A discussion of earning with Affiliate Programs, SEO, Wordpress Blogging and General Motivational Ideas for Internet Publishers

Wordpress has issued an urgent security release of WordPress 2.3.3 in response to a bug that impacts blogs that have registration enabled. From the Wordpress site…

WordPress 2.3.3 is an urgent security release. If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs. If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php. Otherwise, you can get the entire release here. Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an update is available from its author. Since we are talking security, remember to use strong passwords and change them regularly. While you’re updating WP and your plugins, consider refreshing your passwords.

Make sure to update your Wordpress install if you haven’t already done so.

         

3 Comments Permalink

I’ve just downloaded and installed Krischan Jodies fantastic WordPress Plugin: Get Recent Comments, you can see in action at the bottom of the blog here. The plugin displays excerpts of the latest comments and/or trackbacks to your blog. Although the common installation is to place the plugin as a widget on your blog’s sidebar, I added it as raw PHP code to the footer of my Wordpress template. I am very impressed with this plugin’s flexibility and with the admin tools that it installs in your Wordpress dashboard. You have fully comprehensive and complete control over the appearance which ranges from the number of comments, the length of the excerpts up to the actual Html and CSS layout.

Here’s the features on the plugin from the Wordpress site :

Feature List * Highly configurable via WordPress admin interface. * Support for WordPress 1.5, 2.0, 2.1, 2.2 and 2.3 * Adjustable layout by macros. * Handles trackbacks and comments in separate lists, or in one combined list. * Widget support * Caches the output * Order comments by date, or by posting * Support for gravatars. * Option to exclude comments to posts in certain categorys * Doesn’t show pingbacks originating from own blog * There is a special version for lyceum multiblog installations: http://blog.jodies.de/blog/get-recent-comments/lyceum/ * Supports Hannah Gray’s Profile Pics Plugin

You can download the plugin here : Get Recent Comments

It’s a snap to install, all you have to do is drop one file in your plugins directory and enable it in your dashboard and you’re good to go !!

Enjoy !!
Dave

         

4 Comments Permalink

One of my hosting clients contacted me today about an issue he was having with his Wordpress install (version 2.1.2) being hacked and over 50 spam links added to his blogrolls. The links were to a page on the Texas A&M University website :

http://csworkshops.tamu.edu/Templates/_notes/cache/accutane/index.html

The link is a re-direct to a prescription drug peddling site :

http://trustedtablets.com

Which is apparenty a UK owned domain :

Administrative Contact: RX Partners Eagloff, Jessica jessicaeagloff@yahoo.co.uk 145-157 St John Street 2nd Floor London, GB EC1V 4PY GB +44-131-516-7104x112 Fax:+44-131-516-7104

That has an IP (77.91.230.8) which is suspiciously hosted in Russia :

person: Dmitry Lazarev inetnum: 77.91.230.0 - 77.91.230.63 address: WEBALTA / Internet Search Company address: Andropova pr. 22 address: Moscow, Russia address: 115533 phone: +7 495 234 0000 e-mail: dlazarev@webalta.ru nic-hdl: DL2474-RIPE mnt-by: RU-WEBALTA-MNT source: RIPE # Filtered

I checked my hosting clients logfiles for entries to “GET /wp-admin/link-add.php” which is what will be logged whenever a Wordpress admin calls the page to add a new link. That is followed by an entry for “POST /wp-admin/link.php” which is the submission form post for a new link, and the end result is an entry for “GET /wp-admin/link-add.php?added=true”. Well, what I found was about 50 calls to “POST /wp-admin/link.php” without any calls in the proper order for a normal transaction through the Wordpress dashboard. Obviously somebody had discovered an bug in the Wordpress software and was using it to use an automate HTTP POST’s to exploit “link.php”.

To exploit this bug in Wordpress, a hacker must have registered as a user with the blog in question and I’ll go no further into how the exploit is carried out in case there are any potential losers who reading this article who would like to know how to carry this out. Anyway, here’s what you can do to prevent this type of attack from happening on your Wordpress blog.

First, disable user registration to your blog by unchecking “Anyone can register” under “Options” in your Wordpress dashboard. If you need to have other users on your blog, you can manually add them in your user managment section of your dashboard.

Second, follow this link Changeset 6256 - WordPress Trac and apply the changes to your “/wp-admin/link.php” file.

If you have any problems figuring out how to apply the changes, feel free to contact me via the contact form and I’ll gladly assist anybody (any small donations or backlinks would be appreciated), additionally, if anybody reading this is looking for a proactive, reliable place to host your Wordpress blog for $5 per month, again, contact me via the contact form. I only host Wordpress blogs and SMF forums, but whenever there is a patch or fix (or when I create a new hack or find a great new plugin), everybody hosting with me gets the updates.

Hopefully this helps prevent anybody from being hacked.

         

3 Comments Permalink

Wordpress is the greatest blogging software ever created, however there are a few issues with a standard Wordpress install aren’t exactly the most SEO (Search Engine Optimization) friendly if you’re running Wordpress straight “out of the box”. Particularly the way Wordpress handles page titles for individual post pages. Below is an example of a standard Wordpress installs handling of the html “title” tag. As is common knowledge in the SEO community, beside your domain name, the actual title that appears in the titlebar of the browser is one of the most essential aspects for ranking your posts high in the search engines, especially true with Google who has recently started bumping new articles up in the rankings and gradually fading them as the article becomes less relevant. If you’re a blogger like me, most of my articles are not particualrly time sensitive, so it is essential to have an effective title for each individual post that will sustain higher rankings over along period of time.

To begin with, choosing a short, yet descriptive title is imperative to gaining high rankings for your targeted keyowrds. Stuffing your html title is a definite mistake because in many an SEO’s experience, Google has a knack for singling out the keywords you’re not particularly trying to get ranked for. The old adage K.I.S.S (Keep it Simple Stupid) absolutely applies to standard webpages but it the single most important trick you can use to get your posts ranked high and keep them there as long as your article’s content is relative to your title.

Below is an example of the standard Wordpress install’s code to generate your blog titles :

With this standard code your individual blog post pages will have a very ugly and SEO unfriendly title as shown below…

A much better title for your individual posts would look like this…

To accomplish this, all you have to do is replace the standard code shown above with this much more SEO friendly code: