Zack Darling Creative Associates » Technology Corner

TimThumb Saga Update

Kate — Mon, 08 Aug 2011 17:32:54 +0000

Here’s a great article about the TimThumb image resizing issue and why we love open source so much. I’ll be pushing out the version 2.0 changes as soon as they’re released.

WordPress and TimThumb Exploit

Kate — Wed, 03 Aug 2011 18:35:29 +0000

One of the great things about the WordPress community is the communication between developers and their audience. We use theme warehouses from time to time to provide the base of the templates that we then adapt to our clients’ visual ideas and the folks both at WordPress.Org and the theme warehouses alert the community-at-large with patch and exploit notices when they’re found. It’s open source camaraderie at its best and today I was the recipient of this communal friendliness and and then sought out and patched the TimThumb exploit that was recently found (see info here if you run your own WP sites: http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/).

All of our clients’ WordPress installations were assessed and patched where necessary.

Thanks open source!

WordPress and Security

Kate — Tue, 21 Jun 2011 22:15:57 +0000

We love WordPress — unabashedly! We design and develop in this ever-evolving and maturing application on a regular basis. It has come SO far over the past decade and, in the remarkable vein of GPL and open-source application development everywhere, there is an enormous community of users, developers and advocates out there that provide encouragement and support.

What’s the best part about WordPress? Its accessibility. Hands down. It’s user friendly and simple where it should be and with the release of the 3.x architecture, it has actually taken leaps forward towards becoming a Content Management System (our designers and developers here will attest to this, somewhat begrudgingly, as it removes some of the ease-of-use of a blog {think auto-menu items with some of the new features}).

What’s the worst part about WordPress? Left alone and without an initial security detail and on-going regular maintenance, it’s as vulnerable as any open source, widely used application (think Zen Cart). In fact, one of the clear downsides to using open source solutions is that, well, everyone else can (and does), too. And this means along the infiltration spectrum, anyone from your backyard script kiddie to a hired spam minion, can and does find holes to make your life difficult.

So why take the risk, you ask? Because WP is an elegant solution, even for average ecommerce. Yes, that’s right, ecommerce. And the risk is minimal if you perform a couple of tech-common sense (and some not so much) tasks upon setting up your WP installation and then as you maintain it.

WordPress has released a security 101 document that provides decent security practices that all WordPress administrators should consider following. The most important of these (and the most important lesson for everyone who logs in to any website) is securing your password. There are zillions of articles about this very topic on the web (just google ‘password vulnerabilities’) and yet occasionally I am still surprised at the simple passwords that folks use.

Changing your password every 6 months? Some techs will suggest this and it’s a good idea to change your very important passwords from time to time, however the best policy is to come up with a random and very difficult-to-guess password from the get go.

Happy WordPressing!

Flush DNS: Mac OSX Tip

Kate — Wed, 18 May 2011 22:57:41 +0000

Ever been working on a test site for a while and then went to change the DNS values only to find that your mac is holding onto the placeholder or test environment’s numbers? Well, here’s the solution: To flush your dns cache on your local machine, open Terminal and paste this command: dscacheutil -flushcache and then hit enter.

If you’re unlucky enough to be on a PC, open your command prompt (search for cmd and it’ll show up) and paste: ipconfig /flushdns and hit enter.

Enjoy!