CompuSutra » Wordpress

Yet Another WordPress Upgrade – 2.8.4

admin — Thu, 13 Aug 2009 03:13:46 +0000

Yet another upgrade has been announced to WordPress. Version 2.8.3 was released early last week, and today 2.8.4 has been announced. Look at the timeline.

09-Jul 2.8.1
20-Jul 2.8.2
03-Aug 2.8.3
12-Aug 2.8.4

Once again, it is termed a security release. According to Matt, if you are still using 2.8.3

a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

So, go download 2.8.4 or upgrade using your WordPress dashboard.

Reverse Order WordPress Comments

admin — Wed, 05 Aug 2009 03:16:16 +0000

Sometimes you may want the order of comments on your WordPress blog to be reversed, i.e., want the newest comments to appear on top. While simple plug-ins have been available to accomplish this (I liked Sudar’s the best), now there is a much simpler solution. Now WordPress dashboard itself allows you to reverse the order of your comments.

To reverse the order of your comments, go to your WordPress dashboard and follow the following sequence of operations:

1. Under Settings, click on Discussion

2. Under Discussion Settings » Other comment settings it says Comments should be displayed with the older comments at the top of each page. Just change the older to newer using the drop down box, and hit “Save Changes” at the bottom of the page. You are done!

Also, as I said before the search feature at the plugins page needs to be more efficient. It still returns a number of plugins for reversing comment order, when they are no longer needed.

Upgrade to WordPress 2.8.3

admin — Tue, 04 Aug 2009 04:01:34 +0000

I think the pace at which WordPress.org releases WordPress upgrades is a little bit too fast. It is kinda good, because this tells us the people at WordPress are working on it all the time, but it does add some admin work for us bloggers. Even though upgrades are now a breeze thanks to the auto-upgrade feature, it is always advisable to take a backup before the upgrade. If you are maintaining multiple blogs, you just signed up for a good amount of admin work between taking backups and upgrading each blog. But hey, you wouldn’t have taken that backup otherwise, would you have? Makes you think of going to WordPress mu, but there may be more unknowns there. Haven’t tried that yet.

Exactly 2 weeks after the release of its 2.8.2 version, WordPress.org has released WordPress 2.8.3. This release has been termed as a “security release”, as some of the vulnerabilities of 2.8.1 were not fixed by 2.8.2. Ryan Boren advises:

Since this is a security release, upgrading is highly recommended.

So, if you are running your site on WordPress, go ahead and upgrade now. Don’t forget to backup your data. I am still looking for an easier way to take a backup. As I said in my last “upgrade” post, the easiest way I know to back up your WordPress blog is to go to Tools » Export in your dashboard. However, for bigger blogs, it creates an issue because while restoring your site, importing a file larger than 2 MB creates an error unless you change your php.ini file. I will write more about that soon.

Just Upgraded to WordPress 2.8.2

admin — Tue, 21 Jul 2009 03:54:34 +0000

WordPress 2.8.2 has been released just 11 days after WordPress 2.8.1. Today’s entry on the official WordPress blog warns us of an “XSS vulnerability” that could cause comment author URLs to be exploited to redirect you away from the admin to another site.

For those new to the term, XSS (Cross-site scripting) “is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy”. (from Wikipedia)

If you are upgrading your WordPress installation, make sure you make a backup of your blog. Easiest way I know to back up your WordPress blog is to to to Tools » Export in your dashboard. This creates an XML file that you can use to restore your blog if anything goes wrong.

For the last few revisions, I have been using the auto-upgrade feature of WordPress (Tools » Upgrade) For me the upgrade to 2.8.1 last week did not go as well as today’s upgrade did. When I upgraded to 2.8.1, although the blog seemed to work fine, I got errors while doing various admin tasks. I downloaded WordPress 2.8.1 and overwrote the auto-upgrade version on my server. That fixed the problem.

WordPress Contact Form III Didn’t Work For Me

admin — Sun, 19 Jul 2009 04:20:17 +0000

I just added a contact form to my blog, now proudly running on WordPress 2.8.1. Since WP 2.7, it has become a breeze to add and delete plugins. It no longer involves searching for the plug-in outside your dashboard, downloading, unzipping the plug-in package, uploading it to the server and then activating it. Now you can search, install and upgrade WordPress plugins, themes, and even upgrade WordPress versions itself from within the Dashboard.

The search feature at the plugins page is not very efficient, though. Also I wish the
plug-in database got rid of dormant plugins regularly. I found WP Contact Form III, which I thought was kind of cool because it was a combination of Doug Karr‘s and Ryan Duff‘s plugins, both recommended by problogger.net in their book “Pro-Blogger: Secrets for Blogging Your Way to a Six-Figure Income“. The plug-in installation and activation was easy. The contact form even showed on my blog, but it didn’t show a captcha verification code. So, I figured I needed to go to the “Contact Form” configuration. That is when the error occurred: “You do not have sufficient permissions to access this page”. The plug-in’s page at Wangenweb results in a 404 error. Visiting the WordPress Support Forum didn’t help much, but it did direct me to another Contact Form. “Enhanced WordPress contact form plugin” from yoast.com turned out to be my solution. It is simpler looking than the Contact Form III but works well. Check it out.