Nov
11
2008
0

Safer Software Practices

Wordpress

Wordpress

I’ve been upgrading to the latest releases of WordPress as soon as each one comes out.  And, its a good thing too.

Over the last week or two a website named “Wordpresz.org” ((I’ve edited the link so that it goes to WordPress.org instead.  I don’t want contribute to these hackers fooling anyone else.)) was discovered.  The people who created this website were using a vulenerability in WordPress version 2.6.2 to redirect users to their website.  Their website purported to release WordPress version 2.6.4[1].  The problem was that they had hacked one file in the installation package to create a bigger security vulerability.

This just goes to show that:

  1. Monitor for Updates. Many programs these days automatically check to see if new versions are available.  If the program does not have this feature[2] , its a good idea to check about once a month or so.
  2. Update Frequently. Not all software updates are equal.  If the program is being updated to fix security vulnerabilities or improve the program’s stability, you definitely want to install the update.  This website’s installation of WordPress was already “inocculated” against this kind of attack because I had alled version 2.6.3 almost as soon as it came out.
  3. Use Official Sources. WordPress is open source software built using PHP and MySQL.  Since the program is open source, its easier to modify the code. ((As Uncle Ben said, “With great power comes great responsibility.”))  The themes and plugins available through WordPress.org are reviewed by other users for malicious code and for possible improvements.  If you’re not certain how to examine source code for malicious code, its best to only use official sources.
  1. The latest version is 2.6.3 which is just version 2.6.2 with a small but important security fix. []
  2. Or if you turn it off, as I sometimes do. []
Aug
27
2008
0

Website upgraded again!

In my never ending quest to build the world’s best workers’ compensation website, I’ve made a few upgrades:

  • Upgraded from WordPress 2.6 to WordPress 2.6.1
  • Infinitesimal changes to the theme
  • Adapted a new plugin for WordPress that redirects you directly to the calculator page as soon as you log in

Why keep upgrading WordPress?

Using open source software can be a two-edged sword. On the down side, anyone with the ability to read the source code can figure out the security vulnerabilities. The plus side is that people are constantly working to improve and eliminate those very same security vulnerabilities.

Since people are working on WordPress all the time, it will need to be upgraded all the time. Doing so allows me to take advantage of the latest features and security updates. So far I’ve used WordPress 2.3.2, 2.5, 2.5.1, 2.6, and now 2.6.1.

Why change the theme?

The theme (the “look” of this website) is completely user configurable. Since this website’s launch I’ve been constantly tweaking the look. Minor changes to the color scheme, menu at the top of the website, and how many posts are shown on the blog page.

I work on the theme in order to (hopefully) make the website more aesthetically pleasing and easier to use.

Why the new plugin?

I’d like to make the free registration process as quick and as painless as possible. I’ve had the opportunity to watch a few people go through the free registration process for this website. What I saw was that people were logging in for the first time and were sent to their user page – which looks totally different from the rest of the website. Unfortunately, this caused no end of confusion.

I modified an existing plugin to override website’s default settings to send users directly to the calculator page as soon as they log in.

Jul
15
2008
0

Here we go again

Hopefully I’ll be upgrading this website again in the next few days.

This website was created using the WordPress open source blog software. WordPress is a flexible program for creating websites and blogs. Since this program is “open source“, its source code is open for anyone to review and can be modified by anyone (sufficiently nerdy[1] ).

The earliest test versions of the blog-website version of PDRater.com were built using WordPress 2.3. This was superseded by version 2.5 in late March. Version 2.6 was just released. I will be upgrading to the latest version as soon a I get a chance. If all goes well, you’ll never notice a thing.

As a side note, upgrading my installation of WordPress is a lesser priority than redeveloping the calculators.

  1. Such as myself. []

Use of this site constitutes agreement to its Terms of Use, Privacy Policy and Legal Disclaimer.
Copyright 2007 - 2017 - PDRater – PD calculators and Jay Shergill
Powered by WordPress | Aeros Theme | TheBuckmaker.com WordPress Themes