Haven’t posted a blog update in more than a year and I only realized that earlier today when I came across my last blog update. Blog updates are my way of keeping tabs on the stuff (changes/improvements) that I do here on JaypeeOnline, especially on the backend side of the system. At the same time, it is also a way to share with readers/visitors the different plugins that I use that they might find useful on their own blogs.

First major update that I’ve done recently is upgrading from WordPress 3.2.1 to WordPress 3.3.2. Another thing I’ve recently done was to cleaning up my blog theme’s code and taking out some unnecessary and obsolete pieces of code that add up to the total file size and page load time. I’ve also taken out the Alexa traffic widget and replaced the Networked Blogs widget with the Facebook Social Plugin.

Below are the different WordPress plugins that I’ve uninstalled and installed in the past few months:

Uninstalled Plugins

• Fluency Admin – WordPress admin dashboard theme. Changes in the admin dashboard design/layout in version 3.3, has made this plugin obsolete.
• Wibiya Toolbar – official Wibiya Toolbar plugin that integrates different social networking features, apps, widgets and other tools.
• WP SyntaxHighlighter – code syntax highlighter.

I’ve had the Fluency Admin plugin/theme for several years and it has been one of the most useful plugins I’ve had but I had to uninstall it because I no longer need it and it creates a “conflict” with the new WordPress admin dashboard user interface. If you’ve been following my blog updates you’ll know about my love-hate relationship with the Wibiya Toolbar. Although it does provide some benefits, I’ve decided to uninstall it to lessen the number of scripts running on the blog in an effort to lessen the page load time. Uninstalled the WP SyntaxHighlighter because for some reason it no longer works. I’ve edited and tweaked the pre and code tags stylesheet to make up for it.

Installed Plugins

• Comment Info Detector – plugin that detects and displays the commenter’s country, web browser and operating system.
• nRelate Flyout – plugin that displays a flyout of related posts on the side of the blog.
• TimThumb Vulnerability Scanner – plugin that keeps TimThumb installations up-to-ate and free from vulnerabilities. Also checks for signs of compromised sites.
• WP Security Scan – plugin that performs security scan of WordPress installation.

Reinstalled the Comment Info Detector plugin so I could get more information about my blog readers/commenters (country, browser, operating system). I installed the nRelate Flyout plugin to provide readers/visitors a way to find other relevant and related posts that they might be interested in and to help reduce the bounce rate. In the past, I only activated the WP Security Scan plugin whenever I wanted to perform a scan. Now I keep the plugin activated at all times.

So there you go. Those are the different changes and improvements that I’ve done here in the past few months. If you have any comments, feedback or suggestions to make this blog better, please don’t hesitate to share it via the comments section below or via the contact page.

With the popularity of WordPress (72 million+ WordPress-powered sites) its not a surprise to see the increasing number or instances of attacks on blogs and websites running the software. The attacks are not only focused on the bugs and flaws of the software but also target the individuals using WordPress through malware-laced themes and plugins. Another thing to note is that the attacks are becoming not only more intense but also more creative.

Just found out today via WP Tavern that a new phishing scam is targeting WordPress plugin authors. Details about this new phishing scam was posted yesterday by a WordPress.org support forum moderator.

• Sender : “WordPress.org“.
• Address : “wordpressplugin[at]hotmail[dot]com“.
• Subject : “[WordPress.org Plugins] Urgent: Your Plugin Has Been Removed DO NOT RESPOND“.
• Message :
  

  Dear WordPress Plugin Developer,

  Unfortunately, a plugin you are hosting has been temporarily removed from the WordPress repository. We are going to manually review your plugin because it has been reported for violating our Terms of Service. If your plugin does not get approved then it will be permanently removed from the WordPress repository.

  You can check if your plugin has been approved or rejected at

  http://wordpress.org/extend/plugins/my-plugins-status/

If you’re a WordPress plugin author and you receive an email similar to this, DO NOT CLICK ON THE LINK! If you accidentally clicked on the link and got to the fake WordPress.org site, DO NOT ENTER YOUR ACCOUNT DETAILS!

This is not an official WordPress email. If in case your plugin has actually been removed, the real email notification from the WordPress repository would come from a WordPress.org account.

Any WordPress plugin authors here who received this phishing scam email?

Blogging

• Six Ways to Get Feedback On Your Posts and Pages (And Why You Need To)
• Legal Risks to Be Watchful for When Blogging
• How Using Opinion Polls Can Help Increase the Readership and Quality Of Your Blog
• 5 Legal Guides Every Blogger Should Read

WordPress

• 9 Plugins To Help You Optimize WordPress Performance
• How WordPress Beat Joomla!
• TimThumb Security Vulnerability – Common in WordPress Themes
• How to Display Your Latest Google+ Update on your WordPress Blog

SEO

• How To Compute Search Visibility Indexes for Websites
• The Ultimate Guide to Using Bing’s Webmaster Tools
• How Public Relations Can Avoid Failing at SEO
• Minimizing Panda-monium: Better Content for Better SEO Rankings

Social Media

• 44 Useful Mobile Apps for Social Media Marketers
• Don’t Let Social Media Marketers Turn You into a Newt
• Why Companies are Afraid of Social Media
• Taking Baby Steps with Social Media Measurement: Defining a Small Pilot

Technology

• Men Build Small Flying Spy Drone that Cracks Wi-Fi and Cell Data
• Scavenging Free Green Power From Radio Waves
• How Facial Recognition Technology Can Be Used To Get Your Social Security Number
• Android Trojan Records Phone Calls

Gadgets

• Robot That Can Learn, Think And Act By Itself
• T-Mobile myTouch 4G Slide review
• iHome debuts SD63 Retro-Style Headphones
• OutRun AR Project

Pinoy Blogs

• Nokia C2-00: dual SIM done right?
• Philippines Among Fastest Growing LinkedIn Countries for 2011
• Forget PowerPoint, wow ‘em with Prezi
• Smart Releases HSPA+ Site List

JaypeeOnline Weekly Recap

• Metro Manila Traffic Navigator – Philippines First Digitized Traffic Information System
• HowTo: Get A Job Using Social Media
• Gmail Preview Pane
• WARNING: Zero Day Vulnerability Found on Timthumb.php
• WordPress for Windows Phone 7 Version 1.2 Now Available
• Adobe CS3 Internal Error 2739 Fix (Windows 7 64-Bit)
• Email Intervention vs. Gmail Man – Google and Microsoft Battle Over Email Users

If you have any questions, comments, suggestions or would want to share your article or any interesting story that you found in the Internet and have it featured in the next Weekend Roundup, feel free to leave a comment or send me a message via the contact page.

Last Tuesday, the WordPress team discovered some suspicious activity involving several popular WordPress plugins – AddThis, WPtouch and W3 Total Cache. Backdoors or malicious code were added to the plugins and the changes were done not by the author but someone who has gained access to the plugin author’s WordPress.org account.

As soon as these suspicous changes were discovered and confirming that the changes were not made by the authors, the WordPress team immediately rolled back the plugins, issued updates to the plugins and shut down the plugin repository. As another counter measure, they’ve also force-reset all WordPress.org passwords (same goes for bbPress.org and BuddyPress.org). So if you have a WordPress.org account and would want to access the forums, trac, plugin repository or commit to a plugin/theme, then you’ll have to reset your password and get a new one.

A lot of websites and services are getting hacked these days so to play safe, make sure you don’t or never use the same password for two different websites or online services. Also, if you’re gonna reset your WordPress.org password, make sure you use a new one and do not use the same old password.

For those who don’t know what “backdoors” are, these are exploits or lines of code that are added/inserted to plugins (or any other piece of software) and gives unauthorized users like hackers access to the blog or website. So if you’re using any of these plugins – AddThis, WPtouch or W3 Total Cache, make sure that you immediately update to the latest versions. Updating these plugins will remove the backdoors because the files and lines of code will all be replaced.

I’d like to share something with regards to this incident. A few days before this announcement was made, I noticed that there were a few available plugin updates. When I checked, WPtouch and W3 Total Cache were some of the plugins that had an update. Personally, I make it a habit to keep WordPress and all plugins up-to-date. In the past I would’ve immediately download and installed the updates but this time, I didn’t. I don’t know what it was but something inside of me kept me from updating the plugins. When I read about the incident, I was glad I listened to my gut feeling. In this case, it was good that I didn’t immediately update my WordPress plugins.

Just to make it clear, the password reset doesn’t affect WordPress.com or self-hosted WordPress.org accounts. The only account password you need to reset is the one used on the WordPress.org forums, plugin repository and trac.

The WordPress dev team released the first Release Candidate (RC1) for WordPress 3.2 a couple days ago. Release Candidates are versions of the software that are released after the beta phase and before the final release.

Some important stuff to tak note for those who are using/testing WordPress 3.2 RC1:

• WordPress plugin and theme authors are encouraged to test their plugins and themes now to make sure that all compatibility issues are discovered and addressed before the final version is released.
• WordPress users are also encouraged to test it and inform plugin or theme authors if you find any compatibility issues with any plugins/themes you use on your blog.
• You can find known issues for WordPress 3.2 RC1 here.

Here’s how/where you can submit bug reports:

• Post it to the Alpha/Beta area in the support forums or wp-testers
• Join the development IRC channel and tell us live at irc.freenode.net #wordpress-dev
• File a bug ticket on the WordPress Trac

Remember that WordPress 3.2 RC1 is meant for testing purposes so make sure you don’t install it on your main/live blog or website but rather install it on your test site.

Download WordPress 3.2 Release Candidate 1