandatory WordPress Security Release, Sneak Previews of WordPress 2.4, Hoodies, Vote for WordPress, Moving to WordPress, Custom Fields, and More
Mandatory WordPress security release. Upgrade now. WordPress hoodies are everywhere! Vote for WordPress and WordPress SEO Plugins. The debate over Howdy! Combining WordPress and podcast blogs. Considering moving to WordPress? Interesting use of Custom Fields. What do you want to see in WordPress 2.4? Sneak previews are starting to appear all over. Another WordPress blogger’s blog hacked. When will folks get the clue that it’s time to update your blog for your blog’s security and protection? Upgrade now.
WordPress News
Mandatory Security Release WordPress 2.3.2: WordPress 2.3.2 has been released and is a mandatory security upgrade. The full details of the update include an urgent security release to fix a vulnerability in draft posts, suppression of some errors messages that may put your database at risk, and other bug fixes. Upgrade to WordPress 2.3.2 now.
WARNING: I’ve seen many bloggers announce the new WordPress security update, debating publicly about whether or not they should upgrade or wait for the next major version. You’ve just told hackers that your blog is open for hacking. Take care in making your WordPress version public, and opening yourself up blatantly to attacks. If you choose to upgrade or not, that’s up to you, but why advertise your version vulnerabilities?
WordPress 2.4 Administration Panel Previews: The buzz around the new backend WordPress Administration Panels for the upcoming January release has arrived. Tubetorial has a “WordPress 2.4 Administration Panel Preview” video which shows just what has been done to date, with a lot more to come. Hyper SVN has a “live” demo of the new WordPress Administration Panels. Expect many of these sneak previews hitting the web as everyone wants to be the first to show it off. Also, expect to see a lot of changes before this release and the next few versions as the Administration Panels get fine tuned.
What Do You Want to See in WordPress 2.4? Andrew Benton has published a list of what he hopes to see in WordPress 2.4 (due the end of January) including improvements in the WYSIWYG Rich Text Editor, improved image handling, better community features, and built-in code formatting for publishing code in your blog posts. What do you want to see in the next version of WordPress?
Installing WordPress On Your Home Computer: Weblog Tools Collection is offering a two part series on installing WordPress locally on your computer so you can play with WordPress Plugins and designs before you release them to the public.
Chart Comparing WordPress and Blogspot: Techbays offers a chart comparing WordPress and Blogspot features, similarities, and differences. Want to move?
The Good, Bad, and Ugly of Moving to WordPress: BlogBloke covers the good, bad, and ugly of moving his blog to WordPress with some great insights and tips on what it takes, that it’s not as hard as many think, and all the gory details.
WordPress on Your Calendar: Are you involved with a WordPress group or club in your area? Make sure you announce meetings on the WordPress Meetup list and let me know so I can help promote your group’s activities. The first Manchester WordPress User Group in England has formed and their first meeting is in January. Maybe it’s time you started a WordPress group in your area?
Here are some WordPress-related dates and events to put on your calendar as found on the WordPress Roadmap and the WordPress Meetup Group Listings (subject to change):
- Manchester England WordPress User Group at MDDA – Jan 16, 2008
- The New York City WordPress January Meetup – January 19, 2008
- WordPress 2.4 Released – January 24, 2007
- The Baltimore-Washington WordPress January Meetup – January 26
- WordCamp Hamburg – January 26-27, 2008
- WordCamp Dallas – March 29-30, 2008
- WordPress 2.5 – May 24, 2008
- WordCamp 2008 in San Francisco – July 2008 (waiting confirmation)
If you are having a WordPress-related event that isn’t on the calendar, post them below or via email.
WordPress 2.4 Digest: This week’s WordPress weekly digest on WordPress 2.4 development include the beginning of the new Administration Panels features, more improvements and fixes in various importers and password security, documentation for more files, security improvements, and more. They’ve introduced a deprecating function and file use tracking functionality for WordPress Theme and Plugin developers to better identify what elements have been deprecated, a frequent complaint with major changes to the database tables and template tags.
WordPress Security News: The latest release of WordPress 2.3.2 is a mandatory security release, fixing some recent vulnerabilities found in WordPress. Arpit Jacob of Clazh joins the club of many WordPress bloggers who haven’t upgraded their WordPress blog and have been hacked. Upgrade WordPress now.
The most recent news on WordPress security includes:
- BlogSecurity reports that the new release of WordPress makes their bs-wp-noerrors WordPress Plugin unnecessary.
- Simple Thoughts Blog was hacked this week and the author sets out a very detailed explanation on how it was hacked and how to protect your WordPress blog from hackers.
- WordPress ZeroDay Vulnerability Roundhouse Kick, a remarkable article on WordPress security vulnerabilities, has been updated to include vulnerabilities in Akismet as well.
- Two WordPress Plugins have been found to have security vulnerabilities by Blog Security. WordPress PictPress File is recommended to be immediately disabled util an update can be found. An HTML Injection Vulnerability has been found in the popular WP-ContactForm WordPress Plugin. Hopefully, an update will be available soon.
- Ryan Boren reports on “Secure Cookies and Passwords”, improvements to WordPress 2.4 to feature new formats for authentication cookies and password hashing algorithm to improve blog security.
- 20f1aeb7819d7858684c898d1e98c1bb by Donncha O’Caoimh includes tips on keeping your blog safe from new hackers attacking blog passwords on WordPress and WordPressMU blogs.
To check your blog’s security, try WPIDS – WordPress Intruder Detection System and WP Scanner WordPress Plugin.
Combining WordPress and Podcast Blogs: I’d Rather Be Writing offers “My Blog and Podcast Site Are Now Merged into One — Steps on How I Did It”, an interesting step-by-step guide on combining two WordPress blogs into one, with tips for combining a podcast blog with a regular WordPress blog.
Vote for WordPress: TechCrunch Crunchies Awards list WordPress among the “Most Likely to Succeed” nominees with an eclectic bunch including Zivity, Slide, Mint, and Kayak, totally unrelated sites. Very odd combination to choose from and no clarification that the vote is for WordPress.com not WordPress overall, but your vote for WordPress is always welcome by the WordPress Community. Automattic CEO, Toni Schneider is nominated for Best start-up CEO, so cast a vote there, too. Can someone tell me why WordPress.com isn’t listed in the Best overall category?
Removing Feeds From Google Search Results: With all of the fuss over WordPress creating duplicate content, Google has announced it’s removing feeds from its search results. For more information, see Google’s topics on Crawling, Indexing and Ranking.
More WordPress Cache: Perishable Press has published “How to Enable the Default WordPress Object Cache”, an indepth look at site performancing issues related to how WordPress handles cache, as well as exploring caching WordPress Plugins, to control and fine tune the traffic load on the site.
Thinking of Using WordPressMU to Run Multiple Blogs? Think Again: Using WordPress MU to Power Multiple Blogs from DevLounge looks at the issues of using WordPressMU for managing multiple blogs, and the conclusion is that while it works, it’s not really recommended for this purpose. WordPressMU is for hosting independent blogs, not managing multiple blogs. To run multiple blogs from one administration panel, try the Manage Multiple Blogs WordPress Plugin and get more information in Multiple Blogs Through Multiple Installs from the WordPress Codex, the online manual for WordPress Users.
Tracking Deprecated Functions for WordPress 2.4 – Get Your Plugin and Theme Ready: Peter Westwood covers “WordPress: Tracking Deprecated Functions”, a good look at the changes in WordPress 2.4 and which functions will work, and which won’t, and what’s new. If you are a WordPress Plugin author or WordPress Theme designer, look now at these changes to make sure you release the most updated version of your WordPress Theme in time for the January release of WordPress 2.4.
Howdy! Welcome! Fixed!: Weblog Tools Collection’s “Howdy Stranger” looks at the debate recently among WordPress developers about the use of the word “Howdy” in the WordPress Administration Panels as not being appropriately “translatable”. Enter the No Howdy Plugin by Ozh with the fix to the “untranslatable” welcome.
Vote for WordPress Ideas: Want your say in the next version of WordPress? The WordPress Ideas section on WordPress is an open forum for you to have your say. Why not take advantage of it and add your voice to the vote.
Last Week’s WordPress Wednesday News: Last week’s WordPress Wednesday News report covered WordPress 2007, Nominated for TechCrunch Crunchies, More WordPress Blogs Hacked, WordPress Events in 2008, WordPress.com Blogger Wins, and Snow, if you would like to catch up with the news on WordPress.
WordPress.com News
Adding Avatars and Gravatars to Your WordPress.com Blog: Last week, I gave you tips on adding avatars and Gravatars to your WordPress.com blog, and I’ve expanded these into Adding Avatars and Gravatars to Your WordPress and WordPress.com Blog, with examples of the various sizes an avatar image goes through on a WordPress.com blog, Administration Panels, and throughout the WordPress.com community.
WordPress.com Now 2 Million Strong: WordPress.com counted two million blogs signed up Tuesday. Congrats all!
What’s Hot on WordPress.com? The hottest blogs on WordPress.com were:
- CNN Political Ticker
- Lolcats ‘n’ Funny Pictures – I Can Has Cheezburger?
- POPSEOUL! entertainment, style and beauty in seoul
- GretaWire
- Loldogs ‘n’ Cute Puppy Pictures – I Has A Hotdog!
- Club Penguin Cheats l Glitches l Secrets
- 5 Elementos – Feng Shui y Astrología China
- Look Great in ’08
- The Page
- touchmods.net Weblog
The hottest blog posts on WordPress.com were:
- Chua Soi Lek the naughty boy
- Wonder kid in potential wonder kid out?
- Elizabeth Edwards ‘disappointed’ with Michelle Obama
- No fite
- Amazon Raises the Cloud Platform Bar Again With DevPay
- Object-Oriented Database Management Systems Succeeded
- The Huckster…
- vPlug2.0.5
- Cinco es demasiado para mí
- VIDEO: New Years Eve — Jonas Brothers & Miley Cyrus Perform “Hold On” and “We Got the Party”!
New To WordPress.com: If you are new to blogging on WordPress.com, check out this basic guide on What Do I Do With My New WordPress.com Blog?.
WordPress Plugins and Themes News
The Worst WordPress Plugins: Full Tilt Blogging offers “15 Worst WordPress Plugins”, a delightful satire on the worst of the worst WordPress Plugins.
Vote for Best Search Engine WordPress Plugins: The Search Blogs Awards of 2007 by Search Engine Journal includes the Best SEO Plugin for WordPress as a new category. Vote for your favorite SEO WordPress Plugin from among:
- Joost’s Meta Robots WordPress Plugin
- Simple Tags WordPress Plugin
- All in One SEO Pack Plugin
- Do Follow WordPress Plugin
Using Custom Fields For Post Title Graphics: 5ThirtyOne offers “WordPress Custom Fields: Laying Text Over Your Lead Graphic, an interesting method of using the Write Post Panel’s Custom Fields to add a graphic to your post title with the post title text over the image. There are many methods of using Custom Fields. Aaron Brazell sponsored a “WordPress Custom Fields Contest” and the results give you lots of great ideas for using Custom Fields. See also Using Custom Fields in the WordPress Codex.
ShortStat WordPress Plugin Tip: Perishable Press offers tips for reducing the database table size for the popular ShortStat WordPress Plugin.
Role Manager WordPress Plugin Updated: Role Manager WordPress Plugin has been updated and includes new security improvements.
Akismet Updated: Akismet has been updated to version 2.1.2 and has several new features including filtering by comment type and the addition of Plugin hooks.
Update Subscribe to Comments Plugin: Donncha reports that a bug was found in the popular Subscribe to Comments WordPress Plugin by Mark Jaquith. Please update this Plugin immediately.
Fast Updating: Worried about updating WordPress? The InstantUpgrade WordPress Plugin makes the process simple and easy.
Interesting WordPress Plugins: Some interesting WordPress Plugins I’ve stumbled across recently include:
- Roman Date WordPress Plugin adds a Roman calendar date to the current date that may be listed in your sidebar or post.
- Google Maps WordPress Plugin works with Google Maps to add maps to your blog posts with a simple tag.
- WordPress PostMapper WordPress Plugin works with Google Maps API and Google Geocoder to input location information and maps on your blog posts.
- WP Widget Changer WordPress Plugin adds a dynamic Widget to your WordPress blog’s sidebar to show different Widgets for different post and pageviews.
Finding WordPress Plugins: For more WordPress Plugins see the official WordPress Plugin Directory, the WordPress Plugins Database, and Weblog Tools Collection of WordPress Plugins released daily.
WordPress Techniques and Tips
Here are some featured articles and videos from around the WordPress Community and the WordPress Codex, the online manual for WordPress Users, the source to turn to first for your WordPress help.
NOTE: If you would like your WordPress tip and technique included in this list, see Tips For Writing Good WordPress Tips and Writing and Publishing Code In Your WordPress Blog Posts.
- Using PodPress in WordPress Video
- The Undersigned – WordPress How-to: Theme Options
- WordPress Basics: Publishing Posts
- How To Secure Your WordPress Blog
- Daily Blog Tips: 11 Principles to Design a Great WordPress Theme
WordPress Community News
Get Your Hoodies! WordPress Hoodies are here and will start shipping again January 2nd, so get your warm sweatshirt with a hood now and proudly let the world know you are WordPress-cool this year. Buy an extra for a friend or family member at the WordPress Shop.
WordPress Podcast: A new episode of the WordPress Podcast is out. Episode 32: Automattic Rumors, Lorelle Provides WordPress.com News includes an interview with Jonathan Bailey of Plagiarism Today and the Blog Herald discussing copyright issues and content theft, rumors of Automattic’s financial ventures, the WordPress.com Premium Theme Marketplace, and Lorelle joining as a reporter for news on WordPress.com.
Looking for WordPress Books? WPThemesPlugin offers a summary of the WordPress books published over the past couple years. The list includes my book, Blogging Tips (which is about blogging not WordPress specifically), WordPress 2 Visual QuickStart Guide, WordPress Complete, and the new WordPress For Dummies, among others.
Need Help With WordPressMU? Work is ongoing to improve the WordPressMU documentation on the WordPress Codex. If you need help and information on WordPressMU, start there.
WordPress Installed For Free: If you have problems installing the full version of WordPress, visit Installing WordPress for Free (aka Install4Free WordPress). This free, volunteer-driven service is limited to personal blogs only, and they help only with installations, not upgrades.
Using WordPress in Your Blog’s Name: WordPress is a trademark and you are not allowed to use WordPress in your blog’s name or URL unless you have permission of Automattic and WordPress. Also, remember, it’s spelled “WordPress” not “WordPress”. Oh, and Plugin is Plugin, not plug-in (what you put into a wall electrical socket).
Looking for a WordPress Expert? WordPress Consultants on Automattic is a list of experts you can hire to help you with WordPress Themes, WordPress development, WordPress Plugins, or other WordPress-related expertise. Also see the WordPress Jobs listings, and the WP-Pro mailing list.
If You Are Reading This: If you are reading this blog post NOT on the Blog Herald or from within your feed reader, it is being used against the copyright policy of the copyright owners. Please report it immediately so action may be taken to break some heads and feed scraping blogs.
Even More WordPress News?
Past WordPress Wednesday News Reports
- WordPress Wednesday News: WordPress 2007, Nominated for TechCrunch Crunchies, More WordPress Blogs Hacked, WordPress Events in 2008, WordPress.com Blogger Wins, and Snow
- WordPress Wednesday News: Akismet Day, Two Million Bloggers, Plugin Security Warnings, And WordPress is the Best CMS
- WordPress Wednesday News: WordPress Theme Viewer Waits, New Social Network, Security Issues, Austin Grows, Gravatars Enabled, WordPress Books, Matt Cutts, and More
- WordPress Wednesday News: WordPress Themes Hacked, WordPress Schwag for Sale, Life Without Akismet, Flickr Edits, and New WordPress Baby
- WordPress Wednesday News: Will You Turn Off Akismet? WordPress 2.4 Delayed, and More WordPress News
WordPress News Sources
- WordPress Planet
- WordPress Development Blog
- WordPress.com Blog
- Weblog Tools Collection
- BloggingPro’s WordPress News and Tips
- The WordPress Podcast
- Lorelle on WordPress
- Planet WordPress from Planet Ozh
Each Wednesday on Blog Herald is WordPress Wednesday, featuring the news around the WordPress Community. If you have a WordPress news item or tip to suggest, please contact me at this special email address: lorelleonwordpress@gmail.com
The author of Lorelle on WordPress and the fast-selling book, Blogging Tips: What Bloggers Won't Tell You About Blogging, as well as several other blogs, Lorelle VanFossen has been blogging for over 15 years, covering blogging, WordPress, travel, nature and travel photography, web design, web theory and development extensively as web technologies developed.
Thanks for the link Lorelle. It was gory wasn’t it ;-)
I appreciate the mention of my site! Nice article by the way, some great stuff here.
The WordPress Codex offers the WordPress Deprecated Functions Hook for the deprecated function hook API.
The deprecated function API does not handle all of the WordPress deprecated function list. I think a better term would be obsolete function API, since all of the functions in deprecated.php are marked using the deprecated function.
The other “deprecated” functions are not marked using the deprecated function and therefore theme and plugin authors will not know what they are, unless they look at the list.
Overall, while I’m not happy that about the whole deprecated/obsolete, whatever it is good. I think going forward theme and plugin authors can expect that when functions and files should not be used, that there will be notices (quite literally) about their mistakes.
The deprecated functions have been documented (not sure if all of the documentation has been committed. If someone runs PHPDocumentor on the WordPress source, they will get an extra 4 or 5 functions that won’t pop up notices.
Yes, that is right, there aren’t that many functions that are deprecated! You would think that people would read deprecated.php every once in a while. Oh yeah, that file has been documented, but since the functions are deprecated no one should be using the documentation anyway. The reason to read it is to get the functions you should be using.
@Jacob Santos:
That’s true and thanks for the link. The deprecated.php file hasn’t been around for very long, so many aren’t familiar with it. Thanks for the reminder to all.
My mistake. All of the deprecated functions are marked thus as deprecated. Only get_link() is not, which the deprecated function has not yet been added to deprecated.php.
I would like the ability to explictly set the URL in hyperlinks.
I find thay when adding a link in wordpress it will append the domain once or twice to the left before the domain i wish to link to.
For example, say i want to link to http://www.cnn.com
I write my post as usual, then i highlight the word to link and add in the URL.
You would expect this would work, but it does not and all links end up like this :
http://www.mydomain/%20/http://cnn.com
Even editing it in HTML mode does not help. If you know how to fix it ….do let us know..
@Paul Walsh:
First, you put the link in properly, with the http:// in front, or use the link buttons to add the link to your blog. And most WordPress blogs will convert www leading links into the correct form. If you leave the www off, it can misinterpret, so you have to write it in its right form.
Actually, “link dumping”, what I call dumping full URLs into blog posts is bad form and ugly. Short ones like http://www.cnn.com isn’t the end of the world, but long ones are. Put them in a proper text form like CNN and you will not have this problem.
WordPress can’t read your mind and know what you mean when you put in a bad link form. It doesn’t know where the link is to go, within your page or outside.
I read through this entire post, only to learn later that it is from 2008. Oops!