WordPress 2.8.4: Security Release August 13, 2009

[ From the official Wordpress blog at http://wordpress.org/development/2009/08/2-8-4-security-release/ ]

WordPress 2.8.4: Security Release

Posted August 12, 2009 by Matt. Filed under Releases, Security.

Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.

We fixed this problem last night and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.

By Earthman | Posted in Web Design, Website Consulting, Wordpress | Comments Off

Plugins + Jquery March 30, 2009

Hi Fellow Wordpress Fans!

Here are some Wordpress plugins you will likely find useful…

My Page Order – Easy drag and drop ordering of your pages – Access under Pages > Page Order

Cleaner Gallery – Makes it easy to integrate the Worpress built in photo gallery feature with Shadowbox (or other lightbox scripts) – or just simply removes the styles that wordpress injects natively, so you can use your own more easily

ShadowboxJS - Activates overlay lightbox-style effects for your Image links.  Also works with Iframes, HTML content, Videos, SWF, etc.  Super frikkin cool!  Check out what it can do at:http://mjijackson.com/shadowbox – The wordpress plugin install will give you immediate access to all the functionality.

WP-SIFR – Change Page titles (h1,h2, etc) into Flash-Rendered Text, using the SIFR font of your choice (find em on google) – Degrades gracefully and doesn’t affect accessibility at all

CFORMSII – get the latest version – Stop coding forms, auto-verification, Captcha support etc.  YEAH!

—-

Also, for front end Javascript fancy FX – Check out JQuery http://jquery.com/

There are frameworks (prototype, mootools) but I like Jquery so far – the syntax is easy, and there are lots of plugins around.  Downside, sometimes can get heavy on load times if you get too many plugins involved.

AND, Jquery is already bundled in Wordpress which makes the install easy as pie!

To activate and use the core in your Wordpress theme, just do the following:

In your theme’s functions.php file, include the following function call:

wp_enqueue_script(‘jquery‘);

That will load the Jquery 1.2.6 base file in your wp_head, and put the script into your page’s head section automagically.

Then, copy the following into your template’s header.php file,  AFTER <?php wp_head(); ?> and after all your stylesheets and CSS:

<script type=”text/javascript”>

jQuery.noConflict(); // loads Jquery and makes sure it won’t conflict with other libraries
var $ = jQuery; // assigns $ to the Jquery object/library for ease of use and plugin file access

$(document).ready(function() { // this is jquery’s version of window.onload

//jquery ‘on page load’ code assignments go here

alert(‘page loaded’); //sample of action to perform on page load

});

</script>

There, with the snippet above you will see that an alert pops up on page load, showing that Jquery is up and working.

Have fun!!!!
T

By Earthman | Posted in Web Design, Website Consulting, Wordpress | Tagged , , , | Comments Off