WordPress releases version 3.0.5 that fix several security issues. Along with this update, it comes with 2 security enhancements and hardening so WordPress users are strongly encourage to update immediately.

According to WordPress,

Two moderate security issues were fixed that could have allowed a Contributor- or Author-level user to gain further access to the site.

One information disclosure issue was addressed that could have allowed an Author-level user to view contents of posts they should not be able to see, such as draft or private posts.

Two security enhancements were added. One improved the security of any plugins which were not properly leveraging our security API. The other offers additional defense in depth against a vulnerability that was fixed in previous release.

Upgrade to WordPress 3.0.5 now!

Although there have been a lot of blogging software that has been introduced over the last decade, WordPress remains to be the leading blogging software for both amateur and pro-bloggers all over the globe. However, in spite of all the raves about how great WordPress is, it does have a weak spot and that would be its security. WordPress does make sure that they are able to address any security issues through releasing patches after major release just like what Microsoft Windows does, but because of all the risks of hacking, data-thefts and cracking online, it would be advisable to take some steps in ensuring your security. Here are some of them.

1. First off, it would be advisable to back up. Back up the files on your server and back up your database. There is no such thing as backing up too much, especially when it would serve as a way to protect the hard work that you have put in on your WordPress blog or site.
   ANY_CHARACTER_HERE
2. Make sure that your WordPress installation is always up to date. This would be a good way to avoid issues.
   ANY_CHARACTER_HERE
3. Since hackers know that WordPress has a user “admin” which has god-like administration privileges, it would be advisable to remove the “admin” user. You could just a WordPress user who has admin privileges through the administration interface. You could then log out of WordPress and then log back in as the new user and delete the admin user. Make sure that the new admin user is different than the normal blog post author.
   ANY_CHARACTER_HERE
4. Regularly change your password and make it as complex as possible with more than 10 characters. Do not use actual words for your password; instead, make it a combination of letters, numbers and symbols.
   ANY_CHARACTER_HERE
5. Avoid having a directory listing. In most WordPress installations, a list of installed plugins can be viewed by going to the /wp-content/plugins/ directory. This would not be a good idea since known plugin vulnerabilities could be easily exploited. You can just add a blank default index file like index.html to the directory.
   ANY_CHARACTER_HERE
6. Do not advertise your WordPress version. By default, WordPress usually publishes its current version number on the header of your blog. This already gives out a valuable piece of information to a hacker which he could use against you.

Aside from this WordPress security tips, you can also search online for more resources that you could get information from. There are many websites that offer valuable tips, guides and tutorials on how to make your WordPress blog or website a lot more secure.

Today, blogging is becoming more and more popular among individuals from all walks of life. Blogs primarily serve as web-based journals where people can publish their musings and opinions online but there are many people who also publish blogs to earn money. Blogs can be about anything: food, pets, business, finance, fashion, baby care or any subject wherein an author is an expert in or has interest in. If you are interested in starting your own personal or business blog, then read on. This article aims to provide all the essential information on how to start a blog, turning a blogging newbie into a blogging guru.

First off, you would need to choose whether you would be getting a free blog or a paid blog. A free blog would basically be one that you would get when you sign up with sites such as Blogger or WordPress. You do not have to pay for anything and you could just start blogging away about any topic that you had in mind. However, if you are planning to set up a business or if you are looking to earn from your blog, then it would be more advisable to get a paid blogging solution, as doing so offers a whole range of benefits. Here are some of the advantages and disadvantages of getting a free blog and a paid blog.

An obvious and possibly the only real advantage of getting a free blog with Blogger or WordPress would be that you do not have to pay for anything. You would also have access to some tools that you could use for blogging; however, this could be very limited. A main disadvantage of using a free blogging service would be that you would not have as much freedom to monetize your blog because all the advertisements that you can put on your blog would be controlled by the blog host, which could include the revenue that you should be getting from your ads. Another disadvantage would be that any page rank or the rank of your blog on search engines would be absorbed by your blog network. This could significantly affect the amount of visitors that you would be getting on your blog.

On the other hand, if you would be getting your own hosting solution for your blog, you would be able to have total control over each aspect of your blog, including the ad revenue. Although it would require money and more effort on your part, the advantages of using a paid blogging solution far outweigh the cons. For instance, if your site is able to receive a lot of traffic, the cost of hosting your blog would be covered a lot of times over by the ad revenue which it can potentially generate.

Another advantage of getting a self-hosted blog would be that you could add search value on to your site. Paid blog hosting services would also allow you to be as creative as you want to be since you can add your unique flair to your blog. Also, hosting your own blog is a lot more secure, so if you are setting up a blog for your business, you would be able to provide your clients with total online security. You would also be able to get your own domain name such as petfoodstore.com and not petfoodstore.blogspot.com. Having your own domain would make your blog or website a lot more unique and easier to recall, which could mean customers and visitors. If you feel that you might not have the knowledge and skills to host your own blog, you need not worry as there are a lot of web hosting companies which provide blog web hosting that even beginners can work with. There are even some companies that offer auto installation of a blog software like WordPress.

Once you have chosen between a free or paid blogging service, you can then choose a template. For free blogs, you can just choose from the list of available templates provided. If you are hosting your own blog, you can just download and install a pre-designed template. However, if you want to be more creative or if you want your blog to be more unique, you can edit the template by simple web design.

Once you have your layout and design set up, you can start writing the content of your blog. Here are a couple of tips that you might want to consider as you write your blog posts.

1. Avoid writing long paragraphs as nobody likes reading long things online. Limit your paragraphs to a couple of lines and then move on to the next. Try to use lists as much as possible like this list of tips.
-
2. Try to add relevant images to your posts to make them more interesting. However, make sure to keep the size of the images to just enough – not too big or not too small.
-
3. Do not forget to add tags to all your posts as it would be a good a way to add related keywords to them.
-
4. Try to post on a regular basis as this would generate more traffic in the long run. It would also be a good way to make your visitors come back for more.

After writing your content, you would then have to promote your blog in order to generate traffic. There are many ways to do this such as social bookmarking, guest blogging and commenting on other relevant blogs.

Starting a blog is actually quite easy once you have the basic knowledge about it. There are also a lot available guides and resources online which could help out beginners and advanced bloggers alike. Once you learn how to start a blog and you put in a lot of effort in it, you would surely be able to succeed whether you have a personal or a business blog.

Incoming search terms:

WordPress has just released version 2.9.2 to fix a bug where logged in users can peek at trashed posts belonging to other authors. If you have untrusted users signed up on your blog and sensitive posts in the trash, you should upgrade to 2.9.2. As always, you can visit the Tools->Upgrade menu to upgrade.

Source : WordPress.org

WordPress has just released an urgent security release that fixes a bug that can be used to expose your draft posts. 2.3.2 also suppresses some error messages that can give away information about your database table structure and limits and stops some information leaks in the XML-RPC and APP implementations.

Upgrade your WordPress version now to remove these vulnerabilities.

Also, a small feature has been included along with this release which allows you to define the error message when WordPress fails to connect to your database. Simply place  your custom template at wp-content/db-error.php.

How to upgrade?

1. WordPress 3 Step Upgrade OR
2. Techie Buzz’s WordPress Automatic Upgrade plugin (the obvious choice )

I have been using WordPress for about 3 months and I am grateful to Matt Mullenweg for making blogging a pain-free experience. FYI, Matt is the founding developer of this popular open-source blogging software.

While Matt deserves all the credits, let’s not forget those who spend countless hours working on WordPress plugins. Thanks guys!

Among the 1270 plugins out there, here are my top 10 must-haves WordPress Plugins:

1. Akismet
Let’s face it… no one likes SPAM and Akismet did what everyone is hoping for – get rid of it. Akismet checks your comments against the Akismet web service to see if they look like spam or not. So far, Akismet caught 30 spam comments on my blog.

2. WordPress Database Backup
This plugin creates backups of your core WordPress tables as well as other tables of your choice in the same database. I set this plugin to generate a backup file (weekly basis) and send it to my email.

3. Adsense Deluxe
If you decide to earn some income through your blog, to payoff your annual hosting/domain name at least, this plugin should be one of your favorites. It helps to take off some of your load when adding Adsense code into your posts.

4. Dagon Design Sitemap Generator
Sitemap can be crucial to your blog because it allows your visitors to access your blog quickly. See it in action here.

5. Top Commentator
This plugin will improve the interaction of your blog by encouraging your visitors to submit comment to your posts. The top commentator area will list out users with most comments on your blog with a return link to their website (if any).

6. Related post
This plugin will output a series of “related” entries based on keyword matching. Hence, it will improve the average time your visitors spent on your site.

7. Bookmark Me
You or your visitors can easily add links to social bookmarking sites (i.e Digg, Stumbleupon) with this plugin which adds a list of icon links at the end of each post.

8. WP-ContactForm

If you want to have a contact form on your blog but do not have the experience to build one, this plugin is perfect for you. It is simple, easy to use and it comes with built in SPAM protection. You can test the plugin here.

9. Popularity Contest
Isn’t great to know how popular your posts are? Popularity Contest will give a rating to all your posts by tracking the views, comments and trackbacks of each post.

10. WordPress Automatic Upgrade

WordPress Automatic Upgrade helps you to upgrade your WordPress to the latest version without hassle. First it backups your files and database and put your site into maintenance mode. Then it downloads the latest version of WordPress, disables your plugins and performs the upgrade. Once it is done, it will re-enables your plugins.