WordPress 3.1.3 is now available so remember to update. Please keep your WordPress up to date.
- Various security hardening by Alexander Concha.
- Taxonomy query hardening by John Lamansky.
- Prevent sniffing out user names of non-authors by using canonical redirects. Props Verónica Valeros.
- Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of Microsoft, and Microsoft Vulnerability Research.
- Improves file upload security on hosts with dangerous security settings.
- Cleans up old WordPress import files if the import does not finish.
- Introduce “clickjacking” protection in modern browsers on admin and login pages.
Uploaded on Flickr by Bull3t
Part of WordPress’ popularity is the wealth of plugins available to add all sorts of functionality. This extensibility allows the WordPress user admin afford a very rich environment for their users. However, as the title suggests plugins are a two edge sword. While they deliver new capability, they also deliver upgrade and version control headaches.
This is because plugins are a voluntary effort. They invariably start as a effort to provide functionality to the author’s own site as well as sharing with others. But over time maintenance of plugins becomes a lower priority over making a living.
If you have a large site that depends on stability and performance for a living, the rule of thumb for WordPress Plugins is less is more. Job number one is stability ahead of functionality which sits just behind performance.
Job one includes making sure you regularly upgrade to maintain the security of your site. If you need to add a plugin, make sure that it can survive upgrades or discard them. Remember, the more complex the plugin the more things that can go wrong.
Secondly, have a test site. I can’t believe the number of bloggers who do not maintain a test site to test upgrades, plugins, theme changes etc. This sounds like a lot of work, but believe me, when your site crashes in the middle of the night and the complaints roar in, you will thank your ability to quickly recover.
Thirdly ask the hard question, do I really need that plugin or is it just vanity. Quality content is really the key to traffic.
If you run lists pages like we do then you will know doubt curse at the process you need to go through with WordPress to add the link to the text in question.
We curse no more, because there is a plugin that will automagically add the correct link into your page. You should now see that the above link is linked, which also is the link to where you can get the plugin.
WordPress is not known for it’s ecommerce prouess but there is a plugin that adds a shopping cart to WordPress. That plugin is called the WordPress eCommerce Plugin from Instinct Software.
The WEP is a wordpress plugin, so it installs the same way that your would install a normal plugin. WEP integrates with Google Checkout, Paypal, Authorize.net, Payment Express and many other trusted payment processors. WEP has a classic shopping cart as well one-product-click-through-to-pay system that you see on other ecommerce systems.
It is fully tailorable and templatea-able the same way that you do for WordPress so you can integrate it seemlessly into your existing blog.
While the core WEP version is downloadable for free, additional modules are charged for. You can find a full list of modules to purchase here.
The WEP plugin solves a real need for bloggers wishing to integrate ecommerce into their site. We think that the ability to sell ebooks and other digital products will be a real revenue stream for our partners and customers.
So start thinking about that ebook you want to sell.
WordPress 2.7 introduced a new feature that better manages multiple numerous comments on a post. They created multiple pages to delineate the comments. Below is an example:
However there is a problem with this, Google will look at this as multiple pages with duplicate content. And as we talked about here, that is behaviour that can get you penalized.
However there is a plugin that will put an extract on each of the subsequent comment pages. “It is in the repository under SEO for paged comments”.
Last night we released a new version of the Date Exclusion SEO plugin for WordPress.
It has a lot of new features. The biggest request was to add specific text like “….some time ago….” to each of the options.
- Alternative Text for “Remove from Post”
- Alternative Text for “Category Pages”
- Alternative Text for “Tag Pages”
- Alternative Text for “Aged Post Pages”
- Option to remove date from specific post ids with Alternative Text
- The ability to turn on and off each applied date function
You can find the plugin page here.
We had to make a quick update today after working on some other plugins. We made a screwup that beginners would make with our function naming. Our only excuse is that namespaces are a lot more controlled in Java, where as PHP is a lot looser.
The changes are checked into WordPress directory and it is a critical update.
The plug page is here.
This weekend is Earth Hour. As you can see from the banner at the top of the page, we are participating.
If you want to participate, you can get the plugin from Brave Code here.
An update of the Date Exclusion Plugin has been released into the WordPress Plugin repository. You can find the plugin page here.
We have added an option settings page, added the ability to remove the date from the front page, the category and tag pages.
Things to Do for Version 1.3
- Ability to create custom text to replace date in posts e.g. Some time ago
- Ability to create custom text to replace date in category and tag pages
Every wanted to get that cool lightbox AJAX popout on your blog?
Well now you can. We have the Shadowbox JS plugin working on Kiwibloke (post here). Click on the photo at the top and you get the Flickr Photostream it came from shown here (click on the picture).
Uploaded on Flickr by Seamoor - Click for Photostream
The big benefit is that your reader does not leave your website and get distracted by another site.
Here is a link for a Youtube fullscreen without going to Youtube. Click on photo for Youtube Goodness.
Uploaded on Flickr by studio 520 - Click for Video
You need to point directly to the Photostream slideshow which you can get from the photoset page thus:
<a rel=”shadowbox” href=”http://www.flickr.com/photos/seamoor/sets/72157615617675279/show/“>
You must have the rel=”shadowbox” tag in place for the plugin to detect lightbox behavior otherwise it will go to the page in question.
The trick here is to point directly to the flash file, not the Youtube page. But it is really simple to do.
changes to: http://www.youtube.com/v/6cvZOGzfqWU
to get this link:
<a rel=”shadowbox” href=”http://www.youtube.com/v/6cvZOGzfqWU”>
There are other tricks, let us know if you are having problems with a particular site and we can work on it.