Tag Archives: WordPress

What’s new with WordPress 3.8

WordPress 3.8 is now available via Softaculous. Upgrade your existing installation to 3.8 with one click or install a fresh new blog.

WordPress has gotten a facelift. 3.8 brings a fresh new look to the entire admin dashboard. Gone are overbearing gradients and dozens of shades of grey — bring on a bigger, bolder, more colorful design!

wp_overview

wp_design

Modern aesthetic

The new WordPress dashboard has a fresh, uncluttered design that embraces clarity and simplicity.

Clean typography

The Open Sans typeface provides simple, friendly text that is optimized for both desktop and mobile viewing. It’s even open source, just like WordPress.

Refined contrast

Beautiful design should never sacrifice legibility. With superior contrast and large, comfortable type, the new design is easy to read and a pleasure to navigate.

WordPress on every device

responsiveWe all access the internet in different ways. Smartphone, tablet, notebook, desktop — no matter what you use, WordPress will adapt and you’ll feel right at home.

High definition at high speed

WordPress is sharper than ever with new vector-based icons that scale to your screen. By ditching pixels, pages load significantly faster, too.

Admin color schemes to match your personality

wp_colors

WordPress just got a colorful new update. WordPress 3.8 includes eight new admin color schemes so you can pick the one that suits you best.

Color schemes can be previewed and changed from your Profile page.

Refined theme management

themesThe new themes screen lets you survey your themes at a glance. Or want more information? Click to discover more. Then sit back and use your keyboard’s navigation arrows to flip through every theme you’ve got.

Smoother widget experience

Drag-drag-drag. Scroll-scroll-scroll. Widget management can be complicated. With the new design, WordPress team has worked to streamline the widgets screen.

Have a large monitor? Multiple widget areas stack side-by-side to use the available space. Using a tablet? Just tap a widget to add it.

Twenty Fourteen, a sleek new magazine theme

The new Twenty Fourteen theme displayed on a laptop. tablet and phone

Turn your blog into a magazine

Create a beautiful magazine-style site with WordPress and Twenty Fourteen. Choose a grid or a slider to display featured content on your homepage. Customize your site with three widget areas or change your layout with two page templates.

With a striking design that does not compromise our WordPress’ simplicity, Twenty Fourteen is the most intrepid default theme yet.

Try Twenty Fourteen live

Source : http://wordpress.org

Forgot the password for your WordPress blog ?

Forgot the password for your WordPress blog ? This post will help you to reset your password.

WordPress Logo

1) Get the reset password link to your email address :

You need to know either the email address or the username and need to have access to your email address (you will receive the reset password link there).

  • Go to your WordPress login screen
  • Click on the Lost your Password link
  • Enter the email address or your username and click on the Get New Password button.
  • You will now receive an email with the link to reset your password.
  • Enter the new password and click on the Reset Password button.
  • That’s it you have reset the password for your blog’s account.

2) Don’t have access to the email associated to your account at the blog ?

You can reset the password from your WordPress database. You will require access to your database.

  • Login to your control panel and go to the database manager. Generally you will have phpMyAdmin
  • Now choose the database where you have WordPress installed. (If you are not sure check the database details from wp-config.php file of your installation)
  • Go to the users table and look for the username for which you need to reset the password
  • Now click on the Edit button corresponding to your username
  • Enter the new password you want under the Value column next to user_pass field
  • Choose MD5 from the dropdown under the Function column next to user_pass field
  • Hit the Go button
  • The password encryption will not look as the previous one because we chose MD5 and WordPress uses a different hashing method
  • Don’t worry. Go to the login WordPress login screen and login with the new password. On successful login WordPress will convert the new password as per WordPress encryption hash.
  • That’s it you have successfully reset the password for your account for your WordPress blog.

WordPress 3.6.1 Maintenance and Security Release

WordPress team has released WordPress 3.6.1 which is a Maintenance and Security Release

WordPress Update

WordPress 3.6.1 is also a security release for all previous WordPress versions and it is strongly recommend you update your sites.

WordPress has been updated to 3.6.1 in Softaculous. You can update your installation with just one click. Here is the guide :

Update WordPress

The WordPress security team resolved three security issues, and this release also contains some additional security hardening.

The security fixes include :

  • Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution.
  • Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user.
  • Fix insufficient input validation that could result in redirecting or leading a user to another website.

The additional security hardening include:

  • Updated security restrictions around file uploads to mitigate the potential for cross-site scripting. The extensions .swf and .exe are no longer allowed by default, and .htm and .html are only allowed if the user has the ability to use unfiltered HTML.

Source : http://wordpress.org

WordPress 3.5.2 Maintenance and Security Release

WordPress team has released WordPress 3.5.2 Maintenance and Security Release

WordPress Update

This is the second maintenance release of 3.5, fixing 12 bugs.

This is a security release for all previous versions and it is strongly recommend you update your sites immediately.

WordPress has been updated to 3.5.2 in Softaculous. You can update your installation with just one click. Here is the guide :

Update WordPress

The WordPress security team resolved seven security issues, and this release also contains some additional security hardening.

The security fixes included:

  • Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
  • Disallow contributors from improperly publishing posts or reassigning the post’s authorship.
  • An update to the SWFUpload external library to fix cross-site scripting vulnerabilities.
  • Prevention of a denial of service attack, affecting sites using password-protected posts.
  • An update to an external TinyMCE library to fix a cross-site scripting vulnerability.
  • Multiple fixes for cross-site scripting.
  • Avoid disclosing a full file path when a upload fails.

Source : http://wordpress.org

Optimize your server for high traffic WordPress installation

If you run a high traffic WordPress installation you will want to optimize WordPress and your server to run as efficiently as possible. This article gives a general overview of the avenues to pursue. It’s not a detailed technical explanation of each aspect.

WordPress Logo

The optimization techniques available to you will depend on your hosting setup. This article is divided into categories according to hosting type.

1) Shared Hosting :

This is the most common type of hosting. Your site will be hosted on a server along with many others. The hosting company manages the web server for you, so you have very little control over server settings and so on. The areas most relevant to this type of hosting are :

  • Caching : WordPress caching is the fastest way to improve performance. Plugins like W3 Total Cache or WP Super Cache can be easily installed and will cache your WordPress posts and pages as static files. These static files are then served to users, reducing the processing load on the server. This can improve performance several hundred times over for fairly static pages.
  • WordPress Performance : The first and easiest way to improve WordPress performance is plugins. Deactivate and delete any unnecessary plugins. Try selectively disabling plugins to measure server performance. Is one of your plugins significantly affecting your site’s performance?
    Then you can look at optimizing plugins. Are plugins coded inefficiently? Do they repeat unnecessary database queries? WordPress has its own caching system, so generally speaking, using functions like get_option(), update_option() and so on will be faster than writing SQL.

2) Virtual / Dedicated Server :

In this hosting scenario you have control over your own server. The server might be a dedicated piece of hardware or one of many virtual servers sharing the same physical hardware. The key thing is, you have control over the server settings. In addition to the areas above Caching and WordPress performance, you can follow the below techniques to optimize your server :

  • Server Optimization :

    DNS: If you host your DNS on external servers this will reduce the load on your primary web server. It’s a simple change, but it will offload some traffic and cpu load.

    Web Server: Your web server can be configured to increase performance. There are a range of techniques from web server caching to setting cache headers to reduce load per visitor. Search for your specific web server optimizations (for example, search for “apache optimization” for more info).

    PHP: There are various PHP accelerators available which can dramatically improve performance of your PHP files. This will apply to all PHP files, not just your WordPress installation. Search for PHP optimization for more information, f.e. APC.

    MySQL: MySQL optimization is a black art in itself. A few simple changes to the query cache settings can have a dramatic effect on WordPress performance because WordPress repeats a lot of queries on every request. Search for mysql optimization for more.

  • Offloading :

    Static Content : Any static files can be offloaded to another server. For example, any static images, JavaScript or CSS files can be moved to a different server. This is a common technique in very high performance systems (Google, Flickr, YouTube, etc) but can also be helpful for smaller sites where a single server is struggling. Also, moving this content onto different hostnames can lay the groundwork for multiple servers in the future.Some web servers are optimized to serve static files and can do so far more efficiently than more complex web servers like Apache, for example publicfile or lighttpd.

    Multiple Hostnames : There can also be user improvements by splitting static files between multiple hostnames. Most browser will only make 2 simultaneous requests to a server, so if you page requires 16 files they will be requested 2 at a time. If you spread that between 4 host names they will be requested 8 at a time. This can reduce page loading times for the user, but it can increase server load by creating more simultaneous requests. Also, known is “pipelining” can often saturate the visitor’s internet connection if overused.

    Offloading images is the easiest and simplest place to start. All images files could be evenly split between three hostnames (assets1.yoursite.com, assets2.yoursite.com, assets3.yoursite.com for example). As traffic grows, these hostnames could be moved to your own server. Note: Avoid picking a hostname at random as this will affect browser caching and result in more traffic and may also create excessive DNS lookups which do carry a performance penalty.

    Likewise any static JavaScript and CSS files can be offloaded to separate hostnames or servers.

Source : http://codex.wordpress.org

How to make your WordPress installation Secure

WordPress Logo

WordPress is one of the most popular blog today. As it is the most popular application there are numerous hackers who are honing their skills to make it to the big leagues.

WordPress is pretty secure and they provide frequent updates but we can make the installation more secure by following some simple steps :

1. The most easiest way is to be updated with WordPress

WordPress provides security updates immediately if a loop hole is detected, so being updated with WordPress will help you to be more secure. It hardly takes a minute to update WordPress with Softaculous.

2. Generic admin username

Most users make a mistake by continuing with the default username for the administrator account ie is admin. Its a common username and every hacker would know that. Choose a username other than admin you can use your name i.e. john as your username. You can choose the username on the install form.

3. Choose a Strong Password

Using a simple password is a bad idea. Use a password that is more secure to let the hackers stay away from you. Use a combination of alphabets, numbers and special characters.

4. Secure permissions to the config file

The wp-config.php file contains all the configuration and settings of WordPress, exposing this file to hackers is a very big threat to your blog they could easily inject malware into your blog or delete the content on your blog. The solution for this is to revoke the permission to the config file. The WordPress config file is wp-config.php  which located in the root directory of your installation. Change the permission to something safe like 0600 if suPHP is enabled on your server. You can ask your host to confirm which permission is suitable on your server.

5. Backup regularly

Backing up your installation is very important because if your installation is hacked you can restore your installation from the backup. You should always take a back up of your database and files, it is recommended to take a weekly backup of your data there are several plugins that will do it for you or you can use Softaculous to backup and restore your installation.

6. Plugins

Make a point to update the plugins when there is an update available. It is always a good idea to be updated. Also, if you are not using a specific plugin, delete it.