According to Mashable there are two clues that your blog has been successfully attacked by the computer worm:

There are two clues that your WordPress site has been attacked.

There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”

The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account.

Webmasters are asked to update their blogs to the latest version of Wordpress immediately. Those that have been hit by the computer worm should backup all files, export their settings, and do a clean install of Wordpress. More help is offered at the Wordpress website.

Rant:

It’s Sunday and it is time for a little rant. Webmasters who do not update their blogs as soon as a new version of their blogging software is released are acting stupid. A Wordpress update usually takes less than ten minutes and ensures that the blog and server is protected from attacks like these. Webmasters who do not have the time to perform these updates should consider switching to a hosted blogging platform like that at Blogger or Wordpress.com. The automatic update option that has been introduced in recent Wordpress versions makes it even easier to update the blog as soon as a new version is released. Webmasters who cannot do this should not operate a self hosted blog, period.

Related posts

• Wordpress Remote Admin Password Reset Vulnerability (13)
• Wordpress 2.8.4 Security Update (7)
• Wordpress 2.8 (5)
• Wordpress 2.8.3 (1)
• Wordpress 2.8.2 Security Patch (1)

One of the main strengths of WordPress is its huge developer community, something that is unmatched by most of its competitors. With this great third party support comes thousands of plugins and themes. So without further ado, I’ll name out a couple WordPress plugins that every user of the blogging platform should use.

All in one SEO

WordPress has the reputation of being the best SEO optimized blogging/CMS platform out of the box. But even with that it still could use a little work. That’s where “All in one SEO” comes in. Basically it allows you to control the SEO aspect of every post, page or tag on your blog as well as override the default WordPress features.

Customizing the plugin is easy and the readme file helps with any problems you might have. There is a reason why it has well over 2 million downloads. So if you haven’t checked it out, I suggest you do so. If you are looking for something a little more advanced you can check out the Headspace2 plugin which is also popular (at the time of this writing it had over 200,000 downloads).

Broken Link Checker

I didn’t know how much I needed this plugin until I got it and since there I have installed it on all my blogs. As the name suggests, this plugin checks your blog at intervals (user defined) for links that might be broken. I cannot stress how important this plugin is for those who run political, tech or news blogs as it is extremely vital at notifying you if your links are active or leading to 404 error pages.

WP-DB-Backup

If it were not for hackers and hard drive failures, this plugin would be obsolete. But thanks to these and many other problems, database failures are prevalent. At least there are options to help keep your database safe.

WP-DB-Backup is one of those plugins which offers users the ability to backup their WordPress databases instantly or have monthly, weekly, daily or hourly backups. The backups can either be sent to a specified email address or can be downloaded instantly. While this plugin is mainly built for those who carry large amounts of traffic on their websites, I would recommend it for everyone including personal bloggers.

Beware that this only backs up the database and not information stored on the server such as download files, pictures and such. That will require another program.

Redirection

When I first started using WordPress I decided to go with the default permalink structure as I was not versed in customizing .htaccess files. That changed a few months later and by that time my blog had boasted well over 150 posts. I needed to do some major on site SEO but was stuck with the fact that if I changed the permalink structure to something more search engine (SE) friendly, visitors who came to my site from backlines would be left with a 404 page error.

Well after a little Google expedition I came across the Redirection plugin which did exactly what it sounds like, redirects old links to the new location. I was extremely happy and I didn’t lose SERPS because of my updated permalink structure.

Even if you are not in the same position I suggest you get this plugin because it is well worth it and it requires very little configuration.

NextGEN Gallery

It’s not everyday that a plugin crosses the 1 million download mark. But Alex Rabe has struck gold with his plugin. For those who are familiar with the WordPress, it is clear that while 2.7 did fix a lot of issues, the built in media library fails to say the least. It’s OK for basic media but managing gallery’s, albums and such is impossible.

That’s where NextGEN Gallery comes in by providing the best photo gallery plugin for the platform. While it still lacks in certain areas, it is light years ahead of the built-in functions of WordPress. Plus with the numerous plugins that expand its features it is quite a beast. If you would like an excellent example of the plugin in action, check out TechCrunch.com.

cformsII

It used to be the top downloaded plugin on wordpress.org until someone brought to the attention of the WordPress community that its license agreement did not match the requirements of wordpress.org. Since then it has been removed, but even with that it still continues to be an excellent plugin.

Basically cformsII allows you to create contact forms, contest forms and anything else your heart desires. Although it is not the easiest plugin to use, it’s powerful and extremely customizable as the CSS file can be edited to meet any requirement.

The only drawback to this plugin is since it’s no longer available on wordpress.org, those wishing to use it have to install and update it manually. That said I still would recommend using it but if you cannot be bothered with the hassle for the extra features, you can always check out Contact Form 7 which carries many of the features but still lacks in the customizability department.

I’m sure there are many others out there but these are the ones that I have found out to be the most useful and would recommend for every WordPress blog. But if you think I left one out, hit me up in the comments below.

Related posts

• Wordpress 2.6.5 Security Update (0)
• Wordpress 2.5.1 released (1)
• List of Wordpress Plugins installed (4)
• Flash 10 Breaks Wordpress Flash File Uploader (3)
• Zoundry Raven portable Blog Editor (6)

A fix was released with the announcement of the vulnerability which consisted of one line of code that had to be edited in the wp-login.php file of the Wordpress installation. Wordpress installations with the fix are safe from these kinds of attacks.

The Wordpress team has nevertheless released Wordpress 2.8.4. as a response to the security vulnerability. The new release patches this vulnerability and is a recommended update for every Wordpress installation. The Wordpress developers are providing additional information about the vulnerability in the announcement post as well.

It was only possible to reset a password of the first user account without a key according to this post which usually is the admin account of the Wordpress installation. Wordpress is not showing the new version in its interface. This may change in the next hours.

Wordpress admins should head over to the Wordpress website to download the new version as of now.

Related posts

• Wordpress Remote Admin Password Reset Vulnerability (13)
• Computer Worm Attacks Not Updated Wordpress Blogs (20)
• Zoundry Raven portable Blog Editor (6)
• Wordpress: Your attempt to edit this post has failed (8)
• Wordpress Blogs: Create Custom Tag Pages (5)

The first section will display information about the blog’s responses. This includes checking the web server’s IP, RSS feed, robots.txt file, web caching and search engine indexation in Google and Bing. The second section will display technical details about the blog which are mostly interesting to the webmaster of the website.

The technical details will display page generation and fetch times, transfer speeds, information about compression as well as the version of the blog software and the theme used.

The site links to three additional services that can be used to check out a website or blog. This includes HTML verification at W3c, feed validation at Feedvalidator and HTTP header checks at redbot.com.Is My Blog Working is a great way to quickly check various technical details of a blog. A bookmarklet is provided that can might also come in handy.

Related posts

• Zoundry Raven portable Blog Editor (6)
• Wordpress 2.6.1 released (1)
• What you Really Need to Know about Choosing a Web Host (10)
• Website Value Calculator Stimator (27)
• Website Value Calculator Cubestat (15)

A new post appeared on the Wordpress discussion list today revealing more details about the process. Everyone is apparently able to reset a Wordpress password if the email address of the Wordpress user is known. All that needs to be done is to point the web browser at http://www.domain.com/wp-login.php?action=lostpassword to reset the password. The email address of the account holder has to be supplied in the form. Wordpress usually will send a confirmation email first asking the email account owner if the password should be reset. The vulnerability manipulates the query to skip this step.

It is not possible to exploit this vulnerability further which means attackers cannot get access to the user account. It can however be theoretically be used to reset the password regularly to lock the user or admin out of the Wordpress blog.

A temporary fix for the remote admin password reset vulnerability was posted. Wordpress administrators need to change one line of code in the wp-login.php file of the Wordpress installation to protect their blog from the attack.

Replace

if ( empty( $key ) )

With

if ( empty( $key ) || is_array( $key ) )

It is advised to apply the temporary fix as soon as possible to Wordpress installations.

Related posts

• Wordpress 2.8.4 Security Update (7)
• Computer Worm Attacks Not Updated Wordpress Blogs (20)
• Zoundry Raven portable Blog Editor (6)
• Wordpress: Your attempt to edit this post has failed (8)
• Wordpress Blogs: Create Custom Tag Pages (5)

The upgrade fixes a few security issues that have been overlooked in the Wordpress 2.8.1 release but discovered by security researchers in the Wordpress community.

Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1. Luckily, the entire WordPress community has our backs. Several folks in the community dug deeper and discovered areas that were overlooked. With their help, the remaining issues are fixed in 2.8.3. Since this is a security release, upgrading is highly recommended.

Point your web browser to the official Wordpress download page to download the release if you want to perform a manual upgrade.

Related posts

• Wordpress 2.8.2 Security Patch (1)
• Wordpress 2.8 (5)
• Wordpress 2.7 (7)
• Wordpress 2.6.5 Security Update (0)
• Wordpress 2.6.1 released (1)

The XSS vulnerability could be used to create comment author urls that would redirect the system administrator away from the blog’s website to another site to exploit the situation. Wordpress webmasters are encouraged to update their blogs as soon as possible to patch the security vulnerability.

Updates are available directly from within the Wordpress interface if the correct server login information are supplied or by updating the traditional way which would mean to download the Wordpress release from the Wordpress website, upload it to the web server and run the upgrade command manually. The release information should also be displayed prominently in the Wordpress admin interface with a link to the automatic update script of Wordpress.

Related posts

• Wordpress 2.8 (5)
• Wordpress 2.6.5 Security Update (0)
• Wordpress 2.6.1 released (1)
• Wordpress 2.8.6 Security Update (5)
• Wordpress 2.8.5 Security Update (4)

Some changes that Wordpress admins will notice right away are speed improvements in the admin interface and the ability to change more aspects of the layout than before. Wordpress will for instance automatically adjust the layout according to the screen size of the web browser window with options to change the amount of columns and what is being displayed on the screen.

It is now possible to remove or add information when viewing posts, pages or comments in the admin interface with the additional option to change the number of items that are displayed on the screen. It is now therefor possible to change the default number of comments that are displayed on screen which could have been achieved before only by hacking system files.

Other improvements include a new theme installer which allows the webmaster to search for and install themes right from the Wordpress admin interface without leaving the website. This is a similar feature to the automatic plugin installation that was added in earlier versions.

The Wordpress Codex contains a list of all changes and additions that have been added to Wordpress 2.8. The new version can be downloaded from the main Wordpress site.

Related posts

• Wordpress 2.8.2 Security Patch (1)
• Computer Worm Attacks Not Updated Wordpress Blogs (20)
• Wordpress 2.8.3 (1)
• Wordpress 2.7 (7)
• Wordpress 2.6.5 Security Update (0)

The tag we need is called “wp_list_categories()” and by default it lists all your categories in alphabetical order. All we need to do is add some arguments to it to modify the default values and we’re done! We need to limit the number of items shown to five, we also want to show the post counts in the categories and we want to order the list by the post count, in descending order.

The “number” argument actually has no default value. The reason for this is that it limits the SQL query directly, so there is no need for it by default. We can add it though to impose a limit, so our first argument will be “number=5″. We also want to show the post counts, so we use “show_count=1″ to enable this (show_count=0 is the default).

We also want to order the list by the post count, so we use “orderby=count” to achieve this. By default lists are sorted ascending, meaning that the lowest post count would show up first. To make the list descending, we can use “order=DESC”.

I also use one last argument in there, which is “title_li=”. This sets the title of the list to be nothing, by default the list is presented with a title. I like to hard code my titles for a few reasons, but feel free to change this as you like. So here is the complete code I used, one simple line to do a seemingly hard task, enjoy

<?php wp_list_categories(’number=5&show_count=1&orderby=count&order=DESC&title_li=’) ?>

If you’d like to read some similar articles, take a look at Scriptastique, a blog all about web development and coding, with great tips on CSS, HTML, PHP, MySQL and Javascript and tutorials and screencasts coming soon! You can follow us on our RSS feed, or Twitter where we’re posting 3-4 short tips daily now!

Related posts

• Wordpress Blogs: Create Custom Tag Pages (5)
• Zoundry Raven portable Blog Editor (6)
• Wordpress: Your attempt to edit this post has failed (8)
• Wordpress template tags you should know (4)
• Wordpress Remote Admin Password Reset Vulnerability (13)

Webmasters can however utilize tag pages better in their Wordpress blogs by creating so called custom tag pages which can contain any information they want. If you open the page above you notice that it does not contain a listing of blog excerpts but a custom page for that tag.

Wordpress provides the means to create those custom tag pages easily. Custom tag pages can be created in the theme directory of the Wordpress directory by adding a new template file to the theme. This new template file needs to begin with tag followed by the post slug of the tag. In the case of the Windows 7 Download tag it would have to be named tag-windows-7-download.php.

Custom tag pages have a higher priority than the default ones that show only excerpts of the posts. The easiest way to fill the custom tag with content is the following:

Wordpress looks for the following files in order to create those tag pages:

• tag-slug.php
• tag.php
• archive.php
• index.php

Look into your theme folder and see if there is a tag.php file. If it is copy its contents and create a new php file that is using the tag-slug.php as its name. If ther eis no tag.php look for archive.php and finally index.php.

Now simply add content to the file. It might take some experimentation at the beginning but it can be really worth it in the long run. If you have any questions or additions let me know in the comments.

Related posts

• Wordpress: Your attempt to edit this post has failed (8)
• Wordpress 2.6.5 Security Update (0)
• How to show 5 top categories in Wordpress (9)
• Zoundry Raven portable Blog Editor (6)
• Wordpress SEO: Advanced Nofollow (3)

There have been some problematic messages occasionally when trying to publish posts lately. The error message Your attempt to edit this post [..] has failed appeared occasionally after upgrading to Wordpress 2.7. Wordpress was not able to publish the article which was bad enough but the underlying problem was that all work up to the point of the last auto save was lost as well.

This usually meant that the tags, categories and other last minute edits (like urls) were missing from the posts and had to be added again. The second edit and publishing always succeeded without difficulties.

The first thought was that this could have something to do with the automatic saves of posts before publishing. A quick research on the Wordpress support forum seemed to confirm that.

The fix is apparently the following:

Locate the file post-new.php in the wp-admin folder of the Wordpress installation. Find the following line in that file wp_enqueue_script('autosave'); and replace it with //wp_enqueue_script('autosave');.

The // in front of the row make the entire row a comment which essentially means that the command will not be executed. This will practically disable auto save during post publishing meaning that you will hacve to click on the Save Draft button before you leave an unfinished post page.

Related posts

• Wordpress Blogs: Create Custom Tag Pages (5)
• Wordpress 2.6.5 Security Update (0)
• Flash 10 Breaks Wordpress Flash File Uploader (3)
• Zoundry Raven portable Blog Editor (6)
• Wordpress Remote Admin Password Reset Vulnerability (13)

I still have not come to a decision and I thought it would probably be best to ask the ones that are affected by the decision (that would be you). Two blogs would make it easier to concentrate topics for a certain user base with the option to visit both if both types of content would be interesting to you.

The main question is whether the content should be separated and if that is the opinion of the majority which content should be moved to another blog.

My initial thoughts were to move the web development topics to a new blog and also some of the advanced Linux topics. The new blog would be some sort of uberGhacks for advanced users.

Please vote and let us know which content should be moved to a separate blog if you select Yes.

Related posts

• Wordpress 2.6 (9)
• Wordpress 2.5 released (5)
• Upgrading to Wordpress 2.3 (3)
• Translators wanted for Ghacks (45)
• This weeks poll, next weeks poll (1)

The development focus was usability as Wordpress 2.7 brings in a few exciting new features to the table. The long awaited option to moderate comments from the admin interface, mass editing of posts or automatic upgrades of plugins and the blog software itself are just a few of the new features.

Another new and exciting option is the ability to remove and position elements on the screen. This streamlines the Wordpress admin interface quite a bit by bringing the needed elements closer together while removing everything that is not needed. Well, almost everything. Some elements cannot be removed obviously like the post form.

It will take some time getting used to the new Wordpress admin interface as it moves the menu entries from the header to the left menu.

The update should not pose to many difficulties. The only problem that you can encounter are plugin incompatibilities. The Simple Tags plugin was one out of a dozen plugins that was not working with Wordpress and you might have noticed display problems here at Ghacks earlier thanks to that. There is however an easy temporary fix for that to make the plugin compatible.

All that needs to be done is to edit the simple-tags.php file. Look for the line

if (version_compare($wp_version, '2.5', '>='))

and replace it with the following

if ( strpos($wp_version, '2.5') !== false || strpos($wp_version, '2.6') !== false )

This should ensure compatibility.

Related posts

• Wordpress 2.8.3 (1)
• Wordpress 2.8.2 Security Patch (1)
• Wordpress 2.8 (5)
• Wordpress 2.6.5 Security Update (0)
• Wordpress 2.6.1 released (1)

Alternatively only the files wp-includes/feed.php and wp-includes/version.php can be copied from the new release over the old files to update the blog. The security vulnerability is unlikely to affect a large number of Wordpress blogs though as it only only affects IP-based virtual servers running on Apache 2.x.

There might also be some confusion about the versioning of Wordpress. The last official Wordpress version was Wordpress 2.6.3. Wordpress 2.6.4 was skipped because of a fake malicious release that made its round. The official new release is therefor Wordpress 2.6.5.

Related posts

• Wordpress 2.8.2 Security Patch (1)
• Wordpress 2.7.1 Update (3)
• Wordpress 2.6.1 released (1)
• Wordpress 2.5.1 released (1)
• Wordpress: Your attempt to edit this post has failed (8)

The author’s at Ghacks are Duty Fullfillers according to the analysis of Typealizer. Duty Fullfillers are the responsible and hardworking type that are careful about getting facts right and reluctant to take risks. Rarst on the other hand is a guardian, one of the organizing and efficient type who are attuned to setting goals and managing available resources to get the job done.

Most technology blogs seem to fall into those two categories, think Lifehacker (Duty Fullfillers) or Download Squad (Guardians). Typealizer works best with blogs but it can actually be used on many websites that are not blogs as well. Some websites cannot be processed at the moment including CNN but most English or Swedisch websites and blogs should return a result. (Perez Hilton turned out to be detected as a Thai blog..)

What type is your favorite blog? Let us known in the comments.

Related posts

• Website Value Calculator Stimator (27)
• Website Value Calculator Cubestat (15)
• Webmaster Contact Software (1)
• Test Websites in various Internet Explorer Versions (9)
• Publish RSS News Feeds On Twitter (6)

The reason why the Flash uploader in Wordpress was not working anymore was that Adobe disabled the feature to open a file dialog for security reasons in Flash 10 which broke the SWFUpload script Wordpress was using.

A ticket was opened and is currently discussed over at Wordpress and a fix is assigned to Milestone 2.7 of Wordpress which aims for a release in 1-2 weeks. The best solution so far for Wordpress webmasters who use the Flash based image uploader regularly is to keep using Flash 9 for now and update to Flash 10 once the fix comes out.

Related posts

• Wordpress: Your attempt to edit this post has failed (8)
• Wordpress 2.6.5 Security Update (0)
• Wordpress 2.5.1 released (1)
• Best Wordpress Plugins (10)
• Zoundry Raven portable Blog Editor (6)

Users need an Open ID to log into the service and a Twitter account to publish the RSS News Feed to. It basically works like this. The user creates a new account at Twitterfeed using an Open ID account. He can then create a new Twitter Feed to the account by supplying a Twitter account and a feed url of the feed that he wants to add. Once that has been setup Twitterfeed will publish new items on the Twitter account automatically until the user pauses or deletes it again.

The feed is not authorized which means that anyone can post any feed to Twitter which could be interesting for some users who would like to post a number of feeds to a Twitter account. A number of feeds? The number of feeds that can be published does not seem to be limited which in effect means that someone could create a new Twitter account and publish all of his favorite RSS News Feeds to it.

This could be useful if access to RSS News readers is limited or blocked in a network while access to Twitter is not. It could also be a nice service that webmasters could offer their readers. Spam could be a issue on the other hand.

Related posts

• Google Reader Automatically Translates Feeds (2)
• Discover New Feeds With FeedMil (6)
• Check For Dead RSS News Feeds (2)
• Website Information (2)
• We passed the 10000 RSS Subscribers Mark (16)

This means any result or value that they compute has to be taken with a grain of salt in the eye. Still, there are relatively good website value calculators and those that are way off and Cubestat is one of the good ones.

The process is fairly simple for the webmaster who wants to calculate the value of a website or the user who wants to know about the value of his favorite place on the Internet. Only the url of the website in question has to be entered, the rest is computed in the background by the Cubestat script.

Computation takes roughly 30 seconds. It depends if the website is already in the cache. If it is the results are displayed faster.

Cubestat is showing three website traffic graphs taken from Alexa, Compete and Quantcast, the Meta Info of the website and Index Data. Meta Info are the page title, the keywords and description.

The Index Data category is more interesting. It displays the number of backlinks in Google, Live and Yahoo, if the site is listed in DMOZ, the name of the owner and where the site and domain are hosted. All of that is factual data that is pulled from various services throughout the Internet.

Cubestat takes all these information into account and computes the website worth, the daily pageviews and the daily ad revenue of a website. I checked a few websites and it is definitely more accurate than most other services that I have used in the past. It is not dead on but the error margin is low.

No serious buyer would rely solely on tools like Cubestat especially if the price is a five-digit plus value but it can give a good indication without having to research all the figures personally.

Related posts

• Website Value Calculator Stimator (27)
• Zoundry Raven portable Blog Editor (6)
• Wordpress 2.6.1 released (1)
• Website Monitoring Software (6)
• Website banned ? Try the encrypted url (23)

Like most people, my first experience with blogs was on Blogger.com. Within about a day it peed me off and I decided to check out this ‘WordPress’ thing everyone was going on about.

After trying WordPress.com I ended up hosting my own WordPress blog, it took me a while to learn all about it but I liked it a lot.

Because I came into blogging at such a late date (7 months or so ago) I don’t really know the history between WordPress and Moveable Type that well, apart from knowing everyone was using MT before WP came along and blew it away.

I’ve always been interested in MT as well, just because the last couple releases have been looking pretty cool. I actually rarely ever seem to encounter any blogs which use it any more, but I’m presuming it’s still a fairly popular service.

The thing which puts me off just trying it out however is that I don’t know if I can be bothered learning a whole new blogging platform all over again, in fact I’m sure it’s the same for a lot of WordPress users.

Anyway, this week Moveable Type released version 4.2 of their software along with their ‘Pro’ product which looks particularly interesting:

“Movable Type Pro lets you turn any site into a full social publishing platform, combining all of Movable Type’s abilities as a blogging and CMS with social networking features like profiles, ratings, user registration, forums, following, and more.”

What’s interesting about this is that a new service called BuddyPress is being created to bring the same kind of features to WordPress (without the need for plugins that is).

The success of blogging has always been in the author’s ability to interact with a community of reader; these kinds of changes help keep blogging relevant and ahead of the curve.

Related posts

• Zoundry Raven portable Blog Editor (6)
• Wordpress: Your attempt to edit this post has failed (8)
• Wordpress Remote Admin Password Reset Vulnerability (13)
• Wordpress Blogs: Create Custom Tag Pages (5)
• Wordpress 2.8.4 Security Update (7)

Over 60 fixes have been introduced in the new Wordpress version, several of them critical and some security related. You can check out the complete list of fixes in Wordpress 2.6.1 by following the link to Wordpress Trac.

I’m usually not that interested in what has been fixed than to apply the updates to all of my blogs immediately. It does not look like as if new features have been introduced in Wordpress 2.6.1, more of a bug fix release it seems.

The next big release will be Wordpress 2.7 which will introduce several new features and options to Wordpress. Looking forward to that. It is however recommended to update the blog as soon as possible.

Related posts

• Wordpress 2.8.2 Security Patch (1)
• Wordpress 2.6.5 Security Update (0)
• Zoundry Raven portable Blog Editor (6)
• Wordpress 2.8.6 Security Update (5)
• Wordpress 2.8.5 Security Update (4)