Anthony Ferrara, one of the lead developers of Joomla!, wrote a great post on the Joomla! Developers Blog that teach us how to avoid SQL Injection problems.
Since most of the Joomla! extensions security issues involve SQL injection, I suggest to read this piece very carefully 
Here’s a great post by Alledia showing a few differences between the URLs generated by the popular CMS Joomla!.
A couple of days ago UpStartBlogger started a great giveaway: the winner will get a nice website, and that includes a 5-letters domain name and hosting!
The site we’re talking about is a WordPress showcase site, it’s already generating revenue (not a lot I think, if they give it away for free), and it could be a nice prize to win
How to win it? Just write a post about it, like I’m doing now!
The standard WordPress installation has a problem I consider a big security threat: by default, anyone can have a list of all the plugins (and see their version) installed in the system.
I fixed this problem on my blog a few months ago when I discovered it, but 2 days ago I saw a page talking about this and I tried this Google query.. it’s incredible to see how many blogs on the Web suffer this issue.
The solution to this problem is rather simple: all you have to do to stop showing the world how to hack your site is putting an empty file called index.html in the wp-content/plugins directory.
Looking at the SERPs, It’s not a surprise to see blogs such as FreeRangeLibrarian or Speed of Creativity, because they’re not technical blog.. but it’s a BIG SURPRISE to see the Blog Herald listed in the first positions..
For those who don’t know it, Blog Herald is a big network blog that publishes posts from many important bloggers, such as Chris Garrett and Lorelle Van Fossen.
I thought about this a lot, and I concluded that listing the version of the plugins installed on your system is a good idea and it improves security, don’t you think? Otherwise, why a blog such as that, that talks about blogging, security and so on all day.. would make life easier for hackers?
(Irony, of course)
Catalyst, by RocketTheme
AnotherVista15 by JoomlaMarket
Check out these nice free WordPress themes I found on the web this week:
A few great resources about blogging and writing on the web I found this week:
The top news this week is the public release of the Mollom API, made available yesterday. Now it’s possibile to build applications using the Mollom’s filtering capabilities!
From Acquia, Drupal’s search compared to Google and Yahoo! and a nice video that talks about the new theming features of Drupal 6, Drupal 6: Hot new themes
A nice news about the Simple Machines Forum bridge for Drupal, that was announced last week as discontinued. The SMF management has granted permission to the module developers to continue their good job.
On MyDrupal.com you can find a great post that summarizes a few great free books and whitepapers for Drupal. Nice, I found many interesting thinks there!
After that the Garland theme got a redesign on 27th of April, on Lullabot Nate Haug wrote a nice post titled Theming Best Practices (Garland Gets a Cleanup) that talks about the best practices in writing a Drupal theme.
A few nice videos:
Here’s a selection of the latest modules made available:
Today 1st of May is the RSS Awareness Day, the day devoted to spread the word about RSS (and Atom) feeds.
FeedBurner, the giant in the RSS world has recently told that they manage 60 millions of readers, a small percentage, 5.4% of the internet users.. a SMALL percentage!
Let’s spread the word about this useful technology!
Here are 2 useful links
A few news in the WordPress world: first of all, WordPress 2.5.1 was released, a security release that solves a few problems found in the WP security.
Matt Mullenweg has made 2 important announcements regarding WordPress.com:
Themeshaper shows how to Add Gravatars For The Post Author in WordPress, and How To Build WP-PageNavi Into Your WordPress Theme.
Talking about WordPress 2.6, What to Expect with WordPress 2.6, 30+ Things That Should Be Changed for WordPress 2.6, and 5 Things WordPress should not do in 2.6.
From BloggingTips, how to manage Static Pages in WordPress.
From Weblog Tools Collection, how to reset WP password manually. Talking about Weblog Tools Collection, they started a WordPress Plugin competition. Nice idea! (it’s not the first one they organize)
bbPress had a small update for security - related concerns.
From HackWordPress, How To: Using WordPress as a Static Site
Lorelle on WordPress published the post WordPress Security Prevention, Reactions, and Scares, a nice discussion about the security of WordPress, its perception, a comparison with other popular CMS (Joomla! and Drupal) security issues plus some basic info on securing your blog.
A few videos:
