Displaying 61 To 90 Of 161 Comments Do You Think WordPress Is Secure? It seems that the only way to solve these “problems” is to make WordPress unhackable, which although technically possible is probably not feasable since it would require development plummeting and all efforts being directed to security which would not lead to further development of the software. I guess that’s part of the reason WordPress 2.0 was kept as a stable version for so long, but that route failed as no one in the right mind would bother using 2.0 since it was so far out of date on everything BUT security issues. So in a nutshell, I think we should just keep telling people that they can leave their site un-upgraded, but don’t go whining about it if/when you get hacked. I got hacked a while ago now. There was no point in me complaining about it as it was entirely my own fault. I simply didn’t bother upgrading one of my sites and so someone eventually found it, hacked it and bingo my site was stuffed. This seems to happen to many other people, most of whom just take it on the chin like they should, but for whatever reason a bunch of people getting in a big huff and try to blame WordPress itself for their own laziness/stupidty. I see little/no point in taking notice of these people except to try to ensure that those who listen to their rants are made aware of the fact that it was not WP’s fault that a site got hacked. The fact that there are no reported cases of WordPress installations being hacked EVER bar those which the owner has not bothered to update is brilliant advertising for the softwares security. » Posted By Ryan On September 9, 2009 @ 6:10 AM If people are having this much trouble remembering/knowing to upgrade, then perhaps they should be using an automatic upgrade plugin perhaps? Or some sort of SVN setup (I haven’t tried that … yet). » Posted By Ryan On September 8, 2009 @ 11:57 PM Wouldn’t it be better for WordPress to keep a mailing list for announcements when a new WordPress version comes? also not just a major 2.x version but all versions even if 2.8.4.0.0.0.0.0.0.0.0.12 came. That’s what the dev blog is for … http://wordpress.org/development/ » Posted By Ryan On September 8, 2009 @ 11:33 PM Has a WordPress installation which has been setup and maintained correctly ever been hacked? I assume not. I certainly haven’t heard of that happening before. So I guess until that happens, it’s safe to assume that WordPress is as safe if not safer to use than most other web software. » Posted By Ryan On September 8, 2009 @ 9:07 PM <rant> That’s a spam post which has been up for seven hours now. There is no report post button on it so I can’t even report it for removal by a moderator. Apparently there is some way to report posts via a tag in a post or something like that, but I have no idea how to do it and no motivation to learn. » Posted By Ryan On September 8, 2009 @ 9:23 PM There is no problem with XHTML complicancy in relation to display pings and trackbacks, that’s just a misunderstanding on the part of the person who suggested it. Their problem is also not XHTML specific, it’s an HTML issue. » Posted By Ryan On September 8, 2009 @ 9:09 PM if you’re smart enough to use patches, you’re smart enough to wrangle SVN. SVN can give you arbitrary diffs between any release or revision of WordPress, compare it to your local version, allow one-click reversions and updates Yeah, but that wouldn’t tell us which changes were for security and which were just bug fixes … or at least I think that is the case. I don’t have a lot of experience with SVN so maybe there is some functionality in there I’m not aware of which tells you what the diff’s are for. If so, then it maybe someone will take those and create a site offering information on how to apply them manually perhaps. That’s not something I think the WordPress.org project needs to deal with though as it isn’t something you should be encouraging people to do since most will be doing it for the wrong reasons. » Posted By Ryan On September 10, 2009 @ 4:05 AM Perhaps as a community we could do like an “upgrade barn raising” where the more tech savvy folks (the audience of WP Tavern) could volunteer a little bit of time every day to help get folks set up correctly on the latest version, like install4free used to work for installations. I can’t see how that could help. Upgrading is literally just a matter of clicking a single button, so there’s not really anything to help with. The problems would be related to testing plugins, themes etc. which the site owner would need to do themselves since they know how their own site ticks better than anyone else. Maybe there are exceptions where some technical help could be needed, but those would be fairly few and far between I imagine. » Posted By Ryan On September 7, 2009 @ 6:49 PM @Dave Doyle … I would beg you to issue a patches, not a full upgrade. Tell us when the DB is changing and when it is not. Make it EASIER for us. I like that idea a lot. I don’t think the WordPress developers themselves will bother though as they’ll be keen for everyone to just upgrade to the latest version (and with good reason), but your suggestion may be a good project for someone else to take on. A single site you could go to which outlines the various fixes and how to implement them would be terrific for people like you and myself. » Posted By Ryan On September 7, 2009 @ 6:39 PM @DavidCoveny – It’s not scary because of WordPress. WordPress is so easy to upgrade a monkey could do it (literally, it’s just a matter of clicking a single button). The problem is that I’m EXTREMELY worried the software I’m integrating with is going to break. This is not a failing of WordPress, but a failing in the other software. However it doesn’t make upgrading WordPress any less problematic. Last time I upgraded this particular site took me about three days to fix all the problems that occurred during the upgrade. » Posted By Ryan On September 7, 2009 @ 6:33 PM There are perfectly good reasons for not upgrading, or at least for being scared of upgrading. The typical WordPress installation should be fine. If a plugin doesn’t work after an upgrade, then it probably wasn’t a very good plugin anyway and so you shouldn’t be using it. I’ve had serious problems upgrading because of integrations between WordPress and other software. If it’s just a WordPress install, then that’s fine, there isn’t really anything to be worried about, just hit the “upgrade” button and be done with it. But for seriously customised setups you need to be darn careful as a small change in WP can break the software it’s interacting with. I have a rather scary upgrade to do either this evening or tomorrow and I’m NOT looking forward to it. » Posted By Ryan On September 7, 2009 @ 8:08 AM I like Andreas’ questions. Theme framework is a stupid term to use IMO. Just call it a “theme”, because that’s all it is. Just because it happens to be coded in such a way that makes it easier to create a child theme doesn’t change the fact that it is still just a regular old garden variety theme. » Posted By Ryan On August 31, 2009 @ 8:37 PM Thanks for the review Jeff :) Perhaps you should use these screencasts as a way to interview the plugin developers? You could do a Skype call where they took you through the process of using the plugin live as you used it and the screen cast could show you personally using the software and how it works. I thought that might add a little more interest to the videos and would give you someone to bounce the conversation off instead of having to think of stuff to say. » Posted By Ryan On August 16, 2009 @ 12:52 AM Top 5 WordPress Security Tips You Most Likely Don’t Follow I don’t think Google will reduce your page rank because you are hacked. They may remove it entirely by un-indexing you, but I’m pretty sure they won’t reduce your page rank per se. » Posted By Ryan On August 11, 2009 @ 10:58 PM WordPress Dev Chat For 7-30-09 Interesting to hear that PHP4 usage is so high. I thought only very obscure web hosts would still be running that. It’s got to be quite limiting for them only running PHP4 as many softwares available these days require at least PHP5. I’d vote for WP Tavern to be in the planet feed. You have the best WordPress news around and spreading it to a larger audience would be entirely sensible. » Posted By Ryan On August 4, 2009 @ 2:09 AM SitePoint bbPress Theme Community Project I can’t see how the header being an image makes it difficult to customise. Should just be a matter of removing the background image to make it not an image anymore. » Posted By Ryan On August 4, 2009 @ 5:52 AM I think rather than themes with plugin functionality, I’d rather see more comprehensive plugins that can replace 4 or 5 smaller plugins. Like Nightgunner5’s excellent bbPress Moderation Suite. We could do that instead I suppose. We could release a plugin which is provided as a complementary extension for the theme. » Posted By Ryan On August 4, 2009 @ 2:38 AM Darn, ran out of time to edit my comment above! I was going to mention that lots of very specific plugin-like functionality should not be included in the theme. I’ve mentioned Captcha’s a few times recently as some people have been complaining that bbPress does not provide them by default, but personally I see that as very much plugin material, not suitable for a theme. However, if some functionalities such as forum signatures are not included in the default bbPress installation then I wouldn’t mind that being included in the theme. It’s a little weird, but it is ‘sort of’ theme related in that it is something which is displayed on almost every page of the forum. When we were discussing it behind closed doors, we decided that adding certain ‘standard forum functionalities’ would be a good idea to make it as easy as possible for someone to get their forum up and running. Personally I’m not a big fan of having to install a whole suite of plugins on EVERY site I launch. With WordPress I rarely need to install any plugins, it has everything I require straight out of the box and many themes (particularly the ‘theme frameworks’ and commercial themes) include a certain amount of plugin-like functionality in them too which reduces the need for plugins. Also, there is a fine line between a plugin and a theme in both bbPress and WordPress. A theme is really just a specific type of plugin. » Posted By Ryan On August 4, 2009 @ 2:18 AM When it comes to including plugin functionality themes, I’m on the fence. I like to keep themes simple and not have important functionality dependent on the functionality. The problem with that approach, is that you often need to modify the theme to accomodate the plugin in a suitable manner. Many plugins add styling information to the site, and you really need that to be styled by the theme, not via the plugin, or else the plugin itself will require some sort of theming system which is likely to be a pain in the neck. There are also features which are required by pretty much every single forum but are not available by default within bbPress. And then there are features which are currently available as plugins, but IMO (and pretty much every other forum software out there) tend to include with the theme. Things like quick-quotes, forum stats and various bits of javascript spring to mind. I don’t know of any bbPress themes which include this sort of stuff, despite it being the sort of thing typically included in a forum theme. The other reasoning behind it is that people don’t want to risk uploading 15+ plugins just to get their forum running. Every plugin is a risk, and at least with a theme, you only need to rely on that theme being maintained. However if a plugin developer stops working on their plugin you are screwed. Having said all this, removing the functionality would be a piece of cake, it would juts be a matter of ripping out a bunch of folders and a single line of code in the theme. The functionality will sit on top of the theme as an added extra, it will still operate without it. Since the sort of people helping with the design side of things are likely to know nothing about PHP and vice versa, it shouldn’t result in our volunteers being spread too thing across the project. Here’s the launch post for the functionality side of the project: » Posted By Ryan On August 4, 2009 @ 2:04 AM Listener Poll: What Day Of The Week Should I Record WordPress Weekly? Anything but the Friday option will prevent me from listening live as they’re all around noon on a weekday for me. Friday is noon on Saturday for me so I have time to listen in then. » Posted By Ryan On July 31, 2009 @ 9:18 PM Screenshots Of bbPress.org Redesign Overall it looks great. Gravatars look a good size to me. I don’t like the way they’ve added tags and the forum index alongside the latest threads, I’d prefer to see a more typical layout. I don’t get why they’re using all these bees. It’s a bit corny IMO. » Posted By Ryan On July 30, 2009 @ 7:53 AM Do I Need To Upgrade WordPress.com? Lol, that has to be the ultimate n00b question to ask. I can totally see how they’d get confused though. To many people “WordPress” is WordPress.com, but of course it is not. “WordPress” is the software which WordPress.com happens to use. » Posted By Ryan On July 28, 2009 @ 4:10 AM Adding Google Custom Search Is Easy Good points about being able to search both a forum and blog this way. I have two sites which have both forum and WordPress installations in them and it would make a lot of sense to share the same search tool rather than them having to operate separately from each other. I wonder if bbPress and WordPress can share the same search results? » Posted By Ryan On July 28, 2009 @ 4:16 AM Ask Jeff: How Did You Get The vBulletin Template So Similar To Your Main Site? I’m impressed you got it as close as you did considering you claim to know nothing about coding. That forum theme is a diabolical mess of spaghetti code. » Posted By Ryan On July 28, 2009 @ 4:09 AM Listener Poll: What’s the most important selling point for you when it comes to purchasing a theme? I’d have added code quality to your list too. There are plenty of well designed themes, with good support, the license I want and are cheap. There is no point using them if they don’t work in IE6, don’t enqueue their scripts correctly or take too long to load. I voted for design. » Posted By Ryan On July 24, 2009 @ 6:00 PM Doesn’t look like much of a theme war if they’re just making minor modifications to existing themes. If it is a war, then they’ve lost miserably to Brian Gardner. The originals look a lot better than the modified versions. » Posted By Ryan On July 23, 2009 @ 6:48 PM @Miroslav: Even if there is one update every hour, I wouldn’t mind. It’s better than no updates. Developers and testers are contributing their free time to the project. It’s open source, remember? You could help by testing and reporting bugs yourself. It is not fair at all to call them “lazy” when they’re doing their best. Join the effort yourself and lets see what you can do. » Posted By Ryan On July 20, 2009 @ 6:25 AM Contribute To The Meeting Agenda Dang nabbit! I was wondering why the conversation was so dull. I was watching #wordpress, not #wordpress-dev :( » Posted By Ryan On July 23, 2009 @ 7:47 PM Want Small Potato To Create A New Design For You? That’s one heck of an offer! He seems like one hell of a a generous person. » Posted By Ryan On July 19, 2009 @ 6:29 AM Listener Poll: Do You Think bbPress Will Evolve Into A WordPress Plugin? So no, bbPress will never be a plugin for WordPress. I assumed it would be a lot more sensible to create a plugin which integrated an existing bbPress install into your WordPress installation. I guess if you can install bbPress with the wp-content/plugins/ folder then that would make a lot of sense though (I’m assuming that’s what you have in mind). I’m guessing getting it to work within an existing WP theme will be quite complex though. Sounds exciting :) » Posted By Ryan On July 23, 2009 @ 6:55 PMComments Posted By Ryan
Good demo of why they need to improve the forums over there:
http://wordpress.org/extend/ideas/topic.php?id=3146
</rant>
http://www.sitepoint.com/forums/showthread.php?p=4338063
«« Back To Stats Page
(but there will be a plugin for WordPress to automatically INSTALL bbPress, which I think is a different animal entirely than what you are asking)