Yellow Swordfish

We Have a Winner!

Just 24 hours after my first Wordpress theme auction started it received a Buy It Now bid. The sponsorship slot was bought by Maiahost, a hosting company who specialise in wordpress web hosting. It is a great buy for them as their link will be seen by thousands of tightly targetted potential customers.

Spurred on by this success I have decided to auction another theme called ‘Flowers‘. You can see Flowers in action on Themey.com until the end of the auction (at least). Again, I would love to hear comments on the theme and the new site.

The auction is here.

The BlackHats are Coming!!

SEOidiot

Watchout WordPress users, the BlackHats are coming!!

As you may or may not know I have several friends who are involved in BlackHat SEO and they have been showing particular interest in the progress of Themey, my WordPress theme site. I had a little think about the potential for WP in the blackhat arena, and the things that can be done with it are very worrysome. The potential includes (but is in no way limited to):

* Using your domain, server and IP address to send bulk email.
* Using your server and IP address to spam other bloggers with comment and trackback spam promoting their latest PPC campaign (Pills, Porn and Casino).
* Using your site to pass PageRank (PR) to their PPC site.

If you are interested in the way that spammers could use your site for evil you can find more details (including an example site showing a method of user-agent based PR spam) in my Security Vulnerability post at Themey.

Hacking WordPress Security

First time I’ve visited my blog in a while, and I’ve discovered a problem with my site’s security. If you view this post you can see that there is a strange vertical black line at the bottom of the post.

Hacking WordPress Security

Editing the post shows that it is actually an iframe.

Security flaws with WordPress

I’m not sure if this is a problem with the security of my server, or a WordPress problem. My feeling is that it might be a WordPress security problem as nothing more sinister has shown itself yet.

I’m going to leave it there for now so that SEOidiot can have a look (I know he loves this kind of stuff). You might think I’ve gone daft publicly exposing a security flaw on my server… I can tell you I’m not daft enough to have my personal blog on a server with anything that matters too much, and I have backups.

If you have seen this before please leave a comment. I’m just hoping now that it isn’t some kind of secret project that I have forgotten about…

SEO Adsense Wordpress Theme

SEO Wordpress Adsense Theme

This theme might look pretty basic… that’s because it is!

This theme has been designed to be quickly added to any Wordpress site with no customisation. There is no need to alter header images because there aren’t any… like Kubrick it relies on text generated from your blogs title and description, and also from the category and post descriptions.

Adsense is integrated (3 units per page, and one linkunit ~ the maximum Google allows), and the theme also includes Adsense for search in place of the standard Wordpress search function. Of course, it is easy to switch out Adsense for any other advertising program you may wish to use, the banners are standard sizes.

Some basic SEO has been carried out… the “title” and “h1? tags contain the most relevant information… on a post page, the post title is used, on a category the category title is used etc. This should give Search Engines a better understanding of your page, and hence an improved ranking for your page. Another often overlooked advantage of correct use of tags is that your result in the SERPs will be formed correctly, so instead of your websites name (eg. pilkster.com) being used in every result, the page title (eg. SEO Adsense Wordpress Theme) or category title will be used. This is a much more useful and appealing result for the searcher.

This theme is also compatible with my Amazon Plugin For Wordpress.

Adsense is located in the following files; header.php (728×15 linkunit), footer.php (728×90 adunit), sidebar.php (336×280 adunit, 160×600 adunit).

Adsense for search is located in searchform.php.

The theme is intentionally basic and should be simple to build up and out from. If you use this theme as-is, or build a new theme from it, please let me know by commenting on this post.

Developers

WordPress development is led by Ryan Boren and Matt Mullenweg. Mullenweg and Mike Little were co-founders of the project.

The contributing developers include:

* Dougal Campbell
* Mark Jaquith
* Donncha O’Caoimh
* Andy Skelton
* Michel Valdrighi
* Peter Westwood

Though developed much by the community surrounding it, WordPress is closely associated with Automattic, where some of WordPress’s main contributing developers are employees.[14]

WordPress is also in part developed by its community, among which are the WP testers, a group of people that volunteer time and effort to testing each release. They have early access to nightly builds, Beta versions and Release Candidates. Upgrading to these versions, they can find and report errors to a special mailing list, or the project’s Trac tool.

Multi-blogging

WordPress supports one weblog per installation, though multiple concurrent copies may be run from different directories if configured to use separate database tables.

Wordpress MultiUser (Wordpress MU) is a fork of WordPress created to allow simultaneous blogs to exist within one installation. Wordpress MU makes it possible for any one with a website to host their own blogging community, control and moderate all the blogs from a single dashboard. Wordpress MU adds eight new data tables for each blog.

Lyceum is another enterprise-edition of Wordpress. Lyceum, unlike WordPress MU, stores all of its information in a set number of database tables. Notable communities that use Lyceum are TeachFor.Us[13] (Teach For America teachers’ blogs), BodyBlogs and the Hopkins Blogs.

Vulnerabilities

In January 2007, many high profile Search engine optimization (SEO) blogs, as well as many low-profile commercial blogs featuring Adsense were targeted and attacked with a WordPress exploit.[9]

A separate vulnerability on one of the project site’s web servers allowed an attacker to introduce exploitable code in the form of a back door to some downloads of WordPress 2.1.1. The 2.1.2 release addressed this issue; an advisory released at the time advised all users to upgrade immediately.[10]

In May 2007, a study revealed that 98% of WordPress blogs being run are exploitable.[11]

In a June 2007 interview, Stefen Esser, the founder of the PHP Security Response Team, spoke critically of WordPress’s security track record, citing problems with the application’s architecture that make it unnecessarily difficult to write code that is secure against SQL injection vulnerabilities, as well as other problems.[12]

Releases

WordPress releases are named after well known jazz musicians. WordPress 1.2 was codenamed Mingus (after Charles Mingus).

WordPress 1.5 was released mid-February 2005 and codenamed Strayhorn. It added a range of new vital features. One such is being able to manage static pages. This allows content pages to be created and managed outside the normal blog chronology and has been the first step away from being simple blog management software to becoming a full content management system. Another is the new template/theme system, which allows users to easily activate and deactivate “skins” for their sites. WordPress was also equipped with a new default template (codenamed Kubrick[3]) designed by Michael Heilemann.

WordPress 2.0 was released in December 2005 and codenamed Duke. This version added rich editing, better administration tools, image uploading, faster posting, an improved import system, and completely overhauled the back end. WordPress 2.0 also offered various improvements to plugin developers.[4]

On 22 January 2007, another major upgrade, WordPress 2.1, codenamed Ella, was released. In addition to correcting security issues, version 2.1 featured a redesigned interface and enhanced editing tools (including integrated spell check and auto save), improved content management options, and a variety of code and database optimizations.

WordPress 2.2, codenamed Getz, was released on 16 May 2007. Version 2.2 featured widget support for templates, updated Atom feed support, and speed optimizations.[5] Wordpress 2.2 was initially slated to have a revised taxonomy system for categories, as well as tags, but a proposed revision led to the feature being held back from release.[6]

WordPress 2.3, codenamed Dexter, was released 24 September 2007. Version 2.3 features native tagging support, new taxonomy system for categories, easy notification of updates as well as other interface improvements. 2.3 also fully supports Atom 1.0 along with the publishing protocol. WordPress 2.3 also includes some much needed security fixes.[7]

History

b2\cafelog, more commonly known as simply b2 or cafelog was the precursor to WordPress. b2\cafelog was estimated to have been employed on approximately 2000 blogs as of May 2003. It was also written in PHP for use with MySQL by Michel Valdrighi, who is now a contributing developer to WordPress. Though WordPress is the official successor, another project, b2evolution, is also in active development.

WordPress first appeared in 2003 as a joint effort between Matt Mullenweg and Mike Little to create a fork of b2.[1]

In 2004 the licensing terms for the competing Movable Type package was changed by Six Apart, and many of its users migrated to WordPress – causing a marked, and continuing, growth in WordPress’s popularity.[2]

Features

* What You See Is What You Get post editor
* Templating system
* Integrated link management
* Search engine-friendly permalink structure
* Extensible plugin support
* Nested categories and multiple categories for articles
* TrackBack and Pingback
* Typographic filters for proper formatting and styling of text
* Static Pages
* Multiple Authors
* Can store a list of users that visit your blog
* Can block a person’s IP address
* Tag support

Creating and Managing a Blogroll

Blogroll 

The blogroll is where you link to the blogs you read frequently - a friendly way of acknowledging the good blogs out there. WordPress’ built-in Links Manager allows you to add and manage links effortlessly

Bookmarklet 

The effortlessness begins with a neat bookmarklet that you can add to the bookmarks or favourites in your browser. Adding a link to an interesting blog or website is as simple as clicking on the bookmark or favourite when you visit the blog or website the next time!

Categorizing 

The links in your blogroll can be categorized and neatly organized

Importing 

If you already have a list o’ links as an OPML file, you can import it to your WordPress blog. For those coming from other blogging tools, this means that you can import your blogroll from Blogrolling.com and never use a third-party service to manage your blogroll, again.

Exporting 

Did we say you can also export an OPML file with your list o’ links?

Displaying 

As with everything else, you get some neat template tags that enable you to display your blogroll the way you like - in alphabetical order, ranking order, the order in which they were updated - you get the idea