WordPress 2.6 was release a few days ago, and I wanted to point out some really cool features. The first thing I noticed was plug-ins are separated by those that are Active and those that are Inactive. There is also a button now to select all inactive plug-ins and delete them, giving you the ability to remove all those plug-in you don't use any more, but are too lazy to remove from your server.
The next thing I noticed was this little bubble next to the Plugins link on the Dashboard. Now I'm alerted when ever a plug-in has been updated by the author, which helps me keep the installation secure.
Something that has been around since the last version, is an auto-update feature for plug-ins. If a plug-in is hosted in the WordPress repository, you can automatically get the latest version and have it updated on your server without ever leaving the comfort of the administrative tool. Cool!
The next little trick is the WordPress Theme Preview. Now you can click on a theme you've installed and get a glimpse of what you can expect to see with your current content. It uses a LightHouse type affect. I also use a plug-in called Theme Test Drive to accomplish the same task, only I get to see it full size and live. There are some drawbacks to using this plug-in, the number one thing being if you change the sidebar plug-ins, it changes your main theme, so beware.
Finally, XMLRPC is turned off by default. This feature allows blogging clients like ScribeFire, ecto or, Windows Live Writer, to post content to your blog without actually being logged in to your WordPress site. This feature could be exploited, allowing someone to hijack your blog, so most users won't mind. But it does affect your ability to use services that auto post to your blog. Make sure you understand the security risks before turning on.
Please upgrade and keep your sites safe.
[Update: Joseph Scott from Automattic corrected my statement about XMLRPC, in a comment below. Here is what the WordPress 2.6 Blog Post says about the XMLRPC feature: "Remote publishing via XML-RPC and APP is now secure (off) by default, but you can turn it on easily through the options screen." So there is a possible security risk, according to this statement, but maybe the code can't be exploited.]
Wednesday, July 16, 2008
Subscribe to:
Post Comments (Atom)
FYI, there are no known exploits in the XML-RPC code.
ReplyDeleteJoseph, I stand corrected, and have adjusted my post. I didn't really think through what I was trying to say, so I'll let the WordPress Blog say what I couldn't.
ReplyDeleteThom - Being a wordpress fanatic - Thanks, man.
ReplyDelete