All Things Cahill

Wordpress 2.6 - It’s a CMS, Baby!

I remember when I first setup Wordpress back in 2003, the old 1.x days, my comment was that “It’s just like a CMS (content management system) with most of the functionality removed.” Well, with the release of Wordpress 2.6, I can finally eat my words. It’s now simply a content management system, and a darned good one at that.

That’s right, content management system. To call it a blogging platform is to sell it short. It’s now all the features I expect to see in a simple content management system, and two that we do not expect to see: it is both easy to use and easy to maintain.

Is it Enterprise level software? No, probably not, although it is certainly scalable and customizable. But that doesn’t mean it’s not in use at corporations around the globe. I know of many that now rather than calling their Interwoven contractor will fire up a new WP install for certain needs.

So here is a run down of the new features that make the difference for me:

• Revision History: this was never a big deal to bloggers, as we generally are lone gunmen. However when you enter a multiple user environment, you need a fast and easy way to see who did what and when, plus the ability to revert to a previous version. This is a staple of the *big bad print cms editorial system* and has been a glaring hole in the WP system by my estimation.

• Image Editing: The previous version hinted at the auto resize capability of the system by offering thumb, medium or large image sizes for anything you uploaded. Now I can select the exact width I want for the image, assign any of the data I want, link it as I wish, all within a neat little flash app. Image editing in Wordpress.
  

  Image editing in Wordpress

• Image Resize: Now I can resize to any size I want (just upload the image, click “insert to post” then you can reopen the image by hovering over it in the editor, clicking the edit image that will appear on the image, and you’ll see you have complete resize options.
• Add Style Code to Image: Also, now I can edit style code directly into the image editor. This is the main reason that you always see my images aligned on this blog to the right, I never took the time to add a padding-right: 3px; to the style sheet, so I didn’t like the way it looked. These styles can now be added directly in the editor.
  
  
• Image Caption: Then there’s the image caption feature - again, I can just write in a caption and I’ve got an image caption. One of the little things, but it’s been missing from this (and many other cms systems) for a long time.
• More Edit Info In Editor: I can now at a glance see the last save time, last edited by and word count info. Also, I have direct link access to see comments, manage comments, manage all posts, manage categories, manage tags, and view drafts. Basically the stuff I need if I’m a production editor working on numerous posts, is right there, so I don’t have to go looking.
• Better Plugin Management: I love that they have separated my active plugins from my inactive plugins. Of course, it just highlights to me that if I am not using a plugin it should be removed.
• Gears Integration: Typically when we start to add so much functionality via a browser, performance starts to drop. I haven’t seen any issues, but Wordpress has added Gears support to handle this. Just click the “turbo” button in the far upper right hand corner.

The single biggest feature though, is one that will come in handy for the lone gunman blogger: they will now be able to do an automatic (single click) update for Wordpress when a new version comes out. That’s a huge feature, and will help the less technical stay up to date and secure.

So far, the only issue I’ve seen is that my Tag Suggest Plugin appears to have stopped working. A very small price to pay. I was able to update the site in about 10 minutes, most of which was spent downloading and uploading files. For the first time I did an autoupdate on the recently updated plugins, which was sweet.

Congratulations to the Automattic team and happy Blogging Content Managing to all!

(An after thought a day later: I should probably mention that I’ve got 10 high volume multiuser sites running on WP, where we use it as a CMS, some getting over 10 million visits a month. This update brought in the final bits the system needed in my estimation...)

Tags: Automattic, bloggin software, content management systems, Wordpress, wordpress 2.6, wordpress 2.6 review

15 Jul 08 | Blogging, Content Management, Publishing Technology, Technology, Web Design | Comments (2)

MySQL Table Locking & Wordpress Scalability

I ran into an interesting issue recently, and since I had so much trouble finding a solution, I’ll post about it.

We have a very large Wordpress site with somewhere around 32,000 posts. Sometime during may the database (MySQL 5.10) started to randomly crash, taking along with it the Apache server, etc. Every time the crashes occurred, we’d find that the number of users had climbed over the available processes, in this case, 501.

We went through a whole host of possible causes, most notably a quick cleanup of some rather dubious plugins, etc. Then we upgraded our wp-cache to Wp Super Cache, which has been tremendous. Our standard 30-40 mysql connections dropped immediately to an average of 2 or 3. Even though we still had the random database crashes, now the Apache process would continue to run, often serving pages throughout the outage. Actually the whole thing was quite astonishing.

In the end, our DBA Glenn Nadeau suggested we take a look at the size of our tables. Sure enough, our wp-posts table had climbed to 32,000 rows. Apparently when you query over 30,000 rows, MySQL will lock the tables. Hence our issue.

After a little searching we found the get_posts() function was being used in one of our templates to return pretty much everything from the posts table, even though all but 20 results were being discarded in the next line of the script. A simple date limit on the query brought it’s execution time down from 35 seconds to milliseconds.

get_posts() is a standard Wordpress function that we often use in our templates. Be very careful if you have a large site with tons of posts that you limit the query. As they say, be careful what you ask for, you may just get it.

Tags: database problem wordpress, get_posts(), mysql, mysql table locking, Wordpress, wordpress scalability

01 Jul 08 | Blogging, Technology | Comments (0)

Wordpress Security 101

Last Wednesday I delivered a presentation entitled “Wordpress Security 101″ which got the discussions started in earnest about Wordpress Security among our team.

| View | Upload your own

Here are the takeaways:

• Keep your blog up to date
• Don’t use plugins that aren’t in general public use unless you know who wrote them or have thoroughly reviewed the code
• Forms for reader upload/feedback are the single biggest point of attack - be sure if you code one you use the Wordpress “Nonce” function to keep junk off your server
• Watch out for other programs you may add to your site
• Keep up to date on both OS and DB - if your host doesn’t do this, get a new host
• Keep your Wordpress installation up to date.  Recent versions will warn you that there is an update available
• Remove the XML-RPC file if you don’t use an external blog editing program.

Tags: blog security, Wordpress, Wordpress Security

23 Jun 08 | Personal | Comments (2)

Techcrunch Says Wordpress a Massive Security Risk

(The link to the article is lower in this post, to ensure the proper text appears in the Techcrunch trackback…)

Techcrunch yesterday featured an article by Nik Cubrilovic with the salacious title “Wordpress Security Issues Lead To Mass Hacking. Is Your Blog Next?“  - from that article:

Due to its popularity as a blogging platform, Wordpress has become a prime target for hackers looking to take over blogs for search-engine optimization (SEO) of other sites they control, traffic-redirection and other purposes. Recently there have been a spate of automated attacks which take advantage of recently discovered security vulnerabilities in Wordpress.

To date, Wordpress has been keeping up with the security holes by releasing updates within a few days of new exploits being found, but in the past few days new exploits have appeared that nobody seems to have answers for.

Okay, that kind of talk gets my interest.  Funny thing, when I was talking with the Automattic guys (who develop Wordpress) yesterday, no mention was made of any new security vulnerabilities.  So I had a look at the stuff he cites  as “the past couple days” and the issues are all over a year old, and affect out of date versions of the software, and are remedied in current releases.

So we have a situation in which one of two things is happening:

• This is a “hit job” on Automattic by Techcrunch for reason or reasons unknown - if so, shame on you…
• Or…there are vulnerabilities which Techcrunch did not identify so as to allow Wordpress to come up with a fix.  If this is the case, I applaud their handling of the issue.

Either way, Techcrunch in general, and Nik Cubrilovic in  particular need to clarify the existence of new security holes, and they need to do it fast.

Tags: Automattic, Michael Arrington, Nik Cubrilovic, security issues, techcrunch, Wordpress, Wordpress Security

13 Jun 08 | Blogging, Technology | Comments (3)