Category: WordPress

Yzabel / August 1, 2005

Even though I’m yet to fully dive into this whole theming process, knowing how the WordPress templates work is something I’ve wanted to learn for quite some time. The Codex however doesn’t provide with the more easily understandable documents regarding this point, so I was thrilled when I finally found Secrets of WP Theming: Part 1 (followed closely by Secrets of WP Theming: Part 2 and Secrets of WP Theming: Part 3) on Sillyness Spelled Wrong Intentionally.Is this mini-series finished or not? I wouldn’t be able to tell. It’s nevertheless an interesting source that can likely help more than one person to get a grasp on how to create one’s own templates. Not that WordPress users haven’t already created their share of the load (there probably is more than 200 themes to choose from, currently), but having one’s own, unique theme is always something good in the end.

Yzabel / July 6, 2005

Seen in many blogs and online sources in the past two days is this announcement regarding a critical flaw in the XML-RPC PHP function:

Many popular PHP-based blogging, wiki and content management programs can be exploited through a security hole in the way PHP programs handle XML commands. The flaw allows an attacker to compromise a web server, and is found in programs including PostNuke, WordPress, Drupal, Serendipity, phpAdsNew, phpWiki and phpMyFAQ, among others.

(Full article from Netcraft here)I must admit that before reading that, I had absolutely no idea of what XML-RPC was. However, as of today, Matthew Mullenweg (creator of WordPress) has released this statement in his blog:

To clarify for all the confused people WordPress is not affected by the recent XML-RPC problem that lots of other apps were. We use different, more secure libraries for XML-RPC. The problem was discovered by the same guy though, I imagine he was auditing our code and found totally unrelated, which we fixed in our recent release. Of course you wouldn’t guess that from the title, “PHP Blogging Apps Vulnerable to XML-RPC Exploits.” Let’s go down the list: PostNuke – content management; WordPress – blogging; Drupal – content/community management; Serendipity – blogging; phpAdsNew – ad serving; phpWiki – wiki (not blogging); phpMyFAQ – FAQ management. If it bleeds it leads, right? 😉

Best to upgrade to 1.5.1.3 anyway. After all, updates are meant to be used!

Yzabel / July 3, 2005

A few hours of digging, uploading and activating later, I think I’m almost done with the choice of a theme for this blog. The competition was tough, among the many templates listed at Alexking.org, Blogging Pro and the WordPress Reference Centre (even though lots of them can be found on these three websites, thus not taking me that much more time to check them all). I must admit that in spite of the time I needed at first to grasp how the themes system in WP was working, I now like it a lot; it can be a hassle when not having much time to tweak them, of course, but when knowing what to aim for, it allows for much customization.Finally, the winner is Boredom from Aamukaste (I know, I know… what a name for something that I don’t intend to make boring!), with some alterations in its colors and files. I realize that once again, I’ve settled for lots of violet and purple… It looks like these may be some kind of favorite colors for me when it comes to websites. All in all, the basic theme was nice enough, the dominant green just wasn’t my cup of tea at the moment. I’ll make sure to design a fully personal template when I have more time and ideas, though.