There is a big controversy about blogrush going on at the moment. I am using their widget since about 3 weeks now and the one thing I did not get yet was traffic through blogrush. Blogrush promised to have new categories available for a more precise referal network by yesterday. Today I wanted to set “Web Development” for this blog and get an ” Please Enter Correct Blog URL” error.

So besides a slick Dashboard showing me that my blog displayed their widget thousands of times while sending me almost no visitors I cannot see any improvments.

Is this The End of Blogrush?
Read on about the controversy:

BlogRush, You’re Kidding Me
BlogRush amoebas ban high quality blogs in favor of crap
It Ain’t No Cure For BlogRash
Farewell BlogRush
Blogrush is a scam
BlogRush was a waste of time
Avoid BlogRush like the plague

I’ll still give blogrush a chance for another week.

I’ve been running clickheat from labsmedia on my blog for a while. It is a little like Google Analytics Clickmaps (Site Overlay) and tells you visually and and in rainbow colors where users click on your site.

Unfortunately and unlike Google Analytics Clickmap, if you are logged into clickheat to see your stats (?), you can’t browse the site to see what’s happening in other areas. I’d love’d to have a look at my tag cloud, but am not patient enough to set up clickheat for every single part of my blog.

Here is a comparison between the two tools:

labsmedia’s Clickheat:

+ more colorful, looks nicer
+ open source
- site not browsable
- uses up more resources

Google Analytic’s Site Pverlay:

+ can browse my blog while watching clickmaps
+ all my statistical data is stored at Google’s
- all my statistical data is stored at Google’s
- can not run it myself since it is not open source
- doesn’t look pretty

BackUpWordPress is getting more attention since a Security vulnerability was found and fixed. Thanks to that, WordPress users and developers are helping to harden the plugin’s code. The current release has a fix for a very critical security vulnerability reported by Alexander Concha, who already helped before improving BackUpWordPress. Thanks Alex.

Please upgrade to BackUpWordPress 0.4.4 »

Please don’t be angry with me not being very clear about the details of this vulnerability. I am not a big fan of security by obscurity, but in this case, I’d rather wait until all of you have upgraded the plugin.

There are several ways to find out what has been changed within the code, and I’ll promise to post some details about this issue here soon.

As an appropriate reaction on the publishing of a RFI security vulnerability in BackUpWordPress, I immediately sat down to fix the plugin. Please upgrade BackUpWordPress as soon as possible!

Download Version 0.4.3 »

Again, thanks to iKArus and mike for reporting the issue!

Today an exploit for BackUpWordPress has been published on http://www.milw0rm.com. It is a Remote File Inclusion Vulnerability and affects all versions of BackUpWordPress. Until I am able to release a security fix for it, please deactivate the plugin.

I am working on a security fix and will release it asap.

Thanks to iKArus and mike for the information!

— Update —

Ony WordPress installations on hosts which allow for

register_globals = on
allow_url_fopen = on

in their php.ini settings are affected. Use the Phpinfo plugin to find out if your WordPress website is at risk.