September 5th saw the launch of an exploit based attack on Wordpress blogs worldwide.
The warning comes from Lorelle on WordPress after it was discovered that the pernicious attack is exploiting security holes in previous versions of the blogging software, creating a new “hidden” Administrator account and penetrating right down to the database level.
The attacks are said to be “growing by the hour”. Lorelle writes:
There are two clues that your WordPress site has been attacked.
There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”
The …

My days of having to clear somwhere in the region of 100 spam comments out of my blog every day are gone. I have finally implemented a “captcha” on the comment form, thus disbarring all bots, robos, script kiddies, and general spamming malcontents. If you want to offer me a larger penis, perkier breasts, or a longer last erection you will now need to do it in person, or at the very least read the captcha.
There are a number of captcha modules available for Wordpress. I went for Simple CAPTCHA …

Oh dear oh dear.
I have received some comment spam today that I found so amusingly clumsy that I have decided it deserves something more than my usual “hit the spam button in Wordpress and sigh” response.
Today, we have our inaugural member of the Planet of the Penguins Roll of Shame.
Congratulations www.seoclientprospectingrobot.com
The spam comment was attached to my article “How To Haiku” and ran as follows:
This might be a little off subject, but have you looked at seoclientprospectingrobot dot com? Just wondering if you have any reviews of it, I’m thinking …

If you are in the market for a quick and easy way to keep collections of quotes, citations, or reviews on your Wordpress site then you should check out the Quotes Collection plugin.
It comes with both an AJAX widget and a set of theme functions, easily customisable to suit any site.

Moving this site from Drupal 4.x to Wordpress 2.7, I was obviously concerned with losing indexation of my old Drupal URLs from search engines.
As I had not set up clean URLs on my Drupal website for a lot of my content, I needed a quick and easy way of ensuring that any traffic destined for one of my Drupal pages firstly found it’s way to the original content (as not everything has moved over to the new site) and secondly informed my users that the site had been moved.
Enter the …