Posts tagged ‘WordPress’

WordPress Default Database Prefix

January 16, 2012, 10:08 pm

One of the recommended security measures for WordPress is to change the default database prefix.   When you use the default setting, hackers can more easily perform SQL injection attacks.   The easy way to avoid this is to change the prefix before installing WordPress for the first time.   If you forget to do this, you can either do this manually with vi, sftp, and phpmyadmin or you can use a plugin to make the changes.   I went the manual way.   I followed instructions from digwp but I also doublechecked those instructions with several other sites.

This post largely exists as a test post to verify posting, at least, still works.   If you see anything else broken, please let me know.

I use Incapsula to protect the site.   SQL Injection protection is included in their free protections.   Nevertheless, I finally decided the risk was worth the limited reward.

Tags:
Category: Housekeeping  |  2 Comments

WordPress 3.3.1 Released

January 3, 2012, 5:58 pm

If you haven’t logged into your WordPress today, this is news to you.   Version 3.3.1 has been released to fix a XSS vulnerability.

According to ThreatPost, this is only a vulnerability if you installed WordPress by browsing to the IP.   Most installs are hosted and you would browse to the site FQDN to install.   These systems aren’t vulnerable.

The update also fixed 15 bugs.   So review the release notes and determine if you need to update.   Or just do it.

Tags: ,
Category: General  |  Comment

WordPress Post Formats

April 7, 2011, 11:19 pm

I looked forward to WordPress 3.1 in order to use the new post formats.   WordPress is trying to be a bit more like Tumbler and make it easier to post oneliners, links, and images.  Except they really don’t.

The 9 new formats are Aside, Chat, Gallery, Image, Link, Quote, Status, Video and Audio.  It is my understanding that in tumbler, if you chose one of these formats, the post composition window is customized to that format.   For example adding a post in a link format would just have two blanks.   One for the URL and one for the description.

WordPress doesn’t change the post composition Window.   That wouldn’t be so bad, but it seems that Theme writers have been very slow to add support for post formats.   I counted 6 themes the last time I looked for a theme that had support for the aside format.  

Adding post format support to your existing theme, isn’t as well documented as I’d like.    Digging into WordPress had the most helpful post.   Step one and two of the article is easy.   But then I kind of got lost in step 3.  I did not understand how to add post_class().   Eventually I figured it out and replaced class=”post” with php post_class(); ?> in the appropriate index and archive files.

Even then, I still needed to update the CSS.   Digging into WordPress’s instructions weren’t enough for someone who has never touched CSS.   I scraped together passable code for aside and link, but still need to do some work.

I’m thinking of taking the shared article links from the right hand side and posting them using the link post format.   The main issue with this is ease of use.   The shared article links currently come from a Google Reader RSS feed.   I can hit “share” in google reader and with one click have this updated.   While I know posts can be created from RSS feeds, I dont know if I can create a post in the “link” post format.      I’m afraid I may share even less links.  

The aside is the main reason I wanted to get post formats.   The SANS Internet Storm Center calls them one liners.   I would use this when I want to say something without having to say everything. 

Post types are nice, but it needs to be more convenient.   It needs to be built into the iPhone app so I can post in these formats when mobile.   In the browser the post composition window needs to change based on the format selected.   And lastly, Themes need to be front and center with support.   On my other blog, I’m even using Twenty -Ten and finding the display of the post formats lacking.

I dont know much about post formats other than what I can find with a search engine.   So you have any thoughts, I’d love to hear them.

Tags:
Category: General  |  Comment

WordPress 3.0.2 released

December 2, 2010, 2:12 am

WordPress has released version 3.0.2 to address a privilege escalation user  for users having author access.   Upgrading is recommended by the vender even if you don’t have untrusted authors.

The upgrade went smoothly on this blog.  But on another blog, the update didn’t complete and the blog was stuck in maintenance mode.   After taking care of that (delete .maintenance), I had to reinstall the update.   I found not every file was updated successfully on the first attempt.

As always with WordPress updates, take a backup, and disable all plugins before the update.

After the update, you’ll want to review any security steps you’ve previously done.   The update added a readme.html back to the root directory.   Most recommend deleting that as it contains the WP version.  In my case there are many other areas where the version is leaked so I don’t think that is such a big deal.   Just always update when a new version is out.

Tags: ,
Category: Housekeeping  |  4 Comments