File type does not meet security guidelines.

A bit of googling got me to Kristof Coomans’ blogpost which pointed me to the PJW Mime Config plugin. This plugin allows you to add custom file extensions and their corresponding MIME-types to be accepted as uploads.

After doing some research, I learned that OpenID is capable of doing just that (an much more). The concept behind OpenID is fairly simple. Note that I’m cutting corners here.

• A website wants to be able to identify who you are. The normal way to do this is to prompt the user for an identifier (name, nickname, email-address, handle, …) and a proof that he owns that identifier (usually a password).
• The user provides the website with his OpenID identifier (usually in the form of a website-address). Note that only an identifier is supplied, no proof yet.
• The original website (called relying party in OpenID jargon) surfs to the provided website (OpenID identifier) and asks that site (called the OpenID provider) to verify that the user actually owns this website.
• The OpenID provider verifies the user in whatever way it wants (username/password, SSL-certificate, retinal scan, …) and asserts to the relying party that the current user does (or does not) own the specified website.
• The original website accepts this assertion as a proof that the user owns the identifier.

The big difference is that the verification happens at another website than the login. This website can use SSL, even if the original website can’t. AOL’s developer network has a more detailed, but still simplified, explanation on OpenID. True geeks can just read the specs.

I currently use myOpenID as provider. They provide a detailed audit log, and allow fairly detailed settings. To test things out,  I used the checkup tool at openidenabled.com. To actually make things work, I’m using the OpenID plugin for WordPress, together with its compation plugin XRDS-Simple.

Here is a list of plugins I currently use:

• Akismet: Keeps the spam out of the comments
• Add From Server: Allows me to upload files in batch using SFTP and add them to the media library later
• Attachment Extender: Allows an attachment (image, video, file) to be updated. Normally you need to delete/re-add the item
• Better Blogroll: Displays a list of random links in the sidebar
• Blogroll Links Page: Generates a page with all links from the database; although I hacked in a little bit of functionality to have empty categories suppressed and to display the category description.
• CyStat: Gathers statistics on page visits, incoming referrers, most popular posts, …
• FLV Embed: The embedded flash player in some posts (eg this one)
• Search Unleached: Adds search highlighting to the pages; search through comments as well

I’m still looking for (a) plugin(s) to accomplish some things:

• Basically get the “Media Library” page from the admin-interface onto the blog itself. A bit like the Blogroll Links Page plugin does for links.
• Some plugin/hack/extension that allows the “Media Library” to be organized by tags and/or categories. Technically this isn’t a big task: the database stores attachements just the same as it does posts, so it’s only a user-interface thing.
• Search through the captions and descriptions of the “Media Library”

If anyone knows of a plugin to solve these issues, please let me know.

Update 2008-10-26

I basically wrote my own plugin to accomplish what I was looking for. It’s far from perfect, but it gets the job done.

Update 2009-06-17

I replaced CyStat with AWStats; it’s not a WordPress plugis, but gives me much more information. I also removed Search Unleached, since it wast not compatible with WordPress 2.8 (at the time of the descission).

Another update

I added Broken Link Checker. It’s a great plugin that routinely verifies all your links and notifies you when they’re broken.