I love Thematic. I use it and child themes almost exclusively in my web design.

With the most recent update, Thematic has done away with almost all hand-coding of multiple PHP files and replaced it with hand-coding of the Functions.php file.

I’ve written a free eBook on how edit your own Themes… it’s not comprehensive and probably will bore most technical users; but if you’re a WordPress newb, feel free to take a look! (Don’t worry, I’m not selling anything – I put this together for my friends who want to learn WordPress web design!)

Update: The specific versions of WordPress affected have been 2.9.2, 2.9.1, 2.9, and some version of 2.8 which I wasn’t specific on checking.

Last week, I noticed my blogs were acting up – they’d hang when trying to upload an image, post a blog… random things.  I fired up Firebug and noticed I had several requests going to a jumbled mess of letters and a domain associated with spam.

I opened up my header.php file in the Theme Editor and a massive block of injected PHP was there to greet me. Balls. As it turns out, this is a massive exploit in the WordPress text editor that causes admin pages to re-direct to spyware sites. So far, every one of my sites and my clients’ sites have been hit – sometimes you can’t even log in.

Basic instructions to fix an affected site:

• Download your wp-content folder and your wp-config.php file via FTP
• Replace all of your wordpress files with a clean version (replace any of a different size)
• Then for each .PHP file in your wp-content folder and also the wp-config file, look for a big block of encrypted text at the top… delete that block – it will be in every theme file, every config file, etc.
• Upload the newly cleaned files (replacing any of a different size)
• To prevent this type of attack, add everything between the –’s (NOT including the –’s) to your .htaccess file in the wordpress main directory (after any # END statements and a blank line.

–
# BEGIN Stop Bots

RewriteEngine On
RewriteCond %{THE_REQUEST} .*['"`!$<>;].* [OR]
RewriteCond %{THE_REQUEST} .*%22.* [NC,OR]
RewriteCond %{THE_REQUEST} .*%27.* [NC,OR]
RewriteCond %{THE_REQUEST} .*%60.* [NC,OR]
RewriteCond %{THE_REQUEST} .*%3C.* [NC,OR]
RewriteCond %{THE_REQUEST} .*%3E.* [NC,OR]
RewriteCond %{THE_REQUEST} .*%3B.*
RewriteRule $ – [l,F]

SetEnvIf Request_URI “‘” bad_bot=1
SetEnvIf Request_URI ‘”‘ bad_bot=1
SetEnvIf Request_URI ‘`’ bad_bot=1
SetEnvIf Request_URI ‘%22′ bad_bot=1
SetEnvIf Request_URI ‘%27′ bad_bot=1
SetEnvIf Request_URI ‘%60′ bad_bot=1

<Limit HEAD GET POST>
Order Allow,Deny
Allow from all
Deny from env=bad_bot
</Limit>

# END Stop Bots
–

If your blog has been affected by this and you have no clue how to fix it, feel free to contact me and I’ll help walk you through it.

I just installed WordPress 2.9 and among the list of features are some new sweet image editing capabilities.

Having played around with a few images already, I’m really pleased with how easy it is to flip images, crop images, rotate… anything.

Among other additions, you can also now add a URL to a video file on its own line, and WordPress will automatically add the correct code for you.

According to Matt, they’re going to be adding many more multimedia tools into WordPress.  I can’t wait to see what’s next!

The WordPress Cooperative is going to the Arizona desert!

Well OK, maybe not the entire WPCOOP membership will be there, but one of  members will be.  Not only will he be attending WordCamp Phoenix 2009,  Jayson has been invited to be one of  the few select speakers sharing his passion for WordPress along with the likes of Matt Mullenweg, Merlin Mann, John Hawkins, Brent Spore, Lorrelle VanFossen and Dave Moyer from the WordCast Podcast.

We are excited to hear our WPCOOP founder’s dynamic performance as it will be broadcast live by GoDaddy productions.  Although we are not entirely sure what revelations Jayson will share, but the buzz is something to do with the power of WordPress for you and your business and how current trends like crowdsourcing, social media and community will continue to influence how where and why we do business on the web.

It should be a good show.  Be sure to tune in to http://PHXWORDCAMP.COM this Friday.