Version 1.0.2 of the Last Modified Footer plugin was released yesterday. This is the last version of the plugin that will be compatible with WordPress versions prior to 2.8. The next update will convert the plugin’s widget to use the WP_Widget class introduced as part of the WordPress 2.8 release. This simplifies the widget code and makes it multi-instance capable.
Monthly Archive for July, 2009
Version 1.0.2 of the Last Modified Footer plugin has been committed to the WordPress plugin repository. This version contains the following enhancements:
- Made message templates completely customizable via the admin panel
- Tidied the admin panel up and added per-field contextual help (hidden by default)
- Fixed bug that to ensure that only published posts are used for the ‘Site Last Modified’ date (props: DavyB)
- The ‘changelog.txt’ file has been merged back in to main readme file to conform to the new WordPress readme standard.
As usual, if you’ve got the plugin installed then WordPress should display the fact that an update is available on the plugins menu within 12 hours. The plugin can be manually downloaded from the WordPress repository if you don’t want to wait.
After reading about Donncha’s experiences with the Limit Login Attempts plugin I decided it would be a good idea to implement it on my blog. It’s extremely simple to set up, but I couldn’t work out how to solve the security warning the plugin generated telling me that my ‘user_nicename’ was the same as my username.
It turns out that ‘user_nicename’ parameter is used to construct a permalink to an Author Archive. By default it is set to your username, allowing an attacker to obtain a valid username from the Post Author permalink that is commonly included in themes. Luckily the problem can be easily resolved through a simple database modification:
- Fire up phpMyAdmin.
- Select your WordPress database from the menu on the left.
- Select the ‘wp_users table’, and then click the ‘Browse’ tab.
- Locate the row that has your username in the user_login column. Click the Edit button (the pencil icon) on that row.
- Enter the desired URL version of your name into the user_nicename field, e.g. ‘firstname-lastname’.
- Click “Go” to save your changes.
To check that the process has worked, visit ‘http://yourblogurl/author/firstname-lastname/’, replacing ‘firstname-lastname’ with whatever you picked in step 5; you should now see your Author Archive page. On checking the Limit Login Attempts options page, you should see that the security warning has disappeared. Props to WordPress Hacks for the solution.