Calling all bloggers running WordPress as their content management system (CMS) – yes, I’m talking about you guys and gals with self-hosted WordPress installations.  WordPress version 3.0.2 just came out (release date 11/30/10) and if you haven’t done so already, it’s time to upgrade your WordPress installation.

WordPress 3.0.2 is a mandatory security update, which means if you know what’s good for the safety of your blog, you’ll get on this update right away!

How to Upgrade to WordPress 3.0.2

To upgrade your WordPress installation to version 3.0.2, you have several choices:

1. You can follow the directions at the WordPress Codex here.

2.  Log in to your WordPress dashboard and you’ll get a message at the top of the page alerting you to the new version. It also has a link to the download information.

3.  Download the plugin WordPress Automatic Upgrade, which will guide you through a series of clicks in your dashboard to update to the new version.  This handy plugin is, by far, the easiest way to upgrade your WordPress.

List of the Changes Made in WordPress 3.0.2

From the WordPress.org site, the following changes were made in this security update:

• “Fix moderate security issue where a malicious Author-level user could gain further access to the site. (r16625)
• Remove pingback/trackback blogroll whitelisting feature as it can easily be abused. (#13887)
• Fix canonical redirection for permalinks containing %category% with nested categories and paging. (#13471)
• Fix occasional irrelevant error messages on plugin activation. (#15062)
• Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin. (r16367, r16373)
• Clarify the license in the readme (r15534)
• Multisite: Fix the delete_user meta capability (r15562)
• Multisite: Force current_user_can_for_blog() to run map_meta_cap() even for super admins (#15122)
• Multisite: Fix ms-files.php content type headers when requesting a URL with a query string (#14450)
• Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for upgraded WordPress MU installs (#14536) “

Have you seen faces next to comments on other blogs, but don’t know how to add them on your own blog?  Never fear!  Our step by step instructions for both blogspot and WordPress self-hosted blogs will teach you how to add avatars to your blog comments in no time.

Avatars next to commenters names make your comment section look more appealing. 

If you haven’t set up your own avatar for your site yet, visit Gravatar to find out how.

How to Add Comment Avatars on Blogspot Blogs:

• In your dashboard, go to “Settings”.
• Go to “Comments”.
• Near the bottom of the page, change “Show profile images on comments?” to “Yes”.
• Click the “Save Settings” button.

How to Add Comment Avatars on WordPress Self-Hosted Blogs:

• In your dashboard, go to “Settings”.
• Go to “Discussion”.
• Scroll down to the Avatars section.
• Under “Avatar Display”, choose the radio button for “Show Avatars”.
• Under “Maximum Rating”, select what pictures are appropriate to show up your blog.  Avatar ratings are G, PG, R, and X.
• Under “Default Avatar”, choose the picture you want to show up for readers who don’t have an avatar of their own yet.

Avatars are a great way to add some pizzazz to your blog’s comments section and encourage readers to leave some feedback.  It’s nice to be able to connect words with faces and help to foster the community on your blog!

Matt Cutts is the head of the Web Spam (anti-spam) team at Google.  He spoke at the recent WordCamp 2009 in May of this year about how to boost your WordPress blog’s results in Google search.  WordCamp is an annual WordPress conference that provides helpful information on WordPress for both bloggers and developers alike.

We all want better rankings for our blogs, because that means more traffic and – if you’re doing things right – more money!  You’ll want to keep reading and watch the video to make this happen.

There’s always a lot of speculation and advice by SEOs, internet marketers, and more about what Google wants and the proper way to do things. I’ve found during my time as a problogger and SEO enthusiast that you’ll never get better advice on “the right way to do things” than when you get it directly from Google staff! 

Here is the link to Matt Cutts’ blog. If you really want to start increasing your Google knowledge, I recommend you go grab his RSS feed now.

Below is Matt Cutts’ video from WordCamp 2009 about how your blog can do better in Google. This is a substantial video at 46 minutes, so grab a coffee and bookmark this page in case you can’t watch the whole thing right now.  (Subscribers will have to click through to the site to watch the video.)

Matt Cutts Google Video Highlights

Advice for PageRank:

• Don’t obsess about getting more backlinks for your site.  You want to have people know about you and you want those people to be reputable.
• About being relevant and reputable- you want to stay on topic with your blogging, so that people are linking to you about things you want to be known for.

Lesser-Known Plugins Mentioned in Video:

• Cookies for Comments by Donncha O Caoimh (an awesome plugin developer). I’ve never tried this plugin before, but I’ll be testing it on one of our new blogs to see how well it does at blocking spammers from commenting.  Matt Cutts recommends using this in addition to Akismet.
• Enforce WWW Preference by Mark Jaquith.  This plugin helps with SEO by making sure all of your content is in either www or non-www, instead of split between both (essentially diluting your PageRank).

WordPress 2.8.4 was released yesterday (August 12, 2009) and if you haven’t upgraded your blog yet, you should do so ASAP.  You can upgrade to WordPress 2.8.4 from your dashboard or download the latest version here.

There was a security vulnerability found in the previous WordPress version that allowed people to use a special URL that could bypass the security for password resets.  In essence, this would enable a hacker to hit user accounts (like the admin account), reset your password, and have access to your blog.

Think it couldn’t happen to your blog?  It can – Robert Scoble’s site was hacked into yesterday.  Don’t let this happen to you!

We luckily upgraded all of our WordPress sites when the release was announced and haven’t had any problems. 

Security Not a Drawback to Using WordPress

Some people use security issues like yesterday’s as an excuse to not use WordPress.  However, the window is very small between the time hackers discover a vulnerability and WordPress finds out about it and creates a solidly tested solution.  The power of using an open source CMS with such collective knowledge going into its development really gives WordPress users the blogging edge, with an extremely robust platform. 

To put it plainly, there is no better than WordPress, so don’t let yesterday’s security issue scare you away.

Remember that WordPress updates are critical for your security and should be installed as soon as you know about them.  You can keep informed of these updates by simply checking your WordPress dashboard or following the WordPress Blog.