For a more comprehensive look at everything that has improved in 3.0 check out 3.0′s Codex page or the long list of issues in Trac. (We’re trying to keep these announcement posts shorter.) Whew! That’s a lot packed into one release. I can’t think of a better way to kick off the 3.X cycle we’ll be in for the next two and a half years.

The Future

Normally this is where I’d say we’re about to start work on 3.1, but we’re actually not. We’re going to take a release cycle off to focus on all of the things around WordPress. The growth of the community has been breathtaking, including over 10.3 million downloads of version 2.9, but so much of our effort has been focused on the core software it hasn’t left much time for anything else. Over the next three months we’re going to split into ninja/pirate teams focused on different areas of the around-WordPress experience, including the showcase, Codex, forums, profiles, update and compatibility APIs, theme directory, plugin directory, mailing lists, core plugins, wordcamp.org… the possibilities are endless. The goal of the teams isn’t going to be to make things perfect all at once, just better than they are today. We think this investment of time will give us a much stronger infrastructure to grow WordPress.org for the many tens of millions of users that will join us during the 3.X release cycle.

It Takes a Village

I’m proud to acknowledge the contributions of the following 218 people to the 3.0 release cycle. These are the folks that make WordPress what it is, whose collaboration and hard work enable us to build something greater than the sum of our parts. In alphabetical order, of course.

Download WordPress 3.0 RC3

Following the successful post-WordCamp San Francisco code sprint, they release the second beta of WordPress 3.0 which is ready for download.

Things to test:

• Revised menu user interface
• Changes to the WordPress exporter and importer to make it more flexible

Already have a test install that you want to switch over to the beta? Try the beta tester plugin.

Testers, don’t forget to use the wp-testers mailing list to discuss bugs you encounter.

There are a number of new features, enhancements, and code updates, so if you’re interested, download the beta and report any bugs that you find.

Check out the WordPress Version 3.0 enhancements and fixes. Please note, things could change before final release: Click Here

<body <?php body_class(); ?>>

What body_class() Generates

The body_class() function is quite similar to post_class() function that was introduced in WordPress 2.7. The only differences are the classes it generates. The body_class() function will generate the classes mostly based on where your viewer is on your site.

Following in example of the class that is generated through body_class() function when your visitor come to your site
In Hompage: <body class="home blog">
In Interviews Category: <body class="archive category category-interviews">
In About us Page: <body class="page page-id-2">
In Post: <body class="single postid-36">
In 404 Error Page: <body class="error404">

But the then it will add extra class logged-in if your visitors are logged in your site.

To add to more: The body_class() may include one or more of the following values for the class attribute.

• rtl
• home
• blog
• archive
• date
• search
• paged
• attachment
• error404
• single postid-(id)
• attachmentid-(id)
• attachment-(mime-type)
• author
• author-(user_nicename)
• category
• category-(slug)
• tag
• tag-(slug)
• page-parent
• page-child parent-pageid-(id)
• page-template page-template-(template file name)
• search-results
• search-no-results
• logged-in
• paged-(page number)
• single-paged-(page number)
• page-paged-(page number)
• category-paged-(page number)
• tag-paged-(page number)
• date-paged-(page number)
• author-paged-(page number)
• search-paged-(page number)

You can also extend the body call with the use of Hook in your Function.php file in your theme. The following in the example that you can use it is function.php file
add_filter('body_class','my_body_classes');
function my_body_classes($classes) {
if (is_single()) {
if (in_category('News')) {
$classes[] = 'category-news';
} else if (in_category('Travel & Nepal')) {
$classes[] = 'category-travel-nepal';
} else if (in_category('Interviews')) {
$classes[] = 'category-interviews';
} else if (in_category('How To')) {
$classes[] = 'category-how-to';
}
}
return $classes;
}

What I did in the above hook is that I forced body_class() function to add the category name in which the post belongs while viewing the post. Now, when you will view your post you will see the category name in which it belongs: Following are the example:
In Post which belongs to News category: <body class="single postid-36 category-news">

Top Ten WordPress Plugins

I have been working as WordPress Developer from last 4 years. There are lot of plugins which makes it easy to add features in your WordPress Site. Previously, I also published articles where I listed my favorite plugins. Since, there is a grand list of plugins. Here I am just going to list top 10 plugins on the basis of stability and usefulness:

1. Akismet: Akismet checks your comments against the Akismet web service to see if they look like spam or not and lets you review the spam it catches under your blog’s “Comments” admin screen. Great spam protection. It is a must for the wordpress site.
2. WP Page Numbers: Since there is no good page navigation is WordPress default installation. I recommend this plugin. With page numbers instead of next and previous links users can easily navigate much quicker to the page they want. It is good for SEO (Search Engine Optimization) as well, because it creates a tighter inner link structure. Works with all well known browsers (Internet Explorer, Firefox, Opera and Safari).
3. IntenseDebate Comments: This is a complete solution for comment system in your site. IntenseDebate Comments enhance and encourage conversation on your blog or website. Custom integration with your WordPress admin panel makes moderation a piece of cake. Comment threading, reply-by-email, user accounts and reputations, comment voting, along with Twitter and friendfeed integrations enrich your readers’ experience and make more of the internet aware of your blog and comments which drives traffic to you!
4. Breadcrumb NavXT : Breadcrumb NavXT, the successor to the popular WordPress plugin Breadcrumb Navigation XT, was written from the ground up to be better than its ancestor. This plugin generates locational breadcrumb trails for your WordPress blog. These breadcrumb trails are highly customizable to suit the needs of just about any blog. The Administrative interface makes setting options easy, while a direct class access is available for theme developers and more adventurous users. Do note that Breadcrumb NavXT requires PHP5.
5. Sociable: Now there is a trend of sharing your site and content in various social networks and site. This plugin automatically add links to your favorite social bookmarking sites on your posts, pages and in your RSS feed. You can choose from 99 different social bookmarking sites! WordPress 2.6 or above is required, if you use an older version, please download this version, please keep in mind that version is not maintained.
6. Google Sitemap Generator: How can I forget the Google XML Sitemap plugin. This plugin is must for Search Engine Optimization (SEO). This plugin will generate a special XML sitemap which will help search engines like Google, Bing, Yahoo and Ask.com to better index your blog. With such a sitemap, it’s much easier for the crawlers to see the complete structure of your site and retrieve it more efficiently. The plugin supports all kinds of WordPress generated pages as well as custom URLs. Additionally it notifies all major search engines every time you create a post about the new content.
7. All in One SEO Pack: I love this plugin. Very easy to use and best for SEO. Optimizes your WordPress blog for Search Engines (Search Engine Optimization). For most of the site the basic version will work best but for advance uses you need to buy the pro version.
8. Contact Form 7: Very simple, flexible and easy to use contact form for your wordpress site. Contact Form 7 can manage multiple contact forms, plus you can customize the form and the mail contents flexibly with simple markup. The form supports Ajax-powered submitting, CAPTCHA, Akismet spam filtering and so on. You can use Really Simple CAPTCHA plugin is not a strong captcha for advance protection but it is simple and easy to use captcha that goes well with Contact Form 7.
9. NextGEN Gallery: Complete solution for your images. NextGEN Gallery is a full integrated Image Gallery plugin for WordPress with a Flash slideshow option. Before I start writing the plugin I study all photo and picture plugins for WordPress, I figure out that some of them are really good and well designed, but I missed a simple and easy administration back end to handle multiple photos, galleries and albums.
10. W3 Total Cache : The fastest and most complete WordPress performance optimization plugin. Trusted by many popular sites like: mashable.com, smashingmagazine.com, makeuseof.com, kiss925.com, lockergnome.com, tutsplus.com, johnchow.com, ilovetypography.com, webdesignerdepot.com, pearsonified.com, css-tricks.com, yoast.com and others — W3 Total Cache improves the user experience of your blog by improving your server performance, caching every aspect of your site, reducing the download time of your theme and providing transparent content delivery network (CDN) integration.

If you want the complete list of My Favorites WordPress Plugins then Click Here

Step 1: It is highly recommended to backup your database before your work on any database command.

Step 2: Login to your database using phpMyAdmin (or whatever), Click on your database and click on the SQL tab and enter the following SQL query:
UPDATE wp_options SET option_value='default' WHERE option_name='template' OR option_name='stylesheet' LIMIT 2;
This query will change the wordpress theme to default.

Step 1: It is highly recommended to backup your database before your work on any database command.

Step 2: Login to your database using phpMyAdmin (or whatever), Click on your database and click on the SQL tab and enter the following SQL query:
UPDATE wp_options SET option_value = ' ' WHERE option_name = 'active_plugins';
This query will disable all the active plugins.

Gravatar / Avatar

Add More Default Avatar Choices to the WordPress Admin. Add the following code in the functions.php :

// Add More Default Avatars to Options
if (!function_exists('ss_addgravatar')) {
function ss_addgravatar($avatar_defaults) {
$myavatar1 = get_bloginfo('template_directory').'/images/avator/01.png';
$avatar_defaults[$myavatar1] = 'rock';
$myavatar2 = get_bloginfo('template_directory').'/images/avator/02.png';
$avatar_defaults[$myavatar2] = 'Cool';
$myavatar3 = get_bloginfo('template_directory').'/images/avator/03.png';
$avatar_defaults[$myavatar3] = 'Geek';
$myavatar4 = get_bloginfo('template_directory').'/images/avator/04.png';
$avatar_defaults[$myavatar4] = 'Pretty';
return $avatar_defaults;
$myavatar5 = get_bloginfo('template_directory').'/images/avator/05.png';
$avatar_defaults[$myavatar5] = 'Sexy';
return $avatar_defaults;
}
add_filter('avatar_defaults', 'ss_addgravatar');
}


If you want to get your globally recognized avatars then you can use Gravatars. An avatar or gravatar is an icon, or representation, of a user in a shared virtual reality, such as a forum, chat, website, or any other form of online community in which the user(s) wish to have something to distinguish themselves from other users. Created by Tom Werner, gravatars make it possible for a person to have one avatar across the entire web. Avatars are usually an 80px by 80px image that the user will create themselves.

Click here to get your own Gravatars.

WordPress 2.9

After the security lot of security release in WordPress 2.8. Today (December 19, 2009) WordPress released it’s new and awaited WordPress version 2.9 “Carmen” named in honor of magical jazz vocalist Carmen McRae (whom we’ve added to our Last.fm WP release station). You can upgrade easily from your Dashboard by going to Tools > Upgrade, or you can download from WordPress.org.

Check out a short video summarizing some of the cool things about the new WordPress version 2.9

The coolest new stuff from a user point of view is:

1. Global undo/”trash” feature, which means that if you accidentally delete a post or comment you can bring it back from the grave (i.e., the Trash). This also eliminates those annoying “are you sure” messages we used to have on every delete.
2. Built-in image editor allows you to crop, edit, rotate, flip, and scale your images to show them who’s boss. This is the first wave of our many planned media-handling improvements.
3. Batch plugin update and compatibility checking, which means you can update 10 plugins at once, versus having to do multiple clicks for each one, and we’re using the new compatibility data from the plugins directory to give you a better idea of whether your plugins are compatible with new releases of WordPress. This should take the fear and hassle out of upgrading.
4. Easier video embeds that allow you to just paste a URL on its own line and have it magically turn it into the proper embed code, with Oembed support for YouTube, Daily Motion, Blip.tv, Flickr, Hulu, Viddler, Qik, Revision3, Scribd, Google Video, Photobucket, PollDaddy, and WordPress.tv (and more in the next release).

2.9 provides the smoothest ride yet because of a number of improvements under the hood and more subtle improvements you’ll begin to appreciate once you’ve been around the block a few times. Here’s just a sampling:

• We now have rel=canonical support for better SEO.
• There is automatic database optimization support, which you can enable in your wp-config.php file by adding define('WP_ALLOW_REPAIR', true);.
• Themes can register “post thumbnails” which allow them to attach an image to the post, especially useful for magazine-style themes.
• A new commentmeta table that allows arbitrary key/value pairs to be attached to comments, just like posts, so you can now expand greatly what you can do in the comment framework.
• Custom post types have been upgraded with better API support so you can juggle more types than just post, page, and attachment. (More of this planned for 3.0.)
• You can set custom theme directories, so a plugin can register a theme to be bundled with it or you can have multiple shared theme directories on your server.
• We’ve upgraded TinyMCE WYSIWYG editing and Simplepie.
• Sidebars can now have descriptions so it’s more obvious what and where they do what they do.
• Specify category templates not just by ID, like before, but by slug, which will make it easier for theme developers to do custom things with categories — like post types!
• Registration and profiles are now extensible to allow you to collect things more easily, like a user’s Twitter account or any other fields you can imagine.
• The XML-RPC API has been extended to allow changing the user registration option. We fixed some Atom API attachment issues.
• Create custom galleries with the new include and exclude attributes that allow you to pull attachments from any post, not just the current one.
• When you’re editing files in the theme and plugin editors it remembers your location and takes you back to that line after you save. (Thank goodness!!!)
• The Press This bookmarklet has been improved and is faster than ever; give it a try for on-the-fly blogging from wherever you are on the internet.
• Custom taxonomies are now included in the WXR export file and imported correctly.
• Better hooks and filters for excerpts, smilies, HTTP requests, user profiles, author links, taxonomies, SSL support, tag clouds, query_posts and WP_Query

Wordpress Security Tips

Posted on: September 5, 2009
Updates on: December 15, 2009

As the WordPress is getting popular and used by many people, now the hackers are also being active and involved in hacking wordpress site. I have recently received lot of request to fix the WordPress hacks. I would like to list some WordPress Security Tips to help you protect from hacks.

1. Keep up to date with the latest WordPress Version: Always keep your WordPress site updated with the latest version of WordPress. The WordPress developers do not maintain security patched for older WordPress versions. In August 12, 2009, WordPress released version 2.8.4 as the security release. Older version of WordPress is more open to hacks.My Tips: Regularly update your WordPress site. You can use the plugin “WordPress Automatic upgrade” or Instant Upgrade Plugin Further, you need to keep your plugin and theme to be up to date as well.
2. Populate wp-config.php Properly: Go through each line in wp-config.php, not only the first block for database configuration.My Tips: Use WordPress secret key generation tool to generate random salts for WordPress cookies. These keys are used to insure better encryption of information stored in WordPress user’s cookies. To make it more secure modify the the WordPress table prefix to something other than wp_. Adding random characters and numbers to the end of wp, such as wp52sk1_ obfuscates it enough but still allows you to recognize the tables as those belong to WordPress.
3. Correct File Permissions: You should give the correct file permission and if you give full permission to files and folders then the hackers can hack it easily.My Tips: Set the permission as follows:

   All folder permissions should be set to 755

   All files permissions should be set to 644

   Files that you want to edit in the WordPress Theme editors permissions should be set to 666

   Never ever use 777 for WordPress permissions

4. Don’t Use the Default admin Username: WordPress is open source application and now most of people know that it has the administrator username as admin. This make it easy for hackers to to hack the password when they already know the administrator username.My Tips: Change the default administrator username admin to something else. Now i am going to show how to change the default admin username.You may use phpMyAdmin and paste the SQL command (the update line) to execute it.

   update wp52sk1_users set user_login=’myadmin’ where user_login=’admin’;

   wp52sk1_ is the database prefex that I change. The default prefex is wp_

   Alternatively, you may edit the value manually using phpMyAdmin web interface.

   Now your admin user is myadmin instead of admin

5. Pick Secure Password for Admin: Changing your admin username to something else is not a guarantee that people will not be able to guess it. For instance, if you use your username as the displayed meta data in every post, or you enable author specific page in multi-author blog, you will reveal your user name to the world.My Tips With this assumption, you should pick secure password for your WordPress login. Combine upper and lowercase characters and numbers.
6. Hide WordPress Version in the Header Tag: Although you have deleted the WordPress version meta data from your theme, you may still get WordPress version line in the page returned by the blog software. The culprit is, since version 2.5 WordPress has added the feature to generate this code. This will allow the hacker to know about the wordpress version you are using which will help them to hack it.My Tips: Add the following line to the functions.php file in your theme directory: (Create a blank PHP file with this name if your theme doesn’t already have one)

   <?php remove_action(‘wp_head’, ‘wp_generator’); ?>

7. Nobody should be allowed to search your entire server: If you allow then the hacker will find the way to hack easily.My Tips; Do not use the following search code in the search.php in your theme folder:

   <?php echo $_SERVER [‘PHP_SELF’}; ?>

   Use the following instead:

   <?php cloginfo (‘home’); ?>

   Also block WP-folder from being indexed by search engines, the best way to block them is in your robots.txt file. Add the following line to your list:

   Disallow: /wp-*

8. Prevent directory listing: The problem in many cases, the default WordPress installation allows hackers to use their web browser as a file browser to look through the contents of the folder on your server. Normally it is harmless but some web hosts don’t even bother to turn off directory listing by default. This means that there are several things hackers can do. There might be loop hole in the theme and plugin you used for your site. The author of the plugin and theme might have made mistakes in their code that allow unexpected access, hackers can use your directory listing to find out if you have got those vulnerable files and then attack your site. Also people can browse the non-WordPress contents of your web server to discover folders and files that you might not be ready to announce that you thought were not accessible to the general public. Many directory listing feature a line in the footer telling visitors your server version. Hacker can cross-reference these version numbers with list of known vulnerabilities and bring your site down or gain illegal access.My Tips: Edit the .htaccess file and add the following line at the bottom.

   Options All –Indexes

9. Protect WordPress Administration Files: WordPress administration files are in wp-admin directory of your WordPress installation, except wp-config.php.My Tips: Use .htaccess to restrict access and allow only specific IP address to this directory and file. If you have static IP address and you always blog from your computer, this can be an option. If you don’t know you IP address then you can find your IP my visiting the site: http://whatismyip.com/You need to put a .htaccess file in wp-admin and add the code. See the Example:

   Order Deny,Allow

   Allow from 202.79.40.130

   deny from all

   For more refer to Apache’s documentation on mod_access to see the example: Protecting The WordPress wp-admin Folder

   Alternate Solution through user and password combination: There is another way to protect wp-admin directory with user and password combination. It also adds another level of security. Apache has complete information on authentication, authorization and access control. Example:

   AuthType Basic

   AuthName “WordPress Dashboard”

   AuthUserFile /home/user/.htpasswds/blog/wp-admin/.htpasswd

   Require user adminuser

   and then generate the encrypted password using the htpasswd command.

   $ htpasswd –cm .htpassed adminuser

   If you have cPanel then it is very easy as it has a feature called Web Protect which allows you to accomplish the same thing.

   Note: if you find it hard to use it in code then just use this plugin AskApache Password Protect

   Further, I recommend the plugin Login Lockdown plugin which record the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.

   Note: the Htaccess and Htpasswd generator helps to create the necessary files with desired values.

10. Restrict File Access to wp-content Directory: The wp-content directory contains your theme, plugin files and uploaded. WordPress doesn’t access the PHP files in the plugins and themes directory via HTTP. the only request from web browser are for image files, javascripts, and css. For this reason you may restrict wp-content so that it only allows those file extensions but not PHP or any other file extensions. This prevents people from accessing any files directly.My Tips: Include the following lines in .htaccess within wp-content:

    Oder Allow, Deny

    Deny From all

    <files ?\.(jpg|gif|png|js|css)$? ~>

    Allow from all

    </files>

11. Take regular backups of your site and Database: No matter how hard you protect your site there might be some loop for hackers. There is never 100% security when it’s online.
    My Tips: Take regular backups of your file directories as well as the database. So, if there is any problem then you can just upload the backup copy. Use WordPress Database Backup plugin or WP-DB Manager to backup your Database and User WordPress Backup Plugin to backup your upload directory (images), current theme directory, and plugins directory.
12. Stop worrying about your wp-config.php file: During the server problem, i have seen in one of my friend blog that his wp-config.php file can be viewed in the browser and his database username and password are there and it can be hacked anytime.My Tips: You can secure your wp-config.php by adding the following to the .htaccess file at the top level of your WordPress install:

    <FilesMatch ^wp-config.php$>deny from all</FilesMatch>

    This will make it harder for your database username and password to fall into the wrong hands in the event of a server problem.

13. Protect Your Blog With a Solid Password: Easy password with alphabetic and number can be hacked using the software easily.My Tips: Creating a strong password that is also memorable is one of the easiest defenses against being hacked. Use strong password my combining the alphabetic, numbers and symbols. There are a lot of online password strength checker that you could check.Also you might check lorelle’s article on blogherald called Protect Your Blog With a Solid Password , offering tips and tricks to help create a strong password that is also memorable, and how to deal with all the myriad passwords we seem to accumulate online.
14. The following plugins will be very helpful:
    • WordPress Exploit Scanner: It searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.
    • AntiVirus Plugin: It is a smart and effective solution to protect your blog against exploits and spam injections.
    • WP Security Scan Plugin: It scans your WordPress installation for security vulnerabilities and suggests corrective actions.
    • Admin SSL Plugin: Recommended only for the advance users. It secures login page, admin area, posts, pages – whatever you want – using Private or Shared SSL. Once you have activated the plugin please go to the Admin SSL config page to enable SSL, and read the installation instructions.

Further reading:

Hardening WordPress

FAQ My site was hacked

10 Steps To Protect The Admin Area In WordPress