As I’ve ventured back into doing a lot of WordPress development these days, and will be taking on a housekeeper type role for a company that manages hundreds of WP sites, I figure as I begin to more closely follow WP development, I figured it would be a good time to resurrect this site.

On that note, I found that there’s been quite a bit of buzz this weekend about some new found exploits in out of date installations. One in particular it seems manages to create a hidden admin account. Hidden in the sense that when you look at your list of users, you won’t actually see the account. From what I’ve read, part of the genuine pain that this exploit causes users is that even after updating to the latest version, the exploited account will still exist and potentially still wreak havoc.

If you haven’t caught the link from the dashboard (or if like a lot of people, you change/disable the planet feed), Dougal Campbell has provided a SQL query to check for all users who have administer privileges.

As I follow up on these exploits, I may post more information, but in the meantime, if you aren’t running the latest version, I highly recommend taking the time to dust off your backup notes and tackle the sometimes easy, sometimes PITA task of upgrading your site(s).

westi on wordpress

WordPress 2.6.5 has been released, addressing a few small bugs, and a few fringe security issues it seems. At first glance, I thought this was an odd thing, considering 2.7 is around the corner, but after a little thought, it makes sense. One, a security issue was found and fixed, and two, some people (this author for one) dislikes immediately upgrading to the latest and greatest release, so having a secure (as possible) 2.6.x release with a few nagging bugs taken out allows for sites to wait, test out, and take their time to upgrade to the 2.7 release.

WordPress › Blog.

A slew of fixes since b1 are in this release, perhaps too many, suggesting to me that it went beta too quickly, though I’ve never quite grasped beta/alpha/release candidate structures. Every project seems to have their own ideas.

I’ve not tested 2.7 myself, but the comments on twitter and via a few feeds have been positive, what are your impressions?

While reading up on the upcoming changes in WP 2.7,I came across an article aboutThe New 2.7 Dashboard. Tucked towards the bottom was this little ditty:

rather than including something rushed and clunky, we’re holding off until a later version

They were speaking of some “inbox” feature that was temporarily in trunk, but has been removed. I must say, that’s one of the first times I’ve seen that acknowledgment in WordPress development, and more often than naught, it has been the contrary. New features have been thrown in at the last minute, and result in confusion by users, too many bugs to count, and dissatisfaction by long time users. It’s nice to see the prudent approach being taken for a change, particularly in a release that seems to already have quite a bit of change included.

WP Freedom Blog is sponsoring a contest to find the “coolest blogs”. First prize includes $500 cash (via paypal) and $500 in services. 2nd place half that, and 3rd $250 total cash and prizes.

Winners will be selected by voting, after a selection by the host blog of the eligible entrants. To get rules and specifics visit the hosting site, or go visit one of the cooler blogs I subscribe to , Deziner Folio.

A vulnerability in the Snoopy library was announced today. WordPress uses Snoopy to fetch the feeds shown in the Dashboard. Although this seems to be a low risk vulnerability for WordPress users, we wanted to get an update out immediately.

WordPress › Blog » WordPress 2.6.3.

Not sure what “low risk” really means, but I never recommend skipping security releases. The official post goes on to provide the affected file, so a full upgrade isn’t necessary, which is nice. Not sure I’ve seen that done in a long time. Guess it’s a case of 2.7 being close, and no desire to roll any other bug fixes in with this release. And because of that, it would seem that doing this upgrade is a no brainer.

The WordPress Podcast » Blog Archive » Episode 45 – Matt Mullenweg Interview, Automattic acquires Intense Debate, discussion of WordCamps.

Covering a multitude of topics, including lots of WordCamp information, what to expect in 2.7, and new features at WP.com