Zum Inhalt springen

Archiv für das Tag "Wordpress"

Syndicate some Blogposts from WordPress to Kirby with the REST API

New year, old problems, new Website -- this was my reasoning during the christmas holidays, and so I decided to completly wipe my "About me" website, making it a simple hub of my diverse activities and interests instead of the old "hey, look how cool experienced I am, come work with me and give me all your money" thing.
I decided to build the site with Kirby, a lovely file based CMS which I have used in the past (for example to drive our Frankfurt Open Device Lab website). Kirby is very flexible, has a stellar documentation, a nice API, and makes zero assumptions on how you want to build your site, and besides being file based, it offers a very customizable backend, if need be.

Now, one of the things I wanted on the new site was a way to display the latest posts from here, my blog, but only those relating to the topics of Design, Webdevelopment and the like.

With a little bit of diving into the WordPress REST API, this turned out to be a fairly simple task for my Kirby-site. Basically this REST API allows me to "get" the infos needed on various objects of my WordPress site, by calling the API's entry points and telling it what I want.

WordPress 4.9.1 Security Update

WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented in 4.9.1:

Use a properly generated hash for the newbloguser key instead of a determinate substring.

Add escaping to the language attributes used on html elements.

Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.

Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.


WordPress 4.9 - Tipton

This release features Customizer improvements, including the ability to save customization changes as drafts, schedule them to go live at a certain time, and letting other people preview the changes easier. To improve code editing in the admin we've introduced syntax highlighting and error checking to make things more robust and harder to break.

WordPress 4.8 "Evans"

Eine neue Version des populären CMS ist erschienen, und kann über den Adminbereich oder manuell per Download installiert werden.

Version 4.8 of WordPress, named “Evans” in honor of jazz pianist and composer William John “Bill” Evans, is available for download or update in your WordPress dashboard. New features in 4.8 add more ways for you to express yourself and represent your brand.

WordPress 4.7.5 Security and Maintenance Release

WordPress Logo an die VW-Fabrik gephotoshopped

Ladies and Gentlemen, start your update engines:

WordPress versions 4.7.4 and earlier are affected by six security issues:
Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing.
Improper handling of post meta data values in the XML-RPC API. Reported by Sam Thomas.
Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team.
A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog. Reported by Yorick Koster.
A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files. Reported by Ronni Skansing.
A cross-site scripting


WordPress 4.7.4 Maintenance Update

Gestern ist ein Wartungs- und Bugfixupdate von WordPress erschienen.

This release contains 47 maintenance fixes and enhancements, chief among them an incompatibility between the upcoming Chrome version and the visual editor, inconsistencies in media handling, and further improvements to the REST API. For a full list of changes, consult the release notes and the list of changes.wordpress.org

Die Auto-Updates prasseln hier schon bei diversen Installationen rein; wie gewohnt gibt es die neue Version aber auch zum Download auf wordpress.org.

WordPress: nichts für "schnell mal eben" – Christian Fischer

WordPress Logo an die VW-Fabrik gephotoshopped

Nebenan im jawl.net Blog hat Christian einen sehr lesenswerten Artikel dazu geschrieben, warum die Vorstellung, dass man mit der berühmten "Fünf Minuten Installation" von WordPress, ein paar Plugins und einem Theme quasi im Handumdrehen eine Webseite am Start hat, mit Vorsicht zu geniessen ist.

Dieser Artikel ist nicht für Entwickler / Programmiererinnen geschrieben. Ich hoffe eher, dass er von Bloggern oder Bloggerinnen oder welchen, die es werden wollen, gelesen wird. Und von Menschen, denen jemand gesagt hat, man können mit WordPress „mal eben“ eine Website


WordPress 4.7.3 Security and Maintenance Release

Gerade eben scheint die neue Aktualisierung von WordPress auszurollen; mehrere meiner WP Installationen melden sich im Stromposteingang mit entsprechendem Hinweis auf das gerade erfolgte Update. Wieder wurden Sicherheitslücken gefunden und geschlossen und ein bisschen aufgeräumt.

This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.7.2 and earlier are affected by six security issues:
Cross-site scripting (XSS) via media file metadata. Reported by Chris Andrè Dale, Yorick Koster, and Simon P. Briggs.
Control characters can trick redirect URL validation. Reported by Daniel Chatfield.
Unintended files can be deleted


WordPress 4.7.2 Security Release

WordPress versions 4.7.1 and earlier are affected (…):
The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. (…)
WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. (…)
A cross-site scripting (XSS) vulnerability was discovered in the posts list table. (…)
An unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint (…)
An additional serious vulnerability was fixed in this release and