Independent Digital

Be careful when installing plugins. It is a dangerous world out there with many strange people doing strange things. Now not all plugins are dangerous and neither are their authors. Some plugins, however, have simply not been tested enough with the result that malicious hackers manage to find flaws, which they can exploit to do their dirty deeds. They then search the net for WordPress sites running that plugin. When they find it, they?re in and before you know it, your WordPress blog is performing erratically or your database has been deleted.

One example of this plugin security issue is the wp-forum 1.74 plugin. According to the securityfocus website, ?it is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. (This would allow an)? attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.?

Another example is the wp-db-backup plugin, which had a serious vulnerability issue. Now I am not saying that it is the intention of the plugin author to create plugins containing devious code which allows a security breach. It is more likely that the authors themselves are unaware of the security flaw. As far as I know, there is no standardized validation of plugins to ensure that they are not a security problem. So we need to be very careful before we install any plugin. Do research, check on the web and within forums to see whether others have experienced security issues when using that plugin. If there are no known issues, make sure that you have backed up your website and database before installing the plugin. The WordPress team are continually upgrading WordPress to ensure that it is as secure as possible so remember that the most important step that you can take to secure your site, is to ensure that you are running the latest version of WordPress.

Have a look at this excellent article on plugins and security issues.

Some plugins with known issues

• WordPress BackUpWordPress plugin Php File inclusion vulnerabilities 2007-11-06

• WordPress WP Photo Album Plugin “photo” SQL Injection 2008-02-20

• WordPress Search Unleashed Plugin “s” Script Insertion Vulnerability 2008-02-5

• WordPress DMSGuestbook Plugin Multiple Vulnerabilities 2008-02-05

• Wordspew Plugin for Wordpress “id” SQL Injection Vulnerability 2008-02-04

• WordPress WP-Footnotes Plugin “admin_panel.php” Cross-Site Scripting 2008-2-04

• WordPress WassUp Plugin “to_date” SQL Injection Vulnerability 2008-01-31

• WordPress AdServe Plugin “id” SQL Injection 2008-01-30

• WordPress WP-Cal Plugin “id” SQL Injection 2008-01-29

• WordPress Permalinks Migration Plugin Cross-Site Request Forgery 008-01-24

• WordPress WP-Forum Plugin “user” SQL Injection 2008-01-21

• WordPress PictPress Plugin “path” Disclosure of Sensitive Information 2007-12-07

• WP-FeedStats Plugin for WordPress Script Insertion Vulnerabilities 2007-07-27

• WordPress AdSense-Deluxe Plugin Cross-Site Request Forgery 2007-05-22

• WordPress wp-Table Plugin “wpPATH” File Inclusion 2007-05-02

• WordPress wordTube Plugin “wpPATH” File Inclusion 2007-05-02

• WordPress myGallery Plugin “myPath” File Inclusion 2007-04-30

• WordPress WP-DB Backup Plugin Directory Traversal Vulnerability 2006-08-15

• FeedBurner FeedSmith Cross-Site Request Forgery Vulnerability 2007-10-04

Here?s a list of plugins that you can install to make your WordPress blog more secure.

Want to be notified when there is a new post?

You’ve just written a great post. Someone surfs the net and finds your post, reads it, then moves on. But hey, you’ve got lots more just like that, even better, juicier posts you’re sure they’ll love to read. Trouble is they don’t know that. But you say there’s a whole list of categories right there in the sidebar. Too bad your visitors don’t have the time to wade through those long lists. If only you could somehow attache links to similar posts at the bottom of your posts. Then when people read your posts and they come to the bottom of the post, they see the links and will probably click on them. Great. They find more useful information and you keep them on your site for longer. After all, the idea is not only to get the visitors to your site but also to keep them there for as long as possible.

You not only improve the visitors experience by giving him more useful information in the form of related posts but you also keep him on your site for longer, allowing him to experience more of your site than he would have without the related posts links. Without the related posts links, he would have read the one post then moved on to another site. By keeping him on your site for longer, you are also able to increase his exposure to your advertising campaign and hopefully increase your revenue.

Aizatto’s related posts plugin is very easy to install. Simply download it, unzip and upload the single PHP file into your plugin directory. Go to Options in the Admin panel and choose the options that suite you (I left the defaults and they work just fine), save and you’re done. Try it out. Select a post on your site and you should see a list of related posts attached to the bottom of that post. You can always change the settings in the Admin panel if you want to.

You can download Aizatto’s related post plugin here

WordPress Plugin resource list

Using WordPress Plugins A starter article on how to use WordPress Plugins.

Plugins. The WordPress page on plugins. Short and sweet with a basic definition for plugins

Managing Plugins. Covers the management of plugins, including installation and troubleshooting

Plugin Application Program Interface (API). Documents the API (Application Programming Interface) hooks available to WordPress plugin developers, and how to use them.

Plugin Resources. Has a whole lot of useful links relating to plugins and plugin development. Very useful if you want to create your own plugin.

Official WordPress Plugin Directory Well, it?s the official directory of WordPress plugins

WordPress Plugin Database at wp-plugins.net Well, it?s a database of WordPress plugins at the wp-plugins.net site

Plugin Submission and Promotion Shows you how to distribute your new plugin.

Writing a Plugin Gives the steps needed to follow, and things to consider when creating a well-structured WordPress plugin

http://wp-plugins.org A repository and environment for plugins and plugin development. It includes a set of development tools aimed at assisting the active WordPress development community and is free to use.

http://wordpress.org/extend/plugins/about/readme.txt Describes the format of a plugin

GPL Is a GNU site listing the requirements for the GPL license

GPL compatible license Alternative compatible licences to the GPL license

Reporting Bugs If you encounter any WordpPress bugs whilst creating your plugin, then you need to go here to see how to report these bugs.

Template Tags All you need on template tags. Includes a list of the general user tags available in WordPress, sorted by function-specific category.

Creating Tables with Plugins This article describes how to have your plugin automatically create a MySQL table to store its data.

Creating Options Pages Covers creating custom options panels in WordPress

Option Reference Lists the options, along with some of the default values from the current WordPress install.

Adding Administration Menus This article explains how to add custom administration screens to WordPress in a plugin.

Translating WordPress This article explains how translators (bi- or multi-lingual WordPress users) can go about localizing WordPress to more languages.

WordPress Coding Standards WordPress is working to gradually improve the code structure by helping users maintain a consistent style so the code can remain clean and easy to read at a glance. Read this article to see how you can help keep the code clean.

Inline Documentation This page is the start of the effort to add inline documentation to the WordPress core code to aid in future development, improvements and changes, as well as to assist others when learning about PHP and WordPress. Check it out.

How to Write a Wordpress Plugin An extensive, twelve entry series on the process of creating your own Wordpress plugin. Every step is covered, from ?Seven Steps for Writing a Wordpress Plugin? all the way down to adding ajax to your plugin and releasing it. This is an excellent article series for anyone interested in the process behind creating your very first Wordpress plugin. With code examples to help assist you, you will be on your way to future releases of your own plugins for the Wordpress community.

How to create WordPress Plugin from a scratch A great tutorial on how to write a simple plugin. The idea being to walk you through the steps you need to follow in writing your own plugin.

Using AJAX with your WordPress Plugin This post was written as part of the How to Write a WordPress Plugin series. More and more plugins are starting to use AJAX techniques. I personally don’t see a use for most cases of AJAX, but it may be necessary for your plugin to use AJAX to accomplish a task. This post will show you how to use AJAX with your WordPress plugin.

How to Write a Simple WordPress Plugin A quick tutorial on how to write a plugin.

Need help customizing your WordPress Blog?

WordPress is designed to be lean and fast. In most cases it is perfectly capable of doing the job as is, out of the box. Some users may have extra requirements, this is where Plugins come in. Plugins are tools that extend the functionality of WordPress. WordPress Plugins are designed by volunteers and are free to all users. Plugins are the responsibility of their authors so treat all new untried Plugins with caution. If you want to develop your own plugins, there is a comprehensive list of resources at Plugin Resources.

Where can you find Plugins?

You can find a list of WordPress plugins, and links to other repositories, here Plugins.

Is the Plugin compatible with your version of WordPress?

You can checkl to see whether the plugin you want is compatible with your WordPress version here, WordPress Plugin Compatibility.

Installing Plugins

Most Plugins come with a readme.txt file, which explains how to install the plugin. Usually the authors? website also has installation instructions. In any event, you need to load all the plugin files into the plugins directory (wp-content/plugins). Once you have uploaded a plugin to your WordPress plugin directory, activate it from the Plugins Management page.

Things to Know Before You Install Plugins

There are a few things you need to know before you begin to install WordPress Plugins.

• Read the readme.txt files accompanying the plugin as well as the author’s website, before you install. You?ll be better informed.
• Know how to download and upload files and how to use FTP.
• You may need to modify WordPress files and templates so it will be handy if you know PHP, HTML, CSS and CHMOD.
• Record any changes you make. Use comments in the code to indicate any changes. You can also keep a text file on your site with notes on all the changes.
• Make backups of your database before installing any plugins in case things go wrong?
• Are you sure that the plugin will work with your version of WordPress? Different Plugins are available for the different versions of WordPress. You can check the plugin compatibility here, Plugins/Plugin_Compatibility. If it isn?t, consider upgrading.

Plugin Installation

Follow these steps when installing a plugin:

1. Backup
2. Inform yourself about the plugin. Read the accompanying readme.txt file and the authors webpage concerning the plugin
3. Upload the plugin to the wp-content/plugins folder in your WordPress directory
4. Make any necessary modification as indicated in the readme.txt file
5. Acitivate the plugin
   1. Access the Plugin Panel in your Administration Panels
   2. Scroll down through the list of Plugins to find the newly installed plugin
   3. Click on the Activate link to turn the Plugin on.

Hiding Plugins When Deactivated

Some plugins have tags within the template files and if the plugin is not activated, the Theme is ?broken? and may not load properly. It is therefore important to be able to detect the plugin. You can use the function_exists() function to do this. It checks whether the plugin exists and uses it if it does. If not then everything works as if the plugin was not installed.

Troubleshooting Plugins

Check the following if you are experiencing problems with your plugin:

1. Have you followed the plugin author’s instructions to the letter?
2. Check that any plugin tags or usage within your template files are correct, spelled right, and placed in the appropriate place
3. Have you uploaded the file to the plugins folder under wp-content. Delete the old version if it is an upgrade.
4. Has the plugin been activated in your Plugin Panel of your Administration Panel.
5. Deactivate and re-activate the plugin. This may solve the problem.
6. Is it the latest version for your version of WordPress?
7. Visit the plugin author’s website to see if someone else is having the same trouble. Perhaps an answer has been posted.
8. Contact the plugin author directly for assistance.
9. Search the Internet for the name of the plugin and the trouble you are having as someone else might have had the same problem and found a fix and posted it on their site.
10. Visit the WordPress Support Forum. You may get assistance there from other users.
11. If the problem persists and you cannot solve it, check to see if there are any similar plugins that you can try instead.

Plugin Management

Plugins are managed from the Plugins Panel in the Administration Panels of your WordPress site. Each plugin has a description of what it does, an author and website to refer to, and a version number. WordPress uses this information to list the plugin. If you installed the plugin and it is not listed then this ?header? information may be missing. The header information looks like this:/*
Plugin Name: Put the plugin name here
Plugin URI: Put the plugin web address here
Description: Describe the plugin here
Version: Put the plugin version number here
Author: Put the authors name her
Author URI: Put the authors web address here
*/
You can add this information yourself by opening the plugin in the Plugin Editor which is accessible from the Plugins Management page.

Activation and Deactivation

You can activate and deactivate each plugin from within the plugin management panel. You can also deactivate all the plugins by using the link at the bottom of the list of plugins. Remember that if you made changes to the WordPress code or template files in order to make the plugin work, then you need to reverse these changes when you deactivate the plugin else WordPress will not work properly.

Uninstalling Plugins

When, for whatever reason you want to uninstall a plugin, check the following:

1. Check the author?s site for instructions on how to uninstall the plugin..
2. Remove any modifications that you made to the WordPress code or template files.
3. Deactivate the plugin.
4. Delete the plugin files from your wp-content/plugins folder.
5. Remember to make the same changes in your site backup files.

Developing Your Own Plugins

If you have knowledge of PHP and you would like to develop your own plugin, then have a look at this helpful list of resources at Plugin Resources.

Thinking of creating your own Theme? Have a look at this helpful article.

Need help with your WordPress installation, themes and plugins? Contact Independent Digital at www.idig.za.net/contact/