For example, many posts benefit from a nice, clean thumbnail seated just to the left of the title of your posts. Such images break up otherwise monotonous, similar posts into individual units with their own appearance and characteristics. They can make the difference between an unattractive blog blanketed in text and an interesting web magazine with illustrations.

To implement these thumbnails you need to tell WordPress to look for the specific images you want and then to add them itself. You can do this by creating a field in each post called customimage which, when found, will tell WordPress to make the image appear. On the off chance that you do not add the customimage field to a particular post, you want WordPress to instead display a default image.

To begin, select an image that you would like posts to display by default. This could be your face, your dog, a speeding car – really, it’s completely up to you. Open the image in your favorite editor (Gimp, Paint.net or any other image editor that you may have at your disposal) and set it to whatever pixel dimensions you prefer. Be mindful that regardless of how long your blog title is, your photo will always be the same size. Somewhere between 150 by 150 and 250 by 250 pixels is probably a safe bet, and square boxes are easier to place various images in later, as opposed to rectangular ones. Once you have a nice image name it something you can remember (standard.gif, default.gif, etc.).

Next, upload the default image into your theme’s image directory. This makes it available to all pages of your site and any post missing the customimage field.

Now for the important part: post the following code into the index.php file of your WordPress wherever you would like the thumbnails to appear:

<?php $postimageurl = get_post_meta($post->ID, 'customimage', true);

if ($postimageurl) {

?>

<a href="<?php the_permalink(); ?>" rel="bookmark"><img src="<?php echo $postimageurl; ?>" alt="Post Pic" width="200" height="200" /></a>

<?php } else { ?>

<a href="<?php the_permalink(); ?>" rel="bookmark"><img src="<?php bloginfo('template_url'); ?>/images/yourwebsite.gif" alt="Screenshot" width="200" height="200" /></a>

After you are finished copying over the code and pasting it in index.php, save the file. Your posts will now place whatever image you chose as your default (customimage) earlier beside each entry. That’s good, but you really want to be able to change that image – the point of this entire exercise is to make each post different.

All that you need to do is create a custom field with each entry called customimage (not in italics, of course). Change the value each time to the URL of whatever image you would like to display beside the particular post and you will be set to go. Enjoy having a unique thumbnail beside each post, unless you allow it to fall to the default.

Images clearly make for a more attractive blog post for the majority of readers. Are you one of those? Photos attract, so make sure that you blog is attractive and attracting.

Update from Martin:

You do not necessarily have to paste the code into index.php. You can alternatively paste it into single.php for individual posts, category.php for categories or tags.php for tags.

If you are not familiar with web development you may want to select a theme that supports post thumbnails out of the box. There are even some that take the first image of each post automatically and use it as the post thumbnail provided that you have not added a thumbnail image of your own to the post.

You also need to consider that images will increase the loading time of the site. If you have a slow loading site, it is probably best not to add more images to the blog, or at least not before you started to optimize the blog code for speed.

The update is currently not announced on the frontpage of the admin interface which means that WordPress admins need to click on Updates to see the update options.

It is as usually possible to install the update right away by downloading it directly to the server running the blog. The script handles the download, unpacking and installation of the new version automatically.

Users who want to test the release first can also download it instead to do just that.

The vulnerability reads:

Fix XSS vulnerabilities in the KSES library: Don’t be case sensitive to attribute names. Handle padded entities when checking for bad protocols. Normalize entities before checking for bad protocols in esc_url()

WordPress rates the vulnerability as critical which means that webmasters should update their blogs as soon as possible to protect it from possible exploits of the issue.

WordPress is also available directly at the official website.

The most important rule for search engine optimization is to use the page title in the url. Everything else is optional and up to the user’s liking.

WordPress generates an .htaccess file when the permalinks are changed that contains the rewrite directives. It sometimes happens that the file cannot be created or written which would then mean that the user would need to create and edit the htaccess file manually.

The WordPress code that is used is not optimized. It does not prevent for instance unnecessary file and directory checks. JP Morgan over at the Webmaster World forum created a better rewrite directive that “fixes several performance-affecting problems”.

This is a total replacement for the code supplied with WP as bounded by the “Begin WP” and “End WP” comments, and fixes several performance-affecting problems. Notably, the unnecessary and potentially-problematic container is completely removed, and code is added and re-structured to both prevent completely-unnecessary file- and directory- exists checks and to reduce the number of necessary -exists checks to one-half the original count (due to the way mod_rewrite behaves recursively in .htaccess context).

According to JP the modified code speeds up the .htaccess code by at least a factor of two by “avoiding the second-pass exists checks on index.php itself, and avoiding exists-checks on resources such as image files which obviously don’t need to be handled by WP.”

Replace the old WordPress rewrite code in the .htaccess file with the following new code. You might need to edit the file types (gif|jpg|php|ico|css|js). These should contain the files that are requested the most. It might make sense to include png for instance in the list.

# BEGIN WordPress
#
RewriteEngine on
#
# Unless you have set a different RewriteBase preceding this point,
# you may delete or comment-out the following RewriteBase directive
# RewriteBase /
#
# if this request is for "/" or has already been rewritten to WP
RewriteCond $1 ^(index\.php)?$ [OR]
# or if request is for image, css, or js file
RewriteCond $1 \.(gif|jpg|php|ico|css|js)$ [NC,OR]
# or if URL resolves to existing file
RewriteCond %{REQUEST_FILENAME} -f [OR]
# or if URL resolves to existing directory
RewriteCond %{REQUEST_FILENAME} -d
# then skip the rewrite to WP
RewriteRule ^(.*)$ - [S=1]
# else rewrite the request to WP
RewriteRule . /index.php [L]
#
# END wordpress

This change seems to speed up the WordPress loading time considerably. Let us know how you think it affected the page loading time if you have implemented it in your blog or noticed a difference here at Ghacks.

Visit the thread over at the Webmaster World forum for additional information.

Webmasters can however utilize tag pages better in their WordPress blogs by creating so called custom tag pages which can contain any information they want. If you open the page above you notice that it does not contain a listing of blog excerpts but a custom page for that tag.

WordPress provides the means to create those custom tag pages easily. Custom tag pages can be created in the theme directory of the WordPress directory by adding a new template file to the theme. This new template file needs to begin with tag followed by the post slug of the tag. In the case of the Windows 7 Download tag it would have to be named tag-windows-7-download.php.

Custom tag pages have a higher priority than the default ones that show only excerpts of the posts. The easiest way to fill the custom tag with content is the following:

WordPress looks for the following files in order to create those tag pages:

• tag-slug.php
• tag.php
• archive.php
• index.php

Look into your theme folder and see if there is a tag.php file. If it is copy its contents and create a new php file that is using the tag-slug.php as its name. If ther eis no tag.php look for archive.php and finally index.php.

Now simply add content to the file. It might take some experimentation at the beginning but it can be really worth it in the long run. If you have any questions or additions let me know in the comments.

You can download the latest version of WordPress from the official website or apply the upgrade manually in the WordPress interface. You can take a look at in depth file changes by following this link or at the 68 tickets that have been closed here.

The update includes six tickets with a high rating and more than 50 rated as normal. While the update does not list many security fixes it is still recommended to update as soon as possible. The update will not alter the database and should not break anything including plugins or themes.

There have been some problematic messages occasionally when trying to publish posts lately. The error message Your attempt to edit this post [..] has failed appeared occasionally after upgrading to WordPress 2.7. WordPress was not able to publish the article which was bad enough but the underlying problem was that all work up to the point of the last auto save was lost as well.

This usually meant that the tags, categories and other last minute edits (like urls) were missing from the posts and had to be added again. The second edit and publishing always succeeded without difficulties.

The first thought was that this could have something to do with the automatic saves of posts before publishing. A quick research on the WordPress support forum seemed to confirm that.

The fix is apparently the following:

Locate the file post-new.php in the wp-admin folder of the WordPress installation. Find the following line in that file wp_enqueue_script('autosave'); and replace it with //wp_enqueue_script('autosave');.

The // in front of the row make the entire row a comment which essentially means that the command will not be executed. This will practically disable auto save during post publishing meaning that you will hacve to click on the Save Draft button before you leave an unfinished post page.

Alternatively only the files wp-includes/feed.php and wp-includes/version.php can be copied from the new release over the old files to update the blog. The security vulnerability is unlikely to affect a large number of WordPress blogs though as it only only affects IP-based virtual servers running on Apache 2.x.

There might also be some confusion about the versioning of WordPress. The last official WordPress version was WordPress 2.6.3. WordPress 2.6.4 was skipped because of a fake malicious release that made its round. The official new release is therefor WordPress 2.6.5.

So far so good. Several issues appeared over time that I would like to address in this short article. I tried to fix them before but I failed to really find solutions for them. I did post a few help requests at the official WordPress forum which remained unanswered even after pushing them a few times and a search on Google did not return the desired results as well.

So, here we start with my personal WordPress issues that other webmasters might also experience:

• Akismet is not perfect: Akismet is the default WordPress anti-spam plugin which is delivered with the default installation of WordPress. That puts it in an unfair advantage over other spam plugins like Spam Karma which is in many aspects a better plugin. But I do not want to talk about politics here. Akismet comes with no configuration options at all. The only things that can be added are the WordPress Api Key which is mandatory and a checkbox to delete spam that is older than a year.

  If you compare it to Spam Karma you are comparing Notepad to Notepad++. That’s the difference in usability. Akismet divides spam into user comments, trackback and pingback spam but it is not possible to delete only one category. The delete all button always deletes all spam.

  Akismet does have a search field but that search field is global, there is no way to only search the author name, email or filter by other parameters like only showing posts with one link or less in the body.

  It does catch quite a few valid comments which are then lost forever because it is impossible to work with Akisment on websites that get 1000+ spam comments a day unless you do that full time.

• Spammers can still register accounts although registration has been turned off: When I turn off registration to my website in the settings of WordPress I expect to see no new users in the future unless I add them manually. The option however does not really help because even though it has been turned off spammers can still register accounts on my blog.
• There is no history: – The admin cannot see what authors or subscribed users of the blog have been doing. He cannot see if an author deleted an article that he wrote earlier, he cannot see if a user edited or removed a comment.
• Publishing an pending article: When someone else with not enough user rights is writing an article that article gets added to the Pending Articles and an user with enough rights can publish it after reviewing it. The problem that I face is that I have a hard time figuring out how to publish the article so that it is published in that instance and not in the past. If I just hit publish the article is published when the author of it saved the final version. This can be a few hours or even a few days in the past.

  I have not investigated that matter further but I suppose it could be problematic for RSS Feeds and even the site itself. I tried to change the date to the current one and publish it but it still felt like I missed something here. It’s definitely a strange behavior in my opinion.

Those are my issues with WordPress and I always cross my fingers and hope that they get fixed in one of the next updates.