How to find a backdoor in a hacked WordPress

Edit: This post has moved to here: http://ottopress.com/2009/hacked-wordpress-backdoors/. Take your comments there.

Over here, Jorge Escobar is writing about how he got hacked with the latest version of WordPress. After some minor back and forth on FriendFeed, I got him to do a search which found a malicious backdoor he might not otherwise have found.

In so doing, it occurred to me that most people don’t keep up with the world of WordPress in the way I do, and so have not seen nearly as many hack attempts. So I figured I’d post my little contribution, and show people how to find hidden backdoors when cleaning up their hacked sites.

Non-technical users can safely ignore this post. :)
Continue reading “How to find a backdoor in a hacked WordPress”

WordPress 2.7 Comments Enhancements

This post has been moved here: http://ottopress.com/2008/wordpress-2-7-comments-enhancements/

WordPress 2.7 includes a lot of new enhancements, but one of the big ones is the new comment functionality. Comments can be threaded, paged, etc. This is all built in, but unfortunately, your theme must support it. So, for theme authors, I’d suggest getting to work on making your themes compatible right away.

Read on if you’re a theme author…

Continue reading “WordPress 2.7 Comments Enhancements”

Fun with Twitter

Just rigged up the blog to show whatever I’m posting via Twitter as well. However, what with Twitter being a bit of a lower end sort of one-liner type of thing, I decided to make those posts style slightly differently. So those weird blue things? Those are just my latest Twitter updates. :)

Thanks to Twitter Tools for making it work properly. Good WordPress plugin, still has a few odd points to it and some kinks to work out though. But it works well enough.

Feel free to respond more directly to anything I have to say on Twitter.

New WordPress 2.7 Feature – Plugin Installation

(This post is geared more towards PHP authors and fans of WordPress, so if you’re not into that sort of thing, why not go look at some pictures of cats instead?)

So, I upgraded to the latest 2.7-bleeding edge version of WordPress on my blog today, and discovered a new feature that I had missed in my earlier readings. There was a new menu item on the Plugins menu:

New Menu Item
New Menu Item - Install Plugins!

Yes, it appears that WordPress now has plugin installation built into it. Similar to the Plugin Upgrade feature introduced in 2.5, 2.7 will be able to download and install plugins directly from WordPress.org’s plugin directory.

Naturally, I had to try this out, so read on if you want to see what it looks like…

Continue reading “New WordPress 2.7 Feature – Plugin Installation”

Minor highlights of the life of Otto…

Let’s see, haven’t posted here in a while… what to say…

Lorelle invited me to make some guest posts this month on her blog. I wrote a short little technical ditty about how to integrate Microformats and WordPress Themes. If you’re into WordPress, or CMS’s in general, it’s worth a look. Since I use this site as a sort of test bed, I might also mention that it’s currently showing nine, count ’em, nine different microformats. And a few other things that aren’t microformats as well.

Went to the Art on Tap beer festival this last weekend. Had a hell of a good time, but was rather disappointed in the food selection. Also, it was one of the only beer festivals I’ve ever seen where all the beer was poured out of bottles. The exception was the homebrews poured by The Bluff City Brewers, which were all really good. I recall getting back to the Saucer, I don’t quite recall going home. So clearly, I had a good time. Paul posted some shots of the fest, some of which include yours truly.

The Rapscallions won at Trivia tonight, amazingly enough. Pete has clearly been making the questions harder, as we only scored 79 out of a possible 160-something. Still, that was enough for a tie, and we won the tie-breaker. $50 in the pot for the next party!

I received an invitation to the wedding of Chris, a friend of mine currently living in Atlanta. I kinda wonder about it, the wedding reception is at a beach resort in Alabama, but it’s in November. Anybody know what the weather is like at Gulf Shores in November?

Along with the invite, I received a summons from Zach for the Bachelor Party in October. Unfortunately, I’m told that it’s the same day as the Great Decatur Beer Tasting Festival. That’s just poor planning, man. Although, a beer tasting in the afternoon, followed by a Bachelor Party all evening… I’m not sure I’m capable of that anymore. I’m not as young as I used to be. Still, it’s doable, and damnit, I think I’m going to have to try. And then this weekend, I have the Cooper-Young festival to cope with. Along with a keg party a block away from the festivities.

Oh yeah, and Raiford’s is reopening, with Raiford back at the turntables. Now that I live about 2 blocks away from that point, I can see many 40’s in my future.

So, the fall is looking busy.

Twitter

I signed up for twitter today, and installed a plugin for the blog that hooks into it. It’s kinda neat. The basic idea is that you can send “what you are doing right now” to it at any given moment, and the site posts it. Not complex, basically like a blog for one-liners. The WordPress plugin I installed lets you show the latest twitter messages you’ve sent to the service on the sidebar, or in a post, or what have you. Very nifty.

So if you look on the bottom right of this page, you’ll see the latest info on what I’m currently doing. The cool thing about it is that you can post what you’re doing to the site via email or IM or even text message. Quite entertaining, albeit somewhat useless, information. Still, fun for a while, and maybe I’ll figure out something useful to do with in the long run.

Geekery and Beer

So, I’m sitting here drinking some of my new homebrew. It’s a rather nice cherry wheat that came out a tad more spicy than I was actually expecting. I think I rather overdid it on the cinnamon. I figure that after another couple of weeks of bottle conditioning, it might turn out to be a rather good beer.

One thing I have noticed is that it’s a lot stronger than I was expecting. After just one, I’m catching a buzz. Very nice.

Anyway, while I’m basking in the sun and enjoying a frosty beverage, I figured I’d putz around with the website a bit. Those of you of a geekish bent might try looking at the site on your mobile phone or whatever handheld device you happen to prefer. Through the magical power of the interwebs, the blog should now look different on the handheld devices, more suited to smaller screens. It’ll eliminate the sidebars and rejigger the display a bit. Since I’ve been using the mobile web a lot more, I find this quite cool.

Also if, for some demented reason, you feel it necessary to produce hardcopy of my random meanderings, you’ll find that the excessive imagery disappears on the printout, leaving you with just the basic text and little else. This should all be automatic if you have a modern browser, no strange trickery required. Although I’m dubious as to why anybody would want to print out my worthless words, the option is now there, if you happen to come up with a reason.

Those of you interested in the technical details can read on after the jump…
Continue reading “Geekery and Beer”

HOW-TO: Make WordPress Blogroll's smarter

Warning: Heavy geek content ahead. If you’re not interested in PHP code, you can safely skip this post.

One thing that not a lot of people know about is that WordPress is capable of checking your bookmarks/blogroll links for you and organizing them according to the time they were last updated.

The reasons people don’t know this are:
a) It’s not automatically setup and working, and
b) It rarely works in the first place.
Continue reading “HOW-TO: Make WordPress Blogroll's smarter”

Enable Firefox spell checking in WordPress 2.1

Important note: This plugin only applies to WordPress 2.1 – 2.1.2. The fix is included in the 2.1.3 source by default, and this plugin will no longer be needed.

Edit: Yes, I’ve just looked at 2.1.3 (which was just released) and this fix is in there. Do not use this plugin with 2.1.3 and up.

Lots of people like the new WordPress 2.1, but I noticed several complaints over on the WordPress support forums about the fact that the Firefox inline spell checking seems to not be working with the new editor.

I investigated, and it turns out to simply be one of the default settings of the version of TinyMCE that is being used. Even though it has a spell check button, some people prefer Firefox’s automatic spell checking. I can understand that, I use it all the time myself.

Fortunately, WordPress includes hooks for changing those TinyMCE settings, so it was a matter of a few minutes to create a plugin to deal with the issue.

Here’s a plugin to do just that. It’s simple to use, just upload to the plugins directory, then activate it in the Plugin panel. No configuration needed, it just turns the Firefox automatic spell checker back on in TinyMCE. Simple.

Download FFSpell

Enjoy!