Seriously,
http://wordpress.org/news/2011/06/passwords-reset/
And to crap on top of it, I actually do have W3 Total Cache installed and did update it just the other day.
However, it only updated “because it’s there” — I don’t actually use it. I just never happened to delete it after I deactivated it. I guess I was hoping I’d figure out how to enable something useful like cacheing without it destroying the usability of my site.
So now I’ve had a “cleverly disguised backdoor” installed on my web site (which can thus access ALL my domains) for a few days.
Of course, I don’t even know what to look for regarding this exploit.
How could I have protected myself from this? Checking the WordPress.org news minute by minute for their latest security issues? Can I afford to ever sleep? Or maybe I just need to read through every single line of code for every single theme and plugin? Oh — but I probably have to scan the entire WordPress core as well. How long could that take?
Oh – the only solution is to buy VaultPress for ALL my domains… That makes sense. At least then I’ll be making somebody else’s monthly Corvette payment.
That’s the problem I keep running into with WordPress — it’s a bunch of very pretty cards and when you’re done… you’ve built a house of cards.
From my admin page — I gave up on even having this plugin activated in January.
If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
I turn on my cell phone about once or twice a month — I only use it when necessary — so I was surprised that there was a message on it.
It was something about being able to take care of the problem I had called about and that the rep would be able to save me money because I qualified for something. Huh? The way the message was left, the beginning of it was cut off so that there was no company name.
I mostly keep the phone in the car (off) and use it for emergencies (like if my car breaks down). I don’t give out the number. In fact, I only charge the phone every 6 months or so.
So what was this mystery call about?
Read the rest of this entry »
Feh. As per my previous post on inserting iframe tags in the TinyMCE editor in WordPress for amazon affiliate links and youtube videos, this is something a user needs to be able to do without having the editor delete them as soon as you switch into WYSIWYG mode.
This plugin — Amazon Widgets Shortcodes — almost does what I’d want with amazon affiliate links. It’s nice that it makes them stand out in the editor with a little amazon logo. It seems to work in the WYSIWYG editor, but there are some issues with trying to move the cursor before or after it that make it necessary to switch to HTML mode to insert a placeholder character and then go back to WYSIWYG and move the cursor to the placeholder. Icky.
This comment regarding the TinyMCE Unfilter plugin points out the problem with inadequate care in coding. Otherwise the TSL TinyMCE Unfilter plugin seems to do what is actually needed. Unfortunately, the author hasn’t updated it in 6 months. And if you go in and edit it yourself, you run the risk of the author someday updating it and WordPress allowing you to overwrite your edited version with the author’s update — whether or not he addressed this issue.
That’s a problem with WordPress plugins – you can’t tell which ones will be abandoned or when or what the effects of that will be.
It looks to me like the TinyMCE Unfilter plugin will work if you aren’t making any other modifications via plugin to the TinyMCE. I think.
I couldn’t find anything else in the WordPress plugin repository that would do this kind of thing — which surprises me. Might just be an issue of not searching for the right keyword. Or results being buried under plugins that only work in version 2 of WordPress. Or whatever.
But there’s two other possible solutions — which both beat messing with the functions.php file and losing your stuff when you change themes.
