Web Ninja Plugins and WordPress 3.0.2

Well, I started working on getting my next plugin for release and what do I find as soon as I log into the Admin section tonight? An upgrade to WordPress 3.0.2!

First thing I could think of? This is going to break something… Well, I updated to 3.0.2 and tested all the plugins and I can say that everything is working just fine with the new 3.0.2 version.

Now what is new in this version? The summary from the WordPress site is:

This maintenance release fixes a moderate security issue that could allow a malicious Author-level user to gain further access to the site, addresses a handful of bugs, and provides some additional security enhancements.

You can view the full changes and list of files changed here: http://codex.wordpress.org/Version_3.0.2.

Looking at the full list it doesn’t look like it was a major fix but there is one thing that I can see a lot of spammers getting mad over it:

Remove pingback/trackback blogroll whitelisting feature as it can easily be abused.

This was a bug that a lot of Black Hat Seo guys used to get past the comment approval on wordpress sites. Basically, if the comment author’s domain had a “%” in it, the bug would let it instantly get approved. Then the way WordPress works with comments is that when someone has been approved once they are whitelisted and all comments after that will be posted without an approval wait time. So all you have to do is post once with your domain as “http://%.com” and after that you can post comments all over the site with your actual domain for backlinks.

If you had an automated bot system that posted comments you could get 100s to 1000s of backlinks a day like this. Needless to say…there are going to be a lot of pissed off Black Hat guys out there, lol.