After a mild heart spasm, I started searching the web furiously for a solution and thank goodness found this video, which calmly explained what to do and fixed the problem.

If you don’t feel like watching the video, here’s what I did:

1. Gather backups of everything. It is painstaking and takes a looong time, but better safe than sorry.

• Find the most recent backup that was sent to your email via the WP-DB Backup plugin
• Go into the PHPmyadmin in your hosting provider’s control panel, export the whole database as well as each table individually.
  [Note: The table that crashed probably won't let you export it, and will give you this ugly message: Table 'wp_posts' is marked as crashed and should be repaired]

2. in PHPmyadmin, click the checkbox next to the corrupted table (ours was wp_posts).  The table will probably say “in use”.  Use the dropdown menu at the bottom to select “repair table”.

Lessons learned

1. Backup hourly or daily and send all backups to a separate email account so you don’t have to worry about it clogging up your inbox

2. Check your blog’s overhead column in PHPmyadmin at least once a month and repair any tables with a high overhead.

Here’s to a spaz-free Wordpress!

There are solutions out there that use javascript and other stuff to “obfuscate” your email address, but why use something external when you can use the handy, shiny, built-in WordPress email obfuscating template tag?

To use this template tag, you need to do the following:

1. Make sure your email address is in your user profile.
2. Put the following template tag wherever you want the address to appear:

   <?php echo antispambot(get_the_author_email()); ?>

The WordPress codex says that this tag works as follows:

The function antispambot() above parses the e-mail address passed by get_the_author_email() (this is the same as the_author_email(), except it returns rather than displays the author’s e-mail address). Use of the echo command displays the output of antispambot(). An interesting feature is it encodes only portions of an address, and does so randomly so the letters encoded are different each time the page loads, adding a little more firepower to the spam protection arsenal.

My questions are:

1. Since this pulls an author related parameter, will the email address change according to the author? (Probably.)
2. Can this even be displayed in the sidebar?

It seems that if it is author related, it is not a good solution for displaying a website email address that does not belong to a specific person, like . But if you do have a multi-author site and you want to display the authors’ email addresses, this seems like a great way to do that without feeding the spam wolves.

Why am I against WordPress.com?

I am not against WordPress.com. I think it’s a great service, and the quality of the features is unmatched in any of the other free hosted blogging platforms. In addition, people in the SEO industry have told me that due to the strength of the WordPress.com network, blogs that are hosted there do incredibly well in the SERPs. But if a person wants to take up blogging as a serious activity, or finds that their WordPress.com blog is growing, I suggest that they move their blog off of WP.com to their own self-hosted blog. Here is why:

1. Limited blog design flexibility – whenever I’ve tried to use a WordPress.com blog, I’ve always found myself stuck at some point because I can’t add certain features. Users are limited on WP.com by the amount of customization they can do to the CSS, even if they pay for extra access to the CSS. They also can’t customize the loop, and the sidebars can only be modified to the extent that widgets allow. Also, WP.com users can’t add WordPress plugins, which is one of the keys to expanding your blog’s features.
2. You don’t control your content – as soon as you are using a service that is hosted by someone else, you have lost partial ownership over your content. I’m not talking about what exactly it says in the WP.com terms of service (we’ll get to that soon), but I am talking about the issue of your content sitting on someone else’s servers. I personally prefer to try to keep my content under one roof – my own. As for the WP.com Terms of Service – you are at the mercy of their discretion as to whether your content is appropriate. When hosting your content on someone else’s servers, you are always at risk that someone may decide that your content is inappropriate, and they can easily shut you down.
3. Hosting quality issues may haunt you – if the WP.com servers are having trouble, like the recent DoS attack on the WordPress.com servers, you will suffer. Of course, that is the case on all servers, but if you are really unhappy with a service provider, you can call them up, complain, and always change servers if need be. When your blog is on WP.com, it’s not as easy.
4. You are at risk of being censored in certain countries – upon finding content that they don’t like on WP.com, certain countries with undemocratic tendencies will simply block the entire system. While it is possible for them to just block the individual WP.com blogs that they find offensive, these countries either don’t care enough to try, or are happy to block an entire blogging universe since blogging is all about free speech, and they are not. Countries that have blocked WordPress.com are Turkey, China and Brazil.

WordPress.com is a great service, and the people providing it are incredibly generous. However, like any other free hosted service, it has its drawbacks which should be taken into account when deciding on which path to take for your blog: free hosted or paid and self-hosted.

Today, WordPress Garage turns one year old. Hasn’t our little baby grown up fast? Blow out the candles…

It is exactly one year ago today that I wrote my first post here. It was about Jerome’s Keywords Plugin, which was a popular plugin for creating tags in WordPress before they became a built-in feature.

The reason I started this blog is because at that time, I was building web sites for clients, but felt that I could not justify creating static sites anymore. I was searching desperately for a solution that would enable me to create sites with a content management system that wouldn’t break the bank, and that I could manipulate and customize without being a programming wizard.

I looked into many open source options, and found that WordPress was easiest to use from the designer/developer’s point-of-view, and from the user’s point-of-view. So my company started building sites on WordPress. As we built, we learned a lot and I felt like we really need a good way to organize the information we were gathering about good plugins and how to use them, themes, and code hacks.

And thus WordPress Garage was born. Between WordPress’ categories, tags, and the search function, I figured we’d always be able to locate the information we need within minutes.

Apparently, others also were looking for this information, and readership grew as well, which is good because it’s a lot more fun to write when you know people are listening.

Birthday presents

In honor of WordPress Garage’s birthday, I have two new presents:

1. A WordPress Garage facebook page! If you like this blog, please come on over to this page and become a fan. I’d really like to get to know my readers a bit more.
2. The WordPress Garage YahooGroup – I’m on the WordPress Pro mailing list, which is about the most dry and boring list on earth. I suggested that the list become more active, and while people said it wasn’t appropriate for that list, they liked the idea. So, this email list’s goal is to be a place where people can help other people with their WordPress issues. Looking for that perfect plugin? Can’t figure out why your blog is breaking? Join the list and ask!

Statistics and summary

It’s fun to compare my first month on WPG to this last month. Site visits have gone up 1,424%, and pageviews have gone up 841%. Now I get almost 8000 visitors a month according to Google Analytics, and over 14,000 page views. Most of my visitors come from Google Search, with the rest coming from StumbleUpon and other sites. My top referring sites in order of traffic are:

• Darren Hoyt
• Hack WordPress
• Emma Alvarez
• Ryan Hellyer
• Weblog Tools Collection

Most popular posts

The most popular posts on WPG at the moment are:

• Giving each WordPress post a thumbnail, and display the thumbnail on the home page
• 13 plugins that will make WordPress into a CMS
• WordPress plugin easily creates drop-down navigation
• Images, thumbnails and custom fields in WordPress

Best WP Garage tips

These posts aren’t necessarily the most visited, but the tips in them are pretty useful:

• List only child Pages of a specific parent Page – how to list all the child Pages of the current page in the sidebar
• Displaying single post pages differently in specific categories – how to give single posts a different style based on which category they are in
• The Excerpt Reloaded – how to retain HTML in WordPress excerpts without messing up your page.
• Things I do to optimize and secure every WordPress site and blog – this post listed almost every plugin, optimization and hack that I do to every new WordPress blog. It’s a little outdated by now, but it still is helpful.
• Make managing your WordPress dashboard easier with Admin Drop Down Menus plugin – Admin Drop Down Menus is one of my favorite plugins
• WordPress upgrade nightmare and lessons learned – I almost lost this entire site due to something stupid that I did. Learn from my mistakes and make sure your upgrade doesn’t crash and burn
• Giving each comment its own link in WordPress – This shows you how to make each comment into its own kind of mini-post, which is useful if you ever want to link to specific comments
• Recent Comments code snippet – this code snippet places recent comments in your sidebar for those who don’t want to use widgets.
• WordPress challenge: getting class current_page_item to work when home page is not blog – if your home page is a static page and not your blog, WordPress’ current_page_item class doesn’t work on the blog page so the link to your blog on your navigation bar won’t get highlighted if you are on the blog page. Check out the comments on this post to see the various solutions offered by people.
• How to protect your WordPress site – some good tips for a more secure WordPress site

Most controversial posts

A little bit of controversy adds color to an otherwise boring monologue about loops and plugins. I don’t like to create conflict, but getting people to participate in an active discussion is just fun.

Consumer evangelists vs. lawyers: using “WordPress” in domain names – this is the post where Matt Mullenwegg commented three times. In this post, I argued that WordPress shouldn’t shun blogs (like mine) that use the word WordPress in their domain name, and should rather embrace these consumer “evangelists” who love the product so much that they volunteer their own time to talk or blog about it. After I wrote this post I finished Meatball Sundae by Seth Godin, and he also talks about this idea.

Anyways, Matt and Lorelle didn’t like my opinion, and accused me, or those like me, of “blatant[ly] disregard[ing]…a core tenet of our community,” of being like a scraper, and of legal violations. In the end Matt kind of softened up and he said he’s “thrilled about [me] or anyone who blogs about WordPress.” He said if I want clarification about their policies I should feel free to email or call him. So, mustering up some good ol’ Israeli chutzpah, I called him and left him a message. Despite his generosity, I think this blog is still shunned by the WordPress powers-that-be. Oh well.

Would we use WordPress if there were no plugins? – I just threw out this question to make us think about how valuable WordPress would be on its own. I think it’s value lies in the fact that it supports plugins.

ZDNet says WordPress not clunky, but also not CMS – I referred to an article by ZDNet about whether WordPress is a CMS and sparked a lively discussion.

WordPressGarage is being scraped! I want to stop them…now! – I realized that one particular site was scraping all of my content and republishing it. I threw the issue out to my readers, and got some interesting responses in the comments.

Is WordPress’ security vulnerable at its core? – WordPress is being upgraded all the time because of security issues. Plugins also have constant security vulnerabilities. Is this standard, or is there a problem with WordPress? BlogSecurity.net said there’s a problem with WordPress. Read the post to find out more.

Milestones

• Someone told me that I’m one of the coolest people in the WordPress community! Can you believe it? (No, it wasn’t my mother.) While in the real world I am far from being considered cool (mother with lots of kids who works hard to pay the bills with little time for play), I guess that in the WP community my geekiness is…cool…or something.
• WordPressGarage listed as one of Top 40 Blogs About WordPress!
• I’m sure there was something else I got excited about over this past year, but I can’t remember.

So happy birthday WordPress Garage, and may we enjoy another fun year of WordPress blogging together!

Read more at SecurityFocus

DESCRIPTION: S@BUN has reported a vulnerability in the Wordspew plugin for Wordpress, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the parameter “id” in wordspew-rss.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Read more about the vulnerability here.

It’s an urgent security release because if you allow registration on your WordPress blog, users can edit other users’ drafts. WordPress development also mentions the vulnerability in the WP-Forum plugin that I mentioned recently. This is the first time that I’ve seen WordPress themselves mention a plugin security problem. It must be really serious.

Can we discuss WordPress’ security for a sec?

I know that WP fans say that the reason there are so many security breaches is because WordPress is so popular and widespread, more people try to hack it.

WordPress detractors say that there is no excuse: WP gets hacked too much, has too much spam, and too many security problems.

So which is it? Let’s take a look at what a pretty objective group of people have to say about WordPress security: BlogSecurity.net.

BlogSecurity.net is a great blog that reports on social networking and web blog security. A large percentage of their posts are dedicated to WordPress issues. This could be because WordPress is so popular so they’ve decided to dedicate most of their energies to covering it, or it could be because WordPress has more security issues to report about.

It seems to be the latter, and BlogSecurity.net addressed the general issue of WordPress security recently:

We have seen alot of critical vulnerabilities being discovered in WordPress core and its plugins of late, who’s to blame?…

One of the major problems I see with WordPress is that it provides little (if any) protection against input validation attacks. So where does the problem lie?

One of the main problem lies in the way WordPress sanitises user input….

If WordPress is going to get serious about security, we need to come up with hardcore secure functions, that the WordPress core, and its plugin developers can use. These functions should take the security considerations out of the plugin developers hands and secured from within the WordPress core!…

This is one area, where I think blogging platforms like Drupal do a far better job! (my bold)

So is WordPress insecure by design? The answer seems to be yes!

Ramifications? I don’t know. I’m not jumping ship any time soon because no other blogging or CMS platform offers what WP does: flexibility, ease of use, extensibility, and great community support.

I’m no software developer, but I would say that it’s probably in Automattic’s interest to concentrate all their efforts in tightening up security issues now, and only once that’s done to add any new features they planned on implementing in the next release.

——————————

Here are some other plugin vulnerabilities that were recently discovered, in case you missed them:

WordPress WassUp Plugin “to_date” SQL Injection Vulnerability

WordPress AdServe Plugin “id” SQL Injection

WordPress WP-Footnotes Plugin “admin_panel.php” Cross-Site Scripting

dmsguestbook, st_newsletter, Wordspew, wp-footnotes vulnerabilities

wp-calc & wp adserv plugin vulnerabilities

Just last week another plugin by Fahlstad had a security issue uncovered: the WP-Forum plugin. Bad luck for Fahlstad?

WordPress WP-Cal Plugin “id” SQL Injection – Advisories – Secunia

Common Wordpress Myths & Facts on Blog Oh Blog