WordPress XSS Vulnerability

If you’re a WordPress blogger be sure to update to the latest 3.0.4 build as soon as possible, While no new features have been fixed a major security hole has been patched.
Basicly 3.0.3 allows users to insert comments with malicious code, the 3.0.3 WordPress only sanitizes lowercase HTML allowing a malicious user to pass bad code to obtain cookies of a logged in user.

For now if your still running 3.0.3 check all pending and new comments for base 64 code or JavaScript links and if you see some delete the comment right away.

See http://wordpress.org/ for the complete announcement from the wordpress team.

No tips yet.
Be the first to tip!

Like this post? Tip with bitcoin!

1FRxrBB6wQHQGRLHWZ3xjhJY1XT9WimVxw

If you enjoyed reading this post, please consider tipping me using Bitcoin. Each post gets its own unique Bitcoin address so by tipping you're not only making my continued efforts possible but telling me what you liked.

Hide WordPress Stats Smilie

If you use the WordPress Stats plugin, you may have noticed the smilie added at the bottom of the page. The plugin itself offers no way to remove the smilie, and is actually required for the plugin to function properly. I myself use the service to keep tabs on traffic to my site.

However not all users myself included like seeing the little graphic in the bottom corner of the page, but just because its needed doesn’t mean you have to see it. Using a little CSS trickery we can hide the graphic from the user. Simply toss the following line in the bottom of your stylesheet and while the image will still be loaded it will be hidden from view, keeping the plugin functioning as it should.

img#wpstats{width:0px;height:0px;padding:0px;border:none;overflow:hidden}

No tips yet.
Be the first to tip!

Like this post? Tip with bitcoin!

1H8WRv8WQDQs712dyAqYToT8tT7HKmrYbJ

If you enjoyed reading this post, please consider tipping me using Bitcoin. Each post gets its own unique Bitcoin address so by tipping you're not only making my continued efforts possible but telling me what you liked.

WordPress 3.0 Release Candidate

WordPress is aiming for a June release of the 3.0 version of there popular blogging software. So far they are right on track, they just released the first RC of the 3.0 platform, whats an RC? The term release candidate (RC) refers to a version with potential to be a final product, ready to release unless fatal bugs emerge. In this stage of product stabilization, all product features have been designed, coded and tested through one or more beta cycles with no known showstopper-class bug.

If your a WordPress developer or even just a WordPress blogger and want to get a peak at the new version you can head over to WordPress.org and download the new RC, DO NOT install this on your live blog, remember its only a candidate for the new version, further testing still needs to be done to ensure all bugs have been discovered and removed.

If your curious whats been changed heres a quick list.

  • Custom menus.
  • Multi-site. (run multiple blog’s off a single install)
  • The look of the WordPress admin has been lightened up a little bit, so you can focus more on your content.
  • There are a ton of changes, so plugin authors, please test your plugins now, so that if there is a compatibility issue, we can figure it out before the final release.
  • Plugin and theme *users* are also encouraged to test things out. If you find problems, let your plugin/theme authors know so they can figure out the cause.
  • There are a couple of known issues.

If you do decide to give RC1 a test spin and come across any bugs please help WordPress out.

Download WordPress 3.0 RC1

No tips yet.
Be the first to tip!

Like this post? Tip with bitcoin!

1JxwyK8BtVJbHmAD6GEfp1dHneqCJeL2xn

If you enjoyed reading this post, please consider tipping me using Bitcoin. Each post gets its own unique Bitcoin address so by tipping you're not only making my continued efforts possible but telling me what you liked.

Flickr Photostream In WordPress

flickr-logoPerhaps you noticed in the top right of the page I’ve added my flickr photos. This is auto-updating, as soon as I upload new images to flickr they appear here on my site as well. And its super easy.
flickrstep1

First head over to http://www.flickr.com/badge.gne, We are going to use the HTML Badge for this. On the next step we have a few options about the type of content you’d like to display. You can choose to display all of your public photos and video or perhaps just your content with a specific tag associated with it. You can even limit it to only display content within a specific flickr set. You even have the option to display all public content from everyones uploads, and yes you can specify specific tags for this as well.

To get the layout I use, select not to display your portrait, leave the number of images to display at 3 (4 isn’t an option we will override this in the next step anyway). Choose to display your most recent images, (or you can opt to display random images) Select Square for the size and for orientation select None (Because you want to style it yourself).

flickrstep5Go ahead and skip the Colors step because we are going to style this ourselves with a bit of CSS. Don’t worry what it looks like at this step, in fact we only care about one thing on the next step, the bit of code I highlighted in the image. However we need to change this code just a bit to load 4 images instead of 3 and to make the code Valid. First lets replace all the & with & and then we need to adjust count=3 to count=4 your end code will look somewhat like this (This will pull MY 4 images not yours be sure to get the code from the flickr page to pull your images).

appearance_widgetsNow that we have the little bit of code we need, lets get it ready to place in the WordPress sidebar. WordPress Widgets are also known as “sidebar accessories” which are WordPress Plugins or add-ons to your WordPress blog sidebar. Developed by Automattic for WordPress and WordPress.com blogs, WordPress Widgets allow the easy addition of design elements, gadgets, content, images, and more to your WordPress sidebar to personalize your blog without knowing HTML, PHP, or any code. Many WordPress Plugins now come with a Widget version to allow easy addition to the sidebar. One Widget type is Text which allows us to input our own HTML or Plane text, We are going to use this Widget type.



appearance_widgetseditor2Now that we have the Basic code put together, we need to style it, so we need to add some CSS to the WordPress CSS file, Don’t worry its not as hard as you think, WordPress has a built in editor for doing this. (The following Instruction’s assume your running the latest and greatest Version of WordPress, If your not UPGRADE! if you don’t know how, Use the Contact link at the top of the page or leave a comment to get ahold of me, I offer WordPress Upgrades as a service, contact me for more details)

Select Appearance from the Left Sidebar, then select Editor, okay we are going to edit the Style-Sheet at the bottom. Once the editor is up scroll all the way to the bottom and Paste the following code in.

#flickr {
width:165px;
height:150px;
margin-left:12px;
}
#flickr a img {
float:left;
margin:0 0px 8px 8px;
background:#3f4e4e;
padding:4px;
width:62px;
height:62px;
}

No tips yet.
Be the first to tip!

Like this post? Tip with bitcoin!

12KaHGyJ8gN2wWF9BHZfJSWLH3zCfp1vGo

If you enjoyed reading this post, please consider tipping me using Bitcoin. Each post gets its own unique Bitcoin address so by tipping you're not only making my continued efforts possible but telling me what you liked.

Stay away from WordPress 2.6.4

That’s right, I’m sure you’ve heard time and time again (perhaps even form me) to stay on top of updates, we’ll this is one you want to stay away from, why’s that? because the wordpress team didnt make it.

Thats right if you have downloaded and installed wordpress 2.6.4 you’ve installed a trojen you should delete your wp-admin and wp-includes directorys and replace them with fresh copies downloaded from wordpress.org. also if you have a recent database backups, I recommend dropping the tables from your database and restoring them from backups to be on the safe side.

WordPress (as of this writing) is at version 2.6.5 but remember there IS NO 2.6.4 version they have skiped this version number to avoid confusion with the trojen, if you are running 2.6.4 you are running an compimised blog.

No tips yet.
Be the first to tip!

Like this post? Tip with bitcoin!

1tSc9Fp43Rz6twB4EmZ1axPVF2a32QvvL

If you enjoyed reading this post, please consider tipping me using Bitcoin. Each post gets its own unique Bitcoin address so by tipping you're not only making my continued efforts possible but telling me what you liked.