I talked a couple of weeks ago about the importance of always upgrading your WordPress install, as old WordPress installations are often vulnerable.  One thing I don’t think people realize is that a hacker can easily find vulnerable WordPress blogs because most standard WordPress themes will actually tell them what version you are using.

If you open up the header.php file of your theme, you should notice some code that looks something like this:

<meta name="generator" content="WordPress <?php bloginfo('version'); ?>" /><!-- leave this for stats -->

In order to protect your WordPress installation, I recommend people completely remove this code from their header.php file for all of their WordPress blogs.

Now, this obviously isn’t going to make your WordPress blog hack proof, but what it will do is make it so hackers can’t easily locate your blog if it is using a vulnerable WordPress installation.

Update: Thanks to a tip from Leland, it looks like WordPress 2.5+ now generates the meta link anyway via the wp_head hook, which is something you can’t remove.  With that said, if you care about your security, you can still remove the meta generator.  It looks like Ian of ThemeShaper has provided a couple methods, including a WordPress plugin to remove the meta generator information from your WordPress blog.

Attention iPhone owners!   Would you like to blog directly from your iPhone?  Or at least be able to access your WordPress powered blogs from anywhere?

There has been some talk of an WordPress iPhone application for awhile now, but today it is finally official!   Version 1.0 is now available.  Here is what you’ll get with this new iPhone application:

• Support for WP.com blogs and self-installed blogs version 2.5.1 and higher
• Embedded Safari for true previews of posts
• Full tag and category support
• Photo support for both camera pictures as well as library photos
• Support for multiple blogs
• Ability to password protect a post, save as a draft, or mark the post for later review
• Auto-recovery. This will recover posts which have been interrupted by phone calls

In order to use this new application, you’ll need to have installed the new iPhone 2.0 software (this includes iPod Touch users as well).  For other questions, consult their Frequently Asked Questions page.

I am currently very anti-AT&T and so I haven’t caved and bought an iPhone yet.  I do have an iPod Touch, but I’m always near a computer when using it, so right now I probably won’t use this application until I get an iPhone someday.   For you iPhone users, do you think you will you be using this application?

For those of you that love upgrading your WordPress install, you’ll be happy to know that WordPress 2.6 is now available for download!   Here is a quick video provided by the WordPress team (3.5 minutes):

New features include:

• Google Gears integration
• Press This! bookmarklet
• Wiki-like Edit Tracking
• Theme Previews
• Plugin Bulk Management
• Post Word Count
• Plugin Update Notification Bubble
• 194 Bug Fixes, Security Updates, and more!

If your concerned about upgrading to the newest branch of WordPress, don’t be:

2.6 is pretty much identical to 2.5 from a plugin and theme compatibility point of view, so upgrades from 2.5 should be pretty painless. The 2.5 branch will no longer be maintain so everyone is encouraged to upgrade.

Now, I’m off to start upgrading my WordPress blogs!

Though WordPress has been around for quite awhile now, I would guess that a majority of WordPress users are fairly new to the platform (using it less than 2 years).   It wasn’t until about 2006 that WordPress really became widely recognized within the blogosphere.  If you are new to WordPress, have you ever found yourself wondering when or how WordPress got started? 

Yesterday our friend Keith, who is a writer for Weblog Tools Collection, recently wrote about the evolution of WordPress in his post B2/Cafelog to WordPress 1.0.   He chronicles the early years of WordPress (May 2003 through January 2004) and talks about the features that were introduced, many of which we now take for granted. 

I think posts like this are fun, but they also help us to appreciate things as they are now and to see how far both WordPress and blogging has come.   I switched my first blog to WordPress when WordPress 2.0 was originally released.  Within 2-3 days I was hooked and haven’t look back since!   Now I even use WordPress to develop most of my non-blogging websites as well. 

So, how about you?  What was the first version of WordPress you used?  

Just wanted to drop a quick post and let you know that I was recently interviewed by Jean of Cats Who Code and that it is now available online for anyone to read.  If you’d like to learn more about me professionally or personally, click here to read the interview.

I’m not really sure if this is a trend or just coincidence, but over the past week I’ve noticed quite a few of the blogs that I stumble upon require you to setup an account before you can leave a comment.  Anyone know what is up with that?

This is obviously a very useful WordPress feature for blogs that have a strong community built around their website, but I think most people should consider the consequences before they require you to register to comment.  A choice like this could keep truly hinder a new blogs growth or discourage a blogger who isn’t seeing the reader interaction they were hoping for.

As with pretty much everything, there are some positives and some negatives to doing this.  Off the top of my head, here are a few positives and negatives of requiring registration to leave a comment on a blog:

Positives of Registration

• Spam Prevention - Requiring registration should stop spam completely.
• More Options - Requiring registration opens up some interesting opportunities to customize comment appearance, allow you to create profiles, etc.   I’ve seen a few high profile websites do this, but the registration usually is optional instead of being required.

Negatives of Registration

• Less Comments - Some people value comments more than others, but I think most bloggers would find less comments to be a negative as the whole concept of blogging was formed around the concept of reader interaction with the writer.

I personally do not leave comments on blogs that require registration because it just isn’t worth it to me.  I have enough accounts to manage without trying to remember my account information.   I also think things like spam can easily be avoided for WordPress users using tools like Akismet and Bad Behavior, Spam Karma 2, or Math Comment Spam Protection (which we use here).

I’d like to hear what you think in the comments below.   How do you feel about blogs that require registration to comment?   Do you take the time to register or do you just decide not to comment at all?