User Role Editor version 3.11

March 17th, 2013

User Role Editor v. 3.11 beta

User Role Editor v. 3.11 beta

User Role Editor WordPress plugin version 3.11 Beta is available for testing. You may download it from this link. It is generally bugs and bbPress compatibility issue fixes release. Thanks to plugin users who kindly reported discovered problems:
- Required WordPress version checking is moved to plugin activation hook and is not called every time when plugin is executed.
- Administrator can now exclude non-core (custom) capabilities from his role. It is useful if you need to fully remove some capability as capability deletion is prohibited while it is used at least one role.
- bbPress compatibility issue is fixed: capabilities created by bbPress dynamically are excluded from the capabilities set in User Role Editor to not store them in the database as persistent WP roles data or user capabilities.
- Additional roles are assigned to user without overriding her primary WordPress role and bbPress role.
- Changing WordPress user primary role at user profile doesn’t clear additonal roles assigned with User Role Editor earlier.

Post views stats WordPress plugin review

February 10th, 2013

is post views stats ready for use

Is “Post views stats” ready for use?

“Post views stats” WordPress plugin purpose is to count views for your blog posts and show them at WordPress admin back-end in convenient way. It adds ‘View count’ column to the general posts list, and shows such statistics at separate page linked to “Track Post View” WordPress admin menu item, where you may filter out post view count for needed period, just select valid dates. I will not reproduce plugin in action screenshots here as they are included into plugin package itself and could be viewed as at WordPress.org, as at ChoosePlugin.com. As the bonus, blogger may show list of most popular plugins at blog sidebar, using special widget.
For the 1st glance, “Post views stats” plugin does its work honestly, quickly and effectively. But after looking inside plugin source code I changed my opinion. Let me explain, why it was happend.
Read the rest of this entry

WordPress Security Release – version 3.5.1

January 25th, 2013

WordPress security release

WordPress Security

WordPress security release is available for download. If we may to wait some time and delay the update to the latest version with ordinal new-featured and even bug-fixes versions, security update is not a thing we can ignore. We are too busy some time and don’t visit WordPress dashboard to see the latest news from WordPress. So, let me spread the word of WordPress team and encourage you – update your WordPress as soon as possible (ASAP).
Just look on the list of security issues which WordPress 3.5.1. release addresses:
- A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions.
- Two instances of cross-site scripting via shortcodes and post content.
- A cross-site scripting vulnerability in the external library Plupload.
Are you still waiting? Go-go-go! Go to your WordPress update center, and press update button. Do not forget to make files and database backup before update, of course.
Detailed information is available at WordPress News page.

User Role Editor version 3.10

January 20th, 2013

User Role Editor v. 3.10

User Role Editor v. 3.10

User Role Editor WordPress plugin version 3.10 Beta became available for testing today. What’s main difference from the previous version except of partial general code cleanup?
New feature “multiple roles” selection is realized. You can assign to user more then one role now. If role1 has capabilities A and B, but role2 has capability C, but you need to give user all three A, B, C capabilities, there is no need to create new 3rd role with all those A, B, C capabilities included. Just assign to the user role1 and role2 simultaneously. As the result user will get the combination of capabilities from both those roles.
While playing with a new developed stuff I discovered the bug, which could be critical in some conditions.
Read the rest of this entry

View own posts media only WordPress Plugin

January 5th, 2013

View own posts and media only

View own posts and media only

If your blog has multiple authors, you may wish to show for every author just her own posts only at admin back-end. What’s about to hide from them Media Library items, which were uploaded by other authors?
Existing WordPress permissions system doesn’t allow to realize such model. Yes, WordPress prohibits author to edit or delete posts and items of other authors, but she still see all that stuff. It’s slightly inconvenient, isn’t it?
“View Own Posts Media Only” WordPress plugin includes a set of useful hacks (don’t panic that’s just a legal code snippets, nothing from the dark territory of hackers, crackers and other malware manufactures) to offer you desired features, I wrote above.
Read the rest of this entry

bbPress User Role Editor conflict fix

January 4th, 2013

bbPress User Role Editor conflict fix

bbPress User Role Editor conflict fix

bbPress, popular WordPress plugin realizing forum functionality on the base WordPress framework and, as themselves say “WordPress way”, introduced enhanced role model starting from version 2.2. bbPress users, who use “User Role Editor” (URE) WordPress plugin to manage blog user roles, suddenly discovered that URE shows bbPress roles with almost all capabilities turned on, even for minimal ‘Blocked’ and ‘Spectator’ roles.
URE showed bbPress roles quite well before the bbPress version 2.2. update. What’s happened?
Let’s look. WordPress stores its roles data the way, that only active capabilities stored into the role.
Read the rest of this entry

Stop SPAM registrations for WordPress

January 1st, 2013
Stop spam registrations

Stop spam registrations

Is your WordPress blog opened for new user registrations? If “YES”, then you are familiar with a lot of users registered every day. But the most of those users do not login, do not make posts. It seems that there are no real users behind such registrations. All these contacts like:
- “yqvcevsjc (beswixv@gmail.com)”,
- “ymmoncmn7 (pa.lino.be.s@gmail.com)”,
- “www.cheap-some-best-and-beautiful-garbage.com (yuhjgtfnski@gmail.com)”, etc.
are SPAM registrations obviously. These fake users at WordPress database cost you a time to delete them, create the mess from your lovely users list, so you (and me together with you) have strong desire to Stop SPAM registrations. Do You?

Read the rest of this entry