Archive for March, 2010

10.6.3 Is Out

Monday, March 29th, 2010

For those who have had issues with Samba saving to file shares hosted on Windows Server, EMC or NetApp targets from within Microsoft Office (amongst other minor issues), you’ll be happy to note that Mac OS X 10.6.3 and Mac OS X Server 10.6.3 are now available for download. You can run softwareupdate to pick up the updates, or to download the updates manually see the links below:

Mac OS X Client
Mac OS X Server

Posted in Mac OS X, Mac OS X Server | Comments Off

WordPress 3.0 on the Horizon

Wednesday, March 24th, 2010

According to the current project schedule, WordPress 3.0 will hit the release candidate milestone next month, with a target release date of May 1, 2010. Lots of people have been writing about the new features of this release, but here are some of the highlights from the official list:

  • The merge with WordPress Multi-User (and multisite capabilities)
  • Better support for custom post types
  • Better menu management
  • New default theme “Twenty Ten” (preview here)
  • Custom Navigation
  • Custom Backgrounds
  • Choose username for the first account, rather than using ‘admin’
  • New template files for custom post types
  • Author specific templates
  • jQuery updated to 1.4.2

The code merge between “normal” WordPress and WordPress MU is a major undertaking. This will also allow BuddyPress to officially be installed on non-multiuser sites. The new default theme and ability to easily modify backgrounds should allow non-designers to create a nice custom site without having to know too much about theme design. The WooNav addition looks great and the elimination of the default admin user is something we talked about in our last post on WordPress security.

This will be a major release that should be tested in a non-production environment before being deployed on your server. 318 will be ready to help you with this upgrade when it’s released – call us at 877.318.1318 to schedule an appointment today!

Posted in Web Development | Comments Off

WordPress Security Auditing

Thursday, March 11th, 2010

After reading Sarah Gooding’s WPMU.org article, 7 Quick Strategies to Beef Up Your Security, we decided to take a look at our own WordPress settings here on the 318 Tech Journal.

Deleting the Default Admin User

Creating a new user with admin permissions, then logging in as that user and deleting the default “admin” account is great advice. Just make sure you assign all of the old admin users posts and links to the new account. Another caveat, if you are using the WPG2 plugin with a Gallery2 installation, make sure to remove the Gallery2 user links before deleting the old admin account.

Don’t Use the Default “wp_” Table Prefix

SQL injection attacks are very real, and this tip can help mitigate risk of infection. The WP Security Scan plug-in mentioned in the WPMU.org article has a built-in tool to help automate this change, but it can also lock you out of your dashboard. The trick is to make sure each user’s meta_key settings in the usermeta table match whatever prefix you choose:

wp_capabilities –> newprefix_capabilities
wp_usersettings –> newprefix_usersettings
wp_usersettingstime –> newprefix_usersettingstime
wp_user_level –> newprefix_user_level

Whitelisting Access to wp-admin by IP Address

This is typically done via .htaccess files and the AskApache Password Protection For WordPress plug-in mentioned in the WPMU.org article can help get the settings correct, although that plug-in has specific server requirements in order to run (it will run some tests for you to see if your server qualifies). If you do set this up, beware of dynamic IP address changes, which can lock you out in the future.

Other Items to Consider

  • Consider using a local MySQL application like Sequel Pro or the command line mysql tools for database configuration instead of public web-facing tools like phpMyAdmin. If you do use PMA, you should lock down access as much as possible using .htaccess controls (or other methods).
  • Tools like the WP Security Scan plug-in mentioned above or Donncha O Caoimh’s WordPress Exploit Scanner plug-in can help identify file permission issues in your WordPress setup.
  • Using SSH/SFTP instead of FTP to access your server is always good advice, even when you are using whitelists.
  • Stay up to date on both WordPress core files and all of your plug-ins.

318 is here to help you with all of your WordPress needs – call us today at 877.318.1318!

Posted in Security, Web Development | Comments Off

Follow us on Twitter

Friday, March 5th, 2010

Follow 318 on Twitter

Posted in General Technology | Comments Off