Siobhan on WPMU.org has a nicely illustrated, researched and explained article on why users should never search for “Free WordPress Themes” in Google or any other search engine. Not enough can be said to avoid the malicious theme hawkers on the Internet and I appreciate the work and the explanation.

The problem is that most users, who are new to the ways of WordPress, will still use Google to search for themes and will download the first link that provides them with a free theme that catches their fancy. I would go so far as to say that somewhat knowledgeable users might still be tempted to ignore any possible bad effects from these themes; e.g. users continue to flock to sites that provide collections of serial numbers online in spite of being riddled with porn and adware. My opinion is that there are two ways to solve the problem or at least throttle down the preponderance of malicious themes installed on hapless WordPress blogs. Both options come with their pros and cons but one is a resolution closer to home.

Read More Here…

You can update in your dashboard, on the “updates” tab, or download the latest WordPress site.

Expect new updates of Patagonia, Tandil and Director in 2011!

Enjoy 2011!

WordPress 3.0.3 fixes issues in the remote publishing interface, which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish, or delete posts. According to Peter Westwood from WordPress team, these issues only affect sites that have remote publishing enabled.

The feature called “Remote Publishing” is disabled by default. Some users have it enabled to use a remote publishing client such as one of the WordPress mobile apps. You can check these settings on the “Settings → Writing” screen.

Download 3.0.3 or update automatically from your WP “Dashboard → Updates” screen in your site’s admin area.

As you may know, Akismet is another great plugin and I use it on WpThemesPlanet. It blocks most of the spam comments. However, it is always interesting to have an alternative in hand. I have tried TypePad on another blog for the last 3 months and it works wonders. It blocked 100% of the spam.

The service is free to anyone who wants to use it for both personal and business sites, regardless of how many comments you receive. As with Akismet, you also need an API key for it to work. You can get a free API key in the link below. The great news about TypePad AntiSpam Plugin is that it can be used for WordPress MU too. This is the difference with Akismet, which needs a special license for WPMU. That’s why most WordPress WPMU Webmasters are using TypePad Antispam plugin lately.

Download the plugin here.

Register for a free TypePad API Key here.

The TypePad AntiSpam plugin for WordPress is derived from WP-Akismet by Matt Mullenweg. All subsequent modifications are copyright 2008, Six Apart Ltd.

Enjoy!

Download Theme

Changelog includes the following additions among other small improvements: Facebook Support was added. You can add your facebook profile and activate it from the admin panel. It will show up with Twitter and RSS. Another improvement is that options panel URLs were “sanitized” to avoid undesirable characters to display. This is to comply with the latest wordpress version security demands.

If you are upgrading Patagonia and your theme was manually customized, remember to save those changes before upgrading. WordPress will probably release a feature to make theme upgrades easier in a coming future, specially for users who customize themes. You can also update Patagonia theme automatically from your dashboard. This is recommended if you didn’t change anything in the css or php files manually.

Have a great weekend everyone!

In the WordPress Blog, they describe the first problem as an XSS vulnerability in Press This discovered by Benjamin Flesch.  The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these two issues.

You can also head over to the Trac ticketing system and either create tickets for any bugs you find or use some of the useful searches to look for patches that need testing. During the beta test phase they are going to focus on the stabilization of the new added features (since 2.8.4) and the removal of possible bugs. During this process they are not going to add any more enhancements so as to ensure that the focus is on making the 2.9 final release as bug-free as possible.

To make it as easy as possible for you to get a beta testing install up and running they have put together a small WordPress plugin which makes it really easy to convert a test install of the latest release version of WordPress into a beta test install of the next up and coming release. The plugin is called WordPress Beta Tester and is available to download from WordPress Extend or can be installed using the built-in plugin installer. Please make sure you to only install this plugin on a test site, as they don’t recommend running beta versions on your normal live sites, just in case anything goes wrong.

You can read more about the plugin in “Making it easy to be a WordPress Tester”. They want to release the first beta version of WordPress 2.9 around the end of October, once they finish implementing the new features, and then they switch to full on beta testing mode and your help and feedback will be very much appreciated. The final release of WordPress 2.9 will be available in either late November or early December.