Blog Tipz

On the blog publishing front, there is a small roundup of news from the WordPress team that need to be highlighted for security purposes and other information.

First of all, WordPress 2.7 Beta 2 was released today, marking the second beta (there are typically two to three release candidates/betas until the final release - see here for full list of versions/release archives) since the beginning stages of testing for the next version.

Sample View from WordPress 2.7

I took the time to install this new version of WordPress to see how everything worked before deploying it on all my blogs once the final version (2.7) is released on or around November 10th (it will likely be delayed as testing still appears to be ongoing).  Personally, everyone, including myself, would rather see a completely finished product rather than a rushed version, which needs a point upgrade the next week (i.e. 2.7.1).

While I haven’t previously stated my thoughts on the next version (I may have alluded to them in the past), I believe that the new version will further refine what makes up a back-end for blog systems.  Although it appears to becoming more and more “cluttered,” you can customize it at will with drag and drop areas and collapsable drop-down menus.  Speed-wise, in Google Chrome, it is extremely fast (although I was using a fresh install, and it wouldn’t let me log in correctly with the cookie settings of Safari, which I normally use).

I don’t call myself a usability expert or great designer, but I like the overall look and functionality of the new version much more than before, as I have the following issues (which are, for the most part addressed in the new version):

• Plugins add too many links to the heading, cutting off text for some, in addition to too many unnecessary (you shouldn’t have to remove functionality for improved appearance).
• The entire heading area totaled more than 160 pixels, including the sub-links (I was using drop-down menus to temporarily solve this problem), while the new version is less than 50 pixels, with a condensed sidebar width of roughly 55 pixels.  This is an enormous savings of space, in comparison to the older version.
• The “Add New Post” page now fills the entire screen, as it is flexible width, so I can remove another plugin which currently solves this problem.
• Categories and Tags weren’t given enough space (solved with plugins/updates), but now have been moved to the sidebar.
• Quick edit mode – this area appears a little “HTML-ish” but might be cleaned up before final release.  I currently use a plugin for quick editing, so this might solve the issue.
• Speed.  Despite having “Turbo” mode installed, there were still some points where the back-end took some time to load.  With some testing, it appears as though this issue has been addressed, even when the feature isn’t utilized.
• Easier-on-the-eyes “Edit Comments” panel, with “Quick Edit” and “Reply” functionality, saving time when it comes to commenting and managing comments.
• An overall cleaner interface (for now).  I’d like to see how developers implement plugins into the sidebar, as it would be more risky placing a link/icon for every plugin.  It would be better if plugins were not added to any area of the admin area, but kept on the full plugins page, with links to change settings from there (although not likely, as you would lose all blog functionality if you lost access to this page and something goes wrong).

Updates Included in the Latest Version

You can find a live demo of WordPress 2.7-beta 1 here.  Use demo as both the username and password.  Some functionality has been removed, but it is the most current version available without major modifications.

These problems have either been fixed or changed (or will be changed in an upcoming release):

• The Upload button didn’t always show up.
• JavaScript on the Dashboard broke for blogs with no comments, causing several User Interface elements to “freeze.”
• Recent Drafts Dashboard modules didn’t show correct lines.
• Various Autosave fixes.
• Redirect after deleting a page from the editor went back to the deleted page.
• Fixed loading of translations for default TinyMCE plugins.
• Added Avatars to the edit users list.
• Added some missing translations.
• Fixed some validation errors.
• Fixed some PHP warnings and notices.
• Handle inconsistent file permissions during auto upgrade.
• Change Publish box layout to better accommodate internationalized text.
• Fix quick editing of the last page in the Edit pages list.
• Fix Screen Options for Internet Explorer.
• Fixes for choose tag from tag cloud.
• Rewrite rules fixes for certain hosts.
• Don’t check for updates on every page load.
• Easier post box dropping.
• Preview fixes.
• RTL fixes.
• Fixed broken wp-mail.
• Plugin update and install fixes.
• First draft of contextual help tab.

Be Aware of Fake WordPress Sites

Some people have decided to set up a fake WordPress (.org) install site, which intends to distribute a “hacked” version of WordPress for users to install who haven’t updated their blogs to the current version, 2.6.3.  You will know that your blog has been infected if one of the dashboard widgets tells you to update to version 2.6.4, which never existed.

You are being warned to watch out for sites that appear as “phishy,” as all your information, including personal contacts and related data could be transfered to someone who will use it for personal gains or completely take down your site/blog.

Ensuring that Your Blog Won’t Be Hacked/Targeted: 

1. Keep your blog updated with the most recent version of WordPress.
2. Don’t install any plugins, themes, or “updates” from sites other than WordPress.com or WordPress.org, unless you can confirm that it is the original developer of a plugin (who has chosen not to distribute the theme or plugin from the Extend Database.
3. Again, never give out your personal information to your blog, even if you can sincerely trust the person.  If given administrative rights, they could install plugins from these suspected sites, resulting in your blog being “lost.”

You can find additional information on this suspected vulnerability here:

- Weblog Tools Collection

- The Register

- Peter Westwood

As long as your blog is kept updated and you are aware of where you are downloading updates/plugins/themes, you shouldn’t have any problem and WordPress should be considered no less secure – nearly all installed applications are open to vulnerabilities such as this one.

Conclusion

On a final note, what are your thoughts on the new Dashboard and design (using the demo)?  Will it make it easier to blog – as the main focus of WordPress has been?  What changes should/could be made?