Three new WordPress plugin vulnerabilities and what to do about them

WordFence reports three new WordPress plugin vulnerabilities. These security related issues should be resolved as soon as possible.

The plugin Complete Gallery Manager 3.3.3 contains a remotely exploitable file upload vulnerability. Code Canyon, the vendor, recently released a fix. Immediately upgrade to 3.3.4 which contains a fix for this serious vulnerability.

A shell upload vulnerability has emerged in an older version of Lazy SEO version 1.1.9. Make sure you’re running the newest version of this plugin which is 1.4.1.

An SQL injection vulnerability has emerged in the NoSpamPTI plugin. This plugin is deprecated and is no longer maintained by the developer so we recommend you uninstall it and find an alternative.

Wordfence is a CyberSecurity solution for WordPress providing anti-virus and firewall protection for WordPress installed web sites.

Essential WordPress Plugins

Plugins greatly extend the capabilities of a WordPress driven web site. Here is a list of some that are commonly used in many web sites. There are many more than just these, of course. WordPress.Org is a generally a good place to locate plugins. And they are fairly safe to use as the WordPress development team and the WordPress community has vetted them before making them available to the public.


Web Log Tools Collection

WordPress Develoment Community


Dagon Design Form Mailer 5.8
The WordPress plugin version of my secure php form mailer script.

WP_ContactMe 2.6.28
WP_ContactMe is a free WordPress plug-in that provides you with a very configurable contact form. Allowing multiple subject and also SPAM protection.


Shutter Reloaded 2.4
Darkens the current page and displays an image on top like Lightbox, Thickbox, etc. However this script is a lot smaller and faster.

WPtouch iPhone Theme 1.9
A plugin which reformats your site with a mobile theme when viewing with an  Apple iPhone, Apple iPod touch, Google Android or Blackberry Storm touch mobile device.


WP Shopping Cart 3.8.6
A plugin that provides a WordPress Shopping Cart.


Maintenance Mode 5.4
Adds a splash page to your blog that lets visitors know your blog is down for maintenance. Logged in administrators get full access to the blog including the front-end.

Theme Test Drive 2.8.1
Safely test drive any theme while visitors are using the default one. Includes instant theme preview via thumbnail.

WP-DBManager 2.63
Manages your WordPress database. Allows you to optimize database, repair database, backup database, restore database, delete backup database , drop/empty tables and run selected queries. Supports automatic scheduling of backing up and optimizing of database.


Event Calendar 3.2.beta1
Manage future events as an online calendar. Display upcoming events in a dynamic calendar, on a listings page, or as a list in the sidebar. You can subscribe to the calendar from iCal (OSX) or Sunbird.

ShareThis 5.0.0
Let your visitors share a post/page with others. Supports e-mail and posting to social bookmarking sites.

Twitter Tools 2.4
A complete integration between your WordPress blog and Twitter. Bring your tweets into your blog and pass your blog posts to Twitter.

WP-Polls 2.62
Adds an AJAX poll system to your WordPress blog. You can easily include a poll into your WordPress’s blog post/page. WP-Polls is extremely customizable via templates and css styles and there are tons of options for you to choose to ensure that WP-Polls runs the way you wanted. It now supports multiple selection of answers.


All in One SEO Pack
Out-of-the-box SEO for your WordPress blog.


Limit Login Attempts 1.6.2
Blocks an Internet address after a specified limit on retries is reached, making a brute-force attack difficult or impossible.

TAC (Theme Authenticity Checker) 1.4
TAC scans all of your theme files for potentially malicious and unwanted code.


Akismet 2.5.3
Akismet checks your comments against the Akismet web service to see if they look like spam or not.

Inside WordPress – Workshop

Learn how WordPress works by tearing it apart and rebuilding it. Workshop attendees will learn how to create a WordPress powered web site, setup web services and create content. Additional topics will include domain name system, search engine optimization and web site security.

Seating is limited to 12 students. All skill levels welcome — but be aware that this is not an introductory workshop. Bring your laptop or mobile device if you wish.

No fee. Open to members and guests. Registration required. (Submit your registration here)

Hosted by HMAUS.


ING Direct Cafe (Google map here)
1958 Kalakaua Avenue

EventCalendar3 patch for WordPress

I like EventCalendar3 (EC3) because you can subscribe to the posed calendar events from iCal (OSX), Sunbird or Google calendar. It’s now under the care of Alex Tingle and you’ll find it here:

Starting from WordPress 2.5 EC3 wouldn’t work properly. There are patched files to make it good again. The issue and a downloaded fix is documented here:

Not Everyone Needs a Blog

Most people I know haven’t the desire to stand on a soapbox and blog. All they want is a web site that provides basic information which they can update from time to time. WordPress makes an ideal platform to do this.

The purpose of this article is to show how easy it is to make a simple non-blog web site using WordPress and a few useful plug ins.

Continue reading “Not Everyone Needs a Blog”