Lester ‘GaMerZ’ Chan has published a post on his personal site that addresses two common issues users are facing right now as they relate to AJaX.
About 2 weeks ago, I release an update to r WP-Email, WP-Polls, WP-PostRatings and WP-PostViews which added some nonce check and moved the AJAX request to be handled by /wp-admin/admin-ajax.php.
Lester explains what each issue is along with the solution.
DynamicWP has put together a list of 11 plugins that are especially helpful for writers using WordPress. One of the nifty plugins from that list that I discovered is AP Style Dates And Times. This plugin automatically abbreviates times and months according to the AP Style guide.
The second resource that you should keep handy if you’re the journalist type is a post written by Ryan Imel on WPCandy.com that lists a number of different services and plugins that Ryan has used to keep WPCandy readers up to date on everything happening within the world of WordPress.
WPBeginner has published an article that explains how they used the WP Favorite Posts plugin to give one of their clients a “personalized library” for their users which allowed them to favorite videos that they could watch repeatedly. In the article, they also explain how to use the plugin to provide that same personalized experience for your own site so that registered users or non-registered users could favorite specific posts that they could access later. It’s a cool plugin but upon reading the directions on how to display the favorite option within specific pages or posts, I was sent back into time because in order to accomplish that task, you need to add specific code to certain template files such as page.php, single.php, etc. I thought that practice of adding plugin functionality was gone but I guess not.
Plugin authors need to take serious notice of a recent phishing attack that is aimed specifically at plugin authors. Ipstenu, one of the volunteer WordPress.org support forum moderators has published a forum thread warning others that responding to the email wouldn’t be a good idea. The way in which this phishing attack works is pretty interesting. After clicking on the link within the email to check on your plugins status, you are then taken to a site that looks very similar to WordPress.org where you’re asked to provide your password. Passwords that are given can then be used to gain unauthorized access to the account and associated plugins attached to it.
Plugin authors are encouraged not to reply to the email as well as not entering your password on the fake WordPress.org website. It’s important to note that plugins have not been removed from the repo, and if they had, the email would have come from a wordpress.org account.
You might have to jog my memory but this is the first time that I can remember where WordPress.org plugin authors were the target of a phishing scam.
Interconnectit has announced that The Auditor (name to be determined later) has entered the closed beta process and is currently looking for people to test the plugin. The plugin is an event logger that tracks key options and content changes within a WordPress installation and contains a viewer that lets you view what’s been happening on your site. This plugin sounds like the perfect option to determine if things are going on within your website that you were not aware of. The closed beta is limited to a select group of people but if you’d like to participate in the event, you can leave a comment on their announcement post explaining why you’d like to give it a try.
Congratulations to Michael Torbert as the All In One SEO Plugin recently reached the 10 million downloads milestone. That’s a heck of a lot of downloads with Akismet being about 1.24 million away from reaching the same milestone. By the way, All In One SEO reached one million downloads around January 27th, 2009.
While this is a cool achievement, I must admit that I think the AIO SEO plugin has somewhat lost the battle of being the best SEO plugin for WordPress, at least that’s my perception. Based on the people I follow on Twitter who I consider to be influential within the WordPress community and the various articles I’ve read, it seems as though the WordPress SEO By Yoast plugin is currently the one to use. Recently, the only mentions of AIO that I’ve seen are from people looking for comparisons between the two. That doesn’t detract from AIO being a useful plugin, but those are the observations I’ve made over the past few months.
Are you using either of these plugins? I don’t use them and I don’t know much about the innards of SEO so I’ll have to take your word for which is better.
A few days ago, Sucuri mentioned that the Absolute Privacy plugin for WordPress contained a security vulnerability that would allow the ability to bypass the authentication mechanism and gain admin access to the application, that being WordPress. The plugin was subsequently pulled from the repository as there had not been any updates to fix the security issue for well over a year. Today however, the plugin can be found within the repository again as the security issue has now been fixed.
It’s been awhile since we’ve had a discussion revolving around those three magic letters GPL. It looks like we’ll be talking about it again considering that somewhere around 500 plugins run the risk of being purged due to their incompatibility with GPLv2. There has been an ongoing discussion within the past 11 months regarding various licenses and what is and is not compatible with what WordPress uses. It looks like the core team has been monitoring the discussion considering Andrew Nacins comment:
The core team plans to discuss plugin directory licensing once none of us are sick or traveling. So, expect an update here in the next week or so.
The arguments have been laid out, so no need to continue to do so. Not trying to stifle discussion, but, you have all made your points.
Jane Wells also participated in the tract ticket discussion:
I would think we would want everything on wordpress.org to have consistent and compatible licensing. If we’ve moved away from that, is Matt aware of it? (I wasn’t.) He’s always said in the past that anything promoted (including being hosted) on wordpress.org needs to be 100% GPL, and said that no one should ever have to wonder what they can/can’t do with something we host, because the license would be the same/compatible.
I also think the end goal for WordPress.org would be for consistency across the site with regards to licensing. No one should have to guess or worry about which license a particular piece of code is using if it’s being hosted by WordPress.org. At the end of the day though, it looks like license consistency is easier said than done.
*Update*
Until the guidelines have been thoroughly reviewed and discussed amongst the core team, Plugins that violate the current guideline but are compatible with GPLv3 will not be de-listed.
Dave Clements of DoItWithWP.com shared his experience with a plugin that’s new to me called P3 Plugin Performance Profiler. After performing an automatic scan on the WPTavern website, the profiler provided me a pie chart along with other metrics that allowed me to easily tell which plugins were capable of slowing the site down. Here are some of the metrics after running the scan on WPTavern.com:
The scan consisted of 15 random page visits. I have 25 Active Plugins. Those plugins accounted for 51% of the page load time. There was an average of 38 MySQL queries per visit. The plugin load time was 0.233 seconds per visit. Within this scan, Ajax Edit Comments was the slowest plugin out of the bunch at 21% and 0.0491 seconds while Yet Another Related Posts Plugin took second place with 17% and 0.0408 seconds. Meanwhile, Woopra consistently was within the top three for slowest performers.
P3 Profile Scan
After the scan is completed, you have a few different options of drilling into the data. The detailed breakdown tab will show you a bar chart that displays the worst offenders. There are other means of figuring out the data as well such as viewing the simple timeline tab or the advanced metrics tab.
Here are the advanced metrics for the scan I performed at 6 A.M. this morning.
At the time this scan was conducted, it took less than 1 second to load the entire website. Plugins only accounted for 0.2331 seconds on average. I’m sure I could figure out how to decrease that amount of time but when the numbers are this small, is it worth the trouble to shrink them anymore? Perhaps on a grand scale but for the average website? Also, what do you think of the number for “Number of plugin function calls: 4,835 average“. Does that seem like a lot to you?
I couldn’t help but notice the GoDaddy image at the bottom of the plugin screen. Sure enough, they were one of the contributors behind this plugin so I give them props for doing something legitimately cool with WordPress. I recommend running a number of auto scans during a 7 day period at different times of the day to get a good feel for which plugins are really the culprits for slowing down your site. After that, it’s your call on whether you want a faster website, or the functionality that the plugin provides.
Thanks Dave for the hat tip.
Alex who also goes by Viper007Bond has recently installed Limit Login Attempts on his personal blog because someone is trying to brute force their way into his site. I’ve mentioned this plugin before and his post reminded me that I should probably give you all an update as to the results I’ve seen over the past few months.
Since January 1st, 2012 there have been 75 email notifications sent to my inbox letting me know of an IP address that failed to login to the back-end of WPTavern three times in a row. In almost every case, the notifications look like the following with the IP address being different.
3 failed login attempts (1 lockout(s)) from IP: 78.29.15.137
Last user attempted: admin
IP was blocked for 20 minutes
There have only been a few times when Webmaster and even fewer with Jeffro as the attempted username. I receive multiple notifications every day with some spurts of 3-4 different IP addresses failing to login. I have no idea if these are real people or bots trying to login but thankfully, Limit Login Attempts is keeping me abreast of all the failed attempts. It’s definitely a plugin you should consider installing for the sake of monitoring the activity of failed login attempts. This is also a reminder that if you are using admin as your administrative username or have that username within the Administrator role, you’re begging for trouble.