Blogging

Ideas for Blogging, including websites, information, and tips.

WordPress 2.3.3 Security Upgrade: A simple upgrade technique

Posted by

5

Today’s announcement of an insecurity in WordPress 2.3.2 may have spooked a few people:

WordPress 2.3.3 is an urgent security release. A flaw was found in our XML-RPC implementation such that a specially crafted request would allow any valid user to edit posts of any other user on that blog. … If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php.

I have already applied the patch the blog, to ease my mind. To apply the patch, I’d recommend the following five steps:

  • Step 1: Download the patch directly from WordPress.org.
  • Step 2: FTP to your account and login.
  • Step 3: Find the xmlrpc.php file in the /yourblog.com folder and rename it as xmlrpc.old.
  • Step 4: Upload the new file to the same folder.
  • Step 5: Once everything’s working, move the file to the root of your FTP User account out of harm’s way.
  • (If things go wrong: rename the new file you just uploaded as xmlrpc.new. Then rename the xmlrpc.old as xmlrpc.php until you can fix the problem. Of course, this is a good technique but the patch is a SECURITY patch, so you really OUGHT to upgrade the xmlrpc.php to the latest one.

If you’re ever upgrading plugins or even themes, renaming a current file or directory as *.old is a good way to give you a Plan B, just in case things go wrong when you install the new theme or plugin or file. You can simply revert to the old versions, provided you haven’t updated the database. CAUTION in upgrading is ALWAYS advised.

And, just in case you think hacking can’t happen to you, read several postings on MattCutts blog about his true but less severe hacking. There’s also a post on John Cow’s blog that got me thinking about this issue.

If you know any other great posts about blog security, do add them in the comments!

How do you navigate a 1000 posts? Five Practical Suggestions for WordPress Bloggers

Posted by

2

I’ve made a number of improvements to find posts and get around the blog, I’m featuring five improvements that I think readers will like.

1. Random Post Plugin

I’ve been working on the blog upgrading usability somewhat in the last few days. I’ve also been trying out the Random Post Plugin.

randompost

You can see it clearly in the grey bar at the top of the blog! Try it!

2. ADDTHIS Widget

The AddThis Bookmark plugin is now featured. I’ve used three separate instances of the Bookmark This code in each page to help readers add this to their favorite service. It works well.

bookmarkthis

3. Bob’s Simplistic Navigation

I’m also using Top/Bottom Navigation which places code at the top and bottom of the blog page to show the previous/next post. It’s a standard feature in some themes, including Kubrick, but not my current theme. I still need to sort out the words since I use LONG titles.

navig plugin

In Pages View it’s fine, but the long title in Single Post View is ugly. See what I mean in the next picture…

navig plugin2

There’s no clear marker between the two posts. Oh, well. You can get the plugin here. It’s still pretty neat.

4. Related Posts Plugin

This plugin simply “returns a list of the related entries based on active/passive keyword matches.” You can see it on the main pages and on the Single Post pages. It requires a little hacking of the theme since it’s not installed by standard, but it works well. Get it here.

related posts

5. Feature Pages

I’m adding feature pages that are posts in the top bar, it’s slow progress, and I don’t want to crowd the bar area with too many, but this theme allows this extra space, and it’s easy to edit. Just edit the HTML in the theme header.

top bar2

Right now, it’s just got ‘WordPress and Top Posts’ but I’ll expand it slowly to include more posts that I want to highlight!

So those five ways will help readers find pages, esp. important pages, their own favorites and discover new stuff… When there are nearly a thousand posts in the archives, it’s time to help readers find some of the better ones. And these three tools help a lot.

How do you help readers find their way around your blog? As a reader, what do you like or hate in blog navigation? I know I loathe really long and loaded sidebars…. but… what about you?

WP Banners Plugin: Good Value or not?

Posted by

Recently, I set up some banners on this website with the help of several plugins. Eventually, though, with the number of banners at work, I had to give up on Shylock Adsense and go with something that offered a bit more flexibility: enter WordPress Banner Rotator v2.1.3

There were initial problems.

I’m currently using to handle all the banners, and it seems pretty stable, though some functionality and documentation have issues. It’s commercial software though it won’t break the budget at $14.99 as a download. It’s working well in many ways, but there are some problems that I have discovered with features not working as anticipated. I’ll be doing a full review soon: active banner switch and future date expiry don’t work as anticipated (or not at all), but otherwise pretty stable.

I’d like an option to weight ads, too. Some of these problems would be easily solved by setting up ‘ad management software’ and using that code within this software. Such software would manage the ads more effectively, such as OpenAds. It seems pretty stable, though.

wpbanners usage

Other suggestions in email.