I realised I haven’t updated in a week, yet I have. I’m Donncha on the following social webs:
Ah yes, them were the days when we had to type blog posts on quaint old keyboards. Can you imagine it? You actually had to write everything letter by letter. Today’s thought entry systems are so much more convenient don’t you think?
That there Matt fella is still the youngster he always was. He may not be quite as fast on his feet but that embedded camera in his skull sure takes some snazzy photos. My camera gives me a headache, especially when the lens doesn’t focus fast enough. Great to see that mind blog integration stuff working out for him though. I can’t believe blogging has come so far in such a short time.
Oh wait! Fifty? It’s only been five. Where have the years gone? Matt noticed that I officially joined the WordPress team 5 years ago today! At the time I was working on the predecessor to WordPress MU, b2++ that was running on Linux.ie Blogs. It was a sometimes hard slog. MU was always on the sidelines of the WordPress community and somehow it escaped the attention of the vast majority of people online. I noticed many surprised voices when people found out what was running on WordPress.com!
Two years later and Matt starts Automattic and I come on board to work on WordPress.com and I’ve never looked back. The GPL licensed WordPress and WordPress MU go from strength to strength.
As a final note on this rambling post, if you enjoy using WordPress, head over to gnu.org and read their philosophy page to find out what influences Matt and Alex and everyone else who contribute to GPLed software projects.
This was a nice surprise. While enjoying a lovely meal in the Castle Hotel in Blarney a courier rang me with a package. I wasn’t expecting anything but luckily he was close by and I met him in front of the local Garda station. Brimming with excitement I ripped open the package sending stickers and badges flying everywhere. Some landed in my burger, a few badges in my wife’s quiche and the baby grabbed a sticker or two before they fell on the ground.
No, I’m joking, but I did get a jiffy bag with a nice portrait of (most of) Automattic in Arizona and quite a few badges and stickers.
Before you ask, I’m not sending anyone any. I’ve already promised stickers to one person who’s been waiting a few months, and John probably thinks he’ll get his badges and stickers this year but I wouldn’t hold my breath if I was him. Sorry!
On the other hand, if I meet you on the street, I may have a supply of badges and stickers in my camera bag so don’t be afraid to ask. I will of course have badges and stickers to give out at the Doneraile photowalk next month. If you’re around the area, feel free to join us exploring and photographing Doneraile Park!
The long delayed version 1.5.1 of WordPress MU has just been released. If you don’t want to read the rest of this post head to the download page and grab the zip file or tarball but make sure you come back here to read the upgrade docs.
This release of the popular multi-blog version of WordPress is synced with WordPress 2.5.1 and so has all the great features as well as bug and security fixes that went into that release.
Upgrading from a previous release
As long as you haven’t modified any core files, you can copy the files in 1.5.1 over your current install. Database upgrades will happen transparently in the background. The new salted hashing on passwords requires two constants, SECRET_KEY and SECRET_SALT to be defined in wp-config.php. If you upgrade and you don’t change wp-config.php your users will appear logged out when they go to a different blog. That’s why MU will display an ugly warning message to site admins with the two lines when they log in to the backend.
If you run into trouble, remember to check the forum and Trac. Someone else may have already answered your question.
The first release candidate of the new WordPress MU 1.5 has just been released. The obvious major change is the new admin interface and password salting introduced in WordPress 2.5, but apart from them many bugs have been fixed.
There is also experimental support for CSS styles, something that has been missing from MU for quite some time due to XSS concerns. This function does the work of filtering out bad stuff and I would appreciate feedback, both positive and negative, especially with security concerns.
This release is quite stable, but there will probably be bugs still. Please only test it on a development server, and if you’re brave enough to put it live, make sure you have backed up everything first.
Check out the WordPress MU timeline for further information, and download the zip file here if you’d like to test it.
A few people stumbled across a strange bug in WP Super Cache. If your index.php was cached by the plugin then feeds or other pages that hadn’t been cached would show the front page!
A simple way to fix this is by adding “index.php” to the list of rejected URIs, but then it won’t be cached at all. This release fixes the problem but also allows index.php to be cached by the WP Cache engine, much better than excluding index.php completely.
Also included is a new feature that inserts your rewrite rules in a new .htaccess block. That will stop WordPress overwriting the rules after doing an upgrade, or after changing permalinks. The plugin won’t update your .htaccess if it finds the rules already in the “WordPress” section, but if you visit your permlinks options page and hit “Save Changes” the plugin rules will be deleted. Go to the WP Super Cache admin page where you can update the rules again. They’ll be inserted in a “WPSuperCache” block above the WordPress rule block.
If all that seems a bit technical, just go to your permalinks options page and hit “Save Changes” without changing anything, then update your rewrite rules on the Super Cache options page!
Go grab the plugin from the usual place.
I never saw this obscure problem because I redirect hits to /index.php to / using this mod_rewrite rule and php code. This used to help avoid duplicate content rules but I think Google is smarter now. It probably will help reduce pagerank dilution because all requests will go to one homepage url, rather than two.
.htaccess:
RewriteRule ^index\.html / [R=301,L]
wp-config.php:
if( $_SERVER[ 'REQUEST_URI' ] == '/index.php' ) {
header( "Location: http://ocaoimh.ie/", 301 );
die();
}
Thanks to Dax (NSFW text) who figured out the problem with index.php caching.
My new Theme Tester plugin allows you to change themes and view the results without the visitors to your blog seeing any changes.
There is one cavaet. Your visitors may notice some changes if your current theme uses blog options that a new theme overwrites. This could happen if for example you’re testing a newer version of your current theme or testing a theme based on the same engine as your current theme. The K2 theme springs to mind here because it’s the base for several other themes but YMMV.
I used the plugin already when I trawled the themes sites and the archives at Weblog Tools Collection for a new theme for this place. As you can guess if you’re a regular visitor, I haven’t changed theme yet, but I found a couple of very pretty designs that may make an appearance here eventually.
I used the Simple Trackback Validation plugin for a while until I noticed these errors showing up in php_errors.
PHP Fatal error: Cannot instantiate non-existent class: snoopy in /home/www/wp-content/plugins/simple-trackback-validation/simple-trackback-validation.php on line 158
This morning I decided to fix it as the spammers have been going crazy. I spotted dozens of POST requests to trackbacks as I tailed my log files.
How to fix the plugin:
$stbvSnoopy = new Snoopy;
include_once( ABSPATH . 'wp-includes/class-snoopy.php' );
It’s no substitute for Akismet but along with Cookies for comments it should help keep your blog spam free!
Or, as I’ve just done because this blog is being inundated with trackback spam right now (over 17,000 in the last 9 hours), I blocked off access completely with this rewrite rule. Any WordPress blog will send a pingback anyway and MT even supports pingback now!
RewriteRule ^(.*)/trackback/ - [F]
When is the best time to upgrade your blog software?
The best time is right now. Spammers are taking advantage of exploits in old versions of WordPress and inserting hidden spam links in posts and using WordPress powered blogs to distribute viruses and malicious software. They’re also using these exploits to run their own code on your server.
This morning I spotted an Irish blog in my feedreader that had hidden links added to it. I contacted the blog owner and she’s going to upgrade her blog soon.
The best way of stopping them is by downloading the latest version of WordPress which at the moment is 2.3.3 2.5 and if you use use WordPress MU you should download version 1.3.3 of that. Once you’ve upgraded change the passwords of all your users. On WordPress MU sites, it’s probably enough to ask any user with site_admin access to change their password. To make your life easier, try the WordPress Automatic Upgrade plugin. I haven’t used it yet but it works for a lot of people.
If you suspect that your blog has been compromised and you have already upgraded then please change your passwords and overwrite your current install with the files from a newly downloaded copy of WordPress. It’s worth checking that no extra php files have been added too.
Running your own blog is about more than just writing and contributing to the blogosphere conversation. You also have an important responsibility to be a good ‘net citizen by keeping your software up to date.
If you absolutely cannot upgrade straight away then adding a .htaccess file in your wp-admin/ directory and adding another username and password level of authentication might help. This page describes how to do that, but it is no substitute for upgrading to WordPress 2.3.3 2.5. You should delete you xmlrpc.php too, thus depriving yourself of pingbacks and desktop blog posting abilities.
Go on, upgrade. After you do it once it doesn’t seem so scary.
Update! To find any posts with hidden links search your posts for any of the following:
You can use the Search box on the posts edit page, or phpMyAdmin.
Open up phpMyAdmin, go to wp_posts, click Search and in the box next to post_content type %string% where string is one of the two options above.
That may return posts that don’t have any hidden links but it’s better to be safe than sorry.
It’s been a while since the last release of WP Super Cache, so it’s about time to release the updated code on the world!
This plugin allows a WordPress blog to be served directly from static HTML files just like another popular blogging engine.
When this plugin was originally released some users noticed strange folders being created in the root folder of their blogs. I was never able to replicate it and despite my efforts to track down the bug it remained unfixed. Well, I fixed that bug thanks to whooami and to Jennifer who allowed me to login to her server and debug my script. Barry was astute enough to figure out why it happened.
Other changes include:
One more thing to note. If your blog is visible at a URL with or without the www you should decide which one is more important to you and download the Enforce www preference plugin. Super cached files are stored in a directory named after the hostname so if you go to the www URL and someone else goes to the url without the www they won’t see the static html file. Deciding on one URL avoids any issues with duplicate content too which is probably much more important too.
Grab WP Super Cache 0.6 from the download page!