From November 2009

(PLUGIN) Conversation Manager

Plugin-IconIt has been said that the majority of readers don’t comment on blog posts because they don’t feel like they have anything specific to add to a conversation.

This plugin allows you to prompt your readers to comment by asking them to answer a question specific to that post. A simple box with text that you define when writing your post is added above the comment form. The box can be styled to match your site by adjusting some predefined options. Read more

Secure WordPress with 2.8.6

upgrade-wordpressWordPress 2.8.6 was released today. It includes some security fixes for vulnerabilities found by WordPress users.

As always you can get the newest version of WordPress from the WordPress.org download page. We recommend always upgrading WordPress to the latest stable version available. If you don’t have the time or don’t know how, you can always hire us to make the upgrade for you. Just fill out the form on our “need help?” page and we’ll be in touch.

2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges.  If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch.  The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.