Just a quick alert: the latest version (v. 3.0.3.3) of the popular Shadowbox JS plugin for WordPress has a serious bug that exposes your WordPress installation to a major security risk. Incorrectly coded handling of the “player” tag causes all of your NexGEN Gallery images to be displayed on any page that also has single images embedded via WordPress “Add an Image” function.

Staring with version 3.1.3, WordPress introduced X-FRAME-OPTIONS support for the admin and login pages. This is a simple defensive measure against sneaky characters trying to encapsulate your blog within their own Web sites using iframes. So this new security was a welcome addition to WP for most users. I was not one of those users.

After upgrading to the latest stable WordPress version 3.0.4 I ran into an old issue I haven’t see for almost two years. Clicking “Publish” or “Save Draft” when writing a new post seems to remove some custom fields. If you re-add the custom field and click “Update”, the entry stays. But it goes away again once you use the “Save Draft” or “Publish”.

Ignoring my own advice to never install latest WordPress releases as soon as they come out, I upgraded my installation to WP 3.0 and shortly after to 3.0.1. Doing so broke a few things. Automatic plugin updates or installs seem to hang and so does automatic WordPress upgrade. Let me illustrate. According to this screenshot, I need to update one of the plugins.

Below is the SQL script that will attempt to identify and remove duplicate posts in your WordPress database. This script can be useful for autoblogging. If you use plugins like WP-o-Matic to pull full-text RSS …

Whenever a new WordPress version comes out, I get an itch to upgrade as quickly as possible. Generally, this is not a good idea, unless you enjoy working out new software bugs and dealing with …

The php.ini is the primary configuration file for the PHP – a popular scripting language used for Web development. Most Web hosting providers offer preinstalled PHP on their servers. However, not many hosting providers explain …

Whenever you upgrade your WordPress installation or do development work, it is always a good idea to be working on a copy of your main site and not on the real thing. Copying WordPress installation …

A large number of WordPress directories do not have an index file. This is particularly dangerous in case of the plugins directory. If your server allows directory listings, a potential attacker may see which plugins …

Content management systems are sprouting up like mushrooms after a warm April rain. If your job is to find the perfect CMS for your needs, you can spend weeks analyzing and comparing features of various …

Never ever upgrade WordPress to the latest version as soon as it comes out, unless you want to be the guinea pig dealing with the new bugs and incompatible plugins. Even if the new version …

Many WordPress theme designers choose to cut some corners with their creations. One of the more important things they skip over is print.css – the stylesheet that controls your blog’s appearance when you print it. …

WordPress is a great blogging engine and decent CMS. Unfortunately, most available WordPress themes- even those claiming to be “minimalist” – are bloated and slow to load. Heavy CSS stylesheets, multiple Java scripts, numerous graphics …