WordPress 3 Critical Security Update

WordPress has issued an important secuirty update as a XSS (Cross Site Scripting) vulnerability has been discovered in WordPress 3 code in the HTML sanitization library, called KSES.

This has been rated as critical all all WordPress 3 users should update immediatley to verion 3.0.4 through the update page in the WordPress dashboard orĀ  for full details and download visit WordPress 3.0.4 Important Security Update

Can’t login to magento admin? Might be an aheadWorks extension.

Couldn’t load the magento admin page this morning for a clients website, this is the second time this has happened and if you are a user of any of the aheadworks extensions this may be happening to you also and the cause seems to be that the aheadworks magento website: http://ecommerce.aheadworks.com/ is currently down (The connection has timed out).

When you login to magento admin and have a aheadworks extension installed, the extension tries to connect to the aheadworks server to see if there are any notification messages,. if the server can’t be found i.e. the connection times out, the magento admin page just won’t load.

The quick solution is to stop the aheadworks extension from trying to contact the server:


Remove the reference to their server:

class AW_All_Helper_Config extends Mage_Core_Helper_Abstract{
const EXTENSIONS_FEED_URL = ”;/*’http://ecommerce.aheadworks.com/extensions.xml’*/
const UPDATES_FEED_URL = ”;/*’http://ecommerce.aheadworks.com/updates.xml’;*/

I also comment out the reference in the AW/All/etc/config.xml file as well, just to make sure:


This did the job and the client can login to magento admin again.

Why aheadworks, why!

Why prevent users from logging in to magento admin because your server is down, how stupid is that!