WordPress 2.9 “Carmen” is out, fresh & crisp!

I just noticed that WP 2.9 is already out of its “beta” phase and you can download its stable release.

Of course, Matt already has posted an article about 2.9, along with the new “code name” of 2.9: “Carmen” (Carmen McRae, jazz vocalist).

Only a day ago, I was reading a quite detailed article about the new features and improvements in WP 2.9 — this article I can recommend to you, too.

I liked two things more than others:

— You can already restore items from the “Trash” — items that you have deleted by accident or on purpose! Everything deleted will be kept in the Trash for 30 days (and you can change the time period for which the items will be saved there).

— Mass upgrade of plugins with one click only!

Of course, there are a lot of fixed bugs and some other improvements (full list).

Although I already feel enthusiastic about 2.9, I might wait for 2.9.1 to be released… sort of a Service Pack 1 for 2.9.x ;-)

Plugin for removing <meta name="generator" content="WordPress…" /> in WordPress blogs

A while ago I wrote a short post about an easy way to remove the following code from the HEAD of a WordPress blog:

<meta name="generator" content="WordPress [version number]" />

This included only the modification of the functions.php file in your theme. But then it occurred to me that there should be now even an easier way — via a plugin. And there is such a plugin, indeed!

Remove-Generator-Meta-Tag WordPress Plugin

It’s very simple (one line of code, actually) and easy to activate & use. Simply upload to your ‘wp-content/plugins/’ directory and activate it via the WP Admin interface.

There are probably other similar plugins, but this one is the simplest I could find!

Enjoy! :-)

WordPress capturing $_POST requests (updated script)

A while ago, I discovered a small and useful code snippet, which allowed you to capture all $_POST activity, related to your WordPress blog.

This might be useful when your WP-based website is experiencing a hacker attack. Or when you want to know where from is coming the biggest spam comment flood that try to drown your MySQL database in spam.

After using this small code snippet for a while, I discovered a way to improve it a little bit.

The original script didn’t show timestamps of the events recorded. I added this functionality, while leaving the original code almost the same.

If you want to use this updated version, feel free to copy the code:

$posty_ip = $_SERVER['REMOTE_ADDR'];
$the_file = $_SERVER['SCRIPT_NAME'];
$date_sub = date('Y-M-d @ H:i (O)');
if ( $posty_ip != "" && $posty_ip != "" ) {
  if ( !empty($_POST) ) {
    $fp = fopen( '/home/path/path-to-log.html', 'a' );
    foreach( $_POST as $key => $value ) {
	fwrite( $fp, $key.' = '.$value." 
\n" ); } fwrite( $fp, "ip = ".$posty_ip."
\n" ); fwrite( $fp, "date = ".$date_sub."
\n" ); fwrite( $fp, "file = ".$the_file."
\n" ); fwrite( $fp, '================================================'."

\n\n" ); fclose( $fp ); } }

I also added HTML line breaks, as for me it was more useful to have an HTML log file.

The instructions where (and how) to place this code can be found in the original place. Still, it’s worth repeating: Be careful where you place the log file on your server!

I would also recommend to use a plugin, which encrypts passwords (you can download it from wordpress.org). This is not obligatory, but it is always wise to send passwords over http encrypted, and this plugin does exactly that (you don’t have to use https to be able to encrypt the passwords being sent).

Enjoy! :-)

How to remove <meta name="generator" content="WordPress…" /> from <head> in a WP blog

I met with the following interesting problem today:

Due to specific needs, I needed to remove from the HEAD part of one WordPress blog the following:

<meta name="generator" content="WordPress [version number]" />

The WP theme, in which I was making the changes, was the standard for WP Default Kubrick Theme. The WP version I was using was 2.6.2.

I was searching and searching inside the code of header.php — and did not find anything! Before, in every WP theme, in header.php, usually the following code was present:

<meta name="generator" content="WordPress <?php bloginfo('version'); ?>" /><!-- leave this for stats -->

Now, I wasn’t able to find it…

I tried also global search inside all of the files of this theme, and again, with total un-success. Finally, I tried the last possible option — Google Seach…

…And have found it! :-)

In short: if you want to hide from the HTML code "<meta name="generator" content="WordPress ..." />, as well as the exact WP version you are using, all you need to do is (in case that you don’t find the code inside header.php — for example, in WP up to version 2.3.3, the code was usually there):

1) Locate and open with a text code editor the file functions.php inside the theme directory — for example, if you are using the Default Theme, the functions.php will be in wp-content/themes/default/functions.php.
2) Add inside it the following code:
remove_action('wp_head', 'wp_generator');
3) Save the file functions.php and upload it back to the server.

That’s it! Automagically, the code, which shows that you are using WordPress, as well as the exact version of it, will disappear from the HTML source! :-)

WordPress 2.3.3 is not safe anymore – upgrade NOW! (link injection vulnerability)

A few days ago I was recommending to people not to upgrade to version 2.5 of WordPress, because at the time I believed WP 2.3.3 to be as stable and safe as the new 2.5 series. Besides, I liked (and still like) the old, ‘classic’, 2.3.x admin interface much more…

OK, I must take my words back and confirm that WordPress 2.3.3, the last stable release before the new WordPress 2.5 branch was released, is not safe anymore, and you can become a victim of the link injection hack (vulnerability).

What happened?

In one of the blogs, which I support (luckily, not my personal blog, which I have upgraded to 2.5/2.5.1 long ago), I have found ‘hidden’ links (code: <u style="display: none">[ bunch of spam links inserted here ]</u>) in one of the regular posts there.

Read more

WordPress 2.5: Give me back part of the 2.3 Classic interface, please!

Yesterday I made an upgrade from WP 2.3.3 to WP 2.5 (with full backup of MySQL database and files before that, of course). Looks like everything works fine:)

First, about the good things in WP 2.5:

  1. Editing tags is now built-in feature, which is great;
  2. A better visual editor (Rich Text Editor) — I don’t use it, but they claim it’s better;
  3. Fixed an old bug, which didn’t allow you to specify a directory for uploading files, which is one or more levels higher than the current WP directory (I just had to dig in deep, just to find that you have to fill correctly both fields in Settings → Misc [“Store uploads in this folder…” & “Full URL path to files (optional)…”], or this won’t work);
  4. A better Image Uploader;
  5. Possibility to automatically update plugins, with just one click (nice!).

There a lot of others, but these I noticed at first glance.

And now some rant from my part:

Read more

WordPress plugin to show Moon Phases

Yovko showed me, from where I can get a little plugin for WordPress, which shows the Moon phases in the sidebar of the blog.

MoonPhase Plugin for WordPress

I’ll test it one of these days…

UPDATE: With WordPress 2.2.1: plugin works!:-) With WP 2.3 I still don’t know, I’ll know soon, after I upgrade my current WordPress version…

How to prevent Google from indexing WordPress RSS feeds

I love to optimize my WordPress-based blog. The only problem is, I rarely have enough time to do it — and still, there are some small improvements, which may take less than 5 minutes of your time, and yet have a tangible impact on your overall blog optimization.

One of these things is how we can prevent Google (and other search engines) from indexing (searching) the WordPress RSS feeds.

The next few lines will be dedicated to this problem (and how we can solve it).

Where to start?

I remember that some time ago I was checking which pages of optimiced.com are indexed in Google.

I was puzzled by the fact that, beside the blog posts, I have found a lot of RSS feeds, which were also indexed.

Why you do not need Google to index/spider the RSS feeds?

First of all, the indexed (searched) content is duplicated – the last 10 posts or the last comments, available via RSS, can be read on the blog itself. Second point, RSS is meant to be used with an RSS reader, not to be read in the browser window (text and images won’t be formatted, for example). Last, but not least, who would like after a performed internet search to land on a un-formatted RSS page with comments, for example, instead of on the blog post itself, to which the comments are related? And this happened to me, and more than once…

(Example: you can use this link to subscribe to the RSS feed of my blog, or just to check the ten last blog posts from optimiced in RSS format.)

Can we prevent this from happening?

I searched the Internet for some time, until finally I dropped on the WordPress Support forum, where the solution was found, and the thread itself, titled “Prevent indexing of feed pages”, was marked as ‘resolved’.

Here’s the way to do it – you must use a robots.txt file.

What is robots.txt?

robots.txt graphicAs the name itself suggests, robots.txt* is a text file in the standard text format (.TXT), intended to use by robots:-)

But not all robots, of course (for example, Roomba doesn’t count;-), but only by the search machines (spiders), like Google, Live Search (until recently MSN Search), Yahoo!, Alta Vista and all other search (ro)bots.

Read more