WordPress

May 09, 2008

Weblog Tools Collection: Opt In To Subscribing

While reading Lorelle’s awesome post over at the blog herald entitled WordPress Wednesday I noticed a blip she mentioned about Mark Jaquith’s Subscribe To Comments plugin. Apparently, Mark has changed the way in which subscriptions are dealt with by default. In earlier versions, Subscribe To Comments would leave the Subscribe Box check marked by default, causing anyone who commented to automatically be subscribed to that blog post. This in turn created an opt-out way of thinking which has been and continues to be a bad practice.

Mark has changed this around and now leaves the subscribe box blank by default, leaving it up to the end users to decide on whether they would like to subscribe to the post or not. A much needed and welcomed change. Mark even set the plugin up so that even those who want to be subscribed to every post they comment on can do so via cookies:

I appear to have misread into Marks’ post as has been pointed out by both Mark and Lloyd Budd in the comments. What really changed with the plugin is the fact that the site admin now no longer has the configurable option of making the plugin opt-in or opt-out by default. According to Mark,

Before: option of opt-in or opt-out with default of opt-in for new installs. After: opt-in only, but with per-user checkbox stickiness. And yes, the change is old — I just have been getting a lot of e-mail about it and realized I never explained the change publicly.

I realize the change is old and the post I linked to was written in April, but because of the way I read into the post, I thought this was something that needed to be brought up due to the ethical nature of the changes that were made.

by Jeff Chandler at May 09, 2008 04:17 PM under subscribetocomments

May 08, 2008

Weblog Tools Collection: Top 10 Tools to Get Blogging Done

Top 10 Tools to Get Blogging Done: Just like it sounds, LifeHacker lists the top 10 tools, according to them, to get the job of blogging done. If you have ever been to a WordCamp and heard Lorelle speak, she has some of the best power blogging tips that I have ever come across. JohnP has some pretty effective tips on power blogging as well.

by Mark Ghosh at May 08, 2008 09:11 PM under Wordpress Tips

Matt: Foxmarks Beta

The new Foxmarks beta works with Firefox 3 and seems pretty solid. Check out Foxmark’s WordPess-powered blog.

by Matt at May 08, 2008 01:32 PM under Asides

Matt: Kyle Skips OpenID

5 reasons I won’t be getting on the open id train, by Kyle Neath. Animated comment thread.

by Matt at May 08, 2008 08:18 AM under Asides

Matt: Infrastructure as Competitive Advantage

There’s an interesting post at GigaOM: Web 2.0, Please Meet Your Host, the Internet. It’s a good read, though could be shorter, but a few things struck me after reading it. I don’t disagree with him per se, I just think the emphasis is on the wrong thing. (Probably for effect.)

Infrastructure can be a competitive advantage today — the speed and reliability of WordPress.com has certainly put us in a favorable light with users, especially large customers — but that’s going to disappear over time. We’re very much at version 0.1 of things like Amazon’s web services and App Engine, but it’s not hard to read the writing on the wall and understand that level of abstraction is going to be the future foundation of web applications. I’m not counting on infrastructure to be a long-term competitive advantage for Automattic.

If you have a few minutes it’s worth reading On Grids, the Ambitions of Amazon and Joyent which has the real definition of a grid and Sunshine, which is worth it for the extended analogies to Greek mythology. (Both end in ads for Joyent.) Also check out Early notes on GoogleApps, Dave Winer groks where this has to go.

Second, Allan describes a case of a DDOS attack hurting a friend’s startup who had very little information about how to stop it:

Unfortunately, the poor site performance was not missed by the blogosphere. The application has suffered from a stream of bad publicity; it’s also missed a major window of opportunity for user adoption, which has sloped significantly downward since the DDOS attack and shows no sign of recovering.

We can all name startups or sites that aren’t particularly known for their performance, but that flourished in spite of it. Twitter and MySpace comes to mind. If we dug a little deeper we could also find thousands of startups who were prepared for the world to show up to their door, and it never did. Building something people want is much harder than scaling it. (In most cases.) If you solve the what-people-want problem, they’ll use you no matter how bad your interface is, how slow your site is, just give them somewhere worth waiting for. I would suspect the friend here isn’t seeing their usage decline because on their Techcrunch day the site wasn’t responsive, it’s that they’re probably still in the before market fit stage.

Third, I am a huge believer in the importance of performance, but most people forget that on the web 80-95% of performance is on the front end not the page generation time. (I realize I’m saying this on a site with a 140kb header graphic. :)) Yahoo has fantastic resources on this. When a website “pops” it probably has very little to do with their underlying server infrastructure and a lot to do with the perceived performance largely driven by how it’s coded at the HTML, CSS, and Javascript level. This, incidentally, is one of the reasons Google Gears is going to change the web as we know it today - LocalServer will obsolete CDNs as we know them. (Look for this in WordPress soonish.)

Finally, for the next few years before we have true utility computing, there are some great “hardware as a service” providers like Layered Tech and Server Beach that essentially handle everything from the power to the network to hardware, and let you take over from the operating system up. This is what we use for WordPress.com, Akismet, WordPress.org, and it’s great. It’s allowed us to focus on what matters — our software and service. You still need a pro like Allan describes to handle things at the OS level (most performance problems I see are badly configured servers, not hardware limitations) but leave networking and hardware to people with economies of scale. This comment nails it.

Update: I’m in a video Rod Boothby did asking What is Cloud Computing, good timing.

by Matt at May 08, 2008 07:25 AM under rant

Matt: WordCamp Milan

I’m leaving tomorrow for Milan where I’ll be attending WordCamp Italy. Hope to see some of you there!

by Matt at May 08, 2008 06:02 AM under WordCamp

Weblog Tools Collection: WordPress Plugin Releases for 5/7

Google Maps

The Google Maps plugin allows you to easily insert Google maps into your blog, making use of the new shortCode system in WordPress 2.5. The maps can be configured to offer directions to or from the location, show or hide the zoom/pan controls, show/hide map type, activate zoom using mouse wheel. This plugin requires a API key from Google Maps.

TW-Asides

Tw-asides is an asides widget for WordPress. It lets you publish short posts that appear in your sidebar rather than in the main content column. Asides posts won’t appear in your main content stream, whether it’s on the front page of your blog or when navigating via the next/previous post links.

WP-Crontrol

WP-Crontrol is a plugin that lets you manage the WP-Cron system and see what’s going on there. This includes adding/editing/deleting cron entries, as well as cron schedules.

Random Featured Post

The Random Featured Post plugin allows you to display a random post from one or more designated categories. The featured post will display the title “Featured Post” which is customizable along with the post’s title and content or an excerpt with link to full post.

WP-Offload

WP-Offload will boost the performance of your blog by seamlessly offloading static content like images, documents and movies. This will greatly reduce bandwidth consumption and the number of HTTP requests issued to your web server. Additional features such as remote image manipulation and thumbnail generation are provided.

Google XML Sitemaps with Multiple Domains

This plugin is a solution for those running both the Domain Mirror and the Google (XML) Sitemaps Generator plugins together in WordPress.  The plugin extends Google (XML) Sitemaps so that it creates one sitemap for each mirror set up in Domain Mirror.  Sitemaps are created with the mirror URL prepended to the custom filename.

BT Active Discussions

This is a recent comments plugin that displays customizable number of blog posts with recently updated comment. The output is very similar to phpBB’s View Active Topics and vBulletin’s Today’s Posts functions.

by Keith Dsouza at May 08, 2008 03:55 AM under Wordpress Plugins

May 07, 2008

Weblog Tools Collection: Farms 100 Big Ones Theme Pack

Farms 100 Big Ones Theme Pack: Download this 100 WordPress themes zip file (17MB) and upload them to your blog to have 100 themes to play around with. Many of these themes are older but they are all widgetized, have a bunch of bug fixes, are internationalized, work on both WordPress and WordPress Mu and they have been time tested on Edublogs. I normally would not suggest that users download themes from sources other than the original theme authors’ site, but this is offered from a trusted source and the convenience of a single zip file added to the additional testing and bug fixing performed by Edublogs, is the icing on the cake.

[EDIT] James provided a preview of all 100 themes here.

by Mark Ghosh at May 07, 2008 06:01 PM under wordpress-theme

May 06, 2008

Matt: Expo Keynote

Here’s a video of my “high order bit” keynote talk at Web 2.0 Expo. It’s succinct — 10 minutes — and covers WordPress.com and Automattic growth, the possibly related posts launch, and Monotone.

by Matt at May 06, 2008 10:29 PM under web 2.0 expo

Weblog Tools Collection: A Unique Monotone

While Matt Mullenweg attended the Web 2.0 Expo in San Francisco just a few weeks ago, he previewed a new theme which looks like might be the perfect WordPress theme for photographers called Monotone. Monotone was developed by Noel Jackson and is a very unique theme in that, the color scheme changes based on the photograph being displayed. Here are two screenshots showcasing the theme in action with two different photographs.

Green Color SchemeGrey Color Scheme

Monotone takes the first image attached to a post and samples colors from it for use in the surrounding layout. Each post needs to contain one image, and optionally, any text you want. The theme does the rest, pulling colors out of and resizing the images for use in the design. You can use the visual or the HTML editor in wordpress to input your image and supporting text.

One of the only problems I’ve seen with the Monotone theme is that, sometimes the link colors blend in with the background making them difficult to see. Other than that, some of the photos really pop out at you thanks to the surrounding colors.

Monotone is generally only available for WordPress.com bloggers because the images must be uploaded to WordPress so they can resize them and extract the colors properly. For more information regarding the Monotone theme, check out the WordPress.com April Wrap Up.

As a side note, if you would like to use this theme on a self hosted WordPress blog, you will need to visit the Automattic SVN and then download and package the following files.

Also, if you happen to be using the Monotone theme on your WordPress.com blog, provide us a link so we can take a look at it!

by Jeff Chandler at May 06, 2008 08:56 PM under wp.com

Matt: Mark on DRM

The day the music died.

by Matt at May 06, 2008 03:57 PM under Asides

Weblog Tools Collection: WordPress Theme Releases for 5/5

One Column Themes

Simple Gray

simple-gray-thumbnail

Simple Gray is a one column theme which features dark tones of gray and mauve. The theme does not have any sidebars but does sport a extended footer.

Two Column Themes

Just Lucid

just-lucid-thumbnail

Just Lucid is a simplistic two column theme. The menu for the theme is shown to the left hand side of the page instead of the top. The sidebar and footer area are both widget ready. The theme contains stylesheets for 800px and 1024px width.

 

Three Column Themes

Written

written-thumbnail

Written is a 3 column widget-ready theme featuring a personal photo, full-width footer in black, white and blue/green.

Zoxengen

zoxengen-thumbnail

Zoxengen is a 3 column widget-ready theme with theme options.  The theme uses a bright color and has a section for feature articles and 6 spots for adding 125*125 banners.

Four Column Themes

LivingOS TAU

livingos-tau-thumbnail

LivingOS TAU is a four column widget-ready theme. The posts are displayed in newspaper of magazine style grid format.

by Keith Dsouza at May 06, 2008 03:55 AM under WordPress Templates Wordpress Skins Wordpress Themes

May 04, 2008

Gravatar: Identicons Deploy


WordPress.com users now have more avatar options, to choose the new defaults we talked about previously.

Those options will also be included with WordPress 2.6!

Also — the PNG thing is on our radar. Will have to change some things up to make it work again, but it’s just code. :)

by Matt at May 04, 2008 09:26 PM under Gravatar

Weblog Tools Collection: Error Management for WordPress Plugins

For the past few weeks I’ve been working on a WordPress plugin. One of my goals was to have fancy and relevant error messages.

I contemplated writing my own error manager, and even began a very basic one. I experienced hurdle after hurdle, and finally I thought to myself, “Wouldn’t WordPress have its own error manager also?”

So I did a quick source-code search and came across the WP_Error class.

One of the hurdles I ran into in creating my own error manager was error localization. The WP_Error class makes localizing error messages extremely simple.

Adding Error Messages

To add an error message, the first thing you’ll want to do is instantiate your own instance of WP_Error.

$myErrors = new WP_Error();

The next step is to add in your error messages.

$myErrors->add('access_denied', __('You do not have permission to do that.',$myLocalizationName));

There are a few things to notice here. There is something called an error code, which you will use to look up the full error message. You also have the full error message, which uses the __ function for localization.

Retrieving Error Messages

After you have added in your error messages, you’ll want to retrieve them at some point.

Retrieving an error message is as simple as calling the get_error_message method and passing it your error code.

$errorMessage = $myErrors->get_error_message($code);

From there you can echo out your message in whatever manner suits you.

Applications

Using the WP_Error class is ideal for those with themes and plugins.

For plugins, it’s best to have your errors as a member of a class. Using the class approach assures that you can access the errors throughout your methods, and also avoid naming conflicts.

For themes, you can also create your own class, or have a prefixed variable so you don’t have possible conflicts with other variables.

Downloadable and Example Code

Here is some downloadable code with an example of how the class might be used in a theme. As stated earlier, plugin authors may want to use a class for this.

The code is assumed to be placed in a theme’s “functions.php” file.

class my_class {
	function my_class() {
		$this->localizionName = '';
		$this->errors = new WP_Error();
		$this->initialize_errors();
	}
	/* get_error - Returns an error message based on the passed code
	Parameters - $code (the error code as a string)
	Returns an error message */
	function get_error($code = '') {
		$errorMessage = $this->errors->get_error_message($code);
		if ($errorMessage == null) {
			return __("Unknown error.", $this->localizionName);
		}
		return $errorMessage;
	}
	/* Initializes all the error messages */
	function initialize_errors() {
		$this->errors->add('my_weird_error', __('Some weird error has occurred', $myLocalizationName));
		$this->errors->add('access_denied', __('You do not have permission to do that.',$myLocalizationName));
	} //end function initialize_errors
}
$myErrors = new my_class();
echo $myErrors->get_error('my_weird_error');

The above code has two helper methods, one which retrieves the errors, and one which initializes the errors. The example is very basic, but should give you a good idea on how to use the WP_Error class.

Conclusion

There are many features of the WP_Error class not mentioned here, but you can dissect the code yourself if you like. The class is found in the wp-includes folder under classes.php.

The WP_Error class is a simple and powerful way to store errors, and output them rather easily. And the best thing, the messages can be localized.

by Ronald Huereca at May 04, 2008 09:04 PM under WordPress

Weblog Tools Collection: WordPress Theme Releases for 5/3

Two Column Themes

Statement

statement-thumbnail

Statement is a clean and professional looking WordPress theme meant for intellectual blogs like education, science, culture, books etc. The theme is WordPress 2.5 ready with gallery functions enabled.

GreyBox

greybox-thumbnail

GreyBox is a two column widget ready theme with space for advertising 125×125 banners right at the top of the page. The theme is simple and has a thick black border surrounding the main content.

Three Column Themes

Revolution

revolution-thumbnail

Revolution Blog is a 3-column Widget-ready theme created with clean and elegant look. The theme is largely made up of blue colors and has 2 sidebars to the right of the content.

Peacemaker

refueled-thumbnail

Peacemaker is a three column, widget-ready WordPress theme. The theme sports a header from B-36 Peacemaker which was a strategic bomber. The theme makes use of sober colors which includes gray and white.

WhiteDust

whitedust-thumbnail

WhiteDust is a fluid three column outfit, plain white background with a splash. The frontpage shows the latest post in full followed by titles of the latest eight aligned on the frontpage, while the sidebars are enabled with recent comments, flickr feed, enabled with flickr support, pagenavi support, related posts and recent comments.

by Keith Dsouza at May 04, 2008 03:55 AM under WordPress Templates Wordpress Skins Wordpress Themes

May 03, 2008

Weblog Tools Collection: Create Your Own Admin Color Scheme

Here at WeblogToolsCollection.com, we have already discussed how you can change the color scheme in the WordPress 2.5 administration panel from Classic to Fresh. We have also highlighted an awesome plugin that was written by Kaspars which gives users up to 8 different color schemes to choose from. However, what if you want to create your own color scheme? Thanks to a plugin written by James Dimick called Easy Admin Color Schemes, users can now create their own flavor of the WordPress 2.5 back end.

Default Easy Admin Color Schemes

After downloading and installing the plugin, you can access it by browsing to SETTINGS-COLOR SCHEMES. There are three color schemes to start you off, Classic, Fresh and Washedout. The plugin does not allow you to delete nor edit the Classic and Fresh color schemes. This makes sense as you wouldn’t want to screw up a default skin only to have to reinstall WordPress to fix the issue. However, you can edit the Washedout color scheme which introduces you to the plugins functionality.

The plugin starts off by giving you the chance to name your color scheme. Next, give your color scheme four primary colors. If you don’t know of a six digit color code, there is a small arrow to the right of the text field that will open up a color picker. Opening the color picker and then selecting a color will automatically place the corresponding color code into the text field.

Creating your own color scheme

Once you have your four primary colors in order, the next step which is the longest of them all is to go through all of the CSS specific code and change the color code values to something else you prefer. There at least 10 different CSS files which make up the styling of the administration panel. There are more if you want to include support for RIGHT TO LEFT text. This plugin takes all of those CSS files and puts them in one place for you to edit, which makes things so much easier. Also, for those who have javascript enabled in their browser, you can view a live preview of what the changes will look like on an active WordPress administration page. Very handy as it cuts down on the browser refreshes.

One thing that I think this plugin is missing is an easy way for users to share their creations. If a download or save link could be added to the color schemes which would automatically package the necessary files together which could then be saved to my desktop for distribution, this would make the plugin a home run.

If you are looking at adding some spice to your WordPress back end, give this plugin a try. I don’t think it could be any easier than this plugin. The only problem with creating a color scheme is figuring out where each CSS class or DIV is defined. That’s where FireBug comes in.

Good luck and if you happen to create a color scheme using this plugin, be sure to say so in the comments.

by Jeff Chandler at May 03, 2008 07:31 PM under WordPress

May 02, 2008

Weblog Tools Collection: The Best and Worst Times to Post

Want That Post to Go Popular? Here’s The Best and Worst Times to Post It He determined the best days and times for a blog post to be submitted to those sites if its author wants it to receive the maximum number of votes, comments and inbound links. Interesting data and tabulation of said data to determine what is the best and worst time to publish a post. Data is derived from various information collected through aideRSS. I will not steal the original authors’ thunder by posting the answer here but I agree with the numbers for blogs which have a primarily US reader base. If your audience is from across the world (as on this blog), this might not be as relevant.

by Mark Ghosh at May 02, 2008 09:50 PM under brainstorming

Weblog Tools Collection: WordPress Theme Releases For 5/1

One Column Themes

TJ-Clean

TJ Clean WP Theme

TJ Clean is a simple, clean cut yet feature-full WordPress theme which is great for sites where content is king. Ideal for personal blogs as it includes integration with Flickr (photo sharing), Last.FM (music sharing) and status updates from Facebook/Twitter (and others). This theme is also XHTML Strict 1.0 and Valid CSS 2.1.

Two Column Themes

30April

30April WP Theme

30April was created by the theme author to celebrate his birthday. This theme contains widget support, is fixed width, contains an extra footer, theme options to make changing and editing the theme easy and built in gravatar support.

Milky Conversations

Milky Conversations WP Theme

Milky Conversations is a two column, widget ready theme that is based off of the White As Milk theme, written by Azeem Azeez. The theme has been released under GPL and is fully compliant with the license. As the name implies, this theme is pretty white with black text and a little bit of orange thrown in via the RSS icons.

Three Column Themes

Khaki Traveler

Khaki Traveler WP Theme

Khaki Traveler was developed by Jeremy Clarke. It has a tan color scheme and a travel themed header. It is also a three column widget ready theme. It has gravatar support as well as tagging support. It has a top navigation menu with an easy to access log-in form.

Hybrid Themes - Themes Where The Number Of Columns Can Be Configured

Choice

Choice WP Theme

Choice is a highly configurable theme that supports either 2 or 3 columns, is widgetized, theme options to control the themes background color, theme text weight, theme heading color, number of sidebars and whether or not your slogan appears. The theme also has native tag support.

by Jeff Chandler at May 02, 2008 10:37 AM under WordPress

May 01, 2008

Matt: Favorite Posting Bookmarklet

A question for Ma.tt readers: What’s your favorite posting bookmarklet? We’re starting to think about ways to make posting to WP from wherever you are on the web easier in 2.6, just curious what you guys enjoy the most and why.

by Matt at May 01, 2008 06:54 PM under WordPress

Weblog Tools Collection: Take Crontrol Of WordPress

Not too long ago, a new plugin was released called WP-Crontrol. WP-Crontrol allows you to take control over what is happening in the WP-Cron system.

WP-Cron is a tangle of black magic that allows a plugin developer or a user to schedule commands to be executed. WP-Crontrol is a plugin that lets a blog owner see through that magic and figure out what’s actually going on

If you want a detailed introduction to this plugin as well as an explanation as to how to use this plugin in conjunction with WP Database Backup to create backups when you want them, be sure to check out this article: Add a new WordPress backup schedule with WP-Crontrol

Also on the radar today is a quick fix for the WordPress 2.5.x image uploader. Awsom.org is reporting that there is a no-flash plugin that is available which returns the previous image upload function from earlier versions of WordPress.

by Jeff Chandler at May 01, 2008 07:57 AM under wpcrontrol

April 30, 2008

Weblog Tools Collection: Announcing WordPress Plugin Competition 2.5

It is time for another WordPress Plugin Competition. Plugin competitions of the past have seen fantastic code, extremely useful and fun plugins and have generated a lot of interest in WordPress and plugin development. Prizes have been very generously donated by readers and well wishers and we already have some donations towards this year’s competition and are looking for more. The final list of prizes will be determined very soon. If you would like to sponsor a prize or donate some money to the competition, please contact me. Lots of eyes see these competitions and your encouragement goes a long way in helping provide incentives. The plugin competition will begin on the 10th of May and will last till the 10th of July.

There will be prizes for first, second and third places and a consolation prize. The plugins should be officially submitted through email and the Plugin Competition Blog (which will be cleaned for the new competition) should be used as a launching ground for plugin ideas, updates, development news etc. The plugins will be judged by a panel of at least three judges and reader feedback will be an essential part of the judging process. At the end of the contest, we will put up posts for each submission and will open them up to our readers for two weeks. The contest results should be declared by the beginning of August.

All code must be GPL (or compatible) and should be available for download through the Competition Blog and preferably through WordPress Extend. The plugins can be modified and tweaked till the last day of the competition or until the author sends us an email with the final version of the code. In essence, the Plugin Competition Blog is the preferred vehicle of communication for all contestants.

Some relevant details:

  • Running time for competition = 2 months starting the 10th of May till the 10th of July.
  • True Wordpress plugins only. No manual modifications can be required of users.
  • You cannot submit plugins that have been released already. New code only please.
  • Plugins can only be submitted via email. We will make that email address public later on in the competition.
  • Plugins cannot have opt-out links back to the authors’ pages (from the main blog pages, admin pages are fine). If you have links or donation forms, please make them opt-in.
  • All plugins require documentation as in the Wordpress Extend pages. Documentation will be one of the judging criteria.
  • Preliminary support for the plugin has to be provided to the public.
  • We are looking for innovation, documentation and elegant code.
  • Any and all prizes/controversies/issues will be judged and decided at our sole discretion.

More details to be added with time.

Stay tuned and please help spread the word.

by Mark Ghosh at April 30, 2008 11:27 AM under WordPress

Lorelle on WP: I Love My WordPress Mug


WordPress MugHave you seen the new WordPress mug?

For ages, while the WordPress Shop began their offerings of WordPress logo items with t-Shirts and hoodies, I kept telling the powers that be that I wanted a coffee mug. A big mug for my frequent cups of daily tea. A product that is useful and reusable, and it cleans up easily. Something I can display in a workplace environment that says “I love WordPress.”

I finally got my request! Now you can join me for a cup of tea…or coffee or whatever hydrates you…and proudly display the love you have for WordPress on your desk or in your home.

The mugs are dark blue with the small WordPress “W” circle and are designed for serious drinkers. The mug is great for soups. Even my picky husband loves the large handle and big size. We’re thinking about replacing all our tea mugs with WordPress mugs.

The WordPress Shop is produced by Indigo Clothing Ltd.

HOW TO BUY THE MUG

To buy the WordPress Mug, order it from the WordPress Shop online from the WordPress mug order page.

To order anything from the WordPress Shop, go to the WordPress Shop to order online.

WordPress products and schwag will probably NOT be available at a store near you unless , founder of WordPress, succeeds in his dream of world domination…with WordPress, of course. :D

Order Problems: If you are having problems with the order of anything from the WordPress Shop, contact the WordPress Shop. Do not leave a comment here. They won’t see it and no action will be taken.



Site Search Tags: , , , , ,

Feed on Lorelle on WordPress Subscribe Feedburner iconVia Feedburner Subscribe by Email Visit
Copyright Lorelle VanFossen, the author of Blogging Tips, What Bloggers Won't Tell You About Blogging.

by Lorelle VanFossen at April 30, 2008 11:11 AM under WordPress News

Dev Blog: Upcoming WordCamps

WordCamps are my favorite events to go to because there’s something about the core WordPress community that attracts smart folks with good philosophies that are fun to hang out with. In this post I’ve collated the upcoming WordCamps we know about, including the one in San Francisco. Hopefully there will be one nearby so you can meet other WordPressers in your area.

WordCamp San Francisco will be August 16 at the Mission Bay Conference Center.

WordCamp Paris will be on May 3rd. Here’s their official site.

WordCamp Italy in Milan will be May 10th. (And I believe I’ll be there.)

WordCamp Birmingham UK will be July 19-20.

WordCamp Toronto will be October 4th.

There are people in the planning stages in Australia, Philippines, Beijing, Utah, Hawaii, UK, NYC, and possibly others, so if you live in one of those areas and would like to help set up a WordCamp in your area Google around or connect with bloggers in your area.

You can always find out more at WordCamp Central.

by Matt at April 30, 2008 09:54 AM under Events

April 29, 2008

Alex King: Theme Browser “Fixed”

I got a couple of reports that my WordPress Theme Browser was not working. I checked it out, and sure enough - not working.

This was a bit of a surprise as that code hadn’t changed in years. Turns out, it was the browsers that had changed.

I had moved the theme browser from my site (to reduce server load) to my hosting account at Joyent a long time ago, and set it up on the domain managedtasks.com. The frameset page and the top frame were hosted on alexking.org, while the bottom frame - the theme viewer - was on managedtasks.com.

This combination stopped working because the browsers changed their cookie security settings. If you have your cookies set to “only accept cookies from sites I visit”, then your browser was rejecting the cookie from managedtasks.com (because the URL in your browser was alexking.org).

If this cookie wasn’t set, the proper theme was not displayed; hence the theme browser being :scare: broken :/scare: .

I’ve moved it all onto managedtasks.com now, and everything appears to work again.

ShareThis

by Alex at April 29, 2008 06:32 PM under alexking.org

Weblog Tools Collection: Need something designed? Crowdsource it.

99 designs is an interesting site. It fills a niche that I have carefully treaded in the past and have received negative feedback for (rightfully so). 99 Designs allows you to crowdsource your design needs. If an organization or an individual seeks a new design, they hold a “contest” of sorts using the tools built into 99 Designs and offer up some money for their project. Designers are then allowed to post entries for these and the contest holder is allowed to pick and choose the best design(s) and distribute the money based on the winning design. In the past designers have turned up their nose on design contests for a variety of reasons, most of which I agree with. However, the surprising thing about 99 Designs is the popularity of the site and the sheer number of designs that have been submitted for existing contest. Some of the work submitted is top notch. My question for designers is to find out whether competition has become so fierce and economic conditions so strained that contests are now fair game or have the rules changed a little? What do you think of the submitted designs on the linked site?

by Mark Ghosh at April 29, 2008 03:07 PM under design

Weblog Tools Collection: WordPress Plugin releases for 4/28

Clean WordPress Gallery Plugin

This plugin replaces the default gallery feature in WordPress 2.5 with a valid XHTML solution and offers Lightbox, Slimbox, and Thickbox support.

Theme Tester

The Theme Tester plugin allows you to change themes and view the results without the visitors to your blog seeing any changes. The visitors may notice some changes if your current theme uses blog options that a new theme overwrites.

Fresh Plus Visited

Fresh Plus Visited is a very simple plugin for WordPress 2.5 that adds a user color scheme to the admin interface.

Lameda

Lameda stands for List Attachment MEtaDAta. The plugin enables you to display any information from your attachments like photos, music files, pdf, etc within your posts or pages.

Movie2Blog

The plugin inserts short movie info in your posts (poster, title, directors, actors, runtime, short review, trailer). Uses Cinema Rx for serving data.

Fun with Random Comment Forms

The plugin replaces the form field names in the comment form with random names then uses sessions to name them correctly after submission before passing the values back for comment processing.

Easy Admin Color Schemes

The plugin allows you to manage the color schemes in your WordPress admin area. You can add new colors as well as edit current ones.

Facebook Dashboard Widget

Using the dashboard widgets available in WordPress 2.5, this plugin will process your Friends status updates RSS feed and/or your Facebook notifications feed, and add a widget for each to your WordPress admin dashboard.

by Keith Dsouza at April 29, 2008 03:55 AM under Wordpress Plugins

April 28, 2008

Gravatar: The Faces of CPAN


Michael S. writes in to share with us two tidbits. The first is that there is now a Gravatar CPAN module (which is cool enough all on its own!) And that they have a very cool page allowing you to see “The Faces of CPAN” via their gravatars (CPAN has supported gravatars for their authors for a while now). Both of these are great finds. Awesome code! Awesome Ideas! Keep up the good work CPAN team!

by apokalyptik at April 28, 2008 09:57 PM under Implementation

Weblog Tools Collection: Exporting-Importing A Category

When it comes to exporting, WordPress already does a wonderful job with it’s support to export posts, pages, comments, custom fields, categories, and tags. However, there is a problem. The WordPress exporter lacks granularity. What I mean by this is that, the exporter covers the entire blog instead of being able to select certain categories to export. I’ve searched the WordPress Plugin database high and low to look for a plugin that would specifically export categories and I could not find one. I did manage to come across two techniques though that get the job done.

There are two ways to export specific categories. The first is to read this forum post where HandySolo explains how to use the category RSS feed to export specific categories from a self hosted blog to a WordPress.com blog. The problem with this method is that, none of the meta data attached to the posts are carried over with the posts.

The second method is not pretty but it gets the job done. What I ended up doing was creating a new user account on my blog. I then used the post manager and filtered the posts by the category for which I wanted to export. I went through each individual post and quickly changed the post author from the original account, to the newly created user account. In my case, I had to do this to 25 individual posts. What is annoying about this method is that, when you save a post under a new author name, any blogs or posts that you have linked to within those posts will end up resending PINGs. However, I believe if you turn off this setting under the SETTINGS-DISCUSSION link in your administration panel this will prevent that from happening. Just remember to turn that back on after you’re finished.

After all of the posts within the category have been reassigned to a new author, you are ready to export. In your WordPress administration panel browse to MANAGE - EXPORT. Now here is the important step. Underneath where it says OPTIONS, you have a drop down box where you can restrict the export to a certain author.

WordPress Export Options

In the drop down box, select the newly created author and click on the DOWNLOAD EXPORT FILE and a WordPress WXR file will be downloaded to your desktop. This file will contain all of the posts from the category you wanted to export because the new user you created was assigned to only those posts within that category. This method actually allows you to export specific categories while maintaining the meta data associated with those posts such as comments and tags.

This is probably not the best way to obtain these results but it’s the only method that I’ve found that allows me to export specific posts/categories while still having all of the other data attached to those posts. If you have a better solution or know of a plugin that can obtain the same results, I’d be very interested to know about it.

by Jeff Chandler at April 28, 2008 02:07 PM under exporting

Lorelle on WP: WordPress Security Prevention, Reactions, and Scares


Matt Mullenweg spoke out recently on the recent bogus “SecurityFocus SQL Injection” fear spreading across the web. There is a huge perception today that WordPress is a security risk. This is not true.

As Matt discussed, fears of SQL server vulnerabilities and other security issues have gotten out of control, for WordPress as well as other open source and proprietary programs, which he likened to “running into a crowded theatre and yell ‘fire’ and the less basis there is in fact the more people link to them. It’s not uncommon to see crying-wolf reports like the above several times in a week…”

Jeff Jones, a software security expert, dug into the history of a recent SQL server issue and reported:

Last week a web-based news story comes to my attention which asserted that last year SQL Server had “…most vulnerabilities last year of any commercial database…” That prompted me to do some fact checking and I thought it worth documenting the real (really good) story of SQL vulnerabilities and what commercial database had the most vulnerabilities last year…

So. One thing is clear from the rudimentary investigation I’ve performed here - SQL Server was not even close to having the most vulnerabilities last year of any commercial database.

In fact, though SQL 2000 Server may have had a rough track record up through 2003, the SQL team has certainly turned a corner since then and SQL Server 2005 has had one of the best security track records of any commercial database ever.

In a report on his Security Blog, Internet Explorer and Firefox Vulnerability Analysis (pdf), Jones reported that has had more security vulnerabilities than Internet Explorer, even though it is a widely held belief that FireFox is the “better” browser.

When a security issue came up with , it was fixed within 10 minutes of being reported. Yet, the news spread around for days that WordPress.com was a security risk.

Perception is everything. In another report and analysis, Jeff Jones reports on the increasing number of disclosures influencing the perception of security issues and vulnerabilities as they catch the public eye.

The number of disclosures of new software vulnerabilities across the industry continues
to be in the thousands, with more than 3,400 new vulnerabilities disclosed in 1H07 [first half of 2007]. But this number actually represents a decrease from 2H06, the first period-to-period decline in total vulnerabilities since 2003.

There are a couple of other interesting results that I want to call out that you should examine with more detail in the full report:

* Social engineering plays a growing role in overall malware attack techniques. This is a key result since even with vulnerability-free software, these techniques could succeed against users of any platform.
* Windows Defender has proportionally detected 2.8 times less potentially unwanted software on computers running Windows Vista than on computers running Windows XP SP2, based on normalized data. This is a practical measure of benefit that is somewhat more valuable in my opinion than vulnerability comparisons.

As Matt said, the more sensational and invalid the security scare, the more likely it is to be spread in this age of social networking where anyone can have their say and link. Even sites with few security problems quickly get a bad reputation. We need to pay attention to the serious threats so these cries of fire do not become cries of wolf.

How Vulnerable is WordPress?

So how vulnerable is WordPress compared to other blog and CMS platforms? The US National Institute of Standards and Technology - National Vulnerabilities Database tracks reported WordPress Security Vulnerabilities from the earliest years. Let’s compare WordPress to Joomla and Drupal:

Platform 2005 2006 2007 2008
WordPress 11 18 49 34
Joomla 4 28 31 12
Drupal 6 17 16 8

Is the recent high numbers due to increased usage and popularity of WordPress? Is it because it is becoming a target of those who want to find ways of breaking WordPress? Is it because there is a dedicated WordPress Community to uncover and report such issues? Is it because there are so many who care that WordPress remains safe and secure?

With more and more people using WordPress, more and more hackers are digging into the core to find ways of breaking WordPress. Luckily, there are enough “white hat heroes” that report the vulnerabilities they find rather than exploiting them, helping the team improve WordPress constantly.

Is My WordPress Blog Safe?

WordPress Security graphic represenationMatt also also offered some sensible tips and information for those worried about the “increasing security threats” to WordPress. His recommendations: Update WordPress. Use common sense. Use strong passwords. Be aware.

Always keep a backup copy of the latest version of WordPress, your WordPress Theme, a full backup of your WordPress database, WordPress Plugins, and copies of all the images and files on your host server. If something does happen, you may need these backups to restore your blog.

To keep your WordPress blog safe:

  1. Update WordPress.
  2. Update your WordPress Theme.
  3. Update WordPress Plugins.
  4. Monitor WordPress news sources for alerts about security vulnerabilities and upgrades, such as WordPress Wednesday news on the Blog Herald, (official WordPress aggregator), the , and .

To check your blog now for unwanted links and hacking attempts:

  • Install and run the WP Scanner WordPress Plugin from Blog Security.
  • In FireFox, go to Tools > Page Info > Links (not available in FireFox 3 Beta) and check each link to ensure you put it there and it goes to sources you trust. Manually view the page source code of your blog (View > Page Source) and check to ensure each link is trustworthy. Is each link a link you want on your blog?
  • Examine your WordPress Theme template files, especially the header.php and footer.php for unwanted content and links. If you didn’t put it there, who did? Do you want it there?
  • Check random posts on your blog for unwanted content and links. Edit these through the Administration Panels to remove the unwanted content from the database.
  • Search your template files, stylesheets, and database for display:none and/or height:0 as these are common styles used to hide unwanted content and links. Remove them from the posts or files accordingly. I recommend Silpstream’s WP-phpMyAdmin WordPress Plugin for searching the database directly from your WordPress blog.

If you are not using the latest version of WordPress, your blog may be at risk. Currently, WordPress 1x is no longer supported. The WordPress 2.0x branch has been upgraded to 2.1.3 and 2.0.11. See the WordPress Release Archive for past versions of WordPress.

Blog Security recently updated its popular WordPress Whitepaper which reports on security issues and problems with WordPress. It includes tips and step-by-step procedures to improve the security of your WordPress blog, beyond the scope of this article. Also, consider using the WPIDS - WordPress Intruder Detection System Plugin to help you monitor your blog for intruders and attacks.

Related Articles on WordPress Security



Site Search Tags: , , , , , , , , ,

Feed on Lorelle on WordPress Subscribe Feedburner iconVia Feedburner Subscribe by Email Visit
Copyright Lorelle VanFossen, the author of Blogging Tips, What Bloggers Won't Tell You About Blogging.

by Lorelle VanFossen at April 28, 2008 11:15 AM under WordPress Tips

April 27, 2008

Weblog Tools Collection: Woopra and WordPress: Unofficial Coolness Guide

Woopra was opened up to the world at the Dallas WordCamp where I met John for the first time. His talk was not on Woopra but he introduced it to the event in a very short, three minute spiel. Since then Woopra has generated a tremendous amount of buzz in blogging circles. In short, Woopra is a stats tool for websites that lives as an application on your desktop (among other places) and can provide live webstats on your visitors. I like it since it is fast and since the developers gave me an opportunity to look at the insides early on, I have developed quite a fondness for it. They are in growth mode and with the recent upgrade to their desktop client, they can support more locations and are in the process of approving a large number of new users for their service.

All of that being said, with my previous knowledge of Woopra and its capabilities, I was literally floored this afternoon by a flood of new “stuff” that I had either completely missed or capabilities that were added in this new release. So if you are a Woopra user (or if you are not, just sign up), pull up a chair, grab a cup of your favorite beverage and read on. This is pretty cool.

All of the following assumes that you have an active Woopra account, are using WordPress, have the WordPress plugin installed and have the Woopra application (1.1.1.0) installed on your machine.

  • With Woopra, and the Woopra WordPress Plugin, you can monitor all your registered users and all your commenters. This sounds obvious/relatively mundane until you install the plugin on your WordPress blog and create an event notification on the application. Follow the bouncing ball.
    • Open up your Woorpa application, click on the manage tab on the left and then click on Create a new Event Notification.
    • Then type in “Known Visitors” into the label box, click Next.
    • On the next window, click and activate the checkbox next to “Visitor is tagged or is a member” and click next until you come to the “Edit Notification’s look and feel” screen.
    • Here click on the “Notification’s Icon” dropdown to click on “visitor’s Avatar” and then paste the following in the “Custom notification message” box: Visitor %NAME% is viewing %PAGETITLE% Then click on Apply Notification button

    Now you will receive a notification on your desktop whenever a registered user or a user who has left a comment, visits your blog. This gets even cooler when you notice their gravatar shows up on the notification and you are now able to track these known visitors are they traverse through your blog. You can even choose to initiate a web chat with these visitors through the Woopra application. The chat shows up on their browser. This is cool and scary at the same time.

  • Another cool new tool I discovered today was the little map of the world on the top left corner of the “live” tab. Now I had noticed the map there but had not looked into it much. Look for a small arrow on the top right corner of that map. Once you click on that arrow, the map opens up to a full screen view and now you are able to use your mouses’ scroll wheel to zoom in on any part of the map and use your cursor to identify users. I could spend hours doing this on a busy day.
  • I had noticed the small column of labels at the top right hand corner of the Woopra desktop application but had not paid much attention to it. The lowest item on that list is called “live” and once clicked it shows the number of  users on your blog on a moving bar graph, much like whos.amung.us
  • The analytics tab has a bunch of hidden gems. Some newer features were also added to the items on this tab. Click on the Analytics tab on the Woopra application and look for the following:
    • The “referrers” tab now has a few new subtabs. They include regular stats stuff like webpages, domains and search engines. But now this tab also include Feed Readers, Emails, Social Bookmarks, Social Networks, Media, News and Communities. Each one of these intrigued me and the I was taken aback by the breakdowns of referrals from various applications. The Email tab gave me the most food for thought. If your blog has email readers or you publish regular newletters via email, this tab could help you identify reader populations from various email services. Clicking on the graph part of the display brings up a historical view.
    • The “pages” tab breaks up visitors by subdirectories. With WordPress’ permalinks, you can now determine how hard your yearly archives are working for you. Apparently, over a thousand people looked at my archives from 2003 this week. As your data grows, this tab could contain breakdowns by tag, by author and any other permalink features that you have enabled through your blog. I wonder why our WordPress tag is so popular?
    • The last tab to point out is “systems”. Now this data can be mundane and almost all stats programs offer some sort of systems breakdown. Woopra adds to this functionality by letting you find permutations of systems options. This blog receives more Chinese speaking, Internet Explorer 6 users on Windows XP than any other language. I will be using that information to my advantage, I am sure you can find your particular niche to help or enhance.

Woopra is a great tool. It is even better with these little tidbits. There are literally thousands of different ways to enhance your stats and understand your reader population better. I have just outlined a few that I had completely missed till today.

Have you found any cool new tricks for Woopra that you would like to share?

by Mark Ghosh at April 27, 2008 10:31 PM under wordpress-plugin