Posts Tagged ‘Security’

WordPress Security Release – version 3.5.1

Friday, January 25th, 2013

WordPress security release

WordPress Security

WordPress security release is available for download. If we may to wait some time and delay the update to the latest version with ordinal new-featured and even bug-fixes versions, security update is not a thing we can ignore. We are too busy some time and don’t visit WordPress dashboard to see the latest news from WordPress. So, let me spread the word of WordPress team and encourage you – update your WordPress as soon as possible (ASAP).
Just look on the list of security issues which WordPress 3.5.1. release addresses:
– A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions.
– Two instances of cross-site scripting via shortcodes and post content.
– A cross-site scripting vulnerability in the external library Plupload.
Are you still waiting? Go-go-go! Go to your WordPress update center, and press update button. Do not forget to make files and database backup before update, of course.
Detailed information is available at WordPress News page.

View own posts media only WordPress Plugin

Saturday, January 5th, 2013

View own posts and media only

View own posts and media only

If your blog has multiple authors, you may wish to show for every author just her own posts only at admin back-end. What’s about to hide from them Media Library items, which were uploaded by other authors?
Existing WordPress permissions system doesn’t allow to realize such model. Yes, WordPress prohibits author to edit or delete posts and items of other authors, but she still see all that stuff. It’s slightly inconvenient, isn’t it?
“View Own Posts Media Only” WordPress plugin includes a set of useful hacks (don’t panic that’s just a legal code snippets, nothing from the dark territory of hackers, crackers and other malware manufactures) to offer you desired features, I wrote above.

Read the rest of this entry

Stop SPAM registrations for WordPress

Tuesday, January 1st, 2013
Stop spam registrations

Stop spam registrations

Is your WordPress blog opened for new user registrations? If “YES”, then you are familiar with a lot of users registered every day. But the most of those users do not login, do not make posts. It seems that there are no real users behind such registrations. All these contacts like:
– “yqvcevsjc (beswixv@gmail.com)”,
– “ymmoncmn7 (pa.lino.be.s@gmail.com)”,
– “www.cheap-some-best-and-beautiful-garbage.com (yuhjgtfnski@gmail.com)”, etc.
are SPAM registrations obviously. These fake users at WordPress database cost you a time to delete them, create the mess from your lovely users list, so you (and me together with you) have strong desire to Stop SPAM registrations. Do You?

Read the rest of this entry

update_core capability for WordPress user

Sunday, August 5th, 2012

update_core capability

update_core user capability

WordPress Codex gives us nothing about update_core capability for WordPress user, except WordPress version of its appearing in the code – 3.0. I suppose according to its name, that update_core capability is used to decide, if user can update core WordPress file using built-in WordPress upgrade feature or not. What do you think?

Thoughts are just thoughts, while they are not confirmed by practice and strong experiment. Thus, I decided to check this obviouse guess, satisfy my curiosity and investigate, how and for what purpose WordPress uses update_core capability really. Result of my little investigation will be shown to you below.

Read the rest of this entry

Admin Menu Editor WordPress plugin review

Sunday, July 8th, 2012

Admin Menu Editor WordPress plugin

Admin Menu Editor

Are you interested in customizing your WordPress admin (back-end) menu? Did you ever wish to show some WordPress menu items for selected category of users? Do you wish to change some capabilities, WordPress assigned to its menu items by default, in order to adopt WordPress behavior to your purpose? There is a good tool to use for that.
Plugin Name: “Admin Menu Editor”;
Author: WhiteShadow;
Version: This plugin is available in two versions:
Free version via WordPress plugins repository. The latest version for the moment of this review is 1.1.9.
Premium version with some additional extra features is available also on “Admin Menu Editor” plugin developer’s site.

Read the rest of this entry

User Role Editor 3.6.2 is published

Wednesday, May 23rd, 2012

User Role Editor

User Role Editor


User Role Editor WordPress plugin version 3.6.2 is published at May 23rd, 2012. Hindi translation was added. Thanks to Outshine Solutions. Translations for these languages still wait updates: Finnish, Japanese, Belorussian, Brasilian Portuguese, Chinese, German, Hungarian, Polish.
Former and new translators are welcome!

Limit Comments moderation, part 2

Sunday, April 22nd, 2012

Limit comments moderation part 2

Limit comments moderation 2

We have discussed couple of tricks to limit comments moderation in this post already and know how to hide comments moderation links and commands from user. In this post we will see:
– how to show comments to the user with ‘Author’ role from his posts only;
– how to exclude unneeded views from ‘Comments’ page, left just ‘Approved’ for example.

Read the rest of this entry