New Year’s WordPress Housekeeping Tips

WordPress Attachment Details

I wish I had seen this in December as I like to do year-end cleanup and new year planning during the holidays. Since it was only published yesterday, I’ll share it with you anyway because it has such wonderful information.

These things should be done on a regular basis, not just at the start of each year. It will serve as a good reminder checklist. Here are the thirteen items it lists:

  • Better Image Data
  • Optimize Your Installation
  • Optimize Your Images
  • Find and Learn Great Tools
  • Automate Your Workflow
  • Optimize Your Interface
  • Taxonomies Are Your Friend
  • Remove Unnecessary Plugins
  • Use Rich Content
  • Perform a Security Overhaul
  • Start a Blog
  • Contribute Back
  • Start Learning to Code

I see a number of things that I’ve been meaning to do and think that perhaps 2015 will be a good time to start. Things like the last three items on the list.

Here is the link to the full article:

Start the Year off Right with These WordPress Housekeeping Tips (Daniel Pataki,


Where is WordPress headed in 2015?

WordPress logos


Here are two views on the future of WordPress which may be of interest to WordPress developers and hosts.

They talk about the inclusion of WP-API and how it will facilitate a broader implementation of custom dashboards, something I’ve been seeking for a long time. Why is this important? Imagine WP-Admin as a seamless integration of presentation and administration. Expect front-end editing.

Noel Tock’s other thoughts include language, since the majority of WordPress sites are not English serving and the WordPress community.

Tim Nash makes some dire predictions in the area of security: That a serious security failure will visit a major commercial plugin developer and even the WordPress core itself. He also discusses Drupal, Magento, SSL and PHP.

Noel Tock from Human Made
WordPress in 20153

Tim Nash (developer-centric)
Tim’s 2015 WordPress Predictions3


WP eCommerce 3.9 Review


By Beka Rice on Sell with WP

WP eCommerce is one of the most mature eCommerce solutions for WordPress, but its growth and core development have slowed in the past couple of years. New users sometimes had difficulty finding the extensions or themes they needed to create the store that they wanted, and the plugin had almost a decade worth of code that made both maintaining backwards compatibility and compatibility with newer versions of WordPress challenging.

With the version 3.9 release last week, a new approach, brand, and ecosystem have been launched, and over 70% of the code base has been rewritten to improve performance and lay better groundwork for future updates.

While the WP eCommerce 3.9 release implements some huge changes (including some changes to the ecosystem we’ve covered), the previous 3.8.14 release actually contained significant internal changes as well. We’ll go through some of what’s changed in each release, and what users will see when using the newest version of the plugin.

[ read the full review ]

Severe Bash Vulnerability Disclosed that may affect many websites

This advisory just came out from Mark Maunder of Wordfence Security plug in:

A serious vulnerability in the bash shell has been disclosed. Bash will execute any trailing code after a function definition contained in an environment variable.

If you manage a Linux WordPress server, an update for Bash has been released today for most major Linux distributions. Update immediately. If you don’t run a server but are using a hosting provider it’s likely your host is aware of this issue already and has already upgraded their systems to protect you.

For more information please visit the Wordfence blog where I’ve included details of the vulnerability, how to test if you’re vulnerable, how to fix the issue and some details on how it works.

More information at:

Vulnerabilities in WordPress older than 3.8.2, Twitget Plugin and Quick Page Post Redirect Plugin.

WordPress vulnerabilities as reported from WordFence on April 14, 2014.

WordPress Vulnerability: WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role. More info available on the National Cyber Awareness System: CVE-2014-0165

WordPress Vulnerability: The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie. More info available on the National Cyber Awareness System: CVE-2014-0166

What to do about the above: Make sure you are running the newest version of WordPress, version 3.8.2.

Plugin Vulnerability: CSRF/XSS vulnerability in Twitget 3.3.1. If a logged-in administrator visits a specially crafted page, options can be updated (CSRF) without their consent, and some of those options are output unescaped into the form (XSS). Vulnerability ID: CVE-2014-2559 (not yet published)

What to do: Upgrade to Twitget 3.3.3 or later which contains a fix. Author is aware of the vulnerability and has fixed it.

Plugin Vulnerability: Quick Page/Post Redirect Plugin contains a CSRF and stored XSS vulnerability. Vulnerability ID is: CVE-2014-2598 (not yet published)

What to do: Upgrade to version 5.0.5 or later. Author is aware of vulnerability and has fixed it.

These reports courtesy of

Mark Maunder
Wordfence Creator & Feedjit Inc. CEO.