Attacking WordPress http://www-personal.umich.edu/~markmont/awp/
Good presentation on the nuts and bolts of breaking into a WordPress site and taking control of the server. Uses only open source tools. A must read for anyone that needs to secure a web server.
15+ Must-Have Tools For Every WordPress Admin – WPMU DEV. http://premium.wpmudev.org/blog/15-must-have-tools-for-every-wordpress-admin/
The WordPress ecosystem is as colorful and varied as it is large. From the smallest personal blogs to directories of impressive size and complexity, the full spectrum is indeed a diverse one indeed.
Managing our site can be a hassle, though, especially as they become more and more complex. Luckily there are great tools that can help us in our daily administrative tasks.
Flaw in PHP XML Processing Hits Drupal, WordPress. Time To Patch ’em Up.
For the first time, the open-source Drupal and WordPress content management teams have coordinated joint security releases to fix a new vulnerability.
The flaw, first reported by security researcher Nir Goldshlager, is a potential denial-of-service (DoS) issue with PHP’s XML processing module. Drupal and WordPress use the same PHP module, which is why both content management systems are at risk from the same flaw. Drupal is particularly prominent because it is used on U.S. government sites, including WhiteHouse.gov, and WordPress is deployed on more than 60 million sites.
“This bug can be utilized without the aid of any plug-ins, and it functions smoothly on the default installation of WordPress and Drupal,” Goldshlager explained in an advisory (which is running on a WordPress site itself). “Only one machine needed to exploit this vulnerability.”
In an advisory on the drupal.org site, the vulnerability is rated as moderately critical. The Drupal advisory explains that the bug that Goldshlager found is within the PHP XML parser and could trigger CPU and memory exhaustion, in turn causing a DoS condition on the affected site.
via New Flaw Puts Millions of WordPress, Drupal Sites at Risk.
Patches are provided by Drupal 7.31, 6.33 and WordPress 3.9.2.
New Release: Multisite Reader Plugin Transforms Your Network – WPMU DEV
New Release: Multisite Reader Plugin Transforms Your Network – WPMU DEV.
Add follow features to WP that allow for a reader. Would require lots more subscriptions on ClassCaster to be real useful.
Install and Manage WordPress-Nginx Websites from the Command Line with EasyEngine
EasyEngine (ee) is a Linux shell-script to install and manage wordpress-nginx websites in one go. Using EasyEngine, you can install Nginx, PHP, MySQL, Postfix, phpMyAdmin and their dependencies in one shot easily without the help of a System administrator. It makes very easy to install and manage wordpress-nginx websites, and you don’t have to manually install each packages and memorize all commands. Everything will be done automatically on the background. EasyEngine will work on Ubuntu LTS versions such as Ubuntu 12.04/14.04, and Debian 6/7 version.
Looks like it would take some of the tedium out of deploying WP sites. This blog runs WP on Nginx and getting it set up was not super easy, lots of config file fiddling was called for. EasyEngine is open source and on Github at https://github.com/rtCamp/easyengine.
25 Useful Plugins for WordPress Multisite Networks
There’s always a lot of discussion on the WPMU DEV forums about this very topic, so I asked our support crew and developers what plugins they recommend people install on their network.
Whether you’re new to running a Multisite network or have been hosting your own network for some time, you’re sure to find many of the plugins below (in no particularly order) useful for managing your sites.
via 25 Must-Have Plugins for WordPress Multisite Networks – WPMU DEV.
If you’re running a multisite WordPress install this list of plugins is a pretty good place to start in the search for the right mix of features to run the network smoothly and provide useful options to your bloggers. We use many of these plugins on Classcaster, the free podcasting and blogging network for CALI members.
Same on the Outside, New in the Inside
Just a quick note to mark the changing of some of the back end of my blog. I’ve upgraded to WordPress 3.6. That was straightforward and seems to have gone well. I know there are a slew of new features included i WP 3.6 but I haven’t gotten to those yet. For a variety of technical reasons I moved the hosting and DNS of the domain and blog to Linode. With the move to Linode I switched web servers too. This blog is now running on the Nginx web server instead of Apache. I’ll probably have more to write about that switch in the coming weeks.
With these changes I bumped the version number of the blog to 6, so this now officially the sixth incarnation of my blog. I’ve been using WordPress since 2005 and you can find all of versions 4 and 5 going back to February 2005 on this blog. I’ve been blogging since October 2000 and have most of the archives of those blogs handy but offline at the moment. I’ll be bringing them all back shortly.
More soon.
Some Automattic Shareholders Cash Out to the Tune of $50 Million
…there has been a large secondary transaction in Automattic stock, about $50M worth. “Secondary” means that it’s existing stockholders, like the earliest investors or employees, selling stock to another investor versus money going into the company (“primary”)
via Automattic After-Market | Matt Mullenweg.
What this means is that a small number shareholders of Automattic made a decision to sell some of their shares to an outside investor, turning paper wealth into actual cash money.
Typically these sorts of transactions aren’t about the company, but more about the folks buying/selling the stock. A company like Automattic probably has a pretty long list of folks interested in acquiring some stock in the company. At the same time there are stockholders who for various reasons may want to convert some of their shares to cash.1» Of course this sounds like a straight forward market transaction, but since Automattic is privately held the rules are different and the stock isn’t simply traded like Google or Microsoft.
The bottom line is that Automattic continues doing cool things with WordPress and more and some folks have an extra happy holiday weekend.
How About a Pastry Box Project For Legal Ed?
Every so often I find something on the Internet that is truly interesting and engaging. The Pastry Box Project is one of those things.
Each year, The Pastry Box Project gathers 30 people who are each influential in their field and asks them to share thoughts regarding what they do. Those thoughts are then published every day throughout the year at a rate of one per day, starting January 1st and ending December 31st. 2013’s topic is “Shaping The Web”
About – The Pastry Box Project
The result of this is a stream of daily posts on a given topic, this year it happens to “Shaping The Web” . Every morning there is something new. It might just be a 140 character thought, a single tweet. It may be 1000 words on some point of web design. Or it may be just about anything in between. No matter what the topic, it is one of those 30 voices, every morning. And the interesting thing to me is how those 30 voices merge to create a single tone for the blog. It’s that tone that brings me back every morning.
Of course it took just 2 or 3 days of reading for me to start thinking about the possibilities in this format. How great would it be to get 30 voices involved in legal education,a collection of deans, teachers, technologists, librarians, to participate in something like this? 30 individuals letting us know what they are thinking about, or doing, or tying to do on the topic of “Shaping Legal Education“. Everyday, one a day, for a year. I think that would be pretty cool.
The Pastry Box Project software is open source and is mostly a WordPress theme, which means it can be run just about anywhere, even added to CALI Classcaster. The editing interface is pretty straight forward and all posting is scheduled using the workflow tools baked into WordPress. The hard part is finding 30 voices.
I would suspect that a little leg work would turn up 30 folks interested in posting once a month for a year according to very fixed schedule. One of the great things about the Pastry Box from an editor’s point of view is that it is very predictable. The timing of (and deadlines for) posts from a specific person can be mapped out for the entire year. Everyone knows what is expected of them and when.
This time I’m just writing about the idea. I haven’t set up any software, just getting the idea out there (something I’m trying to more of).
What do you think? 30 individuals letting us know what they are thinking about, or doing, or tying to do on the topic of “Shaping Legal Education“. Everyday, one a day, for a year. Please use the comments to let me know if you’re interested in the idea, think I’m out of mind, etc.
Try Netbeans PHP IDE for WordPress Development
http://www.wpmayor.com/articles/best-ide-for-wordpress-development/
For fully-fledged regular WordPress development [try] using Netbeans for PHP. It has features like code completion, easy WordPress function reference, project management, database editing, file comparison, FTP, debugging facilities and much more. It can also be extended through plugins available on the Netbeans website. Having all these features integrated into one IDE makes it easier on the developer as it eliminates the need to switch to other windows to access applications (for example Filezilla, PHPMyAdmin etc.)