What makes you happy ?

Aaron Brazell has posted that a certain WP plugin has a vulnerability. The plugin has been fixed and a new release is here. I commented over there twice and asked what I consider to be two fair questions. I was subscribed to the comments so returned when some were made. This comment sticks out:

These plugins can be very dangerous. I think the Wordpress culture is to install as many plugins as possible without doing a ton of research.

The guy that said that runs a WP blog. He also runs K2 and from what I know of K2 it has a fair share of javascript in it. That js will be perfectly safe because it’s been written by guys who know their stuff – but I’ll bet that 99% of users of that theme do not know js that well. But they do not need to because they trust the authors. A lot of people trust plugin authors because they don’t know PHP. I pointed out that statement above in #wordpress and someone said they broadly agreed. Fair enough – it was a coder who broadly agreed. So what we have is two people who know code saying plugins can be dangerous. I think that’s a bad thing to say without quantifying it.

• What is dangerous ?
• Is there a bad combination ?
• What should we not mix ?
• How can we tell what is good and what is bad ?
• Can we test these plugins to find out ?
• Who should we trust and how do we know we can trust them ?
• How much research is enough ?
• Should we not ever use plugins ?
• Is it a permissions problem every time ?
• What is “Best Practice” ?
• Which plugins do you think are bad ? Why ? Have your changed yours if you use it ?

The reason the above is important is because making blanket statements is not helpful. Another reason is that people doing support for the product will be on the receiving end of the “Are they dangerous ?” questions. It is they who spend the time helping and it is they who should be armed with the knowledge to advise and even try to make the situation better.

So for those coders who think that “These plugins can be very dangerous” here’s a challenge: Answer at least all of my questions above. Write it so forum helpers and others can use the knowledge positively. Write it to show you know. Write it to benefit WordPress. Improve the culture. Blog it.

I had a bazillion entries in an error log today – and they are usually very small files. A “412 Precondition” error occurs which then sets off 4 more error entries. So a lot of 412 * 4 is a lot of lines. From what I’ve read, Bad-Behaviour can cause 412 (but I could be wrong) so I’ve switched that off for 24 hours – I don’t think SK2 will break into a sweat.

If you are running this plugin, and you do not have version .7.3, then upgrade. Today. It’s important, okay ? http://dev.wp-plugins.org/wiki/Kramer

Bad Behavior 1.2.2 has been released and is playing at a website near you. And if you go grab and update, it’ll perform for you too :)

WP-Contactform was also updated very recently so grab that as well.

Spam Karma 2 reports that 65 TB spams have been caught in the day which makes it over 100 in 3 days. Huge increase compared to previous junk.

For now. Went to upgrade from the alpha code to the beta and everything has changed – function names, code, the lot. It happens, but I just cannot be arsed to get it all back in right now.

My Smilies guide now shows how you use wp-config.php to define them rather than vars.php – which means overwriting the file during an upgrade just became trickier as everyone knows that you never touch wp-config.php
If you have custom smilies, download vars.php then copy/paste the whole array into the new location and all should be good.

Skippy has just released what has to be an essential plugin – Database backup. Given that if the host’s server went boom your files and replaceable but your posts and comments are not, you need this. Very easy install and very easy to use. No messing in phpMyAdmin, no cron jobs, just an efficient way to keep your data safe – and you do want that don’t you ?

Last night for a reason that matters not, I deactivated and altered some plugins. One of them was the spam-busting “Bad Behavior”. This morning I have over 200 spams. Bad Behavior works. Get it :)
http://www.ioerror.us/software/bad-behavior

Browsing over to the Canadian Moose himself, I see Craig has spotted a new plugin – Friend Finder which is neat as it’s the sort of thing I’ve been after for a while. Much kudos to Mr Wild-Smith for creating it :)