Did my last blog update post about a couple months back and I’ve done some changes to the blog so I decided to do another blog update post. These blog update posts have become a “regular” habit of mine here on JaypeeOnline and I consider it as some kind of “checkpoint” to help me remember the plugins I installed/uninstalled on the period of time. Its also a way for me to inform my readers of the changes I’ve made to the blog especially the changes I’ve made front-end wise, changes in the blog theme, design, layout, etc.

The changes I’ve listed below are the changes I’ve made since my previous blog update.

Uninstalled Plugins

• LinkWithin – Displays recommended stories and associated thumbnails from your blog.
• Most Commented – Retrieves a list of the posts with the most comments.
• Popularity Contest – keeps a count of your post, category and archive views, comments, trackbacks, etc. and uses them to determine which of your posts are most popular.
• Global Translator – automatically translates your blog in the following 41 different languages.

I removed LinkWithin because based on my observation, visitors weren’t using it that much and it uses up too much space and makes the overall post page layout more cluttered. Uninstalled the Most Commented and Popularity Contest plugins because my theme has built-in functions that make both plugins redundant. Removed the Global Translator plugin because of security issues and I will discuss more about it in an upcoming post.

Installed Plugins

• Where did they go from here – Show “Readers Also Viewed” links on your page.
• Theme Authenticity Checker – scans theme files for potentially malicious or unwanted code.
• TweetMeme Button – Adds a button which easily lets you retweet your blog posts.
• WP Super Cache – Very fast caching plugin for WordPress.
• Yoast Breadcrumbs – Outputs a fully customizable breadcrumb path.

Installed the Where did they go from here plugin and placed it beside the Related Posts to display posts that readers visited after viewing/reading that current post. This is very useful because it lists some posts that aren’t displayed in the Related Posts and lists posts that may also be of interest to the new reader. I installed the Theme Authenticity Checker to help me verify the themes that I review in my WordPress Theme reviews. The TweetMeme button is the small graphic displayed on the upper left portion of each post and displays the number of times the post was RT’d (retweeted) and enables the reader to easily RT the post.

I installed WP Super Cache in the efforts of solving the problems I had with my previous web host. It didn’t work because the problem was not with my blog but with my web host its just that they didn’t want to admit it and they were trying to put the blame on my blog.

I’ve been planning on implementing breadcrumb navigation on my blog for a long time now but didn’t get to do it. I finally found time to install Yoast’s Breadcrumbs plugin. This plugin displays the path and location of the post/page that the reader is currently viewing. Helps users to easily navigate through the blog/website. The breadcrumb path is the text displayed at the top most part of each post and page (Home > Post).

Other Changes

I didn’t do much changes to the blog theme and layout except for some minor tweaks on the sidebar.

• Added the JaypeeOnline Facebook Fan Page at the sidebar.
• Removed the Entrecard widget. Still thinking about whether I should put it back or not.
• Moved the Trackbacks/Pingbacks section below the Comment form.

I think thats it, I mean that’s all the changes I’ve done since my last blog update. Sometimes my memory fails me so I might have missed one or two changes and if I did, I’ll update the post later.

If any of you guys have comments, ideas or suggestions to make JaypeeOnline better, please don’t hesitate to share it with me via the comments section or if you want to remain anonymous, you can send me a message via the contact page. Thanks and you all have a great weekend!

Anyways, hope you guys have a great week and enjoy this week’s edition of the Weekend Roundup!

Blogging

• 5 Plugins To Make Your WordPress Blog Blazing Fast
• 5 Tips for Making a Corporate Blog Stand Out
• 5 Out-of-the-Box Keyword List Strategies That Work
• 5 Things to Try When Nobody’s Visiting Your Blog

Technology

• Net Neutrality FAQ: What’s in it for You
• Nigeria actually arrests, shuts down online scammers
• Ping: How High Will Real-Time Search Fly?
• Microsoft’s new anti-virus program offers unassuming alternative

Gadgets

• Motorola Droid Preview
• Sony S-Frame DPP-F700 photo frame with printer getting January US launch [Video]
• Jabra STONE Bluetooth headset review
• Iomega Ix2-200 NAS Review (It Does All This?)

Pinoy Blogs

• Blogger stands by claim of rotting relief goods
• Biggest Blogger Event Ever: Nuffnang Asia Pacific Blog Awards
• How to install Windows 7 on Netbooks
• The 3rd Philippine Blog Awards — Visayas Leg

JaypeeOnline Weekly Recap

• WP Plugin Review: TAC (Theme Authenticity Checker)
• Canon EOS-1D Mark IV
• Barnes & Noble Unveil Nook E-Reader
• WordPress 2.8.5: Hardening Release
• WP Theme Review: wpFolio
• SocialSafe – Facebook Backup Tool
• PHPanywhere
• WordPress 2.9 Features

If you have any questions, comments, suggestions or want your article or find an interesting story that you want to be featured in the next Weekend Roundup, feel free to leave a comment or send me a message via the contact page.

Thank you for your time and hope you guys are having a great week!

A couple days back, Weblog Tools Collection announced the start of the WordPress Plugin Competition 2009. For the third straight year, the folks over at Weblog Tools Collection is organizing a competition that aims to generate interest in WordPress and also the development of new plugins that can help WordPress users and contribute to the WordPress community.

Contest Rules and Important Details:

• All code must be GPL compatible
• All Plugins must be compatible with WordPress 2.7 and above
• All Plugins have to be secure and use secure coding methods. This is very important.
• Plugins must be made available through the WordPress Extend pages
• Plugins must be officially submitted through email and announced and discussed on the Plugin Competition Blog. More details on submissions will be added in the last month of the competition. Release of plugin after competition start does not mean submission. You can submit your plugin way after its release to work out bugs etc.
• Running time for competition = 3 months starting the 1st of May till the 31st of July
• True WordPress plugins only. No manual modifications can be required of users. No editing of core files allowed.
• You cannot submit plugins that have been released already. Modification or re-use of existing code to achieve completely new functionality allowed.
• All plugins require documentation as in the WordPress Extend pages.
• Preliminary support for the plugin has to be provided to the public.
• Any and all prizes/controversies/issues will be judged and decided at my sole discretion.
• Past winners are not eligible for this competition.

Prizes from last year’s competition:

1. Weblog Tools Collection $1000 (p)
2. Automattic $1000
3. Matt Mullenweg $1000
4. James and Andrew from Incsub have offered up $250 for a plugin that is WPMU compatible. They add that WPMU plugins are not that dissimilar to regular plugins, but need to run automatically and efficiently via wp-content/mu-plugins and require users to make no hard code changes (just edits in Settings) and for global administration to be possible via the Site Admin menu.
5. Geof F. Morris $100
   
6. WindowsObserver.com Tom Clancy’s Rainbow Six Vegas for the PC and Enemy Territory: Quake Wars
7. OIOPublisher Four copies of their advertising plugin
8. billyboylindien.com has donated $50 towards prizes (p)
9. Blogalized has donated a 12 month blogclub subscription from our site worth $49.95
10. John Yunker has donated a copy of “Country Codes of the World” poster to the plugin contest winner (value: $30)
11. Clickfire.com has dontated $50 towards the competition prizes (p)
12. Kym Huynh is a songwriter and is writing a song about WordPress (just for fun I have been told) and has offered to write a song and record it professionally in a studio for the winner of the WordPress Plugin Compeitition (worth $400-$500)
13. IndieLab has donated $50 towards the competition (p)
14. Joshua has donated $200 towards the competition (p)
15. iWeb has donated a dedicated server for one year (Intel Core 2 Duo, HD 160GB Sata2, 1GB of RAM and 1500GB of bandwidth per month)

The 2009 WordPress Plugin Competition will last for 3 months, starting on May 1st until July 31st. Other additional notes include: Developers can only submit plugins that have been written/created for this competition and have not been previously released to the public before the start of this competition.

For those of you who have the skills to develop WordPress plugins, why don’t you give it a try and join the competition? Who knows, your idea/plugin might be the next winner or one of the finalists. Or if you’d like to help, you can also donate some money to the competition prizes.

I know some of you already have had a first hand experience with WordPress 2.7 and installed the beta versions, but for those of you who haven’t tried or seen it, here are a few screenshots of the upcoming version.

Screenshots:

Now that you’ve seen how the upcoming version of WordPress looks like, the question is: Are you ready for WordPress 2.7? I asked you guys a similar question early this year prior to the release of WordPress 2.5. Crazy Horse will not only have new icons and new user interface design, but will also come with a new set of features like keyboard shortcuts, threaded comments, one-click plugin installs and the core update feature (option of downloading, installing, and upgrading to the latest WordPress version from WP Dashboard). Since this version involves a lot changes, you’ll have to make sure that you know everything about it and be ready for the upgrade.

Below is a list of resources that you might wanna check out and read to get yourself ready for WordPress 2.7.

• WordPress Codex – WordPress 2.7 Feature List
• Jacob Santos – 10 WordPress Features You’ll Never Care About
• Technosailor – 10 Things You Need to Know About WordPress 2.7
• Taragana – 16 Must-Know Features in WordPress 2.7
• OP111 – Ten New Features in WordPress 2.7
• Ottodestruct – WordPress 2.7 Comments Enhancements

The Core Update Feature is not compatible or doesn’t work with all web hosting services so you might wanna check if your current web host supports this feature. Core Update Host Compatibility List. Aside from that, you would also probably like to check if your current plugins and themes are compatible with WordPress 2.7, so check out the Plugin Compatibility and Theme Compatibility lists.

I know that upgrading to the latest version of WordPress is strongly advised, however in this case you might want to make sure that your web host, themes and plugins are all compatible before you upgrade your WordPress installation. This will not only save you time but also save you any problems and headaches.

Based on the new features and compatibility issues, are you ready for WordPress 2.7?

Just found out from Weblog Tools Collection about a certain website with the name WordPresz.org that pretended to be WordPress.org and tried to release a backdoored (trojanised) version of WordPress to unsuspecting users who are still using older versions of the popular blogging platform. Blogger Craig Murphy was the first to report about this issue and below is a summary of his report taken from Sophos.com.

“Craig talks about how when he logged in to his admin account in WordPress he received a “High Risk Vulnerability Warning” from a spoofed WordPress domain. (The last ’s’ in WordPress.org has been replaced by a ‘z’.) The Warning suggests upgrading to the ‘new’ version 2.6.4 of WordPress. Downloading this ‘new’ version of WordPress I found that of the 638 files in version 2.6.4, 637 were identical to the same files in the official 2.6.3. The only difference was in the file pluggable.php. The hacked version of the file pluggable appears to be stealing the content of cookies on larger installations of WordPress. Sophos are now detecting this file as Troj/WPHack-A.”

WordPresz.org, setup by malicious persons was designed to steal valuable information stored in cookies from users who install the compromised version of WordPress and could also potentially be used to hijack these WordPress installations for malicious purposes. WordPresz.org is no longer online but the site looks exactly the same as the real thing. Below is a screenshot of the fake site.

If you can’t see the difference, below is a screenshot made by Craig pointing out the differences between the real and the fake WordPress site.

1 – the download size is too round and is incorrect, it should be about 1.4mb in this case.

2 – these are randomised over at WordPress.org, but are static at WordPresz.org.

3 – The real WordPress.org has a “Showcase” link included.

It’s really hard to know the difference between the two sites and any WordPress user could be lead to believe that they’re visiting the real one.

Here’s Peter Westwood’s (one of WordPress’s lead developers) response to this incident:

It looks like sites which have not upgraded to 2.6.3 are being exploited in an interesting way whereby a hacker, probably using an automated script, is hacking into sites with the vulnerability and changing the settings of one of the dashboard modules to point to a different feed thereby encouraging people to go to a different site which is offering a dodgy upgrade.

“We recommend that people upgrade as soon as possible when we release a security release so as to ensure they are not vulnerable to issues which will likely have exploits in the wild.

Also in the upcoming 2.7 release of WordPress we are including a built-in upgrade mechanism within WordPress which will allow people to upgrade automatically with ease. I would however stress the need with any piece of software to check that an upgrade is real by visiting the website of the software provider manually rather than relying on a link that you have been provided. Otherwise, as with bank phishing scams there is the potential for someone to trick you into doing something you didn’t want to do.

This is not the first time hackers and fraudsters tried to released compromised version of WordPress. Early last year, I published WordPress 2.1.1 – Dangerous Download, which is about how crackers were able to upload a backdoored version of WordPress 2.1.1 into one of the servers powering WordPress.org. Other instances include websites trying to distribute WordPress themes containing malicious codes.

These is another good reminder for all of us WordPress users to practice safe computing. For those of you who are still using an old version of WordPress, please take the time to upgrade to the newest version. Make sure you update your WordPress installation to the most recent version especially if the newer version contains a security fix. Also, make sure that you download your next WordPress install ONLY from WordPress.org and not from any other site. Users should also be careful what themes and plugins you download/install and where you get it from. As much as possible download only from WordPress Extend or from reputable plugin and theme authors.

To those of you who think that you’ve been victimized by WordPresz.org and believe that your WordPress installation has been compromised, download the newest version or WordPress from WordPress.org and do a reinstall/upgrade.

To know more about the details of this story you can visit the following links:

• Craig Murphy – WordPress 2.6.4 Fake?
• The Register – Fake site punts Trojanised WordPress
• ZDNet Blogs – Fake WordPress Site distributing backdoored release

Any of you guys were able to visit the actual fake WordPress site? Anyone had the same experience as Craig Murphy? What other security and safety measures can you suggest for other WordPress users to make sure they keep their blogs clean and safe? Please share your thoughts. Thanks for your time!

*images taken from The Social Programmer and ZDNet Blogs.