Friday, April 23rd, 2010
One of our client recently had an annoying comment posted on his site. Even more annoyingly, the commenter had posted a fake email and clicked Subscribe to Comments. Now this client runs a pretty busy client section: 200 comments per post is not uncommon.
Result of the fake address passing: over 200 bounced emails in his inbox. Richard tried to remove the commenter's subscription in the admin section of Mark Jaquith's Subscribe to Comments (WP Plugins). It didn't work.
We tried to block the user from receiving any comments. Didn't work.
Clearly there is an issue between WordPress Subscribe to Comments and WordPress 2.9. Easy enough to fix. But we have about five popular plugins right now in active development and adopting another step-child would take us away from our existing work.
What did work for stopping the bounced emails, we simply removing the commenter's address from the email.
Keep reading Trouble with WordPress Subscribe to Comment Plugin in WP 2.9: Gurken's the solution
By Alec
WordPress |
Friday, April 16th, 2010
Shared environments for hosting are more vulnerable then dedicated. Using web based file manager creates even more security issues. In Foliovision we allow SEO Images (our web based file manager) to access only one directory. Now there is a question which permissions you want to have on this directory.
Not using fast CGI on PHP (PHP is running as apache extension)
777:
| Pros |
Cons |
| Files and directories are manageable through FTP and SEO Images simultaneously |
This directory is even more vulnerable since any server user is able to write to it |
755:
| Pros |
Cons |
| Only apache user (usually named httpd) is able to write to this directory, which enhances the security |
Files are not manageable through FTP |
If you are using PHP in CGI mode (Installed as CGI binary) you can leave the permissions set to 755, because the CGI application is the same user as FTP. Also using a web based file manager that operates through FTP will solve permissions issues, but typing the FTP password over and over again is uncomfortable. Storing the FTP password on the server is a great security risk.
By Peter
WordPress |
Wednesday, April 7th, 2010
The biggest disadvantage of our WYSIWYG editor for WordPress was the incompatibility of built-in image uploader/manager tool with Safari.
We are very happy to introduce the latest version - 0.9.10 - which contains a new version of KFM and thus works in Safari. That's a good news for all the fellow Mac users. If you experience any problems, just drop us a comment and we will try to fix it in next release.
Another features of the new version:
- Image management tool now allows multiple file uploads via built-in Flash uploader
- Plain text editing option for posts (if want to have a full control over the post HTML)
- Wpautop and wptexturize are disabled on posts edited with Foliopress WYSIWYG - makes sure your posts have the cleanest and untouched HTML possible
By Martin
WordPress |
