As part of their Make Waves series, iThemes will be conducting a free webinar with Dre Armeda of Sucuri.net to discuss how to lock down a WordPress installation. In this webinar, viewers will learn how to reduce their risk of being attacked by hackers and malware threats. The webinar takes placed on Wednesday, April 25th at 1 P.M. CDT. I’ve linked to Sucuri a number of times during the year because these guys know what they’re talking about when it comes to website security.
TimThumb Vulnerability Bites Another Victim
For the second time in two years, Dan Tynans website, eSarcasm.com has been hacked, this time with code that redirected referrals from Google, Yahoo and other search engines to Viagra ad sites. After conducting a thorough security review with Code Garage.com, an online security scanning website similar to Securi, they discovered that the point of entry was with the zero-day Timthumb vulnerability discovered back in August of 2011.
Last August, a zero-day vulnerability affected TimThumb that allowed hackers to execute their PHP code on any site that was running it. As it turns out, the WordPress theme we bought for the site employs pieces of TimThumb code — including the flaws that were exploited.
Now we have to wait for the spammy search results to evaporate from Google’s cache before everything returns to normal.
Be sure to read the tips that Dan and his security adviser provides on protecting your site. Despite the vulnerability being patched soon after its discovery, sites are still becoming compromised. Because of the long tail effect and so many websites using WordPress these days, who knows when this point of entry will stop being taken advantage of.
Two Resources For Writers/Journalists Using WordPress
DynamicWP has put together a list of 11 plugins that are especially helpful for writers using WordPress. One of the nifty plugins from that list that I discovered is AP Style Dates And Times. This plugin automatically abbreviates times and months according to the AP Style guide.
The second resource that you should keep handy if you’re the journalist type is a post written by Ryan Imel on WPCandy.com that lists a number of different services and plugins that Ryan has used to keep WPCandy readers up to date on everything happening within the world of WordPress.
Webhosting With Free Shipping
He’s right, I’ve never seen webhosting offer free shipping until now. ∞
Automattic Launches VIP Featured Partner Program
Automattic has announced the launch of a new featured VIP Partner program that will provide more bang for the buck for VIP customers. ∞
WordPress.com Welcomes Posterous Users
It was’nt long ago when Posterous looked poised to take a big chunk of market share away from WordPress and other sites such as Tumblr. But alas, Posterous will become yet another internet memory as they’ve announced that the talent behind the service will now be apart of Twitter. While Posterous will remain online for the foreseeable future, users have already started flocking to different services such as WordPress.com, who have experienced a 250% increase in imports from Posterous accounts since the announcement.
Congrats To Jane Wells
As I mentioned about a month ago, Jane Wells has been working on a new venture called Jitterbug which aims to be a bakery with a cafe feel complete with WiFi. To help fund this venture and to purchase some equipment, Jane put together a project on KickStarter.com to generate crowd sourced capital. The monetary goal was $15,000.00 and that was reached just 4 days prior to the project expiring. One particular backer was able to pledge $5,000.00 and will have a muffin named after him. The backer was Michael Torbert, the author behind the All In One SEO Plugin.
Congratulations goes out to Jane Wells for a successful kickstarter project. I myself chipped in a hundred bucks but the best thing about it all is that I now have a really good reason to visit Tybee Island, Georgia.
WordPress Not The Direct Cause Of Mass Site Attacks
Sucuri has published more information regarding the compromising of at least 30,000 domains. Based on their research, they are ruling out the possibility that the attacks are taking advantage of a new vulnerability within the core of WordPress.
The first question is how are these sites getting hacked? On all the cases we analyzed, they either had outdated versions of WordPress, or of a plugin. We can safely rule out any new vulnerability on WordPress itself.
To stay on top of the latest malware threats on the web, you should subscribe to their RSS feed. Perhaps the more people that realize this stuff is happening on a daily basis, the more it will persuade them to keep sites, plugins, and themes updated.
Yoast On Why Some Themes Hurt Your SEO
Once again, I want to tell you to not blindly trust theme authors when they say their theme is SEO friendly. “SEO friendly” is just a label they put on their theme and since most of their customers don’t know what to look for to see if it’s actually true, yet know that it’s important, it helps “sell” themes.
Sounds like he’s describing me and I bet a lot of other people as well. Overall, good advice from Joost de Valk with a little bit of self promotion at the end.
WordPress Projects To Follow On GitHub
Themergency has a list of WordPress related projects to watch that are using GitHub as their source code repository instead of the traditional Subversion approach. In case you didn’t know it already, WordPress itself is also using GitHub except that it’s being synched every thirty minutes with the Subversion repository and only contains read-only access. Judging by the comments, a number of themes are also using GitHub as their repository. I wonder if this has translated into a more social experience in users contributing back to the original project which is supposedly one of the awesome benefits of using GitHub? ∞