We are happy to release “My Team” a new WordPress to display team/staff members. You can also display a set of pictures and information in different layouts.
Nowadays, WordPress is more than just a blog. And behind such website is a team. The plugin acknowledges those guys, by creating a template which anyone can copy in his theme directory and have a page ready for the people behind it. The plugin provides the administrator with a nice interface to add/edit/delete the team members. The plugin is under active development so keep checking the page. The plugin uses the short-code given at
You can display the entries in 4 different main ways
- Grid view.
- Grid view with Information on hover.
- Table list view.
- Number of Columns.
- Image Shapes and effects.
- Text Align.
- Special Settings.
- Image Sizes.
- Email Settings.
- Single Page Settings.
- Auto Generation Shortcode & PHP Function.
The research, carried out by vulnerability researchers EnableSecurity and reported by WordPress security outfit WP WhiteSecurity, was conducted between Sept 12 and Sept 15 shortly after the release of the WordPress 3.6.1Maintenance and Security Release.
As with any research of this kind we should apply a big pinch of salt.
In fact in this case we don’t need to supply our own salt because the research actually comes self-salted thanks to this hilarious rider at the bottom of the article:
The tools used for this research are still being developed therefore some statistics might not be accurate.
You have been warned.
So if the numbers might be wrong why am I bothering to reproduce them here? Because (in my opinion) they are probably true (well true-ish) and even if they aren’t they still highlight an important security issue which isn’t diminished one iota by their sketchiness.
As long as we go into this with our eyes open we’ll be fine.
The research did no more than set out to discover what versions of the popular CMS are in use by the top 1 million websites.
This singular focus is with good reason: the first rule of WordPress security is always run the latest version of WordPress.
If you aren’t running the very latest version of WordPress then the chances are you are running a version with multiple known vulnerabilities – bugs that criminals can use to gain a foothold on your system.
EnableSecurity’s scan of Alexa’s Top 1,000,000 discovered that 41,106 websites were running WordPress, a little over 4%.
They then determined that of those websites at least 30,823 were running versions of WordPress that have known vulnerabilities. From this they concluded that
73.2% of the most popular WordPress installations are vulnerable to vulnerabilities which can be detected using free automated tools.
Add your salt now.
Even if we take it as read that 73% of the sites are running vulnerable versions of WordPress we still can’t conclude that 73% are in fact vulnerable. There are common security strategies that the researchers didn’t test for, not least using a Web Application Firewall (WAF) that can put up a protective shield in front of vulnerable websites.
By the way, the first rule of WordPress security, always run the latest version of WordPress, holds true even for sites running behind a WAF. They are not mutually exclusive and should be considered as separate parts of a strategy of defence in depth.
In addition to skipping over reasons why the 73% might be a little on the high side the study also leaps acrobatically past a totally different set of reasons why it might be a bit on the low side.
As diaphanous as the study’s precision might be, the broad thrust is correct and it contains a useful message; users of WordPress need to be diligent about security because they are using software that is popular enough to be of interest to criminals who conduct large-scale automated attacks.
10 ways to keep your WordPress site secure
If you are running a website that uses WordPress here are 10 suggestions to help you avoid ending up in the 70% (or whatever large number it is) of vulnerable sites.
- Always run the very latest version of WordPress
- Always run the very latest versions of your plugins and themes
- Be conservative in your selection of plugins and themes
- Delete the admin user and remove unused plugins, themes and users
- Make sure every user has their own strong password
- Enable two factor authentication for all your users
- Force both logins and admin access to use HTTPS
- Generate complex secret keys for your wp-config.php file
- Consider hosting with a dedicated WordPress hosting company
- Put a Web Application Firewall in front of your website
For more on the subject of patching WordPress have a listen to Sophos Security Chet Chat 117, the latest 15 minute installment in our regular podcast series.
Do your shoulders feel lighter?
You were relieved of this choice as of Friday, when Google announced that Gmail users will now see images automatically.
Automatic image viewing for desktops was enabled on Friday, and we’ll see it on Android and iOS apps in early 2014.
Up until now, we’ve had to mull whether or not we want to view images because all sorts of security sliminess and privacy pitfalls can lurk behind them.
Clicking on images is like leaving whatever fortress you’re holed up in and venturing out into the wide, open, scary world of somebody else’s HTTP territory.
That’s because emailed images, though they might look like they’re part of the email, are normally hosted on a web server controlled by the email sender.
As far as privacy issues go, when you load the images, you not only get to see whatever pretty picture the sender wishes to bestow upon your eyeballs; you’re also sending a message about yourself (an HTTP request) to the email sender.
First off, by clicking on an image, you’re giving the sender any cookies you might have previously received from their website. You’re also giving them your IP address, which can provide a rough idea of your location, and your user-agent string which is a brief description of the browser and operating system you’re using.
Perhaps more useful than all of those though, you’re giving email marketers and spammers confirmation that their email has been read and that your email address is ‘live’.
As Ars Technica’s Ron Amadeo points out:
It's even possible to uniquely identify each e-mail, so marketers can tell which e-mail address requested the images—they know that you've read the e-mail. And if it was spam, this will often earn you more spam since the spammers can tell you've read their last e-mail.
So if images are on by default then by the time you’ve looked at an email, determined it’s spam and hit the ‘junk’ button you’ve already told the spammers that you’ve opened the email.
But wait, there’s more: given that the images are hosted on remote, third-party servers, there’s even the possibility that images themselves can be rigged to exploit security vulnerabilities and inflict malware on the computer systems of those who click.
Google aims to curtail the risks of clicking on remotely hosted images by henceforth serving all images from its own, secure proxy servers.
It will be great – just great! says Google:
Your messages are more safe and secure, your images are checked for known viruses or malware, and you’ll never have to press that pesky “display images below” link again. With this new change, your email will now be safer, faster and more beautiful than ever.
With Google serving as the image middleman marketers, spammers and phishers should be starved of all that leaky HTTP stuff but will they still know who’s opened their emails?
Up until now marketers have been able to look at how many times their images have been loaded and use it to work out, at least roughly, how many times their emails actually got opened.
Now that Google’s putting itself between you and the marketers’ servers they will presumably be requesting each image just once from the original server and then caching it for the benefit of all Gmail users.
That ought to mess up marketers’ “open rates” and prevent confirmation that your email address is active, right? Nope, it won’t help matters at all.
As a Google spokesperson acknowledged when CNET asked, senders can simply use a unique image URL per recipient.
Instead of requesting one image from the sender and caching it, Google would have to ask for each unique URL. This ought to make email open-rate tracking even more accurate than it is now because, thanks to this update, every email that’s opened will automatically download images.
This is, in fact, the conclusion reached by security researchers including H.D. Moore and Robert Hansen.
Moore told CNET that the proxy servers will turn on default “read tracking” for all Gmail users, which bestows power on people we don’t necessarily want to empower:
This would allow a stalker or other malicious entity to determine whether the e-mail they sent to a target is being read.
The Google spokesperson pointed out that the proxy server helps protect the recipient’s IP address, geographic location, browser user agent, and “other identifying information.”
OK. But Google could have given their users all that good stuff without taking away their ability to choose whether they want to see images or not.
Luckily, Gmail users can disable automatic image viewing – here’s how:
- Open Gmail.
- Click the gear icon in the top right.
- Select Settings.
- Stay in the General tab.
- Scroll down to the Images section.
- Choose “Ask before displaying external images”.
- Click Save Changes at the bottom of the page.
It all started with a set of big ideas on everyone’s mind. A team was setup to discuss on the activities and arrangements for the celebration. The team members were Kalpana, Diviya, Sharmi, Balaji.
The initial discussion was done few weeks before, but the approval from management was received just 4 days before. We had a very short time to carry out the discussions on arrangements as we were done with our Company outing just a few days before. The team request was
- Sweet distribution
- Cultural activities
- Full day celebration
- Photo hanging
- Logo based gift
- Decoration craft
- Individual own décor items
- Cake cutting
- Theme based dress code (5th year – Wood based could be brown shades)
And the approval was Now we don’t want to give T-Shirt and also we have very very short time
- Morning Pooja with directors + all our team.
- Sweet Distribution
- Decoration and Cultural
- Award Giving
DAY: 02.12.2013 – The Anniversary Day Eve
It was our tea break in the evening and we requested all our team members to accompany in the decoration task. It started by 4.30 PM in the evening.
|Few started pumping the balloons, nearly 250 nos.|
|Few started sticking papers to make thoranam|
|While others drawing the number 5 to hangout showing the completion of 5 successful years, few others were slicing the pictures of individuals of the team to show off everyone that they are the backbone of this growth.|
|Few tied them on the wall. Few tied flowersIt was raining and hot bread bajji were served to enthu the team. The team was working out crossing 9.00 PM and this is how the decorations came out.|
DAY: 03.12.2013 – The Anniversary Day
The day started with high level of curiosity. Morning pooja preparations were started. Decorated lamps, flower garlands for company name board, door entrance, rangoli with flowers. The ambience was filled with colorful paper decorations and flower decorations
The beautiful gifts made by Velmurugan and Kalaiarasan which decorates our office added more beauty
Google allows authors to connect their articles to corresponding Google+ profiles. When such articles are shown in Google search results, the author’s profile image is shown along with it.
Researches suggest that search results with profile images have better Click Through Rates(CTR) than normal ones. Let us see how we can implement this feature in our website.
Step 1: Take the page which you wish to attach your profile image. Add a link to your Google+ page. The link looks like https://plus.google.com/+selvabalaji. Here is general syntax.
<a href=”[profile_url]?rel=author”>Link Text</a>
You have to append ?rel=author to the link. In this page, you can find live demo in the author box below. There I have placed a link like this.
Irandam Ulagam is selvaraghavan’s dream project. It appears that Selvaraghavan must have really scripted the story in his dream. Selva’s courage to bring to life an out of the world experience for the audience should be applauded; But, the execution could not match up to his vision. As a result, Irandam Ulagam falters throughout its laborious running time of 2 hours 40 minute.
Plot – Selvaraghavan’s Complex Vision
Selvaraghavan wanted to portray the concept of how women would be treated in a second world where men have not experienced the feeling of love. The story is all about a man(Arya) from Earth who gets transported to the second world due to mysterious circumstances and ends up infusing love in the air and makes the flowers bloom. It is odd that a movie about “pure love” doesn’t have a single scene that conveys the feeling of love effectively for the viewers.
Script, Screenplay and Direction
Selva’s script is unconvincing, characterizations are weak and screenplay is not taut enough. Right when you begin to invest in the characters residing in one world, the director switches to the other world. This is repeated back and forth until the end of first half. The second half is entirely set in the second world where white men speak fluently in Tamil. There is a healing “amma” character in the second world who has some magical powers. Selvaraghavan’s cult followers will come up with hundreds, if not thousands of explanations for every scene. For the common man, the subtext of a lot of things that happen on the screen is as clear as mud.
Cast and Acting
Almost all of the actors on the screen have acted amateurishly and do not lend any sort of credibility to the story. Arya could not do much to salvage the movie. Arya’s dialogue delivery brings laughs among audience during inopportune moments. Selvaraghavan went gaga about Anushka’s acting skills and how he had extracted the best out of her while other film-makers have used her only as a glam-doll. It is not sure whether some of the scenes that Selva is referring to made it to the final edit. The expressions and voice dubbing for many of the white men don’t match in any of the scenes. The same dubbing artists were used for many of the characters intentionally (e.g., Arya’s father character in both the worlds).
The computer graphics and post production work looks mostly unimpressive. The scene when Arya fights the wild animal is well done. But, the overall output is still a far cry from what our audience may have already experienced in scores of Hollywood movies. By now, it is important that our Tamil movie-makers should know that audience will not give credits or appreciate sub-standard graphics just because it is in a lower-budget Tamil movie. The expectation bar is set high no matter where the movie is made. Ramji’s camerawork is mostly good whenever the scenes are devoid of obtrusive post production works. A number of daylight scenes were converted to night effect scenes to accommodate post production graphics.
Songs and Background Music
This is not an easy movie to do background score due to complex emotions. Anirudh’s background score is a let-down and sounding dissonant with the flow. It was clear that Anirudh struggled to understand Selva’s cryptic vision of what he was trying to accomplish. Harris Jayaraj’s decision to not score the background music may not be the most ethical decision. In the hindsight, this is a great escape for Harris who would have been severely criticized badly if he had done the background score. Some of the songs (Kanimozhiye) were not picturized well and did not do justice to Vairamuthu’s lyrics.
Creative people have courage and conviction. It is no doubt that Selvaraghavan has got it in loads. Let’s hope that he gets his execution right in his future movies, it will be a treat for the audience. For now, Irandam Ulagam is just an expensive experiment with unintended consequences.