I’ve been wanting to do this for a while, this is the 1st in a planned short series of tutorials for my root cookie WordPress plugin.

I’ve decided to start with the purpose I wrote the plugin, then I’ll move onto a couple of tutorial which answer some of the FAQs I get.

Scenario.
Before you start you need a working copy BLANK of WordPress, in a sub directory, with a url like domain.com/wordpress.
A BLANK copy is a fresh install, using the default theme and only my root-cookie plugin installed, remember after activating the plugin clear your browsers cookies.

Getting Started.
So you have a ready & waiting copy of WP, next create a directory called “my-scripts” or whatever you like, and in it create 1.php with the following contents:


<?php
print_r($_COOKIE);
?>


Browse to domain.com/my-scripts/1.php and you’ll get a blank white page with Array().
Next log into WordPress, and re-fresh 1.php and you should get something like….

Array ( [wordpress_xxxxxxxxxxxxxyyyyyyyyyyyyyy] => admin|1241455565|xxxxxxxxxxxxxyyyyyyyyyyyyyy [wordpress_logged_in_xxxxxxxxxxxxxyyyyyyyyyyyyyy] => admin|1241455565|xxxxxxxxxxxxxyyyyyyyyyyyyyy )

Done! You’ve just accessed WordPress’s cookies

Now when I first started I had a very basic script which hid my Google adverts when I’m logged in, it’s against Google’s policies to click on your own adverts so to avoid accidents I wanted to hide them.

The following script is NOT secure, it doesn’t check that you’ve logged into WordPress it simply checks that you a cookie set with the right username (which anyone can fake) but for my purpose this was fine, I had no issues with users faking cookies to get rid of the adverts*


<?php
if (isset($_COOKIE["wordpress_logged_in_fxxxxxxxxxxxxxyyyyyyyyyyyyyy"])) {
$cookie = $_COOKIE["wordpress_logged_in_xxxxxxxxxxxxxyyyyyyyyyyyyyy"];
$cookie_elements = explode('|', $cookie);
if ($cookie_elements[0] == "admin") {
echo "<h1>Hello admin!< </h1>";
}
}
?>


Replace admin with whatever username your using and job done! Next time Accessing two WordPress installs domain.com/blog1 domain.com/blog2 with root-cookie

*this will not work now, as I do something different.

Whilst playing with my bad-behavior callback function, I noticed something quite crucial; plug-ins load in alphabetical order!.

I noticed that every time a new version of BB is released / upgraded I had to re-paste my callback function into bad-behavior-wordpress.php – DOH!

To get around this I decided to create a new plug-in called linickx-bb-callback.php, but I noted that the counter wasn’t increasing. Changing the file name to aaa_linickx-bb-callback.php fixed the issue, sweeeeet!

UPDATE: This Plugin has been updated, please comment on the new post, thanks.

I’ve had an e-mail from Edward Laverick saying that my WordPress root Cookie plugin doesn’t work in WP2.7.

I have a few points to make….

• Not All Cookies are plug-able.
  A google search of the WordPress SVN show’s that there are setcookie actions outside of the avilable pluggable functions; the only way to change these that I know of is to hack the trunk code.
• Changes to 1.4.
  This new version does work in 2.7… I’ve refined the code in two ways, the plug-able functions are inline with WP2.7 (i.e. any changes in the trunk have been duplicated in this plug-in) and got rid of the bug where the same cookie isn’t set twice.
  I’ve tested this plug-in on my server and ensured that we are changing the cookie path on both the “admin cookie” and the “logged in cookie” so hopefully all will work as expected.
• Do you really want this plugin ?
  Scott Kingsley Clark has created a sub-domains version of this plugin it’s worth a look if you’re working with blog1.domain.com and blog2.domain.com

As always….

The point of the plugin is to strip out the path from the cookie so that it can be referenced by other applications.

You can download the plugin from wordpress.org, and there is a discussion forum to get community support.

Cheers!

I’m looking to improve linickx.com; I’d like to include more of my online identity, I stumbled across yibble.org and the layout / look / feel is very close to what I’m looking to do. My current theme is tumblr inspired but has it’s limitations, for example if I tweet & blog on the same day my front page has “posts” with duplicate titles

A self host tumblr or sweetcron are options except that I like WordPress and I can’t be doing with the hassle with maintaining multiple apps… this is why I stopped using gallery, gallery is a brilliant app I just don’t have the time to keep it and WP and “another” up to date and secure.

I’m going to start exploring WordPress + LifeStream alternatives. The WordPress LifeStream Plugin creates a page like this, which is close to what I want, except I like having my tweets / bookmarks / blogs all mixed up, it keeps linickx.com kinda “organic”. I’m considering a lifestream theme and am hoping that the lifestream blog will provide some inspiration…. the trick is going to be achieving the teh blog ar (not) dead look in a fashion that fits me!

If you know of a good solution… using WordPress, please let me know.

My WordPress/PHPBB plug-in is probably the most popular thing I’ve written and I’d like to point out a recent post on Weblog tools Collection… Here they mention possible collaboration between the WP & PHPBB developers, this can only be a good thing as I know from personal experience that it’s something the community at large want.

The Bad Behaviour plug-in for WordPress comes with a weekly counter in the admin dashboard, but do you want a wicked footer like mine?

106,386 dodgy geezas have been blocked by Bad Behaviour and 36,926 spams were eaten by Akismet.

Akismet comes with a counter you can use in themes/plugins…


$akcount = get_option('akismet_spam_count');
$akcount = number_format($akcount);
echo $akcount;


But with Bad Behaviour you have to do a little more work. To start with you need to get BB to record in the database each time it blocks someone, this is done by adding a function to ~/wp-content/plugins/bad-behavior/bad-behavior-wordpress.php , add the following code…..

// Bad Behavior callback functions.
function  bb2_banned_callback() {

        $counter = get_option('bad_behavior_spam_count');
        $counter = $counter + 1;
        update_option( 'bad_behavior_spam_count', $counter );

}

Now BB will store an incrementing number in the WP database for you to use in your theme..


$bbcount = get_option('bad_behavior_spam_count');
$bbcount = number_format($bbcount);
echo $bbcount;


Now you can track how many inter-twats your blocking!

I use twitter tools to post my twitter tweets to my blog; the thing is that twitter can sometimes slow down or break completely, this in turn kills wordpress.

To improve things I’ve changed how often I check twitter, you can do the same by editing the plugin file (wordpress/wp-content/plugins/twitter-tools/twitter-tools.php), see below for a code snippet…


function tweet_download_interval() {
#return 1800;
return 14400;
}

Enjoy!

UPDATE: This Plugin has been updated, please download the update from http://wordpress.org/extend/plugins/phpbb-recent-topics/, and please comment on the new post, thanks.

This is a small update, it incorporates the patch submitted by toni to fix the widget, thanks toni

The old information still applies…

Admin GUI

If you’re happy with v0.4 and have it running fine then don’t bother, in fact edit phpbb_recent_topics.php so that WordPress stops complaining about finding a newer version.

Download phpBB_Recent_Topics_0.4.1 from wordpress.org

What’s New?

• The widget patch mentioned above!

What’s Old?

• Most importantly I have tested this plugin with phpBB3 and WP2.5 so I’ve updated the readme.txt to reflect this.
• I finally quashed the install bug where by phpbb-recent-topics was confused with phpbb_recent_topics.
• Sidebar Widget, yus for all you non-php people you have a widget to play with.
• Edit the Time & Date layout – leave blank to remove it completely

The Installation

• Unzip phpbb_recent_topics.tgz in your `/wp-content/plugins/` directory. (You’ll have a new directory, with this plugin in /wp-content/plugins/phpbb_recent_topics)
• Activate the plugin through the ‘Plugins’ menu in WordPress
• Configure the plugin, you need to tell wordpress about phpbb, this is done in the wordpress menu ‘Settings’ -> ‘phpBB Recent Topics’
  The following Settings are required:
  • * The name of your phpBB database (e.g phpbb)
  • * The name of the table where topics are held (the default is phpbb_topics )
  • * The full url of your forum for links (e.g. http://www.mydomain.com/forum)
  • * The number of topics to show. (If left blank you get 5)
  • * The Date Formatting, i.e. “d/M/y – g:i a” similar to the WordPress “General Settings”
• Hit ‘Update Options”
• To output the list of topics in a page or post…
  • * create a new page/post, type {phpbb_recent_topics} , hit ‘Publish’ or ‘Create new page’

  To output the list of topics in your theme sidebar using the widget…

  • * click “design” in the dashboard
  • * click “widgets”
  • * next to phpBB Recent Topics click “add”
  • * click “save changes”

  To output the list of topics in your theme sidebar using a template tag…

  • * edit sidebar.php and inside <div id=”sidebar”> type…

    <?php
    if (function_exists('phpbb_topics')) {
    phpbb_topics();
    }
    ?>

A bit about Database configuration.
If wordpress & phpBB share a DB already then set $PHPBBDB to DB_NAME and everything will be fine, else you’re going to need to GRANT the wordpress user read access to phpBB.

How to GRANT wordpress read only access to phpBB ?
If you don’t know it already you need to find your wordpress mysql user id, it’ll be in wp-config.php

define('DB_USER', 'wp_user');     // Your MySQL username

and you should have already found your phpbb database & table for the above.
You need to type the following syntax into your mysql database

GRANT SELECT ON phpbb_database.phpbb_topics TO wp_user@localhost;

this can be achieved by logging into phpmyadmin as your phpbb user, selecting SQL and pasting the correct GRANT into the text box.

Frequently Asked Questions

• Is phpbb3 supported?
  • yes.
• Can I output 10 Topics in my Page, and 3 Topics in my Sidebar ?
  • Yes ! In the Wordpress menu ‘Options’ -> ‘phpBB Recent Topics’, set ‘The number of topics to show’ to 10, and then in your sidebar include…<?php
    if (function_exists(‘phpbb_topics’)) {
    phpbb_topics(3);
    }
    ?>
• Can I exclude a certain forum from the list ?
  • In this version, the only way to do that is to hack /wp-content/plugins/phpbb_recent_topics/display/display.php, change

    $results = $wpdb->get_results("SELECT * FROM $TOPIC_TABLE ORDER BY topic_time DESC LIMIT $LIMIT");

    to

    $results = $wpdb->get_results("SELECT * FROM $TOPIC_TABLE WHERE forum_id != 1 ORDER BY topic_time DESC LIMIT $LIMIT");

    to exclude forum 1 from the list. I plan to setup a proper solution to this in the next version.

• Why is the date config under settings not in the widget configuration?
  • The date settings effect both the template tag and the widget

Support
I’ve always been honest about support, there isn’t any. Basically I write this for my own needs and then publish it for you to use for free. You’re more than welcome to post comments here and if you tag wordpress forum posts with “phpbb-recent-topics” I’ll reply to you there, but we all have busy lives and I make no promises on how quickly I’ll reply to you.

Link for posting in the correct phpbb-recent-topics forum

Finally Subversion
You also might be interested to know that I’ve been getting to grips with the wordpress plug-ins svn, so you can get work directly from here; and when wordpress.org re-crawls my readme the latest version will also be available on wordpress.org/extend/plugins/

Recently I’ve been having this problem with my WordPress + Bad Behavior + Delicious blog posting combo, in a nut shell, delicious was showing an error:

[10/22/08 05:00:03 AM -0700] Creating blog post at http://correct_url.com/xmlrpc.php ...ERROR: Failed due to General Exception: Curl returned non 200 HTTP code: 417. Response body:

And I couldn’t work out why, after some digging/googling, I thought to look in my bad behaviour logs, and found a match for my apache log…


76.13.6.189 - - [19/Oct/2008:23:00:29 +0100] "POST /xmlrpc.php HTTP/1.1" 417 796 "-" "PEAR_XML_RCP2/0.0.x"

I’ve contacted both yahoo (who now own delicious)

Hello Nick,

Thank you for writing to del.icio.us Customer Care.

I understand that the Delicious blog posting feature is not working
properly for you. I apologize for any inconvenience.

Our engineers are aware of this issue and are investigating possible
solutions, but since this is not and “official” feature, we do not have
any specific time frame when this will be fixed.

Please let me know if you have any further questions or concerns.

Thank you again for contacting del.icio.us Customer Care.

Regards,
Alessandra

and Michael Hampton (Bad Behavior Developer)

Looks like they are sending an unexpected Expect: header and they are
failing to retry the request without Expect:. You should report this to
them so they can fix it.

as you can see they have confirmed that there is indeed a problem ….. But as you may have noticed delicious posted on my blog, no the problem hasn’t been fixed, but there is a work around.

In ~/wp-content/plugins/bad-behavior/bad-behavior/whitelist.inc.php you can add delicious’s IP address, it’s not a perfect solution as it’ll be overwritten everytime BB is updated, but it’ll do for now

UPDATE: I’ve had many requests for this…

OLD: whitelist.inc.php

// IP address ranges use the CIDR format.

        // Includes four examples of whitelisting by IP address and netblock.
        $bb2_whitelist_ip_ranges = array(
                "64.191.203.34",        // Digg whitelisted as of 2.0.12
                "208.67.217.130",       // Digg whitelisted as of 2.0.12
                "10.0.0.0/8",
                "172.16.0.0/12",
                "192.168.0.0/16",
//              "127.0.0.1",
        );

NEW: whitelist.inc.php

// IP address ranges use the CIDR format.

        // Includes four examples of whitelisting by IP address and netblock.
       $bb2_whitelist_ip_ranges = array(
                "64.191.203.34",        // Digg whitelisted as of 2.0.12
                "208.67.217.130",       // Digg whitelisted as of 2.0.12
                "76.13.6.189",          // Delicious
                "10.0.0.0/8",
                "172.16.0.0/12",
                "192.168.0.0/16",
//              "127.0.0.1",
        );

UPDATE: This Plugin has been updated, please comment on the new post, thanks.

Thanks to Scott Kingsley Clark for giving me the kick I needed, but I’ve finally gotten around to updating my root Cookie plugin for WordPress, we’re now at Version 1.3 !!

The point of the plugin is to strip out the path from the cookie so that it can be referenced by other applications; wordpress 2.6 has a whole new cookie structure and this broke the old version, but I’ve been so swamped recently that it wasn’t maintained.

Scott is one of the very few nice people in the world who instead of grumbling offered up a patched plugin, actually I’ve done it a different way but I appreciate his support anyway.

You can download the plugin from wordpress.org, and there is a discussion forum to get community support.

Enjoy!

I thought I’d write a post about this error message as it’s pretty much the main reason that I ever receive comments or e-mails from the WordPress community. Sadly the complaints I receive from the community out weigh the complements, but I guess that’s life

Thank you to all those who have downloaded and enjoyed my plug-in and all those who have taken to say something nice.

The problem with this error message Missing argument 1 for phpbb_topics() is that I don’t actually know how to fix it. If you look in the source code you’ll see that I’ve tried to trap “empty variables”…

if (is_null($LIMIT)) {
                $LIMIT = 5;
}

Now this approach seems to work on my server(s), and works for some people, but there are a number of people whom is doesn’t work for; unfortunately the majority of the WP community are no more technical than myself and I have never received any feedback on how to fix this.

I’m not a programmer, I’ve never claimed to be a PHP guru; as I don’t know how to fix this problem in the latest version of phpbb-recent-topics I tried to combat the problem by introducing a widget. The widget it aimed at people who don’t know php, it allows you to “drag” the list of recent topics into your sidebar, but for some reason people still prefer to edit their sidebar.php :confused:

I would to remind all readers that it quite clearly states on my announcement :

Support
I’ve always been honest about support, there isn’t any. Basically I write this for my own needs and then publish it for you to use for free. You’re more than welcome to post comments here and if you tag wordpress forum posts with “phpbb-recent-topics” I’ll reply to you there, but we all have busy lives and I make no promises on how quickly I’ll reply to you.

Currently the only solution I can offer to anyone suffering from this error message is to replace phpbb_topics() with phpbb_topics(”5″), if that doesn’t work then please accept my apologies.

If anyone would like to offer a patch for my plugin I would gladly include it and accredit appropriately.

Thanks for Reading!

It’s been a while since I’ve used bbPress, but a major milestone from the automattic guys has pretty much broken the theme.

I’ve done a complete re-write; as before I’m only distributing the style.css (and a screenshot) no template.php files, this ensure that no security issues are associated with my theme.

Installation

• Create a “my-templates” directory in your bbPress installation directory
• Download unzip k2 for bbpress in that directory
• Under “design” and “themes” select k2
• done

The screenshot has been updated, existing users may find things move a little, this is due to the changes in bbPress, but hopfully it’s all for the better.

md5 of k2_for_bbPres_v0.02.zip: c87eb943165a5d909dced2860021107f

UPDATE: This Plugin has been updated, please download the update from http://wordpress.org/extend/plugins/phpbb-recent-topics/, and please comment on the new post, thanks.

Admin GUI

It’s been a year since the last release so perhaps this version should be called “about time!” v0.4 has primarily been released as a bugfix version, if you’re happy with v0.3 and have it running fine then don’t bother, in fact edit phpbb_recent_topics.php so that WordPress stops complaining about finding a newer version.

Download phpBB_Recent_Topics_0.4 from wordpress.org

What’s New?

• Most importantly I have tested this plugin with phpBB3 and WP2.5 so I’ve updated the readme.txt to reflect this.
• I finally quashed the install bug where by phpbb-recent-topics was confused with phpbb_recent_topics.
• Sidebar Widget, yus for all you non-php people you have a widget to play with.
• Edit the Time & Date layout – leave blank to remove it completely

What’s Old? – aka: Installation

• Unzip phpbb_recent_topics.tgz in your `/wp-content/plugins/` directory. (You’ll have a new directory, with this plugin in /wp-content/plugins/phpbb_recent_topics)
• Activate the plugin through the ‘Plugins’ menu in WordPress
• Configure the plugin, you need to tell wordpress about phpbb, this is done in the wordpress menu ‘Settings’ -> ‘phpBB Recent Topics’
  The following Settings are required:
  • * The name of your phpBB database (e.g phpbb)
  • * The name of the table where topics are held (the default is phpbb_topics )
  • * The full url of your forum for links (e.g. http://www.mydomain.com/forum)
  • * The number of topics to show. (If left blank you get 5)
  • * The Date Formatting, i.e. “d/M/y – g:i a” similar to the WordPress “General Settings”
• Hit ‘Update Options”
• To output the list of topics in a page or post…
  • * create a new page/post, type {phpbb_recent_topics} , hit ‘Publish’ or ‘Create new page’

  To output the list of topics in your theme sidebar using the widget…

  • * click “design” in the dashboard
  • * click “widgets”
  • * next to phpBB Recent Topics click “add”
  • * click “save changes”

  To output the list of topics in your theme sidebar using a template tag…

  • * edit sidebar.php and inside <div id=”sidebar”> type…

    <?php
    if (function_exists('phpbb_topics')) {
    phpbb_topics();
    }
    ?>

A bit about Database configuration.
If wordpress & phpBB share a DB already then set $PHPBBDB to DB_NAME and everything will be fine, else you’re going to need to GRANT the wordpress user read access to phpBB.

How to GRANT wordpress read only access to phpBB ?
If you don’t know it already you need to find your wordpress mysql user id, it’ll be in wp-config.php

define('DB_USER', 'wp_user');     // Your MySQL username

and you should have already found your phpbb database & table for the above.
You need to type the following syntax into your mysql database

GRANT SELECT ON phpbb_database.phpbb_topics TO wp_user@localhost;

this can be achieved by logging into phpmyadmin as your phpbb user, selecting SQL and pasting the correct GRANT into the text box.

Frequently Asked Questions

• Is phpbb3 supported?
  • yes.
• Can I output 10 Topics in my Page, and 3 Topics in my Sidebar ?
  • Yes ! In the Wordpress menu ‘Options’ -> ‘phpBB Recent Topics’, set ‘The number of topics to show’ to 10, and then in your sidebar include…<?php
    if (function_exists(‘phpbb_topics’)) {
    phpbb_topics(3);
    }
    ?>
• Can I exclude a certain forum from the list ?
  • In this version, the only way to do that is to hack /wp-content/plugins/phpbb_recent_topics/display/display.php, change

    $results = $wpdb->get_results("SELECT * FROM $TOPIC_TABLE ORDER BY topic_time DESC LIMIT $LIMIT");

    to

    $results = $wpdb->get_results("SELECT * FROM $TOPIC_TABLE WHERE forum_id != 1 ORDER BY topic_time DESC LIMIT $LIMIT");

    to exclude forum 1 from the list. I plan to setup a proper solution to this in the next version.

• Why is the date config under settings not in the widget configuration?
  • The date settings effect both the template tag and the widget

Support
I’ve always been honest about support, there isn’t any. Basically I write this for my own needs and then publish it for you to use for free. You’re more than welcome to post comments here and if you tag wordpress forum posts with “phpbb-recent-topics” I’ll reply to you there, but we all have busy lives and I make no promises on how quickly I’ll reply to you.

EDIT: Found a link for posting in the correct phpbb-recent-topics forum

Finally Subversion
You also might be interested to know that I’ve been getting to grips with the wordpress plug-ins svn, so you can get work directly from here; and when wordpress.org re-crawls my readme the latest version will also be available on wordpress.org/extend/plugins/

So WP2.5 is out, and I figured it was about time I squashed that load bug on phpbb_recent_topics, while I’m at it I figure I’ll wigetize it.

The problem is that the example on the automattic site doesn’t actually work! If you paste…

function widget_myuniquewidget($args) {
    extract($args);
?>
        <?php echo $before_widget; ?>
            <?php echo $before_title
                . 'My Unique Widget'
                . $after_title; ?>
            Hello, World!
        <?php echo $after_widget; ?>
<?php
}
register_sidebar_widget('My Unique Widget','widget_myuniquewidget');

Into a blank plugin you get this in your logs…

PHP Fatal error:  Call to undefined function:  register_sidebar_widget()

Now I’ve not been bothered to dig out the exact reason why yet, something to do with the sidebar loading, but you need to wrap the whole lot up in an init function, so try this instead…

function widget_init_myuniquewidget() {
	// Check for required functions
	if (!function_exists('register_sidebar_widget'))
		return;

	function widget_myuniquewidget($args) {
	    extract($args);
	?>
	        <?php echo $before_widget; ?>
	            <?php echo $before_title
	                . 'My Unique Widget'
	                . $after_title; ?>
	            Hello, World!
	        <?php echo $after_widget; ?>
	<?php
	}
}

// Delay plugin execution until sidebar is loaded
add_action('widgets_init', 'widget_init_myuniquewidget');

I just need to work out now, how to add wiget options to the wp-admin panel and the next verions of my plugin will be done

I’ve been following the activity over at blogsecurity, their activities are very interesting and quite commendable. After some shameless delay I decided to read though their WP Security White Paper and apply some of the steps… yes I did say some, harden security folk will insist that you should follow all of the whitepaper to be security, which is probably true, but one should never forget that security is about risk… and in basic terms accessibility vs security, for example I won’t ever lock my wp-admin down to a single IP as I’ve been know to blog at work, home, around my parents place and even moderate comments on the train! Thus my wp-admin isn’t as secure as someone who did lock it down, but this is a risk I’m willing to live with.

One of the area’s that I did like was the tightening up of wp-includes & wp-content, but before you jump in and copy/paste what’s in the pdf into .htaccess, you should be prepared for some work. Basically


Order Allow,Deny
Deny from all
<Files ~ ".(css|jpe?g|png|gif|js)$">
Allow from all
</Files>


when applied stops any file except .css,.jpeg/jpg, .png, .gif & .js from being accessible; now this is great for stopping zero-day remote file includes from php files but it will mean that any php file (even those you may want access to) will be restricted. What I’ve decided to do below is document what changes you need to make to the recommendation to get some popular plugins to work…. This approach will also have a long term impact on the “hardening plug-in” that the blogsecurity team are planning; basically the issue is – the default recommended .htaccess will break plugins, the number of plugins avilable for a wordpress install is unlimited thus they will need to provide a community driven configuration repository that the plugin can draw upon to open things up for specific plugins.

For the purpose of this documentation, I’m going to assume wordpress is installed in /var/www/html so please change appropriately.

For those who use the rich editor and need the spell checker, you’ll need to add this to your /var/www/html/wp-includes/js/tinymce/plugins/spellchecker/.htaccess


# Open up the spellchecker
<Files "tinyspell.php">
Allow from all
</Files>


To get the popular WP-Cache plugin to work changes are made to:/var/www/html/wp-content/.htaccess

Order Allow,Deny
Deny from all
<Files ~ ".(css|jpe?g|png|gif|js|html)$">
Allow from all
</Files>

This will allow the static html files in the cache to be downloaded, now I didn’t get to the bottom of this, but I believe that the wp-cahe php files might be called directly, so if you are having problems see if this resolves it…

<Files ~ "wp-cache">
Allow from all
</Files>

This will open up the wp-cache files as if you hadn’t installed the .htaccess in the 1st place – you have been warned, now you evaluate the risk

If you are using the google site map generator, then you can create a .htaccess file in/var/www/html/wp-content/plugins/google-sitemap-generator to allow the xml style sheet through:

<Files "sitemap.xsl">
Allow from all
</Files>


The final one that might interest people is Share This, you’ll need at .htaccess in /var/www/html/wp-content/plugins/share-this with:

<Files "share-this.php">
Allow from all
</Files>


As you might have gathered this does involve creating a lot of .htaccess files, which is a bit of a pain, if you’re fortunate enough to run your own web server and have access to your httpd.conf you can actually keep these all in one file, keeping with the last share this example, instead of creating a .htaccess in /var/www/html/wp-content/plugins/share-this you can edit your httpd.conf and just wrap the code in <Directory>, so you could actually paste this:
<Directory "/var/www/html/wp-content/plugins/share-this/">

<Files "share-this.php">
Allow from all
</Files>
</Directory>

I hope this all makes sense, and is of some use to someone…good luck to the blogsecurity team, if you need any help feel free to shout