Despite the upcoming release of WordPress 2.7 (hopefully next month), the WordPress team still takes their commitment to keeping the WordPress 2.6 branch safe.   Today they released WordPress 2.6.3.  In this update, a vulnerability is fixed in the Snoopy library, which is used for the dashboard feeds.

According to the WordPress team, this is a minor vulnerability and the only change in this update, so in order to upgrade all you need to do is upgrade the following two files:

1. wp-includes/class-snoopy.php
2. wp-includes/version.php

You can also doing a normal upgrade to 2.3 as well.

Whether you are in the market for a new custom WordPress theme, premium WordPress theme, or a free WordPress theme, their is one often forgotten factor that you should be considering when shopping for a new WordPress theme.  That factor is the reputation of the theme author.

Why is author reputation so important?   In addition to things like quality, theme support, etc., you’ve also got to worry about potential problems such as unknown links (these are usually hidden and could get your blog banned from search engines if discovered) and things like malicious code being run via your WordPress theme.

Recently Viper007Bond wrote about a theme that was discovered with hidden links (not the same thing as sponsored links):

What I found inside the theme’s footer.php file though was tons of malicious code. The entire contents of the file was heavily encoded (it was encoded with gzinflate(), str_rot13(), and base64_decode() around 150 times) and a ton of eval()’s. Since I was curious what it was doing, I wrote some PHP to decode it without using the nasty (and unsafe) eval()’s and I finally ended up with the HTML for the footer file (I assume to stop people from removing the code) and some more crazy eval() PHP code to display links to websites.

Luckily the code was just there to insert links (although using such a theme is a good way to get banned from Google), the PHP could just as easily have stolen passwords and other things. Remember, themes are exactly like plugins — they can execute code. You wouldn’t download a random program off and Internet and run it on your PC, so why would you do it with a plugin or theme?

So please, only download themes and plugins from reputable sites such as WordPress.org. If in doubt, don’t use it.

The author cites QualityWordPress.com as the source of this theme, so I would recommend avoiding this site if you are looking for a new theme.

Conclusion

There is a good chance that no matter which theme you end up going with (free, premium, or custom) you are going to be fine, but author reputation is just one more thing that should factor into your decision.   Find a theme made by an author you can trust.  I’ve seen many situations over the past couple years where people unknowingly get banned from Google or run into other problems because they made a bad choice when picking their theme.

Do you factor an authors reputation (word of mouth) and theme support into your decision before downloading/buying a WordPress theme?   I know I do and I also try to keep that in mind whenever I support a theme by adding it to our WordPress theme galleries.

We hear almost every day about bloggers getting their login information comprimised.  Are you one of the many people that are growing increasingly concerned about their blogs security?

If you are looking up ways to beef up the security of your WordPress blog, Make Tech Easier has posted a great article about 11 ways to secure your WordPress blog.  The post includes a few security tips we’ve already covered in past posts, plus a bunch of other great tips.

Here is what information the post covers:

• Encrypt your Login
• Stop Brute Force Attack
• Use a Strong Password
• Protect your WP-Admin Folder
• Remove WordPress Version Information
• Hide your Plugins Folder
• Change your Login Name
• Upgrade to the Latest Version of WordPress and Plugins
• Do a Regular Security Scan
• Backup your WordPress Database
• Define user Privilege

Click over to get descriptions, plugin information and more!

Got any tips to add?  Let us know in the comments below!