If you use password-protected posts, then you need to read this
This article articulates the weaknesses of password-protected posts very well; the main one is the fact that if we set the same password for multiple posts, then the user automatically gains access to each of them (due to how data is stored in the password-protected posts) and the lack of password protection for page attachments and comments added to such a post.
WordPress used for DDoS attacks
Someone finally decided to exploit the functionality of WordPress’ Pingback feature in a vile way, by using it to perform DDoS attacks – the number of installations used is huge and it will probably grow. At the moment, one of the solutions is to define the following filter:
add_filter( ‘xmlrpc_methods’, function( $methods ) {
unset( $methods['pingback.ping'] );
return $methods;
} );
Unfortunately, as you may have guessed, this disables Pingback functionality. If you want to check whether your blog was used in the DDoS attacks, you may do so on the special page prepared by Sucuri.
Themes detector
If someone’s constantly harassing you with questions like “What theme is used on the page x?” then you can now save yourself a bit of trouble by giving them this very useful tool.
Available shortcodes as a selection list in the post editor
I’ve previously mentioned this solution before, but based on the updated hints this one is a bit more functional, such as immediately displaying a complete list.
How to extend the functionality of WordPress’ search?
This article describes how to add highlighting of a search term to the search results, limit your search to specific categories or change the search method, so that it will based on the whole term rather than keywords.