From the WordPress Blog:

Thomas Mackenzie alerted us to a problem where logged in users can peek at trashed posts belonging to other authors. If you have untrusted users signed up on your blog and sensitive posts in the trash, you should upgrade to 2.9.2.  As always, you can visit the Tools->Upgrade menu to upgrade.

If you require assistance upgrading, please contact us anytime.

Here are 3 quick videos demonstrating some of the key new features:

1. ”Trash” feature:  If you accidentally delete a post or comment, you can bring it back from the Trash.  This also eliminates those annoying “are you sure” messages WordPress used to have on every delete.  Here’s a demo:
   [See post to watch Flash video]
2. Built-in image editor: You can now crop, edit, rotate, flip, and scale your images, all from the comfort of your WordPress dashboard.  A very time-saving feature.  Check it out:
   [See post to watch Flash video]
3. Batch plugin update: Another feature that can save you a lot of time and clicks.  You can update 10 plugins at once, versus having to do multiple clicks for each one.   This feature also uses the new compatibility data from the official WordPress plugins directory to give information about whether plugins are compatible with new releases of WordPress.  Demo:
   [See post to watch Flash video]

There are many other “under the hood” features of WordPress 2.9, which you can use to enhance your theme, and to provide new functions such as “Post Thumbnails”, something we will cover in a future post.

Head on over and download WordPress 2.9.1, or hit update from the Tools -> Upgrade menu in WordPress Admin.

As always, just drop us a line if you have any questions about upgrading.

But, there are things you can do to discourage or minimize theft of images on your site.  Here are a few of the most common:

Disable Right Click: Using JavaScript to disable right click on your site is a fairly simple thing you can do to thwart off novice users and prevent them from using the “Save Image As” feature of their browser to take your images.   Here is a simple tutorial showing you how to disable right click.  Keep in mind, with this solution, you are also disabling right click features such as Print, Bookmark, etc.  So there is a bit of a price.

Use Watermarks: Adding watermarks to your images is an effective approach for protecting images.  Of course, you will be distorting your original images when you do this, but if this acceptable for you, then this is often a good solution.  And because the source file itself is watermarked, there is absolutely no way the user can obtain the original image.  You can use Photoshop or your other preferred graphics editing software to add watermarks to your images.  There are also online watermarking services you can try.

Slice your Images: Slicing your images is another very effective image protection method for your website.   Using image editing software like Adobe Fireworks, you can slice your images into multiple “pieces”, then re-assemble them in your pages.  This requires a bit of work on your part, and your particular site might not be suitable for this approach.  For example, a photo gallery script might not allow or properly support this method.

Do you have another idea or suggestion?  Please leave a comment and let us know.

From the official WordPress Blog:

As you know over the past couple of months we have been working on the new features for WordPress 2.9. We have also been working on trying to make WordPress as secure as possible and during this process we have identified a number of security hardening changes that we thought were worth back-porting to the 2.8 branch so as to get these improvements out there and make all your sites as secure as possible.

The headline changes in this release are:

• A fix for the Trackback Denial-of-Service attack that is currently being seen.
• Removal of areas within the code where php code in variables was evaluated.
• Switched the file upload functionality to be whitelisted for all users including Admins.
• Retiring of the two importers of Tag data from old plugins.

We recommend that you upgrade your site to this new version of WordPress to ensure that you have the best available security protection.

To upgrade, you can use the upgrade feature built into the WordPress admin panel, or contact us if you require further assistance.

There are many reasons to protect your comments section from spammers.  Here are just a few:

• It is your responsibility to protect your users from offensive material/content
• The quality of comments on your site’s content are a reflection of your site itself.  This affects your reputation both to your site visitors, and to search engines (i.e. Google)

Your main weapon in fighting Spam on your WordPress site is the popular plugin Akismet, which does a great job to cut down significantly on WordPress spam.  Akismet analyzes all of the comments on your site and determines whether or not it is spam.  And as the site administrator, you can review the results of the analysis – you can easily see what was tagged as spam, and what was not.  And because Akismet was created by the same company that created WordPress, it integrates very well.   For information on how to install and configure Akismet, visit the official Akismet plugin page in the WordPress plugin directory.

Please contact us if you have any questions about installing or configuring Akismet.

In this video, he talks about the past, present and future of WordPress:

This is very useful for those of you Windows users who want to run a WordPress site locally on your machine; whether for development purposes, or otherwise.

What is BuddyPress?

BuddyPress is essentially a suite of WordPress plugins and themes which extends the multi-user version of WordPress (known as WordPress MU) by bringing social networking features to a new or existing installation.

Each BuddyPress component adds a distinct new social networking related feature to WordPress MU, allowing users to socially interact on your site.

The BuddyPress plugins are bundled with a default theme to get you going out of the box, and BuddyPress plugins can be themed to match your own style, in just the same way as a WordPress blog.

Some of the specific features of BuddyPress include:

• Extended Profiles: Enhanced and customizable user profiles, allowing your website members to post detailed information about themselves
• Private Messaging: BuddyPress private messaging works like internal site email. Members can message people on their friends list as well as forward and reply to received messages.
• Friends: Members of a BuddyPress enabled site can be connected together by one member adding another as a “friend” and then the other member accepting the friend request.
• Activity Streams: Activity streams consolidate all activity across a BuddyPress site. All of your friends activity is also recorded so you can check what others are doing on the site.
• Forums: The forums component allows groups to create and manage their own discussion forum. Group members can post and reply to topics all from within the group’s page.

Version 1.1 of BuddyPress contains a bunch of core improvements along with new features. One of the key new features is better integration with the bbPress forum component, making it easier to set up discussion forums. Other new features include:

• One click internal bbPress forum integration allowing you to set up group forums in less than a minute.
• A global forum directory allowing you to easily browse public facing forum posts regardless of the group they are attached to.
• Completely re-written theme handling. One theme now controls all of your installation. No hidden HTML, everything is in the template ready for you to skin.
• Easily create themes that are upgraded automatically when BuddyPress is updated.
• Total site admin control of all content within an installation. Edit user’s profiles, update avatars, mark users as spammers, manage all groups, delete site activity entries.
• And more..

If you’re starting with a brand new installation, check out the new setting up a new installation help guide.

Setting up BuddyPress and WordPress MU is definitely for those more familiar with web servers, databases, and the like. If you would like to discuss WordPress MU and BuddyPress, contact us anytime.

If you are running an earlier version of WordPress, you are vulnerable to a series of hack attempts, which are taking place right now.

According to Lorelle on WordPress:

Otto42 of OttoDestruct, a key WordPress developer and supporter, reports that there is an “attack” on older versions of WordPress right now. The number of sites hit by this is growing every hour. Protect your WordPress blog now: UPDATE NOW!!!

You can also read a very informative post regarding WordPress security, by Matt Mullenweg, on the official WordPress blog.

If you require assistance upgrading your WordPress installation, please contact us, and we will be glad to assist.