All things Wordpress.
The last few days have highlighted a gap in my knowledge of the WordPress platform. I use .htaccess rules to block requests to visit pages and to block requests to directly call scripts in WordPress directories when the requests look malicious. Mostly, those rules are designed to stop bots and hackers from using query string … Read more
As most WordPress bloggers and site owners and administrators will already be aware, the TimThumb script that is popularly used for resizing images to create thumbnails for WordPress themes and plugins has a security vulnerability that allows hackers an easy ride into websites.
The vulnerability was made public at the beginning of August and was patched almost as soon as it was announced. However, I’ve noticed a increasing number of crawls of sites I manage by scripts looking for themes and plugins that use timthumb.php. These crawls produce 404 error reports in both the plugins SEO Ultimate and Redirection because the files the bot’s hunting for do not exist on my servers. In every case, the crawler scanned the directory /wp-content/themes/ and /wp-content/plugins.
The themes (and their directories) that have been scanned include:
A few days ago I began the process of removing W3 Total Cache from all my blogs. Why, you might wonder, would I do that. The simple answer is that W3 Total Cache crashed my sites. The plugin conflicted one too many times with other plugins and I’m getting old and tired and I’m fast … Read more
As you might have noticed if you updated your WordPress plugins today, WordPress Stats has been added to the Jetpack plugin package and all future updates to WordPress Stats will now be done through Jetpack.
Once Jetpack is installed it is safe to deactivate your old WordPress Stats plugin before authorizing Jetpack’s connection with wordpress.com. If you’re using multi site you will need to authorize Jetpack to connect to your wordpress.com on a site-by-site basis.
But what about those glorious authorization errors?
For months and months and months I’ve been looking for a good code syntax highlighter for WordPress. My requirements are simple: 1, the highlighter mustn’t add lots and lots of div and table tags around my code and, 2, it should add a TinyMCE pre tag button to the visual editor. If I had the … Read more
Just in case you missed it, because I did, WordPress.org had a security breech this week. Several plugins were updated by a hacker (or hackers) who installed backdoor exploits into AddThis, WPTouch and W3 Total Cache that may have compromised self-hosted WordPress websites. The official statement posted by Matt Mullenweg (founding developer of WordPress) at … Read more