WordPress Security Warning

Posted on Sep 14, 2011 by Taylor to General, Web Development

Despite increased security in versions 3.1.4 and 3.2, there are still risks in running WordPress – as there are to running any CMS, particularly those that are open-source. WordPress recently warned users to watch out for three malicious plug-ins that were available from the WordPress site for more than 24 hours.

WordPress users often depend on plug-ins to extend the functionality of the platform, and, in fact, there are scores of great choices that allow you to do everything from optimize for mobile to analyze search behaviors. It is impossible to harness the potential of WordPress without trying plug-ins, but caution is essential. WordPress recently required all of its users to change their passwords after three popular plug-ins, AddThis, WPtouch, and W3 Total Cache, were discovered to contain “cleverly disguised backdoors.” Hackers could then access accounts, according to WordPress developer Matt Mullenweg.

“We determined the [suspicious] com,mitts were not from the authors, rolled them back, pushed updates to the plug-ins, and shut down access to the plug-in repository while we looked for anything else unsavory,” Mullenweg told users in a blog post. Each of the three affected plug-ins was very popular: AddThis and W3 Total Cache were downloaded about 500,000 times each, and WPtouch, which was free, was downloaded more than 2 million times.

There is no evidence that hackers were able to compromise the WordPress site, but Mullenweg and staff were taking all possible precautions. According to HP DVLabs, 80 percent of all WordPress-related vulnerabilities are due to plug-ins. One of the culprits is weak or reused passwords. Mullenweg says, “make sure to never use the same password for two different services.”

Paul Ducklin, head of technology for Sophos-Asia Pacific, says, “If you’re a WordPress user, you’ll know that the WordPress platform includes a complete and powerful administration interface, password-protected, via a URL such as ‘site.example/wp-admin.’ A WordPress backdoor might offer something with similar functionality, but using a different, unexpected, URL, and using a password known to the hacker, instead of to you.” Use caution and always scrutinize plug-ins for suspicious behavior.

Tags: wordpress, Wordpress Hacks

WordPress 3.1: 15 Million Downloads

Posted on Sep 13, 2011 by Joey to Web Development

WordPress recently released version 3.2 of its software; coincidentally the previous version, 3.1m hit the 15 million download mark on the same day WordPress announced the upgrade. 3.2 is poised to achieve similar success; within 24 hours of its release, 333,000 million copies were downloaded. What does WordPress 3.2 have to offer?

In the WordPress News blog announcement for 3.2, Matt Mullenweg writes, “The focus for this release was making WordPress faster and lighter.” Changes include:

• Updated dashboard design. The design and typography is more clean and simple, allowing for an enhanced experience.
• HTML5 Twenty Eleven theme. This replaces the default theme for new blogs. One of the features of the theme is the ability to have rotating header images.
• “Zen mode.” The redesigned post editor allows you to go full screen and write. The idea is for a “distraction-free” writing environment. Most-used shortcuts are available at the top if you scroll your mouse over them, and you will have access to menus, buttons, widgets, and interface elements you need.
• Retiring of PHP4, IE6, and older versions of MySQL to make way for new technologies.
• More shortcuts on the admin bar so you can get to your most-used actions easily.
• Approve and Reply feature to facilitate faster conversation management.
• Enhanced security features. Only versions 3.1.4 and 3.2 are sufficiently patched to close up security risks that were common in other versions.

WordPress 3.2 is available for download via the WordPress.org site. Set-up is easy and fast, particularly if you are upgrading from a previous version.

Tags: wordpress

Joomla: The “Hippie” CMS

Posted on Sep 6, 2011 by Joey to Web Development

Open-source content management systems WordPress, Joomla, and Drupal make up more than 75 percent of the market share, clearly dominating overpaid services like ExpressionEngine. Of these, WordPress makes the biggest splash; not only do 62 percent of the top million websites use the CMS, it has a recognizable face and voice in Matt Mullenweg. Second place Joomla, according to TechCrunch, seems to “fly a bit under the radar.” Why is this? And is Joomla a good choice for your business?

According to data from BuiltWith, Joomla powers about 1.4 million websites. It has recently hit its 23.5 million download mark. As TechCrunch’s Rip Empson points out, Joomla doesn’t have a single figurehead like WordPress does. Instead, it is run by its community of developers, as well as a team that includes OpenSourceMatters.org. This was done purposely to keep Joomla a community-oriented product and to ensure that it was always held accountable by developers and users.

President of OpenSourceMatters, Ryan Ozimek, says that Joomla has taken on a “hippie vibe” because of its image as the “little guy.” While it is relatively unknown in the US, Joomla does have a significant international presence. It is used in more than 200 countries, and what’s more: over 2500 international government agencies power their websites with Joomla. In the US, these include the US Army and Air Force, and NASA.

Joomla is not a money-maker; in fact, its revenue comes entirely from ad services and sponsorship, and it has no heavy-handed investors. This furthers its reputation and image as a hippie CMS, but what does make it a friend to the little guys, so to speak, is its ease of use. This makes Joomla a good fit for smaller companies or those without extensive technical experience because of this, and because it is free. A CMS like Drupal, by contrast, is more intricate and complex and would be a nightmare for the novice.

Joomla doesn’t see itself in competition with other open-source CMSs. Ozimek says that their competition is proprietary software. He adds, “We want to work towards a time when we’re all open coding.”

Tags: Drupal, Joomla, wordpress

Update for WordPress for iPhone and iPad

Posted on Aug 22, 2011 by Joey to Web Development

It is not difficult to see why WordPress is one of the most popular content management systems in the world. Bloggers and businesses turn to the CMS because it is easy to manage, flexible, and adaptive. You can find plugins for virtually any task you need covered, and because it is a free (free is a great reason in itself!), open-source software, there is an incredible amount of support and resources for users. WordPress has issued an iOS update, hoping to become even more indispensible, this time on the go with Apple’s mobile devices.

What has the iOS 2.8 update added for users?

• “Action-centric” quick photo button.
• Statistical metrics breakdown featured with daily, weekly, and monthly charts.
• Translated into 10 languages, including Japanese, Portuguese, French, and Spanish.
• A fix for ¾ of all the crashes in the previous version of the app. Many users had described the previous version as buggy, and 2.8 seals up a lot of security holes.

Jared Newman of Technologizer points out that, even with the improvements, “the latest app update is still missing major features that no blogging tool should be without.” What are these? According to Newman, there is no quick and easy way to create links. There are also no buttons to enhance text, such as strikethroughs, italics, bold, block quotes, lists, and spell check – which is crucial on a mobile device when misspellings and typos are more apt to occur.

Despite this, the update and its new features gives bloggers another layer of convenience on the go.

Tags: iPad, iPhone, wordpress

Putting +1 On Your WordPress Site

Posted on Aug 17, 2011 by Joey to SEO

Forget Liking a post; reddit? Done it. There is a new button on the scene: the +1. Google’s new button allows users to endorse content, and when they search, they will see how many, if any, results were also endorsed by other users. Google has said that they will give this weight when calculating search page rankings, so it is a good idea to get going on +1. How do you put it on your WordPress site?

First, go to the Google +1 homepage. You can customize the button by choosing the size (15, 20, 24, 60 px) and the language. Google will generate a code for you to insert into your site and give you a preview of the button on a side window.

In another window, open your WordPress theme file under “Editor” and then “Appearance.” The menu on the far right will have an option for “Footer” under the Templates section. Click on this. Next, go back and copy the JavaScript from the +1 homepage and paste it before the last body tag. Hit Update.

You are almost a proud owner of a +1. Just add a text widget and paste the +1 shortcode there. This will be in your widgets panel. Save this, and there you go.
More and more of these buttons are popping up; help your ranking and encourage your readers to +1 you.

Tags: -1, google, wordpress

Visual Sticky Footer: Do You Need this WordPress Plugin?

Posted on Jul 4, 2011 by Joey to Web Development

The purpose of any good WordPress plugin is to create a better experience for bloggers and for their readers. And when they allow you to promote your blogs or other sites, they become even more useful. This is what you can expect from a new addition to WordPress’s lineup: Visual Sticky Footer.

Visual Sticky Footer, developed by Really Cheap Health Insurance, allows you to create a custom footer through which you can alert your readers to other posts, sites, social media profiles, or products. The footer can go on any page you choose, and it “follows” readers as they scroll down the page. That is, they will always see the footer, but it will not interfere with the readability of the page. This is a crucial feature because readers can be turned off by something that looks like an ad that won’t go away. At the top of the footer, there is an orange + and – sign. Readers can opt to close the footer, which, again, is an important feature.

You can choose from over 100 icons for upload on your own. You can also add text and links to other pages. This creates great functionality for your site. You can make a list of your best blog posts, highlight an upcoming event or important news, direct readers to an author bio, or post an ad. The developers say, “We make it easy to include advertisements or other content in your footer…Just enter an HTML hex color code and you can change the color of your footer or have it transparent.”

The plugin was developed for this insurance company, which uses the footer to display links to articles, such as “How to choose health insurance for your child.” The footer also has links for quotes, blog, search, and download. You can customize it to meet your needs and suit the style and tone of your site. You can download it here.

Tags: plugins, wordpress

WordPress Update Fixes Security Flaws

Posted on Jun 2, 2011 by Taylor to General, Web Development

Manufacturer HP recently released figures on the security of the most popular content management systems, as well as their plugins. While they found that the core applications of the CMSs themselves are relatively safe, they discovered that about 70 percent of the applications they tested were “vulnerable” to security risks. One of the best ways to keep your website safe is to regularly update your CMS to the latest version. WordPress has released an update that resolves several pressing security issues.

If you use WordPress, it is time to update to 3.1.1. The updated version makes 30 fixes, including three patches for serious risks (preventing PHP crashes, a cross site scripting vulnerability, and tightening up SCRF prevention). Downloading 3.1.1 is essential; WordPress is one of the most popular CMSs, managing everything from personal blogs to sophisticated commercial sites. Because of its popularity, it is a target for hackers, who work on security vulnerabilities in older versions.

As to technical details, the WordPress 3.1.1 developers released a little haiku: “Only the geeks know/ what half this stuff even means. /Don’t worry – update.” Easy enough. You can do this from WordPress’s website, as well as directly with your WordPress Dashboard. Other features of the update include:

• Security hardening to media uploads.
• Improvements in performance.
• IIS6 support fixes.
• Taxonomy and PATHINFO permalinks fixes.

You can download the updated version, WordPress 3.1.1 here.

Tags: cms, plugins, wordpress

WordPress Plugin for iPad

Posted on May 31, 2011 by Joey to Web Development

When the iPad was released in 2010, 300,000 tablets were sold; a year later, the iPad 2 outpaced its predecessor by 100,000 to 200,000. Mac and PC users both scooped up the tablets, which were sold out of retail stores almost immediately. The release of the second generation iPad was thought to be the most successful product launch in Apple’s history – which is saying a lot. Apple has the early lead in the tablet market, and WordPress has released a plugin that can help sites accommodate the growing number of iPad users.

A decade or so ago, businesses had to worry about how their sites looked on a desktop; then, they had to start thinking about smartphones. Now, another change: we are going to have to optimize for mobile devices, like the tablet computer. WordPress helps you do this with Onswipe, a plugin that makes content more appealing for iPads, and specifically their touch screens.

WordPress’s Nick Momrik says, “With the launch of Apple’s iPad we have seen the future of computing and it is touch.” The plugin helps you create an intuitive and sleek interface, complete with social sharing tools for Facebook and Twitter. Onswipe’s developers say that their plugin makes it “insanely easy for publishers of all sizes to make their content and advertising a beautiful experience on touch-enabled devices via Web browser.” Other features include:

• Accelerometer aware content. This means that your content will shift depending on how the user is holding the iPad.
• Homescreen icon.
• Loading screen.
• Cover image.
• Integrated WordPress comments.
• Built-in sharing.

You can download Onswipe from their website. With the growing number of iPad users, this could be a very useful tool for your site. WordPress says they are working on a similar plugin geared towards other tablets.

Tags: Apple, iPad, plugins, tablet computer, wordpress

Which CMS is More Secure?

Posted on May 27, 2011 by Taylor to Web Development

Joomla, Drupal, and WordPress are three of the most popular content management systems, and each has strengths and advantages for users. While the CMS’s core applications are relatively safe, the plugins created for them can have vulnerabilities. According to the latest figures by HP, 70 percent of applications have some sort of security vulnerability, and half of those were identified as “serious.”

HP DVLabs manager of advanced security intelligence, Mike Dausin, says, “A lot of the vulnerabilities in the Content Management Systems have shifted away from the core applications themselves and have shifted to the plugins in those applications. This is actually an even broader security trend which we have also seen on the desktop.”

So which CMS was deemed the least secure? Dausin says that WordPress has “very few vulnerable installs.” Joomla installs, on the other hand, were nearly all vulnerable to security threats. “In the case of Joomla, it’s mostly the plugins that are vulnerable.”

Joomla, WordPress, and Drupal run fairly secure core systems, and Joomla’s release of 1.6 tackled several security issues; plugin developers, though, do not always hold themselves to these standards. Joomla’s security center allows users to report security vulnerabilities, and the “Strike Team” is continually working to resolve them.
To protect your site, keep up-to-date with the latest risks: Joomla, for instance, has a Vulnerable Extensions List that you can check. Also be sure that your CMS is updated to the latest version, so you can add another layer of protection.

Tags: cms, Drupal, Joomla, plugins, wordpress

WordPress 3.1 Changes

Posted on Apr 25, 2011 by Joey to Technology Trends, Web Design, Web Development

WordPress has just issued a new version, 3.1, that improves upon the most popular content management system in the world. Thirteen percent of the world’s top 1 million websites use WordPress, and 3.1 addresses a host of issues of its predecessor. What’s new for WordPress?

Post Formats. This function allows you to customize the way that a post is displayed. Users can choose whether to designate a post as a gallery, chat, audio, status, quote, image, video, link, or aside to help determine how the content should be presented. How does this look? If you designate a post as a video, it is displayed with a custom width to accommodate for the video. If it is designated as a quote, the quote may be displayed in large, italicized font.

Faster internal linking. This feature makes it easier to link back to content you have previously posted. You don’t have to dig back through your blog or site to find the specific content; instead, you can just enter a keyword or phrase.

Admin bar. On the profile screen, you can enable the bar within the admin screen. It is disabled by default, but enabling it allows quick access to admin tools. You can create new posts or access different back-end features. It is only visible when you are logged into your own site.

In addition to these changes, WordPress 3.1 has improved its interface and fixed more than 820 bugs. Many less frequently used features are hidden by default for a less cluttered interface. Overall, 3.1 has been greeted with great reviews; it has made the world’s most usable CMS in the world a bit easier. WordPress version 3.1 is now available for download.

Tags: wordpress