They are unique to the WordPress install, to the WordPress user, to the action, to the object of the action, and to the time of the action (24 hour window). That means that if any of these things changes, the nonce is invalid.

I guess that if we work through the logic, the only thing I can see that has changed is that the user has logged in again. I must conclude that it is identifying the user by something other than the username. Hmm… This is a puzzle.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Today I figured out that if I remove the wp_nonce stuff at the end of the line I could get the automatic upgrade plugin to continue. Wp_nonce is a security feature. I think it is primarily used with forms but it can be used with links. About the only source on this function is the Writing Secure WordPress Plugins post by David Kierznowski. I think when I have to log back into WordPress, wp_nonce thinks I am breaking in and slams the door shut. From a plugin design standpoint I am not sure there is a need for this type of security at this point since all I want to do is activate my plugins and get my log report. I guess I will comment out lines 392-394 so the plugin will work.

WordPress › WordPress Automatic upgrade « WordPress Plugins

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Cutline 1.3 Released | Cutline Theme for WordPress

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

For the last couple of days I have been monitoring its log. So far I have not found any false positives. It looks like it is blocking some comment spam. Most of my comment spam is caught by Akismet.

I am kind of fascinated with this plugin.  If the developers are looking for ideas, it would be nice if:

1. It would tell me if there is a new filter available. I am not sure how often the filter is updated but with a little modification the plugin could update the file directly. WordPress would like updated plugins to be updated on their web site. An updated the revision number for the plugin would appear in the plugin panel. In a perfect world the use could then update the plugin automatically.
2. The search stats button overlaid the standard report onto the admin page for the plugin. It is not very useful in this format.
3. It would be nice if the report said why the bad request was blocked. I have several blocked requests showing something called “__utmz” in the tag field.
4. It would be nice to download the report as a csv file.
5. It would be nice to have a summary report by type of blocked request.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

While I was at it I did a little spring cleaning. I changed the blog to not use the www subdomain, changed the .htaccess file, changed the blog to use a more descriptive permalink, removed the register feature from the meta widget, and got rid of several old inactive plugins.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Cyberinsecure recently posted details of an automated WordPress hacking tool that is doing the rounds. This malicious worm or program appears to create the directory, "wp-content/1/" as well as spam comments:

The blogs are most likely attacked by some kind of automated tool since the amounts of spam are too big to work manually on all those spam pages creation. It seems there are also spam comments in posts as well. Spam comments are pointing to internal infected blog pages in folder “1″ to get them spidered and to get people to visit them.

Smackdown also has a nice blog entry about this issue.

Automated WordPress Hacking Tool Cached by Google
DK
Wed, 26 Mar 2008 23:52:40 GMT

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

1. Since I have recently been looking at easy ways to use Flickr images and create image galleries, I was curious how the improved media gallery works. After playing with the insert image and media gallery, I am still trying to figure out how the media gallery works. I guess it is a work in progress. The Gallery and Media Library tabs do not seem to do anything.
2. It was not obvious how one creates an avatar either.
3. I tried to automatically update the PhotoXhibit and Database Backup plugins and it did not work.

WordPress › Blog » 2.5 Sneak Peek

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Note: The following checklist was based on WordPress 2.0. Since WordPress 2.1, WordPress has replaced and introduced new template tags.

Files, functions, and to-dos you need to check-off before using / publishing your own unique WordPress theme:

Files and Templates

• 404.php
• archive.php
• category.php
• comments.php
• footer.php
• functions.php (for widget-ready sidebar)
• header.php
• index.php
• page.php
• search.php
• searchform.php
• sidebar.php
• single.php
• screenshot.png / .jpg / .gif
• style.css
• readme.txt (optional)

Header.php

• Blog’s Title
• Blog’s Description

Footer.php

• wp_footer()
• Footer text and links (usually, copyright message)

Sidebar.php

• Search form – Does the regular search form match the widget search form?
• Pages / wp_list_pages() – Have you styled the second level links? Third level links?
• Categories / wp_list_cats() – Sort by name or ID? In what order? Is hierarchical turned off or on?
• Archives
• Calendar – Does the regular calendar match the widget calendar?
• Links / get_links_list()
• Meta: wp_register(), wp_loginout(), wp_meta()

Index.php, Archive.php, Category.php, Search.php, Page.php, Single.php

• the_ID()
• Post title: the_permalink, the_title()
• the_content
• Postmetadata: edit_post_link(), comments_popup_link(), the_author(), the_category(), the_time(),
• trackback_rdf() [hidden]
• posts_nav_link() – Next/Previous page links
• Else – What to display when there is no content.

Archive.php, Search.php

• the_excerpt() replaces the_content()

Page.php

• link_pages()
• Remove Postmetadata
• Keep edit_post_link()
• Remove posts_nav_link()
• comments_template()

Single.php

• link_pages()
• Remove comments_popup_link()
• comments_template()

Comments.php

• Comments list
• Comment forms and textarea
• ‘No comments’ message
• ‘Comments awaiting moderation’ message
• ‘Must login’ message
• ‘Password protected’ message
• Comments off message

Pages to Validate

• Home page
• Archive pages
• Category pages (if you customize category pages)
• Search result pages
• Pages (i.e: About)
• Single post view page
• Single post with no comments
• Single post with comments
• Single post with must login message
• Single post with no login required message
• Password protected single post with comments

Note: This is not an end-all checklist. It covers just the basics. More items will be added.

WPDesigner » WordPress Theme Checklist

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

1. Cforms II – This is far and away the best contact form plugin there is. The reason? configurability. You can easy build literally anything with it. We’ve built out employment application forms, wedding checklists, and more for clients. It also drives our own quote form. There’s also built in spam protection, via question and answer or captcha. by delicious days
2. WP e-Commerce – Unlike cforms, this plugin has no competition. It provides an easy to manage storefront and shopping cart as an integral part of your wordpress installation. It includes the ability to sell digital downloads as well, which is great for photographers, musicians, and authors. By default it includes support for PayPal, although the $29.99 fee for the authorize.net module will pay for itself in lower fees for most serious e-Commerce sites. by Instinct Entertainment
3. Search Everything – Since most of the sites we develop focus more on their static content than on their blog posts, this plugin is essential for allowing users to search your entire site without leaving your site and relying on google. by Dan Cameron
4. Google Sitemap Generator – The biggest benefit of using wordpress is the manual labor you save because the software already knows where all of your content is. This Plugin submits a comprehensive index of your site to google, yahoo, MSN Live, and Ask.com every time you update your site. It’s a huge boost to your site’s SEO. by Arne Brachhold
5. Subscribe2 – Subscribe2 is a newsletter plugin for your site. It allows you to create newsletters and manage subscribers within your WordPress Dashboard. It also allows you to email subscribers when you post a blog entry, which allows you to have a permanent copy of the newsletter that you can refer people to. plugin homepage
6. Event Calendar 3 – There are a ton of event plugins out there. This is the best & most integrated one we’ve used. It provides an iCal feed, in addition to the standard RSS feed. Since the events are created as Blog posts, it’s easy to integrate them into your site. by Alex Tingle
7. Page Links To – by far the simplest plugin on this list, This plugin allows you to create “pages” that link to something else. It’s the easiest way to add links to your main menu, without mucking around in code. It’s good for adding a link to an external photography portfolio, for example. You could also use it to link to sections of a page, rather than an entirely seperate page, which could be useful for linking to sections of a restaurant menu, or other small sections of a larger page. by Mark Jaquith
8. TinyMCE Advanced – I’ve posted a lot about using this plugin. It was referred to me by Jim Burke from TSG Real Estate, who needed a way to easily add classes to blockquotes, tables, and images. The plugin also does a great job of making tables work well with WordPress posts. plugin homepage
9. XSPF_Player – As much as I’m not a fan of auto-playing music on websites, This MP3 player makes it easy to manage playlists, cover art, and artist links. It’s a great way for music venues to highlight upcoming shows. Used in conjunction with Event Calendar, you can make the track link lead to the post for their upcoming show, all of which is easily manageable from your WordPress dashboard. by Boriel
10. pageMash – I just posted about this, but it’s worth mentioning again. This plugin makes it very easy to put your pages in order, without having to edit every page individually. by Joel Starnes

Top 10 WordPress CMS Plugins | Blueprint Design Studio

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.