Random babble by Paulh

Over at Adii.co.za there’s a competition to win the Developer’s Package of wordpress themes.

What’s so good about these themes? Well for one they look very professional, secondly wordpress is not just for blogs, its uses as a cms are endless, unfortunately most templates out there are made for blogging - not great if you want to develop a news portal - which is why i like the gazzet edition  so much.

I’ve yet to try these themes out, but from the feedback and screenshots they look awesome

The long awaited version 2.5 of wordpress is here

WordPress 2.5, the culmination of six months of work by the WordPress community, people just like you. The improvements in 2.5 are numerous, and almost entirely a result of your feedback: multi-file uploading, one-click plugin upgrades, built-in galleries, customizable dashboard, salted passwords and cookie encryption, media library, a WYSIWYG that doesn’t mess with your code, concurrent post editing protection, full-screen writing, and search that covers posts and pages

Have played about with an early release of 2.5 and so far so good, only a couple of old plugin didnt work.

Would make sure you backup your database and wordpress installation before upgrading.

If like me you think Wordpress is a great cms you’ve probably installed several templates and plugins. But do you know what exactly it is you are installing?

Chances are unless you are a PHP programmer you won’t have given this a second thought.

So what is it you are installing?
Wordpress  plugins and some templates contain code that performs a particular task.  Some of my favourite plugins are listed here

So what’s the security issue?
Those plugins and templates could be malicious!

Most of us take precautions when downloading programs and files on to our desktops, but happily install plungins and templates on servers without giving it a second thought.  So now you have your nice new shiny template installed, but what else is it doing? Possibilities are endless, you could be opening your server up for sending out spam,  or leaving your company server open to attack.

In the last few week alone I’ve seen..

• templates email that send out emails when installed
• plugins inserting hidden links in all your posts
• mystery encoded php in templates
• plugins that install extra php files from remote servers

So what can you do?
Until there is a online system where plugins and templates are checked for security holes, and we’re able to download them from a verified source, all we can do is be very careful.. Before installing look through those template and plugin files, and check for suspicious code.

Wordpress has been my cms of choice for a long time, but only recently have I come to appreciate just how good a CMS wordpress really is.  So when a foolish friend decided to install Drupal I had to step in and change it to wordpress. So here is a list of the best wordpress plugins I used to build Threadwatcher.com

 Akismet
Great comment spam detection plugin. Stops a lot of comment spam from getting through and by doing so saves you heaps of time.

aLinks
Awesome plugin for automatically linking keywords within posts. Add your chosen keyword and a matching url. Then whenever the keyword appears in one of your posts it will automatically link to your chosen url.

Angsuman’s Feed Copyrighter
Add a copyright notice to your feed, or even better, add a unique tracking code to see who’s using your feeds.

Dagon Design Sitemap Generator
Great plugin for auto generating a sitemap - Can be placed on any page you like such as 404 error page.

Get Recent Comments
Allows you to show the most recent comments on the sidebar. Lots of display options. Grouping by category is my favourite. As seen on right sidebar of threadwatcher.com

Head META Description
Improves the meta description for your blog posts by either using the excerpts or the first section of your posts content

Post Image
This plugin allows you extract and display images attached to posts. As on the front page of threadwatcher.com (although threadwatcher.com uses a hack of mine which if no image is attached to a post it pulls a random image assigned to the category the post is in - might make this into a plugin if I find the time)

Sociable
Nice lazy way to include all those icons and links that no one ever uses to those over hyped social bookmarking sites

Subscribe me
Simple way to add those feed images in the vain hope that someone will subscribe.

the_excerpt Reloaded
Allows you to easily show an excerpt to a post or if no excerpt exists it uses a definable amount of text from the post. Great if you only want to show a snippet of posts text on the front page. As I have done on here and threadwatcher.com

Ultimate Tag Warrior
Fantastic and powerful plug-in, does all sorts of cool things with tags. Through UTW I was able to display the related posts on threadwatcher.com (I had to perform a little hack to stop ultimate tage warrior from showing draft posts(Function GetRelatedPosts , add “AND post_status = ‘publish’” to the mysql query  - this may only work on version 2.2.1 of wordpress )

wp-cache
Caches your pages and speeds thing sup greatly, highly configurable.

WP-PostRatings
Used this on another site and so far its working great. Allows visitors to rate posts and allows you to diaply the top rated articles. Will get round to adding this to threadwatcher.com just as soon as Earl Grey does some work on the site too.