WordPress releases version 3.0.5 that fix several security issues. Along with this update, it comes with 2 security enhancements and hardening so WordPress users are strongly encourage to update immediately.

According to WordPress,

Two moderate security issues were fixed that could have allowed a Contributor- or Author-level user to gain further access to the site.

One information disclosure issue was addressed that could have allowed an Author-level user to view contents of posts they should not be able to see, such as draft or private posts.

Two security enhancements were added. One improved the security of any plugins which were not properly leveraging our security API. The other offers additional defense in depth against a vulnerability that was fixed in previous release.

Upgrade to WordPress 3.0.5 now!

Keep your WordPress powered blog safe right from the start of 2011 by upgrading to the latest version, 3.0.4. According to WordPress.org, version 3.0.4 is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. They would rate this release as “critical.”

Update it now!

Barely a week after 3.0.2 was released, WordPress releases version 3.0.3, a security update to fix several vulnerabilities in the current version.

According to WordPress,

This release fixes issues in the remote publishing interface, which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish, or delete posts.

These issues only affect sites that have remote publishing enabled.

Remote publishing is disabled by default, but you may have enabled it to use a remote publishing client such as one of the WordPress mobile apps. You can check these settings on the “Settings → Writing” screen.

Upgrade to WordPress 3.0.3 now!

Although there have been a lot of blogging software that has been introduced over the last decade, WordPress remains to be the leading blogging software for both amateur and pro-bloggers all over the globe. However, in spite of all the raves about how great WordPress is, it does have a weak spot and that would be its security. WordPress does make sure that they are able to address any security issues through releasing patches after major release just like what Microsoft Windows does, but because of all the risks of hacking, data-thefts and cracking online, it would be advisable to take some steps in ensuring your security. Here are some of them.

1. First off, it would be advisable to back up. Back up the files on your server and back up your database. There is no such thing as backing up too much, especially when it would serve as a way to protect the hard work that you have put in on your WordPress blog or site.
   ANY_CHARACTER_HERE
2. Make sure that your WordPress installation is always up to date. This would be a good way to avoid issues.
   ANY_CHARACTER_HERE
3. Since hackers know that WordPress has a user “admin” which has god-like administration privileges, it would be advisable to remove the “admin” user. You could just a WordPress user who has admin privileges through the administration interface. You could then log out of WordPress and then log back in as the new user and delete the admin user. Make sure that the new admin user is different than the normal blog post author.
   ANY_CHARACTER_HERE
4. Regularly change your password and make it as complex as possible with more than 10 characters. Do not use actual words for your password; instead, make it a combination of letters, numbers and symbols.
   ANY_CHARACTER_HERE
5. Avoid having a directory listing. In most WordPress installations, a list of installed plugins can be viewed by going to the /wp-content/plugins/ directory. This would not be a good idea since known plugin vulnerabilities could be easily exploited. You can just add a blank default index file like index.html to the directory.
   ANY_CHARACTER_HERE
6. Do not advertise your WordPress version. By default, WordPress usually publishes its current version number on the header of your blog. This already gives out a valuable piece of information to a hacker which he could use against you.

Aside from this WordPress security tips, you can also search online for more resources that you could get information from. There are many websites that offer valuable tips, guides and tutorials on how to make your WordPress blog or website a lot more secure.

After neglecting my blog a more than a year, I finally restarted my blog. Writing a post are relatively an easy task to me but it was the behind-the-scenes activity that was taking most of my time. Yes, searching for a reasonably good GREAT looking WordPress theme that is also FREE at the same time.

After weeks of goggling plus browsing through hundreds of WordPress themes, I managed to find 10 GREAT ones. Enjoy!

Simple Balance 2.2 by Blogsessive
(Download)

Modicus Remix 2.0 by Zidalgo
(Live Demo | Download)

Magazeen by WeFuntion
(Live Demo | Download)

Newsweek by Templatic
(Live Demo | Download)

Metamorphosis by WooThemes
(Live Demo | Download)

Irresistibly by WooThemes
(Live Demo | Download)

Mainstream by WooThemes
(Live Demo | Download)

Tipztheme by DesignDisease
(Live Demo | Download)

Gadgetizer by DesignDisease
(Live Demo | Download)

CelebrityHQ by DesignDisease
(Live Demo | Download)

Do you want to make your WordPress powered blog iPhone/iPod touch friendly?

Download WPtouch plugin and it will automatically transforms your WordPress blog into iPhone application-style theme when viewed from an iPhone, iPod touch, Android or BlackBerry Storm touch mobile device.

It comes with an admin panel which allows you to customize many aspects of its appearance, and deliver a fast, user-friendly and stylish version of your site to mobile devices without modifying a single bit of code (or affecting) your regular desktop theme.

The only disadvantage of activating this plugin is that it will not show ads (Google Adsense, Text Link etc)  that are currently running on your blog.

Get it  and activate now!

WordPress has just released version 2.9.2 to fix a bug where logged in users can peek at trashed posts belonging to other authors. If you have untrusted users signed up on your blog and sensitive posts in the trash, you should upgrade to 2.9.2. As always, you can visit the Tools->Upgrade menu to upgrade.

Source : WordPress.org

I have been using WordPress for about 3 months and I am grateful to Matt Mullenweg for making blogging a pain-free experience. FYI, Matt is the founding developer of this popular open-source blogging software.

While Matt deserves all the credits, let’s not forget those who spend countless hours working on WordPress plugins. Thanks guys!

Among the 1270 plugins out there, here are my top 10 must-haves WordPress Plugins:

1. Akismet
Let’s face it… no one likes SPAM and Akismet did what everyone is hoping for – get rid of it. Akismet checks your comments against the Akismet web service to see if they look like spam or not. So far, Akismet caught 30 spam comments on my blog.

2. WordPress Database Backup
This plugin creates backups of your core WordPress tables as well as other tables of your choice in the same database. I set this plugin to generate a backup file (weekly basis) and send it to my email.

3. Adsense Deluxe
If you decide to earn some income through your blog, to payoff your annual hosting/domain name at least, this plugin should be one of your favorites. It helps to take off some of your load when adding Adsense code into your posts.

4. Dagon Design Sitemap Generator
Sitemap can be crucial to your blog because it allows your visitors to access your blog quickly. See it in action here.

5. Top Commentator
This plugin will improve the interaction of your blog by encouraging your visitors to submit comment to your posts. The top commentator area will list out users with most comments on your blog with a return link to their website (if any).

6. Related post
This plugin will output a series of “related” entries based on keyword matching. Hence, it will improve the average time your visitors spent on your site.

7. Bookmark Me
You or your visitors can easily add links to social bookmarking sites (i.e Digg, Stumbleupon) with this plugin which adds a list of icon links at the end of each post.

8. WP-ContactForm

If you want to have a contact form on your blog but do not have the experience to build one, this plugin is perfect for you. It is simple, easy to use and it comes with built in SPAM protection. You can test the plugin here.

9. Popularity Contest
Isn’t great to know how popular your posts are? Popularity Contest will give a rating to all your posts by tracking the views, comments and trackbacks of each post.

10. WordPress Automatic Upgrade

WordPress Automatic Upgrade helps you to upgrade your WordPress to the latest version without hassle. First it backups your files and database and put your site into maintenance mode. Then it downloads the latest version of WordPress, disables your plugins and performs the upgrade. Once it is done, it will re-enables your plugins.

The popular blog platform, WordPress has scheduled to release version 2.4 on January 24th, 2008. One of the new features I am looking forward to is Widget-based dashboard. I am not sure what it will do but it sounds interesting. Probably running some widgets from your admin panel that will enhance your blogging experience?

Other New User Features mentioned in WordPress.org are :-

• Admin panel redesign
• You should be able to have any number of any widget
• Undo for comment editing
• Search for both posts and pages

I will make a post when it is officially released for download. Subscribe to my blog!