Triune Designs Blog: Web Design, Development, & Marketing

In what I hope is my last post (for a while) concerning website security, this is a tale of two websites. I know I have been writing about your website’s security, but this has been a growing issue for the (self-hosted) WordPress community lately. My intention is to make sure our community and friends are properly educated about some simple solutions to better protect themselves.

Website 1: Updated WordPress Version
This website owner updated their version of WordPress. A minor error in the administrative settings allowed a hacker to register as a user. Because the software was up to date, the hacker got no farther than joining as a subscriber. No damage was done, no reinstalling of files was needed, and no major overhauls were warranted.

Website 2: WordPress Was Not Updated
The WordPress admin for the second website did not upgrade their WordPress platform. The same minor error mentioned above allowed the hacker to register as a user. However, since the software was out of date the hacker was then able to change themselves to an administrator. They then added other fake users, hid new admins they created, and changed various settings. They also changed the permalink structure to redirect users to potentially harmful websites. An afternoon’s worth of work was required to completely sanitize the website to make it safe once again.

The Importance
Weeks ago, the WordPress community found a hole in the security and the issue was promptly fixed. Once it was resolved, an update was distributed. In fact, the past two software updates included this security patch. People who had not updated their software recently were exposed to the worm and a lot of website owners have been affected. They felt the affect of not staying on top of their updates. The rest of the community was more protected from the attack.

If you want to read more about the importance of updating your WordPress software, Matt Mullenweg wrote a good article on the WordPress blog.

Please let me know if you have any questions concerning your current version of WordPress or if you are confused about updating your version of WordPress.

Stay safe out there!

Do you have a great post that you want the world to see for a while? Then let me introduce you to sticky post! Sticky post, meet reader. Reader, meet sticky post.

Your Normal Settings
In your default WordPress blog setting, every time you publish a new post the older ones get bumped down one notch. The newest post takes over the top slot and is the first one people see when visiting your blog. This keeps your blog clean and tidy in chronological order.

Being A Little Sticky
There are, however, times when you might want that special blog post to “stick” around for a while in the top slot. WordPress allows you to to do this in the visibility settings on the right side of your post editing page.

Here is what to do:

1. Find the publish area on the edit post page.
2. Find the visibility setting (see image below).
3. Click “edit” to the right of visibility.
4. Check “Stick this post to the front page” (see image below).
5. Click ok to save the change.

That is it. You have just allowed that awesome post to hang around for a while longer to bask in all its greatness.

Thanks to Noupe for highlighting this feature in WordPress 2.7. If you want more great tips and tricks to master WordPress check out their article.

Oh yes, oh yes. The day has finally arrived when WordPress releases its most current, and probably best, upgrade: WP version 2.7. First let me say that WordPress before v2.7 was just an awesome blogging platform. However, with this most current improvement, WordPress really sets itself apart as the premiere self-hosted blogging platform.

Why is WordPress so powerful? Here are a couple of reasons

• The large WordPress community (conservative estimates show 7.4 million blogs using WordPress self-install/self-hosted and another 4.7 million blogs hosted on WordPress’ own website. That means a total of 12 million WordPress-based bloggers.)
• WordPress’ flexibility
• WordPress is extremely easy to use and learn
• WordPress is free and open source

WordPress works so well because the application is in tune with the company’s philosophy for its product. Their philosophy is as follows:

• Have a small and capable core for its basic programming structure
• Allow for a vibrant plugin market (there are thousands of plugins available for you to use)
• Allow for thousands of themes for users to choose
• Options in the core programming are bad

I believe the programmers have stayed very much in line with this philosophy. WordPress’ basic structure is very lightweight and easy to use right out of the box. Then as the user feels comfortable they can begin to add extra features through the use of plugins, which serve to enhance the blog’s basic capabilities. Fore example a few plugins I use are Intense Debate, Meet Your Commenters, Akismet (spam is bad), and Feedburner. This combination of lightweight core and plugins really allows for a great user experience from both the reader’s and writer’s perspectives.

So, what is new in WordPress 2.7? I am glad you asked.

• Automatic core upgrade!! (Author’s opinion: this is by far the best aspect of the upgrade)
• Plugin installation from within the admin
• Redesigned admin interface
• Threaded comments
• Paged comments
• Reply to comments from the admin pages
• Direct access to submenus
• Great keyboard shortcuts for comment moderation
• Customizable admin screens
• QuickPress (quick posting/writing quick drafts from the dashboard)
• Sticky posts (a post can be “stuck” on the home page, which is good for popular posts that you want to keep on the home page and towards the top)

(Author’s works cited blurb: I got most of the information about WP 2.7 and the WordPress philosophy from Mark Jaquith (@markjaquith) during his Charlotte WordCamp keynote address. Thanks Mark!)

Okay, so there you are. Now you know why WordPress is so great and some of the incredible features coming up in the latest upgrade. If you are not using WordPress then I highly suggest you give it a try and kick the tires a little bit. I believe you will really like what you see. If you are one of the fortunate ones who already use WordPress then make sure you upgrade and just stand back in awe.

Until next time, happy blogging!

As I promised in my last blog post, you can see the top commenters on my blog right now. Unfortunately, the list only shows me right now, but I am sure that is just because we have a lot of commenters who are not registered with Intense Debate. This will surely change and I am excited about that.

Speaking of Intense Debate, I have now set this blog up with their comment-tracking system. They really help out with creating more of a conversation on a blog than the traditional commenting setup. Please kick the tires on how Intense Debate looks and functions on the blog. Let me know whether you think this is a good addition to the blog.

If you like what you see, I suggest getting an account with Intense Debate.

I look forward to hearing your thoughts and reading your comments (as always).