WordPress 2.4 is now WordPress 2.5 due in March. Mandatory WordPress security release. Update now. Uninstalling Plugins finds a possible fix. Vote for WordPress.com. New WordPress groups formed. WordPress Help Sheet. Users talking back to WordPress Plugin authors, asking for their support of their users. bbPress updated. Akismet goes .Net. And more WordPress news.
WordPress 2.4 Delayed – Now Will Be WordPress 2.5 in March: Weblog Tools Collection and others announced that WordPress 2.4 has been delayed in order to give more time to the development of the new Administration Panel interface and other improvements and features. The next major release of WordPress is scheduled for March, not January, and will be WordPress 2.5. This is not the first time WordPress has skipped a version, and each time, it’s been worth it.
Mandatory Security Release WordPress 2.3.2: WordPress 2.3.2 has been released and is a mandatory security upgrade. The full details of the update include an urgent security release to fix a vulnerability in draft posts, suppression of some errors messages that may put your database at risk, and other bug fixes. Upgrade to WordPress 2.3.2 now.
WARNING: I’ve seen many bloggers announce the new WordPress security update, debating publicly about whether or not they should upgrade or wait for the next major version. You’ve just told hackers that your blog is open for hacking. Take care in making your WordPress version public, and opening yourself up blatantly to attacks. If you choose to upgrade or not, that’s up to you, but why advertise your version vulnerabilities?
Someone Listened to the Plugins Uninstall Issue: One of the things that has worried many, including myself, is the lack of a “full uninstall” of WordPress Plugins. If you deactivate them, their database tables remain in your WordPress database. While not the end of the world, it takes up unnecessary space and could cause conflicts. Jeffro 2.0 of Weblog Tools Collections brings up the subject of uninstalling Plugins and within a few days, we have the start of an answer. Andrew Rickmann created a tool that creates an uninstallation option on the Plugins Panel which will appear if the Plugin has been deactivated and the Plugin author has created an uninstall file which will remove the data from the database. A lot of work is needed, as well as your help, to create a solid Plugin uninstallation tool. There are a lot of things to consider such as deactivating Plugins temporarily for an upgrade or bug hunt, and if the user might want to consider using the Plugin in the future with the current data. Still, this is a great step in the right direction.
WordPress 2.4 Administration Panel Previews: The buzz around the new backend WordPress Administration Panels for the upcoming January release has arrived. Tubetorial has a “WordPress 2.4 Administration Panel Preview” video which shows just what has been done to date, with a lot more to come. Hyper SVN has a “live” demo of the new WordPress Administration Panels. Expect many of these sneak previews hitting the web as everyone wants to be the first to show it off. Also, expect to see a lot of changes before this release and the next few versions as the Administration Panels get fine tuned.
WordPress on Your Calendar: Nashville, Tennessee, now has a WordPress group. WordCamp Dallas in March has opened registration and has a terrific line up of top speakers on WordPress, video, podcasting, multimedia, and blogging. In Denmark, there is a WordPress 2.5 gathering in April where fans of WordPress will get together to celebrate and learn more about the latest version of WordPress.
Are you involved with a WordPress group or club in your area? Make sure you announce meetings on the WordPress Meetup list and let me know so I can help promote your group’s activities. Here are some WordPress-related dates and events to put on your calendar as found on the WordPress Roadmap and the WordPress Meetup Group Listings (subject to change):
- Manchester England WordPress User Group at MDDA – Jan 16, 2008
- The New York City WordPress January Meetup – January 19, 2008
- The Baltimore-Washington WordPress January Meetup – January 26, 2008
- Nashville WordPress Meetup – January 26, 2008
- WordCamp Hamburg – January 26-27, 2008
- WordPress 2.5 Released March 24, 2008
- WordCamp Dallas – March 29, 2008 (Registration Required)
- WordPress Denmark Meetup for WordPress 2.5 at Advice – April 6, 2008
- WordCamp 2008 in San Francisco – July 2008 (waiting confirmation)
If you are having a WordPress-related event that isn’t on the calendar, post them below or via email.
WordPress 2.4 Digest: In last week’s WordPress weekly digest, Westi reported on many improvements and fixes to the next version of WordPress including introduction of a new tag for separation of cookie generation, filtering of available WordPress Themes based upon Theme tags which describe the type of design the user is seeking, more work on the WXR importer and translation options, introduction of a new method to get the comment count on feeds, a new setting within the API for post types, integration of the popular Optimal Title Plugin into the core, introduction of auto-suggest for entering tags to the native tag feature, more documentation, improvements to the Rich Text Editor interface to remember which one you used last (visual or code) and easier switching, and a new interface for selecting which WordPress Widgets to use in the different sidebars.
The most recent news on WordPress security includes:
- Blog Security reports on a vulnerability in WP-Filemanager WordPress Plugin and recommends you disable and remove the Plugin until an updated and fixed version is available.
- A vulnerability called the “WP Directory Traversal Vulnerabilities” has been found in WordPress 2.0.11 and WordPress 2.3.2 (not the current version) and only on WordPress running within the Microsoft Windows environment. This vulnerability means an attacker may edit and view sensitive files.
- BlogSecurity reports that the new release of WordPress makes their bs-wp-noerrors WordPress Plugin unnecessary.
- Simple Thoughts Blog was hacked this week and the author sets out a very detailed explanation on how it was hacked and how to protect your WordPress blog from hackers.
- WordPress ZeroDay Vulnerability Roundhouse Kick, a remarkable article on WordPress security vulnerabilities, has been updated to include vulnerabilities in Akismet as well.
- Two WordPress Plugins have been found to have security vulnerabilities by Blog Security. WordPress PictPress File is recommended to be immediately disabled until an update can be found. An HTML Injection Vulnerability has been found in the popular WP-ContactForm WordPress Plugin. Hopefully, an update will be available soon.
- Ryan Boren reports on “Secure Cookies and Passwords”, improvements to WordPress 2.4 to feature new formats for authentication cookies and password hashing algorithm to improve blog security.
Graffitti: In Graffitti disses WordPress, there is a lot of discussion of how a commercial CMS program is taking advantage of WordPress fame to promote its wares. There is little to compare the two programs as Graffitti is still in the testing stages and WordPress is really not its competition. CMS programs are. WordPress can handle the competition. Can WordPress fans handle a commercial company abusing WordPress? Many are a bit upset with Graffitti’s ad campaign targeting WordPress. Even Matt Mullenweg chimes in. This is just a reminder to not be fooled by those taking advantage of WordPress. If the program is good enough, it will be great competition. If it is a scam, let people know but don’t give it the publicity it seeks. With all the hype, a lot of people now know about Graffitti who had never heard of it before.
Vote for WordPress Ideas: Want your say in the next version of WordPress? The WordPress Ideas section on WordPress is an open forum for you to have your say. Why not take advantage of it and add your voice to the vote.
Last Week’s WordPress Wednesday News: Last week’s WordPress Wednesday News report covered Mandatory WordPress Security Release, Sneak Previews of WordPress 2.4, Hoodies, Vote for WordPress, Moving to WordPress, Custom Fields, and More, if you would like to catch up with the news on WordPress.
What’s Hot on WordPress.com? The hottest blogs on WordPress.com were:
- CNN Political Ticker
- Lolcats ‘n’ Funny Pictures – I Can Has Cheezburger?
- Les Amateurs de Stars
- POPSEOUL! what’s poppin in Korean entertainment and style
- The Page
- FORTUNE: Apple 2.0
- Loldogs ‘n’ Cute Puppy Pictures – I Has A Hotdog!
- Cafferty File
The hottest blog posts on WordPress.com were:
- Clinton supporters boo Obama
- Diebold and New Hampshire
- Democratic Underground: It’s Diebold again!
- What the headline should be tomorrow, but won’t be.
- No entraré más a misa
- Só porque dou para minha mulher posso ser gay?
- Facebook, Scoble, Manifestos and European Privacy Law.
- Analyst: Apple is a full year ahead of competition
- US stock market confirms primary downtrend
New To WordPress.com: If you are new to blogging on WordPress.com, check out this basic guide on What Do I Do With My New WordPress.com Blog?.
WordPress Plugins and Themes News
A View From a Plugin User: Frank Lucas wrote an article on WordPress Plugin standards from the position of a user after test driving over 500 WordPress Plugins. I believe more from users will start demanding better standards on Plugins. If you are a Plugin or Theme author, make sure you present your tools clearly on your blog and define them with the keywords we need to read to understand what they are about. Also, take a moment to read a love letter I wrote to WordPress Plugin authors to encourage them to help themselves and their users more.
WordPress Help Sheets: WPCandy recently offered the WordPress Help Sheet (pdf), a pdf file cheat sheet to help with WordPress PHP snippets, basic template files and template tags, and more. Now they’ve added the The Advanced WordPress Help Sheet which includes snippets from “Styling Different Categories to Dynamic Page Titles” claiming this is the first of three advanced help and cheat sheets. There are a variety of other HTML, CSS, PHP, WordPress cheat sheets available.
FCKEditor Upgraded: FCKEditor WordPress Plugin has been upgraded with plenty of new features and the ability to work with WordPress 2.3.
Yedda FeedFlares for WordPress: Yedda offers FeedFlares for WordPress bloggers through their new WordPress Plugins.
Custom Query String Reloaded: The Custom Query String Reloaded WordPress Plugin has been upgraded with new features including tag support and working with WordPress 2.3.
WordPress Super Cache Updated: WP Super Cache has been updated with some fixes and improved features including fixes to the mod_rewrite rules, viewing mod_rewrite rules, warnings if the blog’s root directory is writeable, and more.
Query Child of $Page Updated: Peter Westwood updated his Query Child of $Page WordPress Plugin to make it work with current versions of WordPress.
Interesting WordPress Plugins: There are so many interesting WordPress Plugins released each week. Have you been paying attention?
- Smart Sort WordPress Plugin places a sort bar above or below a list of posts within a category or archive in your WordPress Theme template to allow sorting of posts by any custom field.
- Bunny’s Language Linker WordPress Plugin allows you to include links to “sister” Pages of translated versions. For example, if you blog in multiple languages, you can have your “About” Page in English, French, Spanish, and/or German. The Plugin adds a form to your Page Panel to include the page slug (URL) to each language version of your About Page which appears on each About Page
- WP-Crontrol WordPress Plugin adds customization control to the WP-Cron system.
- PostMaster WordPress Plugin allows blog-by-email with posts containing multimedia attachments to embed into the post body. Currently supports image and 3g2 mobile video MIME types, helping you blog from your cell phone.
Fast Updating: Worried about updating WordPress? The InstantUpgrade WordPress Plugin makes the process simple and easy.
Writing to WordPress Standards: If you are developing WordPress Plugins or Themes, your first step is to visit the WordPress Codex, the online manual for WordPress Users, especially the WordPress Coding Standards and Writing a Plugin articles.
WordPress Techniques and Tips
Here are some featured articles and videos from around the WordPress Community and the WordPress Codex, the online manual for WordPress Users, the source to turn to first for your WordPress help.
NOTE: If you would like your WordPress tip and technique included in this list, see Tips For Writing Good WordPress Tips and Writing and Publishing Code In Your WordPress Blog Posts.
- Lost Address – Writing a Book? Use WordPress
- Blogger Camp – Remove Several Categories from the Loop in WordPress
- Urban Giraffe – Localizing WordPress themes and plugins
- Devlounge – WordPress Plugins and Database Interaction
- Peach Pit Press – Publish a Video Podcast with WordPress
- Ryan McDonnell – Multiple Blogs – One WordPress Install – Zero Code Changes
WordPress Community News
bbPress Upgrade Released: An upgrade and bug-fix release of bbPress 0.8.3.1 was announced which makes the forum program compatible with the latest version of WordPress and includes improvements for topic labeling and “bozo” marking, which allows users to note when a participant is an idiot. I’d like that feature on some of my blogs. :D
Get Your Hoodies! WordPress Hoodies are here and will start shipping again January 2nd, so get your warm sweatshirt with a hood now and proudly let the world know you are WordPress-cool this year. Buy an extra for a friend or family member at the WordPress Shop.
WordPress Podcast: Episode 32: Automattic Rumors, Lorelle Provides WordPress.com News includes an interview with Jonathan Bailey of Plagiarism Today and the Blog Herald discussing copyright issues and content theft, rumors of Automattic’s financial ventures, the WordPress.com Premium Theme Marketplace, and Lorelle joining as a reporter for news on WordPress.com.
Need Help With WordPressMU? Work is ongoing to improve the WordPressMU documentation on the WordPress Codex. If you need help and information on WordPressMU, start there.
WordPress Installed For Free: If you have problems installing the full version of WordPress, visit Installing WordPress for Free (aka Install4Free WordPress). This free, volunteer-driven service is limited to personal blogs only, and they help only with installations, not upgrades.
Using WordPress in Your Blog’s Name: WordPress is a trademark and you are not allowed to use WordPress in your blog’s name or URL unless you have permission of Automattic and WordPress. Also, remember, it’s spelled “WordPress” not “WordPress”. Oh, and Plugin is Plugin, not plug-in (what you put into a wall electrical socket).
Looking for a WordPress Expert? WordPress Consultants on Automattic is a list of experts you can hire to help you with WordPress Themes, WordPress development, WordPress Plugins, or other WordPress-related expertise. Also see the WordPress Jobs listings, and the WP-Pro mailing list.
If You Are Reading This: If you are reading this blog post NOT on the Blog Herald or from within your feed reader, it is being used against the copyright policy of the copyright owners. Please report it immediately so action may be taken to break some heads and feed scraping blogs.
Even More WordPress News?
Past WordPress Wednesday News Reports
- WordPress Wednesday News: Mandatory WordPress Security Release, Sneak Previews of WordPress 2.4, Hoodies, Vote for WordPress, Moving to WordPress, Custom Fields, and More
- WordPress Wednesday News: WordPress 2007, Nominated for TechCrunch Crunchies, More WordPress Blogs Hacked, WordPress Events in 2008, WordPress.com Blogger Wins, and Snow
- WordPress Wednesday News: Akismet Day, Two Million Bloggers, Plugin Security Warnings, And WordPress is the Best CMS
- WordPress Wednesday News: WordPress Theme Viewer Waits, New Social Network, Security Issues, Austin Grows, Gravatars Enabled, WordPress Books, Matt Cutts, and More
- WordPress Wednesday News: WordPress Themes Hacked, WordPress Schwag for Sale, Life Without Akismet, Flickr Edits, and New WordPress Baby
WordPress News Sources
- WordPress Planet
- WordPress Development Blog
- WordPress.com Blog
- Weblog Tools Collection
- BloggingPro’s WordPress News and Tips
- The WordPress Podcast
- Lorelle on WordPress
- Planet WordPress from Planet Ozh
Each Wednesday on Blog Herald is WordPress Wednesday, featuring the news around the WordPress Community. If you have a WordPress news item or tip to suggest, please contact me at this special email address: email@example.com
Author: Lorelle VanFossen
The author of Lorelle on WordPress and the fast-selling book, Blogging Tips: What Bloggers Won’t Tell You About Blogging, as well as several other blogs, Lorelle VanFossen has been blogging for over 15 years, covering blogging, WordPress, travel, nature and travel photography, web design, web theory and development extensively as web technologies developed.