Mandatory Upgrade To WordPress 3.0.2

There is a mandatory upgrade to WordPress 3.0.2 from all previous versions. This is a maintenance release to fix a moderate security issue which allows a user with an author level access to gain access of the rest of the site. The upgrade is particularly important to blogs with multiple users, and all others.

There should be no valid excuse not to upgrade to version 3.0.2 since WordPress upgrades are easy and painless. All it takes is just one click. I upgraded my blogs just a tad different than most WordPress users. I use Subversion update. I have a script that updates all my blogs all at once. Based on the Subversion upgrade, there are only about a dozen files that have changed.

So, update to WordPress 3.0.2. It should be quick and worth the while.

WordPress on Your Smart Phone

If you own several WordPress blogs and you want to manage your blogs from your smartphone, there are several WordPress applications that are available for the iPhone, Android, Blackberry and Nokia.

WordPress for the iOS is an iPhone application that will let you manage your blog from your iPhone and the iPad. You can create or edit posts and pages, and add images, videos, and comments to your blog with ease. Download the WordPress for iOS from Apple’s website for free. You can also visit the WordPress for iOS blog.

WordPress for Android is an Android application that’s available in the Android Market. Just search for WordPress and install the application that’s published by Automattic. You also might want to visit the WordPress for Android blog. Here’s a preview of WordPress for Android app in the video below. See how easy it is to manage blogs from the Android.

WordPress for Blackberry is an application that allows you to write posts, upload photos and videos, edit pages, and manage comments in the Blackberry phone. The application will run on BlackBerry devices starting with the 8700, Curve, Pearl, Bold, Storm, Storm2  and the Tour. BlackBerry Device Software (OS) Version 4.5 minimum is required. Visit the WordPress for Blackberry blog.

WordPress for Nokia is an application that allows to edit your existing blog content, add new posts and pages, or simply manage comments from your Nokia smartphone. WordPress for Nokia allows you manage your blog from your S60 or Maemo-powered Nokia phone. Visit the WordPress for Nokia blog. Download the application. Older phones may not be supported.

Recover Your WordPress Password

I own several WordPress blogs. I tend to use the same username and password for all my WordPress installs. For security reason, I should really use different passwords as well as usernames. Have you ever forgotten your WordPress password? It happened to me the other day, while trying to access my WordPress development install that I haven’t accessed in a very long time.

There are several ways to recover your WordPress password. One way of recovering your password is to use PHPMyAdmin, a database administration tool. I will walk you through how to recover your password using PHPMyAdmin. Assuming you have access to your PHPMyAdmin, (most host providers do)  you will need to access your WordPress database and the ‘wp-users’ table in particular. From there you can edit a user, probably the one with the admin rights.

You will notice that the password field is encrypted. You will not be able to read or guess the password, unless you know how to hash MD5 in your head. I doubt that you do. Maybe, you do. What this means is, that you will need to re-enter a new password for a user. The problem is how. How do you enter a hashed password? It’s easy. When you edit a user you will need to use the MD5 function for the password field.

WordPress uses the MD5 hash, not SHA1. It’s important that you select MD5.


The password field is called ‘user_pass’, and the function selected in this example, is MD5. You can now enter a clear text password in the form like the one above. Once the password is submitted, the password will be automatically encrypted.

You can now login to WordPress via the Admin Dashboard.

Creating WordPress Custom Menus is a Breeze

Creating Custom Menus in WordPress is a breeze. Custom Menus have been around for a couple of months since WordPress 3.0 first came out. I’m using Custom Menus to replace the Pages widget on my Sidebar because it lacks a Home link.

Pages and Categories can be added by simply selecting them and adding them to the menu. You can also create a custom link, in my case, I created a custom link for my Home link. See the screenshots below.

To really take advantage of custom menus, you will need to add a piece of code in your functions.php file. With this code, it allows you to place your custom menus, not only in the sidebar, but anywhere in your theme. Most people use custom menus in the header section of their blogs. Here’s a great article to get you started with custom menus.

Emptying Spam

My new favorite function in the WordPress Admin is Emptying Spam which you’ll find under the Comments section. There is nothing so something satisfying and gratifying as this particular function. The latest click resulted in the trashing of 2019 spam comments. That needed a quick celebration.

My WordPress Multi-Site .htaccess File

I just solved my WordPress multi-site problem. I have several blogs located in the subdirectories of this blog. The problem was the media files for my sub-blogs were all broken. If you are aware of the WordPress multi-site setup, WordPress creates a blog.dir directory under wp-content. This is where it keeps all of the uploaded media files such as: images, video, etc for the sub-blogs.

The issue was began when my .htaccess file was overwritten or possibly replaced. At first, I thought it was just an issue with the WordPress options pages which is stored in the wp-options table. But, that wasn’t the case. A quick search in the WordPress forums solved that problem. So, I’m writing this article for two reasons: (1.) So others can benefit, (2.) so I have a record of this fix somewhere.

So, here’s my .htaccess file.

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
# uploaded files
RewriteRule ^(.*/)?files/$ index.php [L]
RewriteCond %{REQUEST_URI} !.*wp-content/plugins.*
RewriteRule ^(.*/)?files/(.*) wp-includes/ms-files.php?file=$2 [L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ – [L]
RewriteRule  ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
RewriteRule  ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]
# END WordPress

Details for WordPress 3.1

The WordPress development team met last week and laid out the plans for WordPress 3.1 scheduled for release on December 15. Here are the details:

The finalized goals for WordPress 3.1 are “to have a very short dev cycle, a decent amount of testing time, and a release in mid-December. Low on new features, heavy on ui and code cleanup, and avoidance of schema changes. Save the big ideas for 3.2 where we’ll have the liberty to implement those ideas in PHP5. No schema changes and no big new APIs.”

Besides bug fixes and code cleanup, users can look forward to a new inspired admin bar and theme browser, as well as post templates and styles, and a separate network dashboard.

The team plans to halt new feature submissions on October 15th, followed by a primary code freeze on November 1st, and a string freeze on December 1st. The beta period will begin November 15th until the estimated final release date of December 15th.

There is not a lot of cosmetic changes, but I’m looking forward to the new Admin pages that’s similar to

Twitter Shutting Down Basic Authentication

On August 31, the Twitter API team will shutdown all basic authentication on the Twitter API. If you are using any of the third-party Twitter-based applications that uses basic authentication, the application you’re using will no longer work as of August 31.

Twitter has given developers enough warning of the switch. In fact, Twitter has postponed the cutoff date at least twice in the past few months to accommodate developers into adopting the OAuth authentication protocol. This time, the cutoff date will most likely stick. What this means is there will be a number of applications that will no longer work after the deadline.

How does this affect you? If you are a WordPress user and you are using a Twitter-based plugin that requires authentication, there is a good chance your plugin does not use OAuth authentication. There at least 250 Twitter plugins written for WordPress. A number of them do not require authentication, but some require authentication.

If your plugin requires authentication, better check.

One way of finding out which plugin uses OAuth is to check the plugin’s Option pages. If you’ve entered your Twitter credentials such as username and password, then you are using the older and soon to be obsolete basic authentication.

If you’ve entered a consumer key and a consumer secret key, then you are using OAuth authentication protocol.

Another way of finding out if your plugin uses OAuth is that the login process should take you back to the Twitter’s login page such as the example below.

To be sure, check for updates of your plugin. If the developer does not plan to update the plugin, better start looking for an alternative.

I didn’t get a chance to look at each plugin because of the sheer number of Twitter-based plugins in the Plugins directory. One plugin that supports OAuth is Twitter Tools.

Display Number of Posts On WordPress Themes

For WordPress Theme developers who want to display the number of WordPress posts on their themes, there is already a built-in function in WordPress that makes it easy to add stats to your templates. To display the number of posts, just add this code in your templates:

<?php wp_count_posts( $type, $perm ); ?> posts

$type and $perm are optional. You can omit them.

Place the code on the sidebar or the footer to display.

Add a Home in WordPress Pages Widget

WordPress Widgets are handly little pieces of code that usually come from plugins. They are usually displayed on sidebars. One of my favorite widget is the Pages Widget. One thing that is obviously lacking from the Pages Widget is a ‘Home’ link.

A number of WordPress themes use ‘Pages’ for navigation. The navigation links are usually located on top or just below the header. Theme designers usually add a custom ‘Home’ link in addition to listing the pages, ie, wp_list_pages().

If you use the Pages Widget, you can add a ‘Home’ link without adding a single line of code. The inspiration came from an earlier article I wrote about ‘Creating a WordPress Page With An External Link.’

Add A Home

Go to your Dashboard > Pages > Add New

Enter in the Title: 

<a href=”/”>Home<a/>

Leave the content blank. Publish.

You now have a WordPress Page pointing back to your main index page. Verify if the ‘Home’ link is reflected on the Sidebar.

That’s it.