Do You Mistrust People Who Misspell Automatic?

WordPress Tavern notes that WordPress is spelled with a capitalized “P” and asks whether or not people trust companies that misspell it as “WordPress.”

No. What I distrust is when the WordPress core makes me install a plugin just to keep it from altering my content.

I blogged about this back in 2009 when Automattic implemented the “WordPress” autocorrect on WordPress.com and Lorelle VanFossen claimed it was making a mountain out of a molehill.

But the problem is not the specific change that is implemented, but the underlying attitude and immaturity that it reveals. Modifying content like that is not acceptable in my book. Imagine if Google decided, for example, to modify any instances of “google” in search results or cached pages to “Google.” The issue wouldn’t be that this particular instance is harmful–though in many cases it could be as the automated content modification to “WordPress” can cause problems–but rather that once the software starts making these sorts of decisions for me, my trust in it and the people responsible for it starts to plummet.

Limit Login Attempts for WordPress

For the most part, I think criticisms of WordPress security are largely overblown. When you look at some of the more prominent hacks against WordPress-powered blogs, they tend to be due to common security problems, such as poor security models on virtual hosting servers or people who do not keep their WordPress install and plugins updated.

But occasionally I do shake my head at some WordPress practices. Take, for example, the Limit Login Attempts plugin that I use on this site. The plugin is straightforward–if someone tries to login with an account and gets the password wrong four times in a row, that account will be locked for 20 minutes.

It is probably overkill for me because no one’s going to brute force my admin account password–it is far too long and random to guess even with days worth of trying. Still, it’s just a good idea if only to shoo away potential hackers.

What pisses me off, though, is that I have to go download a plugin in order to accomplish this. For the love of all that is nerdy, why the hell is rate limiting login attempts not a feature in the WordPress core already (and one that should be turned on by default IMO)? That is an elementary security tool and it is mind boggling that this something that a vanilla WordPress install lacks.

WP Document Revisions

WordPress’ media management tools have really come a long way over the past couple years, but the system still falls down when it comes to sharing and managing files that are not media files. For example, occasionally I have a PDF that I want to host on my server and then link to from a post. The WordPress media manager can be used for that purpose in a pinch, but it doesn’t work very well.

Fortunately the WP Document Revisions plugin largely solves this problem, providing an easy way to upload, track and share documents and files. It aims to solve three specific problems:

  • A document management system (DMS), to track, store, and organize files of any format
  • A collaboration tool to empower teams to collaboratively draft, edit, and refine documents
  • A file hosting solution to publish and securely deliver files to a team, to clients, or to the public

I use WPDR in conjunction with the Simple Downloads addon which makes a number of slight changes to make it easier to use WPDR as a download manager for a site.

TablePress Plugin for WordPress

TablePress is a WordPress plugin that simplifies the creation of complex tables in WordPress. This is one of the best designed, most thorough plugins I’ve seen for WordPress in a long time. It handles all the heavy lifting of formatting, organizing and displaying tables according to the user’s preference.

TablePress enables you to create and manage tables on your WordPress site. No HTML knowledge is needed, as a comfortable interface allows to easily edit table data. Tables can contain any type of data, even formulas that will be evaluated. An additional JavaScript library can be used to add features like sorting, pagination, filtering, and more for site visitors. You can include the tables into your posts, on your pages, or in text widgets with ease. Tables can be imported and exported from/to CSV files (e.g. from Excel), HTML files, and JSON.

WP-Push

WP-Push combines an iOS/Android app with a WordPress plugin that lets you send notifications for various events from your WordPress install to your smart phone.

According to the plugin description,

Currently supported notifications new users, comments, pingback/trackbacks, user specific password reset notifications, and notifying authors of comments on their posts if they add their user key to their profile.

The system also supports extensions. There are currently a small number of extensions available on the WP-Push website, such as one that could be used to alert a user to new topics created in a BBPress install (for example, if you had a forum set up specifically for paying customers who need support).

Google Authenticator Plugin for WordPress

Google Authenticator is a plugin for self-hosted WordPress installs that lets you require Google’s Two Factor Authentication application for access to WordPress.

I’m currently using it on this blog and have to enter a numerical code from the Google Authenticator on my phone very time I login to the admin area. The setup was trivial and it has worked like a charm.

The only drawback is that this renders your blog inaccessible from programs that are not set up to prompt you for a Google Authenticator code, such as the WordPress mobile apps for iOS and Android.