Feed your WordPress Demons!
The march towards Wordpress 2.7 continues with the release of Wordpress 2.6.2. The good people at Wordpress are working very hard to keep the system clean and safe for all the bloggers. The new release however is released to help bloggers who allow registrations on their accounts to take advantage. Here is why you should upgrade:
With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.
Pretty nasty, isn’t it? With all these hackers out there to comprosie popular blogs, you should definitely keep up with your updates to avoid major issues. You can download Wordpress 2.6.2 here.
We had a post about TV.Elements a few weeks ago as we evaluated this excellent video blogging premium theme. TV.Elements 2.0 is significantly improved and now comes in black and white, which means you are pretty much getting two designs for the price of one. The price has stayed the same which is a big plus, but now you can do normal blogging in addition to Videoblogging. Who can beat that?
We’ll post a full review on TV.Elements 2.0 soon. In the meantime, don’t forget to read our review of the earlier version to get a taste.
Press75 has announced that their 4 best video blogging themes will be on sale for $299.99. You will get unlimited rights and you can remove the links in the footer and use these themes on unlimited Wordpress websites. Here is what you get with this limited time offer:
On Demand Video Blogging Wordpress Theme: this is one of my favorites and was just released. You could pay about $250 for the unlimited rights, but that is included as a part of this package.
TV.Elements Vlogging Theme: I personally use this one on a bunch of my websites (a tennis and a MMA site). It’s very good looking, but it was a pain to have only rights to 5 sites. I wish I had bought the unlimited rights, but that is of course included as a part of this sale.
Video Elements Theme: this is a very useful theme to run a video trailer site with Wordpress (the review will be up soon). But unlimited rights to this one is also included in this sale.
Video Flick Wordpress Theme: VideoFlick features a galley style layout with a primarily thumbnail based navigation. I have seen the theme used for video and movie websites. Unlimited right to this theme is also included in the package.
You can get all this for $295 on WpElements, but if you don’t feel like spending that kind of money on all these themes that you may not need, check them out one by one here.
Wordpress is the undisputed king of content management systems out there and more than 70% of blogs use Wordpress as their underlying platform. Wordpress is easy to use, convenient, and easy to enhance. In fact, many programmers have put their time and effort to produce plugins for free for everyone to use. However, int the theme market it’s a different story. While many Wordpress designers have put their time to design simple and easy to use themes, the premium market is always the place people look for for the best Wordpress designs. The premium Wordpress themes are in general come with single and unlimited licenses and cost from $20 to $500, depending on the quality of the theme.
But it seems now a few top designers are planning to offer their themes for free to public to show their dedication to the open source movement. I always thought that giving themes away for free in return for a text link is generally well worth it, but opening up the source for everyone to make changes can only make the Wordpress community better. I don’t know how successful this effort will be, but it is something worth watching out for.
The good folks at Wordpress have just released a new security patch for Wordpress platform (WP 2.6.3). Here is the deal:
A vulnerability in the Snoopy library was announced today. WordPress uses Snoopy to fetch the feeds shown in the Dashboard. Although this seems to be a low risk vulnerability for WordPress users, we wanted to get an update out immediately.
For those of you who are a bit more technical:
This can be exploited to inject arbitrary shell commands via a script calling the “fetch()” or “submit()” function with an URL controlled by the attacker.
This is a highly critical security item, so you should download yours as soon as possible.
