While doing some testing on one of my websites that uses WordPress, I registered as a subscriber.  Later on, while still logged in as the subscriber, I typed in the URL that I would have used as the admin, forgetting that I wasn’t logged in as the admin. Surprisingly, I was still taken to the back-end dashboard of the website, although I didn’t have the same level of access or ability to make changes.

Although there isn’t much (if anything) that can be done in the Dashboard as a subscriber, there is still a treasure trove of information that can be found. A subscriber can see the publisher’s post count, comment count, spam count, recent incoming links, and possibly most importantly, the WordPress version that is running on the website.

The reason it’s important to shield others from seeing the WordPress version you are running is because many WP updates have security components due to known exploits. If someone is behind on their upgrade, a hacker may be able to do something malicious with one of the known exploits. There are other ways to find out what version of WP someone is running (footer or source code), but many people prevent the display of this info by using a special plugin or coding to have it removed.

There is a way to prevent access to your dashboard, and it’s something I implemented already (see screenshot above). Under Settings in the Dashboard, there is a link for General settings. On this page, make sure the “Anyone can Register” check box is not checked and people won’t be able to register. If you do allow people to register, make sure the default is Subscriber so they don’t have other privileges.

Even if you don’t have a link displayed for people to register, they can use the standard registration url used by all WordPress blogs and websites (just substituting your domain name). It’s not terrible if someone gains access to your Dashboard, but I don’t think it’s helpful either.

As you may recall, I blogged about the problem I encountered when I updated my blog to WordPress 2.9. In a nutshell, my posts were missing their schedule, which happened once before after a blog overhaul. I have since found a fix to the issue (well, my designer/programmer found it), but I am still cautious as a result.

I just noticed that WordPress is urging people to update to WP 2.9.1 now with a notice at the top of the Admin dashboard. If you are thinking about making the upgrade, it’s advisable to see what features were changed and to evaluate whether it’s worth the bit of risk that could accompany any upgrade.

If you do decide to upgrade to 2.9.1, make sure you back your site up first before you push the button. Trust me, one small issue can cause hours of work for you or for your programmer. You were warned!

I was viewing a friend’s website on my Blackberry the other day, when I noticed a bunch of random unrelated links above his header. There were Viagra links, Honda links, Cialis links, Acai links…etc. You name the affiliate link, and it was probably there. When I visited his site on my laptop, those links were nowhere to be seen.

Several months ago, I had a similar problem, which my developer diagnosed as some sort of code injection. This was attributed to my not upgrading to the latest WordPress version (currently 2.8.4). Basically when security flaws are found, WordPress closes those holes in the next edition, and site owners need to upgrade ASAP. Because hackers and other malicious people can then learn what security flaws were found in the previous version, they can exploit those flaws in blogs and websites that aren’t running on the most recent version.

In any case, it can be a bit tricky to remove the cause of the malicious links, but it’s important to do so, otherwise your site is leaking “search engine link juice,” and those links can be harmful. This doesn’t even consider that other areas of your site may have been attacked, which can cause other problems. Simply upgrading to the newest version of WP may not help, as the malicious code will still be there.

One of my the best things for me is that the person who manages the technical side of my blog is knowledgeable about programming and WordPress, and he has been able to help me with errors (both human error and a malicious hacking attempt). If you don’t know of a capable person, it would be wise to find someone smart that you trust who can help you at a moment’s notice. There are also plenty of resources on the web that can help you, but sometimes the fixes are complicated.

Always be on the look out for strange things that happen with your blog’s performance and layout, and if you notice something funky, don’t just cast it aside. Search Google, Twitter, and WordPress to see if other people are facing the same issues. Stay on top of WordPress or other platform updates and security warnings, and you may help prevent damage to your website.

I was having a few problems on the back-end of my blog for a couple of weeks. I assumed it was because I recently updated my blog to WP 2.8, and although I was kicking myself for upgrading, there wasn’t much I could do. After a couple of weeks, I was faced with other random problems, and it began to get more than annoying.

After my designer was unable to access the admin panel of my blog, and I couldn’t even access it unless I was on my personal laptop, I began to worry. What if my laptop suddenly lost access, too, and I was blocked from my own blog. Fortunately, that didn’t happen, but I was lucky to have the help of Kevin Leto, who taught me a trick.

While I had assumed my problems stemmed from a faulty WordPress upgrade, Kevin wasn’t convinced. He had me go into the appearance section of the WordPress dashboard and select the default theme temporarily. Once I did so, all of the problems disappeared, allowing him to determine that the fault was in my current theme coding rather than WordPress.

Once Kevin isolated the problem, he was able to search through my files to find a really small error that was throwing off a lot of back-end functionality and he quickly rectified the error.

If you use WordPress and encounter problems and errors, switch it to the default theme and try to replicate your errors. If the errors disappear, the problem is in your theme – not in WordPress.