With Facebook for WordPress, What’s Going to Change?

WordPress is admittedly the most used CMS(content management system). It caters to a wide range of siteowners. From small scale websites to tech news giants, everybody can rely on its robust yet flexible website management. On the other hand, to promote their content every webmaster has to rely on social media. Facebook, for long, has provided a feisty marketing tool for every business out there. From the time Open Graph came to existence, webmasters had no other choice but to code their apps to integrate Facebook’s social experience with their WordPress blogs. Thankfully with the new plugin it won’t be a strenuous task anymore.


Let’s start with the installation. Follow the simple steps below to activate the new plugin.

1. Download the Facebook plugin for WordPress.

2. You can either upload it to your blog’s hosting server with your ftp client or you can use your WordPress account. A quick tutorial is available here.

3. Once you have succesfully uploaded the plugin, go to Plugins > Inactive and scroll down to activate the Facebook plugin.

4. Now in order to use the plugin you will need to register a Facebook app. You don’t need to be a coder to do that. Just go to The Facebook Developers page and create a new app.

NOTE: If you already have an app registered with Facebook you can go directly to the app and copy the App ID and App Secret. Skip this step and start from step 6.

5. Now add the page name (your blog name would be a good choice here), namespace(optional, entering your blog name is recommended) and Heroku web hosting(optional). Once you are done, you will be redirected to the app page where you will get the App ID and App Secret. These will be needed for configuring the plugin. Scroll down and you will find an option where you will need to mention how your app integrates with Facebook. Click the first option “Website with Facebook Login” and enter your full blog URL i.e including the http://. Once done press the button Save Changes at the bottom of the page.



6. Now that you have your App ID, App Secret and namespace go back to your plugin configuration page and enter them. After, you have completed the activation you will be presented with a settings page for the Facebook plugin. Choose the options you wish to and save the necessary changes after you had configured them. We’ll discuss more on the configuration changes and how it effects your site layout in a later post.

Every WordPress is meant to add additional capabilities to the CMS. Facebook for WordPress implements the latest social attributes of Facebook for your blog.

1. Social Publisher: This is indeed something new and helpful if you own a multi-author blog. True you could already share posts automatically on Facebook as they were published. However, if your authors too can showcase their posts on their personal timeline, that would mean some additional traffic from their friends and followers. Apart from these any author can mention the names of their friends to post on their timeline as well.

2. Send and Like buttons are primitive if compared with the rest of the functions the plugin offers. It adds a Like and Send button to the top/bottom of any post of your blog to let users share it with their Facebook friends.

3. Subscribe Button: This definitely helps any blog to promote their authors and in turn their content. So far top blogs with reputed authors used to have this feature(but was not limited to). The hassle of coding is no more there, all you now need to do is ask every author to authorize the app from within their WordPress accounts. Doing this will show a subscribe button at the end of the post.

4. The comments section is also something that was popular already. It also comes bundled with other features with this plugin.

5. Recommendation Bar: Technically this is the only significant feature that comes for the first time along with the plugin release. This adds a sticky bar that shows article recommendations to readers. The readers can use the Like button there to like the post they are on or turn on the social reading. This can serve as viral marketing as friends of the reader will see a ticker or news feed entry that says “X read THIS POST on THE BLOG”. Until now this was possible with the selected social readers after the last f8 keynote.


What it means for a reader?

So as the behemoth of social marketing integrates more easily with the most popular blogging platform expect more clutter in your already populous news feed. Apart from that if you really love sharing what you read, it would be a more pleasant experience for you.

What changes for a webmaster?

Thankfully, a lot. Less coding and more functions. A caution, do not overdo. Sometimes less is more. With more sharing features you will enjoy better visibility on the social network but similar to other plugins your site load time will be hit. Sticky bars are good but at the same time can be annoying too. As you are a better judge for your readers, the decision rests upon you.

Why was it launched? How does it make up for Facebook?

As you have noticed, apart from the recommendations bar everything was already there. This might just be a compilation of the Facebook sharing features. My personal opinion is that the recommendation bar feature is what motivated Facebook to launch this plugin. Since Facebook is planning on a better functional search (and Bing’s social search) their repository should be rich in content. Apart from pages, updates and other things the social reader will take the user engagement to the next level. The less known blogs (with low sharer counts) can also include their content now in a much simpler way. This seems even more relevant as Facebook went on the IPO way and is struggling so far. A new opportunity based on search ads sounds too lucrative to dismiss. Now considering their proximity to Bing they are less likely to go for a head-on clash with Google(Bing already enjoys that rightfully). So improving the internal search for content might be a way out of this.

Think of me as an elitist but I will still bank on the facts that Facebook has already done a great job in luring users. A better platform with better search will only make things better for them(and hopefully a boost for their IPO) and for a right mind that should not be considered evil. There’s nothing personal, it’s all business.

WordPress Hit With Backdoor Attack, Force Resetting User Passwords

Looks like no one is safe on the internet today, with numerous services being hit with hack attacks and password thefts. Today, it looks like WordPress was also hit with a backdoor attack where users were able to gain access and update some plugins in the repository.

The hackers apparently added some backdoor code to the attack and committed them to the repository, this affected some popular plugins like AddThis, WPtouch and W3 Total Cache. WordPress has managed to rollback those updates, but have also reset passwords for all WordPress.org users. If you use any WordPress related service, you will have to reset your password.

Earlier today the WordPress team noticed suspicious commits to several popular plugins (AddThis, WPtouch, and W3 Total Cache) containing cleverly disguised backdoors. We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory.

We’re still investigating what happened, but as a prophylactic measure we’ve decided to force-reset all passwords on WordPress.org. To use the forums, trac, or commit to a plugin or theme, you’ll need to reset your password to a new one. (Same for bbPress.org and BuddyPress.org.)

This is not the first time WordPress has been attacked. Earlier this year, WordPress.com was hacked and code was compromised. Sony has also been hit with several attacks recently where user’s passwords were leaked on the internet. If you have a WordPress.org account make sure to update your password. Also read our earlier article on why it is the right time to update all your passwords.

Also, if you have recently updated any of these plugins, go and re-update them immediately.

More updates to come…

Why WordPress Needs To Overhaul Their Plugin Repository and Introduce Safety Checks

I have written quite a few plugins including WordPress Automatic Upgrade and understand how things work within WordPress.

Earlier today, I wrote about a very dangerous plugin doing the rounds of the Internet called BlogPress SEO. The plugin is nothing but a Trojan horse which siphoned sensitive data to a third party and allowed them to login to the plugin user’s admin interface without having access to the admin password.

WordPress Security

That plugin is not in the WordPress repository and will never be, but there are thousands of plugins which are already in the repository and thousands which will eventually be part of it. Here is the catch, adding a WordPress plugin to the repository is as easy as sending an email, you just create a legitimate plugin, upload it to SVN and it’s there in the repository for everyone to use.

Now, here is the problem. As far as I believe there are no checks on what code is added to a plugin and to top that there are no checks at all to future updates. In plain words, I can create a legitimate plugin and introduce it to the repository. After that, whatever updates I make to it will never be checked (other than by clever WordPress users who sift through code), since the WordPress plugin updates are based on SVN trunks.

Any new trunks you create will be made available as a update to the end user, regardless of what code you put into it. Now, this may not be alarming since there are hardly any scams related to WordPress plugins within the repository, but today’s event goes on to show that it can be exploited. It does not take much effort to get in a plugin into the repository itself, so a scammer/hacker will be able to create multiple plugins and then add exploit code to it and offer it as updates. By the time the exploit is discovered, it might be too late for users who have already updated and sent out sensitive information to the hacker.

Now, while I am making a valid point here, there is really no foolproof way to stop this problem. Of course, it would help if there are safety checks and maybe a community based checking of code before it actually is made available as an update to users. Community based code checks are hard, if not impossible, because it will involve people to actually check the updated code before it is made available to users. This will also add a hassle to developers who are contributing for free, however, in the end it will be beneficial to everyone.

Once again the approach of checking code is not exactly foolproof. A recent example involves and , who now have a very strict process of approving extensions and it causes problems to developers. However, both of them did let through/had or which snooped on sensitive information and passed them on to third parties, some without even you having to install those extensions. The most recent example being Firesheep, an extension which allowed you to extract cookies for and and then used it to login to these networks (P.S. Install BlackSheep to stay safe from Firesheep).

Now here is the big problem, none of these harmful extensions are available through the repositories, if they are, they are quickly taken off, but people can still go ahead and install these. Just like Firefox has the ability to block extensions (they blocked .NET and WPF add-ons from Microsoft), and Google Chrome has developed features in the browser to block unsafe extensions, WordPress has to take steps to block harmful plugins at the core. They have to have the ability to inform users or explicitly block plugins which are harmful.

Considering how huge a community WordPress has, it would be easy to have a system in place to report unsafe extensions, no matter if they are present in the repository or not, along with providing a friendly warning to users that the plugin they are about to install might be unsafe. In addition to that, they have to move towards encouraging more and more developers to use the WordPress repository for plugins. I had written about the benefits of users adding their plugins to the WP repo on WLTC and saw many developers unhappy with the system, so this might take a while.

If they add this feature, and it works on the fly, it would be one of the best features I could use. Though I am a experienced plugin developer and have coded plugins such as WordPress Automatic Upgrade, I fear for the millions of people who might start adding plugins which are really bad.

Hope WordPress does something about this as this could easily get out of hand. The coder of BlogPress was foolish, he wrote code that could easily be identified, imagine intelligent people being able to write code which cannot be identified and the threats just multiply.

(Image Credit: Clickonf5.org)

WARNING: Don’t USE BlogPress SEO Plugin On WordPress, It’s A Scam and Trojan

WordPress is an open community and practically anyone can develop plugins or themes for it. However, there are several shady plugins for WordPress out there which you might as well stay away from.

One such plugin is called BlogPress SEO, which promises users hundreds of backlinks once you install it. However, don’t fall for it, it is a trap and will expose your login information to the developer of the plugin and will allow them to automatically login to your blog.

There are couple of blog posts from Yoast and Mtekk which expose the big problems with this plugin. First of all, this plugin stealthily emails your admin email address to the author of the plugin. The second and bigger problem is that, the plugin has a function which allows the plugin author to bypass the WordPress login.

Yes, you read it right, the plugin first emails your admin email to the author and then allows him to login to your WordPress admin without a password. Scary right.

If you have installed the BlogPress SEO plugin, you have to do two things. First of, deactivate the plugin ASAP. Secondly, change your admin email address. Changing your password will do no good. Thirdly, only install plugins which are available in the WordPress repository as they are safe.

WordPress Plugins Downloaded Over 100 Million Times

Looks like it is another month of milestones, yesterday Firefox crossed 2 billion add-on downloads and today it was the turn of WordPress to cross over 100 million plugin downloads.


In an announcement on the official WordPress blog, the dev team have released some statistics which state that 10,000+ plugins in the WordPress repository have been downloaded over 100 million times. In addition to that, WordPress 3.0 has also been downloaded over 3 million times.

WordPress 3.0 Thelonious passed 3 million downloads yesterday, and today the plugin directory followed suit with a milestone of its own: 100 million downloads.

Just like , WordPress plugins too have been a very integral part of the popularity of WordPress. WordPress has a huge community of developers and contributors who have made this possible and there is definitely more in store with the latest version of WordPress taking a CMS approach.

I am also proud to say that my WordPress plugins have been downloaded around 400,000 times which is definitely a great number. I am very sure that other contributions and plugin developers will be proud of their achievements too.

Twitter Fans Widget WordPress Plugin

Many blogs and websites sport fan widgets, which is officially available for fan pages on Facebook. However, if you also have a account for your blog, you can only display a twittercounter widget or a custom icon which leads to your twitter account.


Twitter Fans Widget is a new and interesting WordPress plugin, which will allow you to display a Twitter Fans Widget similar to Facebook widget for your site. Once you have installed the plugin on your blog, go to Appearance > Widgetsand drag the Twitter Fans widget to wherever you want to display it.

Add the twitter username and the number of fans you want to display on the widget, and customize the colors for the widget. Once you are done, save the widget and reload the site to view the Twitter Fans widget in action. By the way, you can follow us @techiebuzzer to get the latest updates delivered directly to your Twitter timeline.

Thanks @loyals

Download Twitter Fans WordPress Plugin

Add WPtouch Support For Nokia, Symbian & Windows Mobile

WPtouch is a excellent which allows users to provide a mobile friendly interface for their websites, when a user visits using a mobile web browser. At Techie Buzz, we use the plugin to display the website for mobile phones.

Displaying mobile friendly pages on mobile web browsers makes sense, since usually their screens are much smaller. Along with that, mobiles also do not have fast internet connections. Using WPtouch definitely helps speed up page rendering on mobile devices.


However, recently one of our authors pinged me and said that the mobile site was not displaying while he was viewing it on a Nokia 5800 touchphone. Turns out that WPtouch is built to only run on iPhone, iPod Touch, Android, Storm and Pre devices. It does support Mini too.

However, this means that it will not work on Nokia based phones running on Symbian OS or Maemo, and devices that run on Windows mobile out of the box. To overcome this issue, you can add support for additional devices by changing a small setting in WPtouch.


To do that, go to WPtouch options and scroll down to Advanced Options. In the field for custom user-agents, add the following text nokia, iemobile, symbian, and save your settings. The provided strings are generic in nature, you can always find the browser user-agents for mobile devices on this page.

Testing WPtouch on Nokia or WinMo Devices

Once you have added the changes, test it out by visiting the site using a Nokia or Windows Mobile device, or for that matter whichever device you added support for.

If you do not have the different devices to test with, you can visit our earlier tutorial of Emulating Mobile Web Browsers on your Desktop with Firefox.

That’s it, hopefully this will help users who use WPtouch add support for Nokia Symbian, Windows Mobile or other unsupported devices with ease. Feel free to leave a comment if you have any doubts or queries. For more such useful tips, visit the section.

Introducing WordPress Remote Upgrades and Backups

It has been a long time since I have released a , however, behind the scenes I have been working on a exciting new product which will make life more easier for users. With that in mind I am very happy to announce my latest endeavor called WP Remote Manager, which will allow users to remotely upgrade and their WordPress blogs.


Like WPAU (WordPress Automatic Upgrade), WRM was conceptualized to address a problem many users face, frequent upgrades. Many users including me own several blogs which are powered by the wonderful WordPress platform. However, WordPress dev teams release several updates to the software, many of which are mandatory due to security issues. With that in mind upgrading several blogs or even a single one becomes a bit of a pain.

With the help of WP Remote Manager, users will be able to upgrade their blogs and even backup the database right from their desktop. The concept, design and idea behind WP Remote Manager was done by me. It was developed by the talented developer Shoban Kumar, who has several other successful products against his name, including TweetMyPC and GTalk Auto Reply among other things.

Checking for Upgrades and Upgrading Blogs Remotely


Once you have added the blogs WRM will allow you to check for available upgrades and remotely upgrade your blogs.

wp_upgrade_status_report wp_upgrade_status_report1

The software will check for upgrades and intimate you whenever they are available. You can then upgrade the blogs which are not using the latest version by clicking on the upgrade link, or upgrade all the blogs at once by clicking on the Upgrade All Blogs link in the report or the Upgrade Blog(s) button in the main interface.


Once you click on the link or the button, WRM will automatically upgrade your blogs to the latest version. This may take a few minutes depending on the number of blogs and your internet connection. Once the upgrade has completed you will see a status report detailing the upgrade process.

Backing up Blog Posts and Comments

In addition to allowing users to remotely upgrade their blogs, WRM will also allow users to backup their blog posts and comments. They will also be able to schedule backups in Windows to run at regular intervals so that their blog data is always backed up.

Blog posts and comment backups are still in a very alpha stage and will be included in the beta release.

Beta Testing and Future Plans

Right now this product is in a pre-beta stage, we are still fine tuning several things and hope to release the final product sometime next month. If you are interested in beta testing the software, feel free to drop an email to keith [@] techie-buzz [dot] com. We will send you a test version as soon as it is ready.

Our future plans include making this software cross-platform so that users of any operating system can use it, along with adding several other exciting features. If you like what you see, don’t forget to spread the word through your blogs or social networking accounts.


Though we are not making the software available for downloads yet, we would appreciate if you give your feedback and inputs.

Best Twitter Plugins for WordPress

Quite recently WordPress.com users got the ability to automatically tweet posts to twitter, but what about other self-hosted users? Well, there are tons of plugins and tools available for WordPress.org users.


In this post, we will take a look at some of the most useful twitter plugins for WordPress users.

Twitter Tools – Twitter Tools is a plugin that creates a complete integration between your WordPress blog and your Twitter account.

TweetSuite – TweetSuite is a Twitter-WordPress integration plugin that includes retweet buttons, digg like tweet button, automatic tweeting of new posts and more.

Twitter Widget Pro – A widget that properly handles twitter feeds, including @username, #hashtag, and link parsing. It supports displaying profiles images, and even lets you control whether to display the time and date of a tweet.

TweetMeme – The TweetMeme retweet button easily allows your blog to be retweeted. The button also provides a current count of how many times your story has been retweeted throughout twitter.

Tweetbacks – Allows you to pull in comments from twitter and displays it as tweetbacks on your blog (requires manual editing of theme).

BackType Connect – Allows you to pull comments related to your blog from twitter and other websites.

TwitterCounter – Allows you to integrate TwitterCounter.com badges on your site.

Do you know of any other plugins that can make it to this list? Do let us know about them through your comments.

Image Credit: TechCityInc

Use PostgreSQL for WordPress Instead Of MySQL

MySQL is the preferred database for , however not everyone likes MySQL and there is no easy alternative to make WordPress use another database.

If you want to use PostgreSQL with WordPress there is a that will allow you to do it without making any changes to the internal WordPress codebase.

PostgreSQL for WordPress (PG4WP) gives you the possibility to install and use WordPress with a PostgreSQL database as a backend. It works by replacing calls to MySQL specific functions with generic calls that maps them to another database functions.

When needed, the original SQL queries are rewritten on the fly so that MySQL specific queries work fine with the backend database.

Support for other database can also be added if the appropriate drivers are written for them.

We tested this out on a local installation and were able to use PostgreSQL with WordPress without any issues.

The only problem we see with the plugin is that you need to perform a fresh install for this to work, however it might work on older installations if you are able to import the MySQL database to PostgreSQL.

Download PostgreSQL for WordPress (PG4WP)