WordPress 3.1.4 (and 3.2 Release Candidate 3)

WordPress 3.1.4 is available now and is a maintenance and security update for all previous versions.

This release fixes an issue that could allow a malicious Editor-level user to gain further access to the site. Thanks K. Gudinavicius of SEC Consult for bringing this to our attention. Version 3.1.4 also incorporates several other security fixes and hardening measures thanks to the work of WordPress developers Alexander Concha and Jon Cave of our security team. Consult the change log for more details.

Download WordPress 3.1.4 or update immediately from the Dashboard → Updates menu in your site’s admin area.

Related Posts:

WordPress 3.2-beta2 Released

WordPress 3.2-beta2 was released today. There are few changes that may affect some plugins.

1. The admin UI style was updated. This is mostly a visual update so if your plugin uses the default admin CSS styles on its settings page, it will inherit all seamlessly.

2. The “Favorites” menu (top/right on all admin pages) was removed completely.

3. jQuery was updated to version 1.6.1 and jQuery UI was updated to 1.8.12. We encourage all authors of themes or plugins that use jQuery to test them in 3.2-beta2 as there are a couple of changes that may affect many plugins:

- jQuery 1.5.0 and newer no longer allows selectors of the form [property=value]. These selectors now require quotes: [property="value"].

- jQuery 1.6.0 and newer introduces another method: .prop() that replaces many .attr() calls. This was (partially) reverted in jQuery 1.6.1 but some uses of .attr() are not working any more. For example .attr(‘checked’, ”) doesn’t uncheck checkboxes any more.

Best would be to replace all getting/setting of ‘checked’, ‘selected’ and ‘disabled’ from .attr() to .prop() (using .prop() is also much faster). More information on the jQuery blog: http://blog.jquery.com/2011/05/12/jquery-1-6-1-released/

4. WordPress 3.2 has new minimal requirements: PHP 5.2.4 and MySQL 5.0.15. Most of the PHP 4 compat code was removed except for a few class constructors since many plugins seem to call them directly. If your plugin uses any of the WordPress PHP classes, please test that it calls them properly.

Related Posts:

WordPress 3.1.3 Now Available

WordPress 3.1.3 is now available so remember to update. Please keep your WordPress up to date.

  • Various security hardening by Alexander Concha.
  • Taxonomy query hardening by John Lamansky.
  • Prevent sniffing out user names of non-authors by using canonical redirects. Props Verónica Valeros.
  • Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of Microsoft, and Microsoft Vulnerability Research.
  • Improves file upload security on hosts with dangerous security settings.
  • Cleans up old WordPress import files if the import does not finish.
  • Introduce “clickjacking” protection in modern browsers on admin and login pages.

Related Posts:

  • No Related Posts

WordPress 3.2, Beta 1 Released – IE 6 Dead Dead Dead

WordPress 3.2 beta 1 has been released into the hands of beta testers. The big news is that we are finally on the way to stomping out IE 6, the bane of web developers existence. The millions of wordpress sites will soon prompt your lazy arse users to move to newer versions.

From WordPress.org:

Here’s some of what’s new:

  • Performance improvements like you wouldn’t believe. What’s that mean? Things are faster!
  • Distraction-free Writing. The visual editor’s full-screen composing experience has gotten a major overhaul, and is now available from HTML mode, too. More than ever, WordPress allows you to focus on what matters most — your content.
  • Admin UI Refresh. The last major redesign of the WordPress admin was in 2008. This isn’t a major redesign, just a little facelift to keep us feeling young. WordPress turns 8 later this month, you know.
  • New Default Theme. Introducing Twenty Eleven, based on the popular Duster theme. Rotating header images, post format support, and more.
  • Browse Happy. WordPress is made to work with modern browsers. If you visit your Dashboard using an outdated web browser, we’ll let you know there’s a newer version available.
  • Admin Bar. We’ve added more links to the admin bar to make it even more useful.
Be Aware:
  • WordPress has new minimum system requirements: PHP 5.2.4 and MySQL 5.0.
  • Internet Explorer 6 will no longer be supported.
  • The favorites menu has been removed. If you’ve written any plugins that use this menu, it’s time to switch over to an admin bar placement.

If you want to be a beta tester, you should check out the Codex article on how to report bugs.

Related Posts:

  • No Related Posts

WordPress Camps – June 2011

533985271 1f28804553 Wordpress Camps   June 2011

June 4–5: WordCamp Reno-Lake Tahoe in Reno, NV. Organized by a WordPress core UI group contributor, WordCamp Reno-Lake Tahoe is taking place in Reno and has a packed schedule full of visiting experts.

June 11–12: WordCamp Kansas City in Overland Park, KS. With publisher, designer, and developer tracks, Kansas City’s WordCamp will have a little something for everyone, presented in large part by local speakers.

June 17–19: WordCamp Columbus in Columbus, OH. WordCamp Columbus has a new organizer this year and is bringing the focus more firmly onto WordPress (and less on social media). Their 3-day event includes an entire day for newbies, and another for non-profits, a nice addition to the usual blogger/developer tracks.

July 9–10: WordCamp Montreal in Montreal, Quebec. This group consistently puts on a great every year. If you register now, you can still get a $10 discount and get both days for only $30 (with sessions in both English and French to reflect the bilingual nature of the city). Montreal plays host to a number of festivals throughout the year, and this weekend is no different, including festivals for the arts, comedy, tango, and even circus arts.

July 16: WordCamp San Diego in San Diego, CA. First WordCamp in San Diego! They have talking about this for over a year, and are now starting to really ramp up the planning. They’re finalizing their venue right now, and I would expect a great roster of speakers.

July 16-17: WordCamp Portsmouth in Portsmouth, UK. The annual WordCamp UK that moves from city to city each year alights this year in Portsmouth. This one is notable because Mike Little, co-founder of WordPress, is part of the organizing team.

July 23–24: WordCamp Boston in Boston, MA. Another one just about to lock down some details and get starting with speaker selection, etc. An easy train ride from so many places, and not in the middle of winter this year!

July 30-31: WordCamp Chicago has new organizers and is a new venue this year. A call for speakers, supporters, and volunteers will likely be posted sometime next week.

[Image CC by Titanas]

Related Posts:

WordPress 3.1.2 Update

99849468 27fa4c7c80 Wordpress 3.1.2 Update

WordPress 3.1.2 is now available and is a security release for all previous WordPress versions.

This release addresses a vulnerability that allowed Contributor-level users to improperly publish posts.

The issue was discovered by a member of our security team, WordPress developer Andrew Nacin, with Benjamin Balter.

We suggest you update to 3.1.2 promptly, especially if you allow users to register as contributors or if you have untrusted users. This release also fixes a few bugs that missed the boat for version 3.1.1.

Download 3.1.2 or update automatically from the Dashboard → Updates menu in your site’s admin area.

[Image cc by Mick ㋡rlosky ]

Related Posts:

iPad-afy Your WordPress Blog

PadPressed is the easiest way for WordPress publishers to make their content tablet friendly using their existing theme.

Although not as clean as a native application, it is a quick and convenient way to get your WordPress blog, iPad friendly. You can find more information here.

Related Posts:

WordPress Plugins – A Two Edged Sword

877851235 652f9fb4c0 Wordpress Plugins   A Two Edged Sword

Uploaded on Flickr by Bull3t

Part of WordPress’ popularity is the wealth of plugins available to add all sorts of functionality. This extensibility allows the WordPress user admin afford a very rich environment for their users. However, as the title suggests plugins are a two edge sword. While they deliver new capability, they also deliver upgrade and version control headaches.

This is because plugins are a voluntary effort. They invariably start as a effort to provide functionality to the author’s own site as well as sharing with others. But over time maintenance of plugins becomes a lower priority over making a living.

If you have a large site that depends on stability and performance for a living, the rule of thumb for WordPress Plugins is less is more. Job number one is stability ahead of functionality which sits just behind performance.

Job one includes making sure you regularly upgrade to maintain the security of your site. If you need to add a plugin, make sure that it can survive upgrades or discard them. Remember, the more complex the plugin the more things that can go wrong.

Secondly, have a test site. I can’t believe the number of bloggers who do not maintain a test site to test upgrades, plugins, theme changes etc. This sounds like a lot of work, but believe me, when your site crashes in the middle of the night and the complaints roar in, you will thank your ability to quickly recover.

Thirdly ask the hard question, do I really need that plugin or is it just vanity. Quality content is really the key to traffic.

Related Posts: