Archive for the ‘Wordpress’ Category
Didn’t the WordPress team just recently release v2.8.2 to fix an XSS vulnerability? Well, it seems as though a few other fixes were also made and here we have WordPress 2.8.3.
Update/upgrade your WordPress installations now because this is a security release that fixes a bunch of issues from v2.8.1.
Read more here: WordPress 2.8.3 Security Release
By default, WordPress installations announce their currently installed version in the header. You will find it within a meta tag of the page’s HTML.
If you do not keep on top of WordPress updates, you can imagine that this presents a security risk. Those wishing to exploit vulnerabilities like the recent XSS vulnerability in WordPress 2.8.1 can target blogs just by looking at the header meta information. The situation gets worse if you are still using an even older version of WordPress.
Getting WordPress to stop advertising this version information requires that you add the following to your theme’s functions.php file. Remember how we removed other header elements? This WordPress hack is similar. Note that you need to do this every time you change your theme.
add_filter( 'the_generator', create_function('$a', "return null;") );
Upon logging in to one of my WordPress blogs this morning, I saw the notification to upgrade to WordPress 2.8.2. Wasn’t WordPress 2.8.1 released just a few weeks ago? Well, I’m thankful that the WordPress developers are keeping on top of security.
WordPress 2.8.2 fixes an XSS vulnerability that was found to exploit comment author URLs through the admin panel. Wow! That’s scary!
Read more about it here: WordPress › Blog » WordPress 2.8.2
I found that using the built-in automatic upgrade does not always work properly and may get stuck at the “unpacking” stage. While you can try the manual upgrade, it can be a very long process. Automatic upgrading has progressed very far and can be completed within seconds. Just ensure that before you update and subsequently deactivate all of your plugins before executing the upgrade in either case. They can be re-activated after the upgrade process is complete.
I was performing a bit of optimization on one of my WordPress blogs and wanted to clean up the header. The default installation of WordPress adds quite a bit up there and this bloat can be compounded by a theme’s own customizations. After quite a bit of searching around Google, I came up with a clean solution. Here is what I did to help de-clutter my theme’s header.
Read the rest of this entry »
WordPress is my favourite blogging platform and CMS as you can guess from the types of posts you may have come across here. It’s amazing flexibility is due to the tremendous plugin contributions that WordPress fans have written. While adding plugins can definitely add a variety of functionality to your blog, however, this does not come without a cost. Here, I will show you one small technique you can employ to improve your WordPress website performance, specifically as it concerns CSS files.
Some WordPress plugins will make calls to their own external CSS stylesheets. These stylesheets are usually called for within the WordPress header. Now, as proper coding has probably taught you, external stylesheets are a good thing and you should avoid inline HTML styling. However, if you have ever run Firebug and YSlow for Firebug (both are Mozilla Firefox extensions) and are obsessed with website performance you will notice that reducing the number of HTTP requests is also a good thing. This is actually logical: if you reduce the number of files a browser has to download in order to view your website then you can increase page loading speed. Combine this with server-side compression and your web pages will feel like they are on steroids! You may be asking yourself, “How does this apply to plugins and does reducing the number of HTTP requests involve losing site functionality?” The answer, “[Wow! That was a long question!] No, you do not lose site functionality and you can see how below.”
When I logged into my WordPress dashboard on my other website, I noticed this interesting article over at weblogtoolscollection about a website that has a fake version of WordPress for download. Apparently, they are calling this version of WordPress v2.6.4 which, as any WordPress user should immediately recognize, does not officially exist [at least not yet]. The software that you install from this site is actually a trojaned version of WordPress that seems to be based on some old vulnerabilities.
So the next time you go to upgrade or install WordPress, ensure that you are getting the files from http://wordpress.org and not a scam website.
I really cannot do much in terms of using plugins on my free blog here at WordPress.com, but on another site that I manage, I am more free to do what I want since I have complete access to the shared server space. That website has WordPress 2.6.3 at the back-end, which I have not regretted using since the day that I installed it. However, the site has been up for about a year now and has undergone quite a few changes not only in the content that is presented, but also on structure and efficiency. Much of my time working on the site is now spent on optimizations. Here I will list some of the WordPress plugins I use that provide the features available in the blog.