Report from MWUG Meetup September 2012

For those interested, here are some brief notes from last night’s User session in the first half of the evening:


One subject raised was security. I mentioned the following plugins:

Limit Login Attempts
Limit rate of login attempts, including by way of cookies, for each IP. Fully customizable.

WordPress Firewall 2
This WordPress plugin monitors web requests to identify and stop the most obvious attacks.

Update Notifier
Sends email notifications if a new version of WordPress available. Notifications about updates for plugins and themes can also be sent.

There are many more, some with more in-depth analysis and tools.

I also mentioned LastPass ( (whilst not directly WordPress related it’s great for creating and managing very strong passwords.

Deployment from ‘Dev’ to ‘Live’

We talked a little about moving from a development environment to a production or live server. I mentioned the WordPress import tool (to use with a standard WordPress export):

WordPress Importer
Import posts, pages, comments, custom fields, categories, tags and more from a WordPress export file.

And mentioned the Interconnect it search and replace tool

I also talked about using a backup and restore solution because the better ones seem to include a migrate option too. There are a good number out there, but almost all are commercial (note, unlike the security plugins I mention and recommend above, I haven’t used any of these):

Backup Buddy
Blog Vault
and many more.

There are other free backup solutions in the WordPress plugin repository ( but most only backup your database or your files, but not both. You can of course always use two — but I didn’t see any that also include the option to migrate or restore to a new URL.

Update: I found this plugin: Duplicator – which says it can “Duplicate, clone, backup, move and transfer an entire site from one location to another in 3 easy steps.”

One other tool I mentioned was ManageWP ( which is a commercial WordPress site management tool that also includes functionality to update many sites remotely as well as backup and restore/deploy functionality.

Getting Involved

When covering general WordPress news, I talked about the site ( which is an umbrella site for several different streams of activity involved in making WordPress. It includes core WordPress, UI, Accessibility and more. It’s a great place to see what is happening in the WordPress world as well as to get involved.

If you have any questions, or I missed something out from the first half of the evening, please leave a comment below.

WordPress developers: passwords reset required for site (forums, codex, etc)

This message is only applicable for: WordPress developers and those who have an account on site (forums, codex, etc). Or those who have any of the plugins mentioned below.

Earlier today the WordPress team noticed suspicious commits to several popular plugins (AddThis, WPtouch, and W3 Total Cache) containing cleverly disguised backdoors. We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory.

We’re still investigating what happened, but as a prophylactic measure we’ve decided to force-reset all passwords on To use the forums, trac, or commit to a plugin or theme, you’ll need to reset your password to a new one. (Same for and

As a user, make sure to never use the same password for two different services, and we encourage you not to reset your password to be the same as your old one.

Second, if you use AddThis, WPtouch, or W3 Total Cache and there’s a possibility you could have updated in the past day, make sure to visit your updates page and upgrade each to the latest version.

via WordPress › Passwords Reset.