WordPress Wednesday News: WordPress 2.5 in Two Weeks, New Hot Media Library, Instant Upgrades, Theme Designers Lack Inspiration, More Plugin Vulnerabilities Found
WordPress 2.5 prepares for release March 10. The new Media Library image and file uploader is looking hot. Improvements to “instant” upgrades for WordPress and Plugins. The new WordPress Administration Panels interface is nearly done. Are you ready for WordPress 2.5? As a user and Plugin or Theme developer? Is your Plugin or Theme ready? WordPress Theme designers get bashed for their lack of imagination and creativity. More Plugins found with security vulnerabilities. WordCamp Dallas a month away. And did someone say something about reformatting WordPress?
WordPress News
WordPress 2.5 Development: The past few weeks, WordPress developers have been working overtime to get ready for the March 10 release of WordPress 2.5. According to Westi’s Weekly Digest, they’ve introduced the beginnings of the Plugin update system, changes to allow uploaded images to be stored outside of the WordPress default path, improved the future post time offset for “human readable” time formats, reduction of SQL queries by wp_count_posts()
which will speed things up and reduce database hits, addition of random order option to the wp_tag_cloud()
, addition of a bulk “delete” to the links manager panel, improvements to the generic ping, changes to ensure private posts stay private, introduction of specific moderation emails for pingback and trackback notifications, and finishing up the details of the new WordPress Administration Panels.
According to the WordPress Development Updates, more work has been done on the Plugins panel and side menu, the Rich Text Editor has been updated to TinyMCE 3.02, all panel redesigns are done including a new design for the Manage Comments page except for the new Media Library Uploader, the Dashboard Panel is getting widgetized, and more details are being cleaned up and final testing is underway on the new administration panels and code.
Are You Ready for WordPress 2.5? I recently published Are You Ready for WordPress 2.5? on the Blog Herald listing some of the new features and changes in WordPress that bloggers and WordPress Plugin and Theme authors need to be aware of so they are ready for the upcoming release of WordPress, one of the most anticipated versions in a long time.
Scriblio Project with WordPress: Matt Mullenweg and others pointed recently to the Scriblio MATC Project Final Report, a report on a system for helping libraries built on top of WordPress. The article is significant as it reports on some of the challenges the team had to overcome, and how they worked together with the open source WordPress community to make this project a success and benefit WordPress development at the same time.
When WordPress Theme Creativity Loses Its Creativity: Jeff Chandler writes on WPDesigner about “Inspiration or Lack of Creativity”, describing how too many are “inspired” by other WordPress Themes, designing from the original instead of creating their own original designs. This creates not only slightly varied versions of the same Themes, but also perpetuates clumsy design issues.
In my travels across the internet, looking for a new WordPress theme, I noticed plenty of them that utilized things such as custom fields. I also noticed many themes that utilized custom coded plugins and some themes even came with a manual that explained how to use them. Why is it like this? Why are theme authors releasing themes that require a Masters Degree to use? Let’s get back to making things simple. Sure, most of those fancy features require more skill and more advanced coding, but after checking out themes such as Shifter, I believe these challenges can be overcome.
If you are a theme designer, please do me a favor. Do your research, then take a top-down look at the current state of WordPress themes. Then, do us all a favor and create something that has yet to be done before. I know that most ideas are rehashed, most ideas have already been worn out, but try to do something that doesn’t make us think about something else that has already accomplished the effect.
WordPress Podcast: The WordPress Podcast has released Episode 34: WordPress 2.3.3 released, more security problems and Prologue and Episode 35: WordPress 2.5 begins testing, Interview with Lisa Sabin-Wilson, covering a ton of WordPress news, tips, and information, along with new host, Jonathan Bailey of Plagiarism Today.
Podcasting About WordPress: Jeffro2pt0 has started a WordPress weekly podcast with news and interviews on WordPress and WordPress community topics.
Last Week’s WordPress Wednesday News: Last week’s WordPress Wednesday News report covered WordPress 2.5 News, Colleges and Schools Love WordPressMU, Viddler Meets WordPress, Theme Buyers Beware, Columns in Blog Posts, Feeds Without Plugins, for those who just can’t get enough WordPress news.
WordPress Security News
More WordPress Plugins Reveal Security Vulnerabilities and Flaws: Blog Security reports on a number of WordPress Plugins with security vulnerabilities and flaws. For more information, check the report and the Plugin author’s site for updated and/or how to fix the issues. Until then, it is highly recommended you deactivate the Plugins. The list includes:
Mandatory Security Upgrade: WordPress 2.3.3 is a mandatory security upgrade covering a vulnerability in xmlrpc.php and includes a few bug fixes. A mandatory security upgrade is not option. It is a required upgrade for the security and safety of your blog.
WordPressMU Mandatory Upgrade: In accordance with the mandatory security upgrade for WordPress 2.3.3, Donncha O’Caoimh has announce the release of WordPressMU 1.3.3 based upon that security release.
Secure WordPress: Noupe wrote “WordPress Security Tips and Hacks” recently with a good round-up of tips on improving your WordPress blog security with sensible tips, techniques, and WordPress Plugins. Remember, the first step in blog security is a strong password.
WordPress Security News: The most recent news on general WordPress security issues includes:
- Ian Kallen of Tecchnorati warns that they’ve seen a number of blogs “exploited by a recently announced WordPress vulnerability” and recommend upgrading NOW not later.
- Blog Security reports on a WordPress CSRF vulnerability described as a Cross Site Request Forgery. Investigations are ongoing.
- Blog Security asks if “WordPress is Insecure by Design?”
WordPress Plugin Security News: The following is a list of recent announcements about security issues found in WordPress Plugins.
- According to Blog Security, the WP-no-version Plugin has been updated and now will remove the WordPress version information for non-authenticated users only.
- Weblog Tools Collection announces two Plugin security issues with WP-Footnotes and WordSpew AJAX Shoutbox.
- Weblog Tools Collection reports a vulnerability in the WP-Forum WordPress Plugin.
WordPress on Your Calendar
WordPress Meetup in Austin, Texas: Andy Skelton and WordPress friends in Austin, Texas, are putting together a WordPress fun meetup May 20, 2008.
WordCamp Dallas: The WordPress Podcast has a podcast announcement about Dallas WordCamp in Texas on March 29-30, 2008. Get the news out and get registered now! If you are a WordPress fan living in Texas, they are looking for volunteers to help spread the world that WordPress is coming to Texas with an exciting line-up of speakers talking blogging and WordPress.
WordPress Meetup or WordCamp Near You? If you are putting together a WordPress event, please email me so I can publicize it here. If there is a WordCamp near you, go. If you are interested in setting up a WordCamp, stay tuned for news and information on to bring a WordCamp event near you.
Here are some WordPress-related dates and events to put on your calendar as found on the WordPress Roadmap and the WordPress Meetup Group Listings (subject to change):
- March Austin WordPress Meeting – March 3, 2008
- WordPress 2.5 Release – March 10, 2008
- The New York City WordPress Meeting – March 15, 2008
- The Nashville WordPress March Meeting – March 22, 2008
- WordCamp Dallas – March 29, 2008 (Registration Required)
- WordPress Denmark Meetup for WordPress 2.5 at Advice – April 6, 2008
- WordPress fans social gathering in Austin, Texas – May 13, 2008
- PodCamp Atlanta 2008 – May 17, 2008
- WordCamp 2008 in San Francisco – July 2008 (should be great)
WordPress Plugins and Themes News
One Click Upload: Mind Blogger reviews the One Click WordPress Plugin and gives it high marks. The Plugin eliminates FTP uploads of Plugins and Themes by helping you do it with “one click” from the WordPress Administration Panels.
Categories on Themes Everywhere: Chris Pearson offers great categorization code tips and techniques in What Every Blogger Needs to Know About Categories, a look at the various native techniques you can use to maximize how categories are displayed on your WordPress Theme.
Is Your Plugin Ready for WordPress 2.5? Joost De Valk offers “WordPress 2.5 Plugin Settings Pages Style Guide”, with tips and information you need to know about how your Plugin’s Administration Panel menus may be changed or broken with the new WordPress Administration Panel structure and layout. See Migrating Plugins and Themes, also, in the WordPress Codex.
Improving Translations: Angsuman Chakraborty has some of the best translation WordPress Plugins and has come up with a way of improving his translator for websites and WordPress blogs which should improve caching and speed. Translation WordPress Plugins have been hard on servers and databases lately, so any improvements in the cache is paramount for creating a blog in many languages.
Comment Spam Tracking and Battling: Donncha O’Caoimh reports on some WordPress Plugins and techniques for tracking down suspicious blog comment spam, such as Comment Referrers, Delink Comment Author, and his version of Lucia’s Linky Love which will not hyperlink comment author’s name to their site until after they’ve posted a specific number of comments on the blog, a unique reward system.
Tracking WordPress Compatibility: It’s often difficult to track what Plugin and Theme is compatible with which WordPress version. In the WordPress Codex are two “master” pages that list all the various compatibilities: WordPress Theme Compatibilities and WordPress Plugin Compatibilities. No matter which version you are using, and in preparation for the next version of WordPress, add these to your WordPress resource list to check before you upgrade.
Plugin and Theme Compatibility Issues for Authors and Designers: If you have a WordPress Plugin or Theme, see Migrating Plugins and Themes for tips on updating your Plugin or Theme for the latest version of WordPress. Once updated, make sure to include it on the WordPress Compatibility lists so users will know which version is updated and ready to work with the latest WordPress.
Interesting WordPress Plugins: I’m constantly amazed at how many creative and useful WordPress Plugins are released each week. Aren’t you?
- WP Instructions WordPress Plugin creates a custom instructions page for a WordPress blog, useful for helping others set up their WordPress sites or give instructions on using the blog.
- IMDB Information WordPress Plugin retrieves movie information and pictures form the IMDB into your WordPress blog with support for multiple languages.
- Comment Spotlight WordPress Plugin puts the “spotlight” on specific comments on your blog with a custom image to honor good or distinctive comments.
- AJAX Ask A Question WordPress Plugin adds an AJAX form to your blog for questionnaires.
- Remind Me WordPress Plugin adds a sidebar list of monthly dates of upcoming events and holidays.
Finding WordPress Plugins: For more WordPress Plugins see the official WordPress Plugin Directory, the WordPress Plugins Database, and Weblog Tools Collection Plugin and Theme announcements.
WordPress Techniques and Tips
Reformat WordPress? While not technically “reformatting” WordPress, Jeffro2pt0 covers tips and techniques for getting a fresh start when you move or totally update your WordPress blog, beginning with a clean database.
WordPress Snippet: PlanetOzh’s WordPress Snippet this week is the add_meta_box()
which allows you to add custom content to the Write Post Administration Panels on WordPress.
WordPress Help: If you are looking for help on using WordPress, begin by visiting the WordPress Codex, the online manual for WordPress Users, then searching the WordPress Support Forums or WordPress.com Forums, depending upon your version.
WordPress Tips and Techniques: Here are some featured articles and videos from around the WordPress Community:
- Aleembwany – Google Custom Search and WordPress Integration
- Internet Gecko – What To Do If Your WordPress Permalinks Post Suddenly Broken
- ZEPREZ WordPress Video Guides – How To Use The More Option In WordPress 2.0
- WordPress Tutorial – How to Wrap Text Around an Image – Video
- Likoma Videos – Adding Photos in WordPress
Want to Write a WordPress Tip and See It Here? If you would like your WordPress tip and technique included in this list, see Tips For Writing Good WordPress Tips and Writing and Publishing Code In Your WordPress Blog Posts. When its ready, contact me at lorelleonwordpress@gmail.com.
WordPress.com News
WordPress 2.5 Changes Coming to WordPress.com: Any day now, WordPress.com users will begin to see changes in the WordPress Administration Panels, often mistakenly called the Dashboard. These will be the first implementation of the latest version of WordPress which features a new interface as well as faster access and publishing times, a new Media Library uploader for images and files, a Widgetized Dashboard panel for customizing the first panel of the Administration Panels, and much, much more.
What’s Going On With WordPress.com? If you want to find out more about what’s happening on WordPress.com blogs, check out the front page of the WordPress.com site and the popular WordPress.com Blogs of the Day listing where you can find thousands of blogs in dozens of languages blogging on a wide range of topics.
New To WordPress.com: If you are new to blogging on WordPress.com, check out this basic guide on What Do I Do With My New WordPress.com Blog?.
WordPress Community News
Looking for a WordPress Expert? If you are looking for a WordPress expert, try the WordPress Consultants list Automattic the WordPress Jobs listings, and the WP-Pro mailing list.
Vote for WordPress Ideas: There is still time to get your vote in for ideas on upcoming versions of WordPress in the The WordPress Ideas section. Why not take advantage of it and add your voice to the vote.
Buy Mugs or Hoodies from WordPress: You can now buy hoodies or mugs with the WordPress logo on them in the WordPress Shop.
Found a Bug in WordPress? If you find a bug in WordPress, report it by following the instructions in Reporting Bugs on the WordPress Codex, the online manual for WordPress Users.
Using WordPress in Your Blog’s Name: It’s about respect. Please use WordPress names right because WordPress is a trademark and you are not allowed to use WordPress in your blog’s domain name or URL unless you have permission of Automattic and WordPress. Also, remember, it’s spelled “WordPress” not “WordPress”. Oh, and Plugin is Plugin, not plug-in (what you put into a wall electrical socket).
WordPress Installed For Free: Installing WordPress for Free (aka Install4Free WordPress) is a free, volunteer-driven service is limited to personal blogs only, and they help only with installations, not upgrades.
If You Are Reading This: If you are reading this blog post NOT on the Blog Herald or from within your feed reader, it is being used against the copyright policy of the copyright owners. Please report it immediately so action may be taken to break some heads and feed scraping blogs.
Even More WordPress News?
Past WordPress Wednesday News Reports
- WordPress Wednesday News: WordPress 2.5 News, Colleges and Schools Love WordPressMU, Viddler Meets WordPress, Theme Buyers Beware, Columns in Blog Posts, Feeds Without Plugins
- WordPress Wednesday News: WordPress 2.5 Live Reports, WWW or Not to WWW, 16,000 Post Migration, MT Does WP, WP Does Kazakhstan, and Gets Mugged
- WordPress Wednesday News: WordPress 2.3.3 Security Must Upgrade, Plugins Vulnerable, Automatic Upgrades, and More
- WordPress Wednesday News: WordCamp Hamburg Success, Automatic Upgrades Coming, $5,000 Bounty, Prologue Theme, and WordPress Wins Again
WordPress News Sources
- WordPress Planet
- WordPress Development Blog
- WordPress.com Blog
- Weblog Tools Collection
- BloggingPro’s WordPress News and Tips
- The WordPress Podcast
- Lorelle on WordPress
- Planet WordPress from Planet Ozh
- WordPress Publisher Blog
Each Wednesday on Blog Herald is WordPress Wednesday, featuring the news around the WordPress Community. If you have a WordPress news item or tip to suggest, please contact me at this special email address: lorelleonwordpress@gmail.com
The author of Lorelle on WordPress and the fast-selling book, Blogging Tips: What Bloggers Won't Tell You About Blogging, as well as several other blogs, Lorelle VanFossen has been blogging for over 15 years, covering blogging, WordPress, travel, nature and travel photography, web design, web theory and development extensively as web technologies developed.
Oh boy, I’m featured in two articles in this weeks roundup. One has my real name while the other has the brand name. I just keep popping up in other places :)
Good job on the post Lorelle. I assume you’ll be covering the Webware 100 in next weeks post?
@Jeffro2pt0:
Good question. I don’t give up all my secrets, you know. :D
Great for newbies, but with just enough meat to be interesting to more experienced users!
Hi,
Thanks for featuring my WP Instructions Plugin. Very interesting information on this page.
Best regards
Sam
@Sam Burdge:
You are very welcome. And thank you!
i am taking my masters degree on a local school and i love it ;
getting a masters degree is of course necessary if you want a wage increase and improvement in your career :-.