Hey folks,
the upgrade from WordPress 2.x to WordPress 3.0 is very easy. You just have to use the automatic update function.
Make sure all the plugins you’re using are compatible to WP 3.0. Otherwise disable incompatible plugins or wait until the plugins are native to 3.0.
So tell me, what are you thinking about the new WordPress?
A few days ago, I chose Tweetable as my most favourable Twitter plugin for wordpress. The installation was easy using the plugin install in the backend. Then you just have to create a twitter account, create a new twitter-connecting application to get your unique API-Keys. The plugin helps you to get through the integration process.
Tweetable is a WordPress Plugin intended to help integrate Twitter into your blog. It can tweet your blog posts as they are published, shortening the URLs with either Tr.im, Is.gd (or other URL shorters) and optionally including Google Analytics campaign tags. You can display your latest tweet(s) in your blog sidebar with a customizable widget, which can even display your follower count.
Tweetable adds functions that turn the WordPress admin into a twitter client. The Tweet screen lets you update your status and browse your friends’. The Track page let’s you save keywords to be searched so you can keep an eye on what Twitter as a whole is saying about a given topic. You can set the minimum user level required to access the menus if you would like to allow other authors access.
A vulnerability in the current 2.8.3 release of the popular WordPress blogging software can be exploited remotely via a web browser to temporarily lock out administrators. The cause of the issue is an error in the web-based password reset function. Normally when a password reset is requested, the user would be sent a link to their registered email address. Once the link is clicked, the old WordPress password is removed and a new one is generated which is again sent by email.
The password reset function in the wp-login.php PHP module can be abused to bypass the first step and then reset the admin password by submitting an array to the $key variable. This can be done remotely through any web browser and no confirmation of the password reset will be sent to the admin. Laurent Gaffié first reported that the vulnerability could be used to “compromise” the admin account, but has since issued a correction advising that it could only reset the admin account and cannot be used to break into the system.
The WordPress developers have been advised of the issue and have corrected the problem in a development version of the blogging software, in which they prevent arrays from being passed in the $key variable. The fix updates wp-login.php and replaces
if ( empty( $key ) )
with
if ( empty( $key ) || is_array( $key ) )
Administrators that have already been locked out of their systems should use the “Emergency Password Reset Script“, which needs to be loaded into the root of the WordPress installation (the same directory as wp-login.php). Instructions on how to proceed can be found here: Resetting Your Password.
See also:
I’ve updated it already with the auto-update function!
