Blogger Dude

Nobody likes to sign up to a new social network and feel like they have zero friends. The new BuddyPress Automatic Friends plugins makes your new users feel a little more at home upon signing up to your community. It automatically creates and accepts friendships for specified users upon new user registration.

You can easily set the new automatic connections in the plugin’s options panel:

Getting new people connected right away will help to keep your community growing. Download BuddyPress Automatic Friends for free from the WordPress plugin repository.

This past weekend DevPress announced that they would like to give away free memberships to WordCamp organizers to distribute to any of their attendees. The DevPress team simply loves WordPress and WordCamps and wants to show their support by hooking up hardcore WordPress fans with free memberships. If you’re organizing a WordCamp, make sure to get in touch with DevPress!

What do you get with a DevPress Membership?

The DevPress Club membership package includes a beautiful array of themes and plugins, created by stellar, well-respected members of the WordPress community. It also includes support through the DevPress community forums and access to all current and future products.

With an already ridiculously affordable membership cost of $5/year, there’s no reason to wait until WordCamp to get a membership. This fantastic WordPress resource is accessible to WordPress users on even the smallest budget. Go sign up today!

WordPress is a great platform for creating a review site, and it’s was made particularly easy with the introduction of custom post types. There are a number of plugins which will create a review site for you but these themes make it easy. Just install, activate and you’re on your way to reviewing your little socks off.

ReviewIt

Demo | Purchase

InReview

Demo | Purchase

Media Store

Demo | Purchase

Pro Review Theme

Demo | Purchase

The Reviewer

Demo | Purchase

Avenue

Demo | Purchase

Expo

Demo | Purchase

Imperial

Demo | Purchase

LeetPress

Demo | Purchase

Mammoth

Demo | Purchase

Usually when you need to clone a WordPress theme file, you have to download the file, rename it, and then upload the new file via FTP. Theme File Duplicator is a new plugin that completely eliminates this process. It adds a new menu item – Appearance >> Add Page Template. Here you can clone an existing template file with the option to add a template name in the same manner as you normally would using this:

<?php
/*
Template Name: {My new template}
*/
?>

Cloning a file happens right in the WordPress dashboard! Please note that if you are using a child theme, the new theme file will be in the parent theme folder. If you don’t have FTP access to a site and want to make some quick changes, then this is a great option. Download Theme File Duplicator from the plugin repository. It will make your life a bit easier when it comes to WordPress themeing.

Recently, many WordPress sites have been hacked due to a security vulnerability in timthumb.php, a script that is used by hundreds of WordPress themes to resize images.

Oh no! How do I fix it?

The advice that came after the first sites started getting hacked was not the easiest to implement for non-technical WordPress users:

If your WordPress theme is bundled with an unmodified timthumb.php as many commercial and free themes are, then you should immediately either remove it or edit it and set the $allowedSites array to be empty.

This isn’t very helpful if you have no idea where to look or what you’re looking for. The first hurdle is to figure out if you’re affected and then to apply the right fix.

Timthumb Vulnerability Scanner to the Rescue!

If you have no idea what to look for, then the Timthumb Vulnerability Scanner will be a real lifesaver. Install it like any other plugin and it will scan your wp-content directory for vulnerable instances of timthumb.php. It also gives you the option to upgrade your scripts to a safe version with a single click.

The creator of this pugin was overwhelmed with requests to clean up hacks that have exploited the timthumb.php script. He made this plugin incredibly easy to use. If you know how to install a WordPress plugin, then you can manage this. It saves your site in two steps:

1. Scan
Click “Scan” to have the plugin check for the timthumb.php script.

2. Fix
If it finds an outdated and insecure version of the script, you will be given a “Fix” button to click for an instant upgrade.

What if I’ve already been hacked?

The plugin’s author notes that if you’ve already been hacked, this plugin will NOT clean up your site. Essentially, it fixes the door lock, which doesn’t matter if the burglars are already in your house. Believe me, you do not want the hackers to get in there. It can take down your entire server and if your host shuts down your account, you’ll be missing critical traffic and email.

For added security, check out Philip’s post on using a firewall to help protect your WordPress site from attack:

How to Protect Your WordPress Site as Hackers Exploit TimThumb Security Hole

Millions of WordPress sites are still vulnerable to the Timthumb security hack. Don’t let yours be the next victim! Download the Timthumb Vulnerability Scanner and check your sites today.

Launch Effect is a brand new free WordPress theme on the scene. It’s a one-page theme that lets you create a viral campaign for a soon-to-be launching website. This is no ordinary “Coming Soon” page. Launch Effect packs some powerful sharing features into the theme:

Here’s how it works:

• 1. Visitors to your website sign up using their email.
• 2. Upon signing up, the page generates a special URL for them to share with their friends.
• 3. Use the URL to track your most active referrers and reward them for spreading the word.

The live demos are absolutely stunning:

Here’s an example of the sharing page a visitor will see after he puts in his email address:

Unique Features of Launch Effect:

Signup Stats:
The theme comes integrated with automatic tracking so that you can measure the effectiveness of your campaign.

Fully Customizable:
Launch Effect comes with a robust options page with far more options than are pictured here in the screenshot. It’s incredibly easy to customize without any programming knowledge so that you can quickly have your campaign up in 5 minutes.

The ability to track and reward your fans is probably the most powerful feature of the Launch Effect theme. It goes far beyond simply capturing email addresses and hoping that your email marketing strategy will be a success.

Check out the development roadmap for a full list of features that are planned. First in terms of priority is Mail Chimp integration for automatically adding sign-ups to a list as well as powering post-signup notification emails. Other coming soon features include a mobile version, multilingual support, Google+ sharing, and support for Typekit, Ascender, Monotype, et. al.

Check out the Launch Effect homepage for more demos, information and the link to download the Launch Effect theme for free. This may in fact be the perfect tool for your next exciting product launch.

This one is for WordPress plugin developers. Want to showcase the plugins you’ve developed on your website? My Developed Plugins gives you a widget you can drop into your sidebar. It pulls from the WordPress Plugin Directory to list and link to each of your plugins.

The best feature is that it also displays the total number of downloads for each of your plugins so that you can easily keep track of your stats on your own website. Install and activate My Developed Plugins and then configure the widget to use your WordPress.org developer name.

If you’re looking for small ways to improve page loading on your WordPress site, you might consider lazy loading your widgets. The Lazy Widget Loader plugin is for use on slow widgets with content from 3rd parties, such as Facebook, Twitter, AdSense and others.

How does the Lazy Widget Loader plugin work?

This plugin postpones loading the content of the widgets you choose, so that their content is loaded after the main content of the page that is displayed. By default the plugin will not load any of your widgets this way – you’ll need to select which widgets it affects.

Advanced Lazy Loading Integration

The plugin also includes the option to add advanced lazy loading integration, which allows you to take advantage of the advanced asynchronous loading mechanism. This gives you the ability to include shortcodes that create lazy-load content anywhere on a page, the option to load content on sight and an automatic noscript feature that helps to provide alternative content for visitors that have disabled JavaScript.

Check out lazy loading widgets in action on the Itthinx Lazyloader Demo site. You can download the Lazy Widget Loader plugin for free from the WordPress plugin repository.

The South by Southwest Interactive conference will be held March 9–13, 2012. More than 3200 proposals are competing for about 350 slots at the conference. Only 8 of the proposals submitted relate to WordPress. It’s up to you to vote for your favorite sessions.

Jane Wells has posted all 8 of them on the WordPress News blog with descriptions for each. Drop by over there to get an overview of the proposals. They are as follows, each linked to its individual SXSW PanelPicker page.

• Blog Wars: Movable Type vs. WordPress Revisited
• Designing WordPress
• Open Source Social Networking
• Welcome to the Chaos – the Distributed Workplace
• Deploying WordPress: From Zero to Ninja
• Beyond the Theme – Using WordPress as an API
• Local Government Online: WordPress Beats Drupal
• WordPress website built live in 45 minutes

Let’s make sure WordPress gets the attention it deserves at SXSW. Visit the pages for the sessions you’re interested in and make sure to vote and comment!

A month ago we told you about a serious security whole in popular image manipulation script, TimThumb.

Used by hundreds of WordPress themes this was a particularly far-reaching exploit that opened up many sites to hackers who could gain entry and do pretty much what they wanted.

Thanks (or should that be “praise be”?) to the quick actions of Mark Maunder and the subsequent collaboration between him and TimThumb’s original author Ben Gillbanks, the hole has been patched up and the latest version of TimThumb is much more secure.

However, themes must then be updated with the new version, or patched accordingly. Otherwise hackers looking for this exploit could get in to your site – and guess what? It’s happening.

This week a WPMU DEV member posted on the forum;

Sigh. I forgot to check one of my sites, and wouldn’t you know it? It’s the one that got hacked. I’m running a site that has TimThumb and it’s been hacked.

Bad times :(

In fact, Mark has a very insightful post showing just what hackers are capable of when they exploit this hole. In short, they can do almost anything with your web site.

Protecting yourself

So how do you know you haven’t missed a copy of TimThumb somewhere and shown hackers a wide open door?

Well, since August 14 I’ve received over 1,400 e-mails informing me that hackers were attempting to hack into my site using the TimThumb exploit.

How?

Using the excellent WordPress Firewall plugin. This excellent piece of kit automatically detects attacks and blocks them, sending you an e-mail each time. If the guy quoted above had been using the plugin he never would have been hacked!

In once case, I’ve received over 1,000 of these e-mails on the same day! It was only after I blocked the IP address of the attacker (included in the e-mail) that the attacks ceased.

What are you waiting for? Protect yourself now!

Got any other tips for securing WordPress? Let us know in the comments or contact us!

Update: Via WordPress Tavern I’ve learned that a new plugin allows you to scan your WordPress site for the TimThumb vulnerability.