It seems that some themes that I’d used as the bases for my own themes on my WordPress installs (other than this one) didn’t have <?php wp_footer(); ?> in the footer.php file, like they should, I guess, since that seems to be what the WordPress.com stats plugin needs to register hits. I had been wondering [...]
¶
Posted 01 May 2008
† 2718.us
§
Blogging
‡
°
Also tagged: footer.php, plugin, stats plugin, wordpress, wordpress 2.5, wordpress plugin, wordpress.com stats, wordpress.com stats plugin, wp plugin, wp stats, wp2.5, wp_footer
The .1 update that many people said they were waiting for is here. (And there are reminders all over every admin page on my blog, too.) Version 2.5.1 of WordPress is now available. It includes a number of bug fixes, performance enhancements, and one very important security fix. We recommend everyone update immediately, particularly if [...]
I’ve gotten into the habit of actually reading the various blogs to which there are links on my WordPress dashboard and I saw this today from boren.nu: To make cookies secure against attacks where someone has managed to get into your database through an SQL injection exploit or other means, WordPress 2.5 introduced a user-definable [...]
I not only wanted to integrate my own other things into my WordPress-based site, but I wanted forums, too, so of course I thought of bbPress. It seems to integrate well with WordPress, but then suddenly strange things started happening with login and logout. For instance, when I logged in with bbPress, I couldn’t get [...]
¶
Posted 20 April 2008
† 2718.us
§
Web Programming
‡
°
Also tagged: authentication, bbpress, cookie, cookie domain, cookies, domain, integration, login, user, user authentication, wordpress, wordpress 2.5, wordpress login, wp2.5
After implementing other pages that used WordPress to authenticate users and deal with access control, I went to move these pages off to a subdomain, and suddenly found that auth_redirect wasn’t quite working right. When auth_redirect is called and doesn’t find a logged-in user, it redirects to login and passes the URI of the current [...]
¶
Posted 16 April 2008
† 2718.us
§
Web Programming
‡
°
Also tagged: 2.5, authentication, auth_redirect, filter, filter hook, login, php, pluggable, plugin, user, user authentication, user login, wordpress, wordpress 2.5, wp plugin, wp2.5, wp_redirect, wp_safe_redirect
5 minutes is a long time for upgrading WP, as far as I’m concerned. I think it might have taken 5 minutes total to upgrade all three of my current WP installs and check/fix plugin issues. Mind you, I use the subversion method of upgrading. If you have shell access and can run subversion, it [...]
Even though the post title and first paragraph are about calling out a sound-and-fury-signifying-nothing alert, most of his post is good stuff on WordPress, with lots of links. … there is a wave of attacks going around targeting old WordPress blogs, particularly those on the 2.1 or 2.2 branch. They’re exploiting problems that have been [...]
¶
Posted 14 April 2008
† 2718.us
§
Blogging
‡
°
Also tagged: alert, false alarm, false alert, faulkner, hack, ma.tt, macbeth, security, shakespeare, sound and fury, sql, wordpress
Plenty of people seem to have written a lot about how to make WordPress use some other program’s user authentication mechanism, but there seems to be fairly little on how to get at WordPress’s user authentication from some other program. Fortunately, I found this article, and got what I wanted. It’s a fairly straight-forward process. [...]
¶
Posted 12 April 2008
† 2718.us
§
Web Programming
‡
°
Also tagged: 2.5, authentication, auth_redirect, login, php, user, user authentication, user login, wordpress, wordpress 2.5, wordpress login, wp2.5
Having noticed what seemed like it might be an urgent-ish security-related post show up in the mass of post links at the bottom of my WordPress dashboard, then following some links: There seems to be two kinds of hackery going on, just like I’ve described: 1. Inserting “invisible” HTML full of links (for NSFW sites) [...]