User Role Editor
User Role Editor WordPress plugin allows you to change standard WordPress user roles capabilities with easiness of a few mouse clicks. Just turn on check boxes of capabilities you wish to add to the selected role and click “Update” button to save your changes. That’s done. Add and tune your own custom roles which you can assign to the users then. You can create new role as a copy of existing one. Delete self-made roles. Change defaul user role.
Multi-site support is provided.
Why it could be necessary? Let’s suppose you wish that your multi-authored blog contributors upload their own graphics to use in their posts. WordPress “contributor” role has no such capability by default. In such situation you have needed to change user role capabilities manually using SQL client as I described at “How to change wordpress user role capabilities” post, if you have enough knowledge in that field. But what to do if you have not?
Silence is Golden Guard
Silence is golden guard WordPress plugin prevents your blog directories from listing if visitor types just directory name as the URL,
Did you see small 30 bytes only index.php files in the folders of WordPress installation? If you don’t know for what reason those files included into WordPress package please read this post “Silence is Golden”
This plugin can scan your WordPress blog installation subdirectories for the presence of such dummy index.php files and create it if index.php file doesn’t exist in the directory. As the second line of defence against directory listing plugin can add special “-Indexes” option into Apache Web Server
file placed at the WordPress root directory.
Where do We go?
Where do we go? It was the first question I asked myself when I discovered “Delete default post” WordPress plugin in the repository. Plugin makes exactly that is declared in its title – deletes the ‘Welcome to WordPress’ post and correspondent dummy “Hi, this is a comment” comment which every WordPress blog has just after fresh installation. The question is “What should the author of this plugin think about its potential users to propose them such functionality?”.
If user can install and activate plugin he/she definitely can to delete unneeded post or comment using WordPress built-in functionality. Post and comment has hint about such possibility too. If blogger can’t delete unneeded post or comment –
WordPress plugin security fix
I’m glad to inform you that the MyEasyBackup WordPress plugin security issue I reported yesterday for 0.0.2 version is fixed with 0.0.3 version. It is perfect. Wonderfully! Thanks to Ugo Grandolini aka “camaleo”
for so fast reaction and reliable security update.
MyEasyBackup WordPress plugin is useful for those who wish to get blog backup copies on a regular base and doesn’t familiar with tar, gzip, mysqldump, linux shell, etc. or just doesn’t have SSH access to his/her blog. User friendly interface lets you make full blog backup really easy. So “MyEasyBackup” confirms its name by its functionality.
WP breaked by plugin
MyEasyBackup WordPress plugin can make your life easier simplifying WordPress files and MySQL data backup operation. But be aware when installing its version 0.0.2 as this version simplifies the life to the intruders also.
It is a new, just published plugin. WordPress.org Stats page shows 280 downloads already at the moment I write this post. This plugin can become popular. But plugin author Ugo Grandolini needs to make security fix to his code ASAP
as plugin gives access to the critical blog data to any curious intruder. Do you wish to check it yourself?
is installed. It is ready to accept new members. Registration procedure is very easy. Thanks to bbPress
. Just register, get your password by email and make your posts in a minute.
You are Welcome!
Become ShinePHP Forum member and
WordPress 2.9.2 Security Update
February 15, 2010 WordPress.org
announced WordPress 2.9.2 release. WordPress development blog
says about fixing the “…problem where logged in users can peek at trashed posts belonging to other authors. If you have untrusted users signed up on your blog and sensitive posts in the trash, you should upgrade to 2.9.2
“. Upgrade procedure is simple as usual. You can use the upgrade link at the top of admin dashboard page to upgrade WordPress version automatically. Other way is to change all WordPress files manually. There are no any changes in the database structure comparing with 2.9.1 version, just a few changes in the PHP source code. Check the details below.