iTechnoBuzz!!

Ryan Boren the lead developer of WordPress Team has just announced the release of WordPress 2.8.6 Security update through WP blog. The release fixes two vulnerabilities relevant only for blogs having more than one authors like iTB as they can only be exploited by registered, logged in users with posting rights. In his blog post Ryan Boren suggests webmasters having untrusted authors to switch and update to WordPress 2.8.6.

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch.  The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.

The update is now officially available on WordPress.org and could be downloaded from : http://wordpress.org/download/. To update your wordpress blog to v.2.8.6 all you need to do is to click on Automatic Update in your WordPress DashBoard (Admin Panel), and within a minute you will get your blog upgraded to WordPress 2.8.6.

WordPress 2.8.6 upgrade does not require any update to WordPress database, but before updating it is recommended to take a backup both of your wordpress files hosted on the server plus the mysql database, which could be required in case the upgrade fails for any reason.

Peter Westwood on October 20, released WordPress V 2.8.5, and termed it the “Hardening Release”. Hardening Release means more preventive measures have been taken to secure WordPress.

Worthy of note though is an issue that was addressed dealing with a trackback spam denial of service attack which was discussed on the WP-Hackers mailing list the other day. This exploit takes advantage of the WP-Trackback.php file which would exhaust a servers resources when used. This problem is specifically addressed in the Hardening Release. This release also cover up some bug fixes.

The headline changes in this release are:

• A fix for the Trackback Denial-of-Service attack that is currently being seen.
• Removal of areas within the code where php code in variables was evaluated.
• Switched the file upload functionality to be whitelisted for all users including Admins.
• Retiring of the two importers of Tag data from old plugins.

Peter Westwood, recommends web masters to check out the WordPress Exploit Scanner, through which you can scan if your site may have been hit by one of the recent exploits and you would like to make sure that you have cleared out all traces of the exploit.

Why This update?

On august 1o, a vulnerability in WordPress 2.8.3 was discovered by Laurent Gaffié and was posted over the test and security portal milw0rm. The vulnerability is named as Remote admin reset password and could be exploited by an attacker  to compromise the admin account of any wordpress/wordpress-mu <= 2.8.3.

Response by WordPress..

In regards to this exploit, The wordpress team has released the secured WordPress 2.8.4 as a fix for the exploit which is still under consideration to keep track over future problems and fixing issues. It is highly advisable to all wordpress users to update their blogs to the latest v 2.8.4

You can download the latest version of WordPress i.e. WordPress 2.8.4 by clicking here. Or you can simply go to your dashboard automatic upgrade option to upgrade your wordpress to v2.8.4 . Remember to take a backup of your databse and files before upgrading to the new version. You can do it by using php MyAdmin in your host cPanel, or for newbies and beginners , you can simply use the WordPress Automatic Upgrade plugin, which provides you options to download the backup automatically.

For any help or queries regarding the same, use the comment box under this post.

11th June 2009, the biggest day for wordpress team yet.

Today, Mr. Matthew Mullenweg founding developer of WordPress announced the successful release of the latest and the greatest version of wordpress 2.8 codename “Baker” and named in honor of noted trumpeter and vocalist Chet Baker.

The download is available here.

WordPress 2.8 seems the same as 2.7 visually, but it is out with great new 180 features and fixed over 790 bugs.

One of the major update is now, one can browse all themes from the dashboard itself. The Appearance tab comes with a new “Add New Themes” addon, which allow you to browse all themes availaible on wordpress.org and install directly from wordpress directory.

To add a new theme, all you need to do, is to click on Add New Themes and check mark some of the specifications like “colors, columns, Width, features and subject” and you are done, you will be provided with 100(s) of themes with preview and install feature.

To tweak and edit themes on your own, you will notice the new CodePress editor which gives syntax highlighting to the previously-plain editor. Moreover, this new version got a completely redisgned widgets interface.

To get your eyes on the complete list of all 180 new features check out WordPress Version 2.8 (180 new features list). Also, here comes an explanatory video, which defines all ups and mods about wordpress 2.8 :

Like this article? Feel free to share and socialize it in your own way. Use the comment box to tell us about your experinces with wordpress and the new version so called “Baker”.

Hello fellow bloggers! For most of the WP – users, WP – GreetBox is not a new play pawn. But, many of my fellowmates use blogspot and other non – WP blogs, and on their special request i googled a bit and tried to figure out some of the best Wp – plugins to be used over blogspot and other non – WP blogs.

For Wp- Users the name is changed to The Blogger Greet Box and it will be poped on your post as follows:

The Blogger Greet Box has the following features:

1. Play / Show a  greeting message to your visitor depending on the referrer URL.
2. Great set of icons for referring url.
3. By default position of greeting message is on top of post, but hey could be inserted any where within the post.
4. Pops some default greet entitled message. If the user hits the URL directly pops out the RSS greet message or respected other greet message from a referrer which is not specified.
5. Ability to remove the message when the user navigates within the same site so we do not keep nagging them with greeting messages.
6. Currently the following referrers are installed.
   - Google
   - Yahoo
   - Digg
   - Stumbleupon

Steps to install the plugin :

Download the following 2 Javascript “js” files and upload on your server.

1) http://cid-db9f90bab5f7f65e.skydrive.live.com/self.aspx/.Public/TextToBeDisplayedDiv.js
2) http://cid-db9f90bab5f7f65e.skydrive.live.com/self.aspx/.Public/HideShowDiv.js

Blogspot users can use any free hosting site available. There are plenty of them.

Copy the following code and paste it on your website/blogger template wherever you want the code to appear:

<script src=”/TextToBeDisplayedDiv.js” type=”text/javascript”>
</script>
<div id=”mainDisplayDiv” style=”background:#F8F8FF;border:1px solid  #B6AFA9;display:none”>
<div id=”dynamicContentDisplayed”>
</div>
<script type=”text/javascript”>

// Give your feed url here
var feedURL = “YOUR BLOG FEED URL GOES HERE“;
var dynamicHTMLText = displayRequiredText(feedURL);
document.getElementById(“dynamicContentDisplayed”).innerHTML
= dynamicHTMLText;
</script>
</div>

<script src=”/HideShowDiv.js” type=”text/javascript”>
</script>
<script type=”text/javascript”>
//List your domains where you don’t want to show up. Suppose
//when people navigate within your site and you don’t want to
// show up. This is , separated
var myRestrictedDomainList = “YOUR DOMAIN NAME HERE“;
showHideDiv(myRestrictedDomainList);
</script>

In the above code replace ‘/TextToBeDisplayedDiv.js’ and “/HideShowDiv.js” with the proper URL of these two Javascript files.

Enter your blog’s feed URL and domain name (i.e. the root URL of your blog) at the indicated locations.

I got this intresting article from instantfundas and am thankful to the author of the post for providing such a wonderful article to help many non-Wp bloggers.

You can try this stuff on your blog and please let us know about your experience. Use the comment box for such shares.