By Jeffro on April 30, 2012
As if WooThemes.com being attacked was not bad enough, there is also a critical security issue that’s been fixed in the latest release of the WooFramework. The issue dealt with the shortcode generator.
The latest version (and most likely many previous versions) of the WooThemes WooFramework has a bug that allows any website visitor to run and see the output of any shortcode. This gives unauthenticated visitors the same power to execute code on the server as regular publishers have. WordPress installations with unsecured shortcodes (such as [php] which allows raw PHP code to be run) are vulnerable to serious attacks if WooThemes are installed, even if they are not the selected theme for the site.
While the Gist author for that post took some heat for releasing the information the way that he did, others chimed in and stated the vulnerability should have never existed in the first place. According to Jason Gill who is a WooThemes paying customer and also the one who announced the vulnerability on the Gist website explained that he made every effort to try and contact WooThemes or at least, see if the patch was already in existence but was unsuccessful.
While at the time of writing this article WooThemes.com is offline, I advise you to check back often to update your themes as soon as possible.
Posted in Themes | Tagged security, update, woothemes |
By Jeffro on January 25, 2012
It’s been a long time since I published any episodes of WordPress Weekly and it’s not without good reason. I am still in the middle of transitioning from one dwelling to another and this is the primary reason why I haven’t been able to produce an episode. During the past few months, I’ve not been able to spend as much time behind the PC as I’d like which also explains why I’ve been publishing more short form content versus long form. I’d like to explain everything I’ve personally been through during 2011 and now going into 2012 but it would take up a novels worth of space. Lets just say that in 2011, we had to purchase a new roof for our home, new vinyl soffits, other home improvements and some of them were forced on us thanks to the appraiser who told us some items needed to be repaired or renewed before he would approve of the home in order for us to transfer the mortgage.
Putting all that personal stuff aside, I’ve been making strides and within the next 2-3 months, I expect to be moved into a new home as well as have my new office put together. Once this happens, I’ll be able to concentrate on producing the show on a weekly basis again. Regarding the show, I’ve decided not to produce it live on a weekly basis. Instead, the majority of episodes will be pre-recorded via Skype which is not only a benefit in terms of audio quality, but makes it much more convenient for both myself and the people I’ll be interviewing. There are plenty of people that I want to talk to throughout the course of the year and I look forward to being able to engage in spirited conversations with the people that are doing great things with WordPress.
Posted in WordPress Weekly | Tagged podcast, update, WordPress Weekly |
By Jeffro on March 29, 2010
Woopra Client 1.4 has been released to the public after a few months of beta testing. This new version includes a number of new features and enhancements. For instance, Woopra users now have the ability to embed a chat widget onto their site that enables inbound chatting whereas before, it was only outbound. Notifications have also been reworked so they are a scrollable list. A small but valued addition to the client is a usage meter. This lets paid users know how much of their monthly allotment they have used. Improved firewall connections as well as IP range filtering to exclude visitors have also been added.
The next time you open Woopra, you should receive notice that the update is available. I will not be adding the inbound chat feature to WPTavern.com because I use Twitter for that. It’s one less thing that has to be loaded. By the way, if you want to see what Woopra looks like on a 23 Inch Widescreen monitor, check out the following screenshot. Please ignore the WordPress Porn search query in the searches box.
Posted in Blogging | Tagged 1.4, client, update, woopra |
By Jeffro on November 2, 2009
Just wanted to provide a quick update on what’s been going on. To make a long story short, going back to 35+ hours at the store from 4am to 12pm is taking it’s toll on me. On the side, I’ve been trying my best to put up at least one post a day on weblogtoolscollection.com as part of my second job but even that is proving to be difficult. WordPress stuff is hard for me to get into recently, especially as it relates to the wordpress weekly podcast. I don’t plan on abandoning the show or this website but work on it with regards to postings and such may be far and few between for the rest of this year. So, I have three jobs that I’m working and it doesn’t take long to feel like crap everyday, especially when good sleep is hard to come by. This all sucks because I’d love to get back to what I’ve been doing for the past few months but money dictates I do other things.
I have an interesting idea for a site redesign/rearrangement that falls in place with my idea of what the wordpress.org portal should be like. Wptavern will be my testbed for this idea to see how it pans out. No word yet on when it will be finished but I’m excited about it.
Looking forward to wordcamp NewYork next week which will be a welcome relief. That’s all on this front, hope all is well in your neck of the woods.
Posted in News | Tagged personal, update, work |
By Jeffro on July 22, 2009
In case you missed it, there was some bruhaha over a recent change in WordPress where pinging went from being instant to being sent once per hour. Karamell.net argued that this change halted the real time web and that it would negatively affect announcement services such as Google news. A counter patch was then made to reduce the wait limit to 30 minutes and also bundle pings together. Then after all the discussions were made, the final verdict was to restore the original behavior which means pinging takes place when the post is published as well as any time it’s been successfully updated. The changes will be in WordPress 2.8.3 if released or WordPress 2.9.
At one time, I removed the Ping-O-Matic code from my WordPress install because I believed in the rumor that if I published or updated content too much, I could be banned from these pinging services because of so many pings. While it looks like that might still be a possibility, I’ve since learned to schedule posts and try to keep editing down to a minimum.
Posted in WordPress | Tagged broadcast, ping, update, wordpress |
By Jeffro on July 20, 2009
Out of nowhere, WordPress 2.8.2 has been released to the public. You should notice the upgrade notification within a few hours if you don’t see it already. However, I think now a days, the upgrade actually is triggered when you visit the upgrade section of the backend.
Ok, just received word about the dev blog post which contains information regarding an XSS vulnerability that was addressed which of course, explains the need for 2.8.2 to be released.
I upgraded the tavern website to 2.8.2 without any problems, I suggest you do the same.
Posted in WordPress | Tagged 2.8.2, update, version, wordpress |
By Jeffro on June 9, 2009
You might have noticed a lack of content on the site here in the past few days. This is in large part thanks to my trip to Chicago over the weekend and since I arrived back home, I’ve been stuck on a GO GO GO schedule. I spent the majority of last night working on putting together the special edition of WordPress Weekly which is now available and also fixing the RSS issue many of you were experiencing. So at least those two items have been checked off of my to do list.
I am still working on getting my WordCamp media onto the web and once that is finished, I’ll publish my WordCamp Chicago experience post. Until then, keep an eye out for WordPress 2.8 which if all goes well, will be released on June 10th.
Posted in News | Tagged News, update, wptavern |
