All Things Cahill

Wordpress 2.6.3 Released, and Issues with Auto Upgrade

The folks at Automattic today released Wordpress 2.6.3 which is a minor security patch to the Snoopy script they use for displaying rss feeds in the admin area.  Not an utterly crucial upgrade, but one you might want to take just to be sure your secure.  The upgrade took me 5 minutes using the auto upgrade plugin.

One issue that I noticed while using the auto upgrade plugin, which was also upgraded, was that the script failed repeatedly on the database backup step.  I was forced to skip that step (I used the database backup plugin to grab one).  If you find you have the same issue, you may want to skip that step as well.  Just be sure to get a db backup (and you should be getting those weekly!).

Now’s probably a good time to mention that we’ve got another major Wordpress Upgrade on the way, 2.7, which should be here in November.  Again, there will be major changes in the Admin area as they clean it up even more and make it more useful for us.  For an overview of the new Admin UI, have a look here.

So what’s the 2.7 upgrade mean to you?  Basically it’s going to provide a more logically oriented admin area, and one in which we’ll better be able to build upon into the future.  As I’ve said before, Wordpress is not longer just blog software, it has become a full fledged open source content management package, and this is yet another move in that direction.

On another front, Automattic will also be releasing the 1.0 level version of BBPress, their forum package which provides tight integration with Wordpress. I’m particularly interested in this package, as I work with BBPress on almost a daily basis, but honestly, the feature list doesn’t even approach that of vBulletin or even Simple Machines.  Still, I’m hopeful for a vast improvement over the 0.9 code stream.

Tags: Automattic, Wordpress, wordpress 2.6.3, wordpress 2.7, wordpress automatic upgrade

Wordpress 2.6 - It’s a CMS, Baby!

I remember when I first setup Wordpress back in 2003, the old 1.x days, my comment was that “It’s just like a CMS (content management system) with most of the functionality removed.” Well, with the release of Wordpress 2.6, I can finally eat my words. It’s now simply a content management system, and a darned good one at that.

That’s right, content management system. To call it a blogging platform is to sell it short. It’s now all the features I expect to see in a simple content management system, and two that we do not expect to see: it is both easy to use and easy to maintain.

Is it Enterprise level software? No, probably not, although it is certainly scalable and customizable. But that doesn’t mean it’s not in use at corporations around the globe. I know of many that now rather than calling their Interwoven contractor will fire up a new WP install for certain needs.

So here is a run down of the new features that make the difference for me:

• Revision History: this was never a big deal to bloggers, as we generally are lone gunmen. However when you enter a multiple user environment, you need a fast and easy way to see who did what and when, plus the ability to revert to a previous version. This is a staple of the *big bad print cms editorial system* and has been a glaring hole in the WP system by my estimation.

• Image Editing: The previous version hinted at the auto resize capability of the system by offering thumb, medium or large image sizes for anything you uploaded. Now I can select the exact width I want for the image, assign any of the data I want, link it as I wish, all within a neat little flash app. Image editing in Wordpress.
  

  Image editing in Wordpress

• Image Resize: Now I can resize to any size I want (just upload the image, click “insert to post” then you can reopen the image by hovering over it in the editor, clicking the edit image that will appear on the image, and you’ll see you have complete resize options.
• Add Style Code to Image: Also, now I can edit style code directly into the image editor. This is the main reason that you always see my images aligned on this blog to the right, I never took the time to add a padding-right: 3px; to the style sheet, so I didn’t like the way it looked. These styles can now be added directly in the editor.
  
  
• Image Caption: Then there’s the image caption feature - again, I can just write in a caption and I’ve got an image caption. One of the little things, but it’s been missing from this (and many other cms systems) for a long time.
• More Edit Info In Editor: I can now at a glance see the last save time, last edited by and word count info. Also, I have direct link access to see comments, manage comments, manage all posts, manage categories, manage tags, and view drafts. Basically the stuff I need if I’m a production editor working on numerous posts, is right there, so I don’t have to go looking.
• Better Plugin Management: I love that they have separated my active plugins from my inactive plugins. Of course, it just highlights to me that if I am not using a plugin it should be removed.
• Gears Integration: Typically when we start to add so much functionality via a browser, performance starts to drop. I haven’t seen any issues, but Wordpress has added Gears support to handle this. Just click the “turbo” button in the far upper right hand corner.

The single biggest feature though, is one that will come in handy for the lone gunman blogger: they will now be able to do an automatic (single click) update for Wordpress when a new version comes out. That’s a huge feature, and will help the less technical stay up to date and secure.

So far, the only issue I’ve seen is that my Tag Suggest Plugin appears to have stopped working. A very small price to pay. I was able to update the site in about 10 minutes, most of which was spent downloading and uploading files. For the first time I did an autoupdate on the recently updated plugins, which was sweet.

Congratulations to the Automattic team and happy Blogging Content Managing to all!

(An after thought a day later: I should probably mention that I’ve got 10 high volume multiuser sites running on WP, where we use it as a CMS, some getting over 10 million visits a month. This update brought in the final bits the system needed in my estimation...)

Tags: Automattic, bloggin software, content management systems, Wordpress, wordpress 2.6, wordpress 2.6 review

Techcrunch Says Wordpress a Massive Security Risk

(The link to the article is lower in this post, to ensure the proper text appears in the Techcrunch trackback…)

Techcrunch yesterday featured an article by Nik Cubrilovic with the salacious title “Wordpress Security Issues Lead To Mass Hacking. Is Your Blog Next?“  - from that article:

Due to its popularity as a blogging platform, Wordpress has become a prime target for hackers looking to take over blogs for search-engine optimization (SEO) of other sites they control, traffic-redirection and other purposes. Recently there have been a spate of automated attacks which take advantage of recently discovered security vulnerabilities in Wordpress.

To date, Wordpress has been keeping up with the security holes by releasing updates within a few days of new exploits being found, but in the past few days new exploits have appeared that nobody seems to have answers for.

Okay, that kind of talk gets my interest.  Funny thing, when I was talking with the Automattic guys (who develop Wordpress) yesterday, no mention was made of any new security vulnerabilities.  So I had a look at the stuff he cites  as “the past couple days” and the issues are all over a year old, and affect out of date versions of the software, and are remedied in current releases.

So we have a situation in which one of two things is happening:

• This is a “hit job” on Automattic by Techcrunch for reason or reasons unknown - if so, shame on you…
• Or…there are vulnerabilities which Techcrunch did not identify so as to allow Wordpress to come up with a fix.  If this is the case, I applaud their handling of the issue.

Either way, Techcrunch in general, and Nik Cubrilovic in  particular need to clarify the existence of new security holes, and they need to do it fast.

Tags: Automattic, Michael Arrington, Nik Cubrilovic, security issues, techcrunch, Wordpress, Wordpress Security