WP Super Cache 0.9.5 is now available.
This release fixes a number of bugs and adds a few new features. The main one being improved mobile support and improved mod_rewrite rules generation.
For more, check out the shiny new changelog.
Tag Archives: WordPress
Worldwide Photowalk on MU
For all you photographers out there, did you know the Worldwide Photowalk takes place next Saturday? It’s a good chance to meet other photographers in your area. It was a pleasant surprise when I realised their website runs on WordPress MU! I’m leading the Cork City Walk (still a few places left!) on Saturday and it was nice when I recognised what it was running on.
So, if you’re free on Saturday, check out the listings page. There might be a photowalk near you!
PS. If you’re running WordPress MU, check out the alpha release of the new version. It fixes a number of bugs in the original 2.8.1 release. It’s very stable but try it out on a test server first.
Why you should limit login attempts
Some idiot at 213.155.4.184 hit all my websites over the last few days trying to login to my blogs. He fired off hundreds of automated requests probing and searching and testing my admin login. Each request had a different password. I use difficult to guess passwords but seeing the attempts was disconcerting.
I went searching and found the Limit Login Attempts plugin. After installing, a new page appears under Settings with a wealth of options:
I’m glad I did install it, it caught the same guy when he hit this blog a few hours later! You should probably install it too.
PS. Matt asked me to explain how I recorded those requests. There is a WordPress plugin that sends an email when a POST request is made but I threw this code into a file and load it with the “auto_prepend_file” directive in my php.ini (saves adding it to every installation of WordPress on my server)
if ( ( isset( $HTTP_RAW_POST_DATA ) || !empty( $_POST ) ) && $_SERVER[ 'REQUEST_URI' ] != '/wp-cron.php?doing_wp_cron' && $_SERVER[ 'SCRIPT_NAME' ] != '/wp-comments-post.php' && substr( $_SERVER[ 'REQUEST_URI' ], -10 ) != '/trackback' && substr( $_SERVER[ 'REQUEST_URI' ], -11 ) != '/trackback/' ) {
mail( "MYEMAIL@gmail.com", $_SERVER[ 'HTTP_HOST' ] . " POST request: " . $_SERVER[ 'REMOTE_ADDR' ], "URL: {$_SERVER[ 'REQUEST_URI' ]}\nPOST: " . print_r( $_POST, 1 ) . "\nCOOKIES: " . print_r( $_COOKIE, 1 ) . "\nHTTP_RAW_POST_DATA: $HTTP_RAW_POST_DATA" );
}
WordPress MU 2.8.1
WordPress MU is a multi user or multi blog version of WordPress that is used to run sites like WordPress.com.
Just a day after WordPress 2.8.1 came out and here’s WordPress MU 2.8.1. The original WordPress announcement has plenty to say about this release, but what you need to know is this is a security update and a required upgrade.
This is the first MU 2.8.x release because of course there wasn’t a 2.8 one. Make sure you upgrade to stay up to date. The handy auto upgrade facility built in to the software should kick in but if not, go to the download page and grab the new zip file. Unzip over your current install and any database upgrades will take care of themselves when people login.
The WPMU Timeline is a good place to look to keep track of what has changed. Many bugs were squashed and features added.
WordPress MU 2.8.1 beta
WordPress MU is a multi user or multi blog version of WordPress that can be used to run sites like WordPress.com.
MU Admins! Please download and test wpmu-2.8.1-beta.zip on a test server! This is a beta release that is this <—> close to being final but it needs testing by the community.
It works fine on my test server but I haven’t been able to test every last thing to death. That’s where you come in. Download it, install it, login, look around. Notice anything broken? That’s what Trac is for. Verify you can repeat the problem, open a ticket and describe how the problem can be reproduced. Well done. You’ve just contributed to a Free Software project. π
PS. I know there are two “My Blogs” links in the beta. That was fixed 2 days ago. Grab the zip file from the end of this page to get the most up to date code.
Go Mobile with Supercache
I’ll be honest, I don’t have much experience with mobile content. I’ve rarely browsed the net on a mobile device. I don’t have an iPhone and don’t intend buying one but lots of people do use mobile devices to browse online.
With that in mind, and after some pestering by Vladimir I modified WP Super Cache so it will support mobile devices and operate in full super caching mode!
The plugin now filters out requests from the most common mobile user agents and serves those requests in “half on” WP-Cache mode while serving the rest of your visitors static html files. As I’ve said many times before, the speed differences between both modes is negligible for normal traffic but it’s a nice safety net in case your site is inundated.
Only thing is, I want people to test it first before making a final release. Grab the development version from the download page and give it a whirl.
Your mod_rewrite rules in the .htaccess file have to be updated but if you delete the “WPSuperCache” rules they can be regenerated by the plugin next time you load the admin page.
There are also a number of other bugfixes and enhancements too so check out the Changelog.txt for more details.
I use WordPress Mobile Edition here and last Sunday I noticed an extra 10,000 requests from Google using odd looking “mobile useragents” like this one:
SAMSUNG-SGH-E250/1.0 Profile/MIDP-2.0 Configuration/CLDC-1.1 UP.Browser/6.2.3.3.c.1.101 (GUI) MMP/2.0 (compatible; Googlebot-Mobile/2.1; +http://www.google.com/bot.html)
The actual mobile device changed but the Google bit stayed the same and all requests came from 66.249.71.2
Eventually I figured out that Google was adding my site to the “mobile” section of their index. Presumably to be served from here. Cool, another way of getting to my site.
PS. the development version also has a small modification to make it go faster by not checking file modification time on each request. This could help on really busy servers.
WordPress MU Catchup: big merge, wpmudev goes gpl and MU support
Exciting times in the world of WordPress and WordPress MU. Last weekend’s announcement by Matt that WordPress MU would merge into WordPress caused a flurry of activity and questions on twitter and on blogs, most notably with speculation that WordPress.org would run on MU and by jeffr0 who asked me on IRC what was happening.
Basically, the thin layer of code that allows WordPress MU to host multiple WordPress blogs will be merged into WordPress. I expect the WordPress MU project itself will come to an end because it won’t be needed any more (which saddens me), but on the other hand many more people will be working on that very same MU code which means more features and more bugfixes and faster too. It also means no more marathon code merging sessions. I certainly won’t miss that.
Meanwhile in the real world, there’s more merging to be done. WordPress 2.8 is expected next Wednesday and it has introduced fancy new stuff I haven’t finished fixing yet in WordPress MU. Expect an MU 2.8 beta sometime next week I hope.
In what I first thought was fabulous news, James Farmer has announced that WPMU DEV Premium has been relaunched. The site offered premium support for WordPress MU for a very long time. It also sold proprietary plugins which I’ve never agreed with (because of the conflict with WordPress) but now all plugins are GPL licensed.
Then I found out that you need to signup and pay a subscription fee to download them. I’m conflicted about it, because if I’m honest, while they’re sticking to the letter of the GPL, the spirit may be lacking.
So, should you signup there for a month, download all their plugins and upload them to WordPress.org? It’s tempting isn’t it? But no, you shouldn’t. This is real income for James, Andrew and company. If their plugins are uploaded elsewhere will they be updated? Will you signup for another month and grab them all again and upload each and every one to separate Subversion repositories? Will you provide support when things go wrong? I didn’t think so.
If it really bothers you that GPLed plugins are not available “free as in beer” then write your own and support it. It’s not something to be done lightly.
When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things.
Of course, WPMU DEV aren’t the only MU support people in town. Check out Ron & Andrea’s musupport.net and of course I recommend the Automattic Support Network where you’ll find me and the rest of Automattic.
Looking at a WPMU Object Cache
In the good ol’ days WordPress came with a filesystem object cache but it was removed some time ago because it was a pain to maintain, and caused problems for some users, especially those using NFS. Nowadays there is an object cache built in, but the cache only survives for as long as a page is being served.
Other developers have taken up the challenge and produced object cache plugins to fill in the gap. There are the neosmart ones including a filesystem object cache and a memcached one (Read Andy’s notes before installing).
The neosmart filesystem object cache (and the others according to #988) don’t work correctly with WordPress MU so I dug up a patched version of the filesystem object cache I worked on a year ago to look for testers.
Download object-cache.txt, rename to .php and copy into wp-content/. It should start working automatically but if you don’t see files and directories in wp-content/cache/, make sure that directory is writeable by the webserver.
The neosmart version on which this one is based doesn’t handle switching blogs at all. Cache collisions occur with data from one blog’s options polluting the options in others. The version linked above should fix that but I’d appreciate some testing by others.
Oh, check out WordPress MU trunk now. I merged WP 2.8 beta1 and I’m fixing bugs. Please install and try it out on a test server! The get_option() and related code is using the same code as WordPress.org which is one of the main reasons I went digging into the object cache. It leans a lot more on the cache than previously. Please test!
John, my personal spammer!
With apologies to anyone named John. Spammers are getting more clever at spreading their links. Now legitimate website owners are using software tools that allow them to enter keywords of their choice to a create a list of related blogs with comment forms. Many of these applications list blogs that pass Google Rank to the websites of visitors. That’s why I stopped doing the “dofollow” thing several months ago. Since then the number of spam comments has gone down slightly. Cookie for Comments stops the spam bots dead but the human spammer scum still get through.
Next time Akismet marks a legitimate looking comment as spam (or you get a comment from someone who was supposedly christened Austin Texas Photographer by his parents), check your logs. Look up the IP address of the visitor. You may find something like this. Note the lack of a referrer, an old Firefox user agent and then “bsalsa.com” is in the UA of the next request for a post. Bsalsa make a Windows toolkit that this software obviously uses. They’re fans of Borland Delphi apparently!
"GET /2006/11/04/cork-cinema-listings/ HTTP/1.0" 200 43366 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.12"
"GET /feed/ HTTP/1.0" 302 84 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11"
"GET /2006/11/04/cork-cinema-listings/ HTTP/1.1" 200 12089 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; http://bsalsa.com) ; User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; http://bsalsa.com) (Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11); .NET CLR 2.0.50727)"
When my blogs were dofollowing, I’d get loads of spam comments every day. The tools used fire off a request to the blog to examine the links on that page. They highlight dofollow links so the user knows their spam comment will generate Google Juice for their site.
I was getting so sick and tired of them I contacted several spammers. Lindsay who commented on inphotos.org replied:
Hi Lindsay,
As a photographer, I’m always looking for other blogs to comment on but it’s hard to find interesting photoblogs that post anything other than photos. How did you find my blog? I didn’t see a Google search in my logs. Is it a special program?
Thanks,
Donncha
She was really helpful, even replying twice when I didn’t reply again:
I actually have a program called G-force fast blog finder. Basically, i put in some keywords and it searches ALL blogs with those keywords. THEN it tells me if those blogs do or do not have the “uComment iFollow” addon. Blogs that allow the “follow” tag are good for search engines if i post a comment with a link to my site.. SO basically, i get to look at photography blogs and comment on them while i help my website obtain some more links.
Basically, search engines rank your page based on a few things, one of them is link backs. Basically, a link from a site to my site is like a vote for my site saying it is good. So the more other websites link to my site, the better.. HOWEVER, some blogs and websites have the NOFOLLOW tag in them which does not let the search engines see it. Your site does allow the uComment iFollow.
We also created a link exchange program on our website. if you’re interested, it helps you too also have links for your site on other people’s site. If you go to my site here:
http://__________.com/catalog/links.php
You can submit your link and even a small picture to be displayed.
Let me know if you have any other questionsLindsay
Yea. I Down loaded a program called fast blogger. They have a free trial and basically you add in search term and it searches all blogs for that term. It gives you lists of links to them and tells you if they are no follow or Ufollow IConment blogs. Basically, by findig blogs related to my webstie and blog and posting comments, it helps my website with the search engines when I post a link. It’s a win win situation. You get blog views and comments and the post gets a link back to third site.
If you are interested, I also have a blog. It’s at http://_____________.com/blog
Feel free to comment away and leave a link back to your blog.
We also have a link exchange. Basically you go to Http://____________.com/catalog/links.php
Click submit link and then we will add another link to our website. All we ask is you link back to us in return.
It’s basically everyone helping each other in order to get good page ranking for thief keywords
If you have any questions , Id be happy to answer.
Lindsay
Very helpful wasn’t she? Unfortunately it was the final straw. All links in comments are nofollowed again. Bloody spammers.
The spam comments continue but recently I’ve taken to changing the name of the person to “John”, removing their email and url and then allowing through the comment.
Thanks John!
WordPress MU 2.7.1
WordPress MU is a multi user or multi blog version of WordPress that can be used to run sites like WordPress.com.
This release of WordPress MU has been much delayed but I think it’s been worth the wait. Included in this release are a number of new features and many bugfixes. Get it from the MU download page.
Update! In the final rush to get this post written I neglected to add that this release fixes a vulnerability in the importer system that would allow an untrusted user to run PHP code. Thanks to Alexander Concha for discovering the vulnerability and to Barry Abrahamson who recognised that some servers treat unknown file types as PHP scripts.
One more reason to upgrade.
New features and changes include:
- A revamped plugin system thanks to Andy Peatling. Plugins installed in the plugins directory rather than mu-plugins can be activated and deactivated on all blogs with one click.
- The admin bar was removed. It’ll be stuffed into a plugin instead. Must talk to Viper007Bond about that.
- A new “My Blogs” page where a user’s blogs are listed and personal “per blog” settings can be configured. It’s empty right now but it’s easy to add settings to it via plugins. Imagine having a different “Display Name” on each blog you write on! See SetupMenu and HandleFormPOST in the just removed admin bar for example code. That code uses actions rather than filters but it’ll get you started.
- The site admin can now set a Global Dashboard blog for users who donβt have blogs. Those users will be added to this blog rather than the main blog. The default role of users on that blog can also be set but if they’re not “Subscribers” they won’t be moved if you change the Global Dashboard.
They’re the major changes. Smaller changes include notification of failed blog upgrades [1728], MU will now ignore free space checks when importing posts [1725] and lots more. Check out the timeline for further details.
If you’re running WordPress MU 2.7 you can upgrade from inside the Dashboard. The system will notice that a new version is out and will lead you through the upgrade process, just like in regular WordPress. Plugins can be updated as well through the familiar plugin upgrade process as long as your plugins are hosted on the WordPress.org Plugins Database.
As always this release would not have been possible without the help and encouragement of many people along the way. I know I’ll leave out someone if I try to list everyone but I appreciate all the help people give working through tickets, and helping on the forums.
PS. WP Super Cache was updated today too. New features include an option to stop caching for logged in users, it doesn’t cache previewed posts, and it displays cache size summary information on the admin page now.
PPS. Happy birthday Adam! 2 today and Dad’s finally getting away from the computer now! π