WordPress Database Errors and the Post Hoc Fallacy

Glenn Reynolds at Instapundit mentioned WordPress today in not-so-flattering terms (emphasis added): LIEBERMAN CAMPAIGN CRASHED OWN WEBSITE: “The server that hosted the joe2006.com Web site failed because it was overutilized and misconfigured.” That’s like when people send me a link to their underpowered WordPress blog, then it produces a “Database Error” message when too many […]

Less Obvious New Stuff in WordPress 2.5

WordPress 2.5 has been officially released. The new look of the administrative interface, a Flash-based file uploader, and the plugin auto-installer are the new features that have been getting all of the attention. But here are some less glamorous changes that you still might want to know about. WordPress no longer allows you the option […]

WordPress 2.5 Release Candidate

The first release candidate for WordPress 2.5 has been announced. That means that work on this major upgrade to WordPress, whose release is now over a week delayed, is starting to wrap up. However, activity on the lists shows that there is still quite a bit of bug-fixing that remains.

Define “Imitation”

I couldn’t help noticing the similarity between the upcoming re-design of the WordPress admin interface and Dictionary.com, and sure enough, Happy Cog has designed both.

Venture Capital and Automattic

Xconomy has an article about the birth of Automattic, the company started by WordPress founder Matt Mullenweg. The author has interviewed Mike Hirshland, a partner at Polaris Venture, Automattic’s main investor.

Adding Advanced Options Boxes in WordPress 2.5

The upcoming WordPress 2.5 has a completely-redesigned admin backend. Plugin authors who add custom fields to the “Write Post” and “Write Page” pages will need to change their methods to work with the new design. Ozh explains how to use add_meta_box() with the new design to add those custom fields. He has a simple, straightforward […]

Readying Plugins for the New WordPress Admin Theme

The WordPress admin theme has been overhauled for the next version (scheduled to be released mid-March), which means that a lot of plugins’ admin pages could end up looking out of place. Joost de Valk gives some brief tips on how to mark up plugin admin pages to take advantage of the new styling. Unfortunately, […]

CSRF Attack on WordPress

Someone named Ferruh has a proof-of-concept cross-site request forgery (CSRF) attack against WordPress (HT: DK at BlogSecurity). I’ve tried it out successfully on my own version of WordPress 2.3.3. The scenario is like this: you go to leave a comment on someone’s site, and surreptitiously that (evil) site tricks you into changing your WordPress admin […]

What You Won’t See in WordPress 2.5

One of the WordPress lead developers, Ryan Boren, announced today that WordPress 2.5 was going into “feature-freeze.” That means that the remaining month until 2.5’s March 10 release will be spent fixing the bugs in existing 2.5 features, not adding more. And that’s a lot of bugs, as much of the admin redesign hasn’t yet […]

Serious Security Flaw: Upgrade Immediately

Today a serious security flaw in the current version of WordPress surfaced in the support forums. Basically, a user with login rights but not editing capabilities can edit any post using XML-RPC. A quick fix is to delete the xmlrpc.php file, although you should be aware that this will also keep your site from receiving […]