As seen on my local WP development environment
Sometimes you’ve created a site with WordPress standard (not single user), but have had allow the site owners or users to have full admin access to it. You have plugin and theme dependencies, and if the site owner disables that plugin, you have problems.
For example, you’ve written a plugin that carries out a certain range of syndication functions for your client. If the client accidentally disables it he will lose money, and you will have a call-out, potentially an angry one, when he finds out. He wants admin access, but you know he’s dangerous with it.
So, since WordPress 2.8 you’ve had the facility to create a folder in wp-content called mu-plugins. It will work just like the mu-plugins folder in WordPress MU – as in, any plugin placed there, will run automatically. Activation code won’t fire off, but apart from that, so long as the plugin is correctly written, everything will work.
I’m not sure if this change is a part of allowing ‘must-use’ plugins support, as suggested in http://core.trac.wordpress.org/changeset/10737 or if it’s also planned as part of the move towards merging WP single user and WP-MU. Either way, it’s an incredibly useful tool for those of us who set up and configure sites for clients who are a little prone to fiddling.
Watch out for plugin updates – you can’t auto-update anything in mu-plugins, and you won’t receive any notifications. Be aware that you have to stay on top of this by yourself, just like in the old days!
Slightly broken code, now fixed.
Those who follow WordPress closely will understand that a vulnerability has been found that, whilst not being especially dangerous, could be very annoying for some – especially for high-profile blogs.
By using a specially crafted URL, it’s possible for an attacker to force a reset of the admin password. The attacker can’t know this admin password, it will be a random string, and this password will be e-mailed to the administrator of the blog. However, there’s no denying that this could be annoying to the administrator. More specifically, an administrator could be locked out of a block while some other exploits are tried, simply by resetting the password at short intervals.
So, it’s not the end of the world, but it’s an annoyance and in a few rare cases a potentially dangerous one.
To fix this vulnerability in older versions of WordPress, such as 2.7, you can manually change wp-login.php using the code shown in the Changeset on the WordPress Trac: http://core.trac.wordpress.org/changeset/11798 – ideally, you should upgrade to the just released WordPress 2.8.4 but if you have legacy reasons for staying with 2.7 (and many have, for example problems with widgets) then you may need to delay this.
This is the presentation given by David Coveney at WordCamp UK 2009 in Cardiff. It covers the advantages, problems and implementations of WordPress as used by the News & Media sectors.
If you need to view the slide notes (primarily for me, to be honest, but you may see some points that got cut during the presentation) you’ll have to visit the Slideshare site.
This is the presentation given by David Coveney at WordCamp UK 2009 in Cardiff. It covers the advantages, problems and opportunities of WordPress within the Enterprise space.
If you need to view the slide notes you’ll have to visit the Slideshare site. But the notes are really for me, so they’re a little messy.
Be there to get the latest news and network with the leading lights of WordPress in the UK
Last year we decided to keep quiet at WordCamp UK, on the whole, beyond a spot of sponsorship – simply because we didn’t have that much to talk about that we felt could be exciting. But a year has changed a lot – WordPress is becoming popular for large scale blogging platforms such as The Telegraph Blogs, and for use as a news platform such as at Telecoms.com. Read more
On the night of June 23rd, Telegraph Media flicked the switch on a new project they’ve been working on this Spring – the Telegraph Blogs, relaunched on WordPress MU.
And, proudly, we’d like to say we had a little bit to do with the project. Not a lot, mind – we provided some consultancy, some code snippets, advice and developer support now and then. It’s the kind of project we’d have loved to have taken on in full, but the in-house team at the Telegraph were perfectly capable of doing the work and we always say that if you have the in-house skills then you shouldn’t spend a small fortune on external consultants and developers. Read more
Telecoms.com uses WordPress Interconnect IT's extensions and theme technology as a flexible news platform
When we were approached by Informa Telecoms & Media Ltd (part of Informa plc) about whether WordPress could be used as a fully fledged news platform suitable for replacing their Telecoms.com site, we hesitated, but not for very long. Following a full analysis of their requirements we were able to confirm that in combination with some of our own technology, plus some new development, we could create a very flexible WordPress based news platform that allowed for excellent productivity for the Telecoms.com team. Read more
Sniff Petrol is an anarchic motor industry and motorsport satire site
