If you use my SyntaxHighlighter Evolved WordPress plugin, please update ASAP. There’s a security issue with the Flash file that is used by version 2 of the highlighting library. This file is meant to be used for allowing one-click copying of the code to your clipboard (since normal copy/paste doesn’t work with it) but the file reportedly suffers from a cross-site scripting security issue.
Even if you use the better version 3 of the library (the default for my plugin), the file from version 2 of the library will still be included in the plugin’s files.
As a temporary fix, I have emptied out the file. This unfortunately means your visitors will not easily be able to copy any code you paste. I recommend switching to the superior version 3 via my plugin’s settings page. Code highlighted using the newer version can be selected and copied normally.
Feel free to leave any questions you have about this security issue on this post but please leave other general SyntaxHighlighter comments on the plugin’s homepage. Thanks.
Pippin Williamson has written a good explanation of which to use over on Wptuts+.
TL;DR: If the functionality is something that should continue to work after you switch themes, then it belongs in a plugin.
My most popular WordPress plugin, Viper’s Video Quicktags, has passed the 1 million download mark!
I really should give it more love and attention…
With the release of Jetpack 1.5, Jetpack now supports the awesome carousel feature that you may have seen running on WordPress.com. It’s superior to my jQuery Lightbox For Native Galleries plugin in my opinion so I am opting to discontinue development on my plugin.
My plugin should continue to work for the indefinite future but I will no longer be maintaining it.
JW FLV Player has been removed from the latest version of my Viper’s Video Quicktags plugin. The player is not compatible with the GPL license and as a result cannot be included in plugins that are hosted in the WordPress.org plugin repository. I shouldn’t have added the player to my plugin in the first place but it was the only decent player at the time oh so many years ago. Today I have rectified that mistake by removing it from my plugin’s download.
However do not fear — I have not actually removed the functionality, I just no longer bundle it with my plugin. If you wish to continue to use the player to embed
.mp4 files after upgrading to version 6.4.0 of my plugin, you will need to download this ZIP file and extract it to your
wp-content folder, resulting in
/wp-content/jw-flv-player/player.swf. I’m hosting the ZIP file since my plugin uses an old version of the player that is no longer available for download from the official site.
This is a temporary band-aid fix. The eventual plan is to switch to the GPL-licensed Flowplayer but that won’t happen until I complete the latest recode of my plugin which introduces many much-needed features. Whether I’ll actually ever finish version 7.0 of my plugin is another matter though.
If you have any questions or need any help, please post over on the Viper’s Video Quicktags page.
Someone has been trying to brute-force attack my site lately (guessing my username and password) and so I thought I’d share the plugin that is blocking them and also letting me know that it’s happening: Limit Login Attempts. After a configurable number of log in failures, the plugin blocks the IP from attempting to log in for a configurable amount of time. Super handy. 🙂
I’m having trouble coming up with a good name for my latest WordPress plugin so I thought I’d crowd source it. 🙂
My other WordPress-powered site, FinalGear.com, receives very large traffic spikes. I used to just run WP Super Cache to prevent the site from going down but Apache would still actually die under the load even though it was just serving static content. Since the site has no comments or other often changing content, the easiest solution at the time was just to throw a reverse proxy called Varnish in front it with a decent cache time (5-10 minutes per page). I’ve since switched from Apache to nginx which solves that issue but it’s still easiest to just leave Varnish there.
Varnish is set up to ignore cookies on the front end of the site. That means I get served the exact same version of the site that you (a guest) sees — no admin bar, no post edit links, and so forth. Getting to the admin area is easy thanks to an absolutely positioned hidden link in the bottom left of the site (hover over it, you’ll find it) so lack of an admin bar is no problem for me.