Archive | wordpress RSS feed for this section
April 25, 2011

Movable Type To WordPress Permalink Oddness

For some bizarre reason the WordPress importer changes the post names from "thing-other-thing" to "thing_other_thing" ie. replacing the dash with an underscore.

The simplest way to fix it is to run a bit of SQL directly on the database:

update wp_posts set post_name = replace(post_name,'_','-');

Thanks to the person who provided the solution here

Related Posts:

April 23, 2011

TimThumb and Zemanta Don’t Play Nice Together

Over the last few days I've been testing a few WordPress themes that use TimThumb for generating thumbnails of both images and video.

TimThumb works very well in most situations, though you can run into the odd issue if your directory permissions aren't correct. In order for it to work it has to have somewhere it can store the thumbnail images.. and that has to be writeable by the server.

However, unless the server you are on has incredibly tight security settings, it's quite easy to "fix" that problem.
But I was still seeing issues on one site where it simply refused to display any thumbnails.
To add to the frustration there were no errors in the logs.

After pulling out some of my hair (I don't have a lot to begin with) I finally realised that the issue was with Zemanta's invisible pixel image.

Removing it from the posts resolved the issue.

Related Posts:

April 14, 2008

Hack Any WordPress Blogs Lately?

I feel sorry for the WordPress developers, but I feel even more sorry for their users.

Over the past year WP users who have been keeping track of updates etc., have had to update and upgrade their installs so many times that it's not funny.

The way I see it WordPress users fall, broadly speaking, into two main categories:

  • Casual users
  • Geeks

Casual users want a CMS to use for their website or blog. They like the way it's easy to install and they've heard good things about it. Lots of webhosts offer easy installers for WordPress.
Lots of designers like working with the WordPress templates.

Neither the casual user or the designer is going to be signed up for security alerts from Secunia or Security Focus  or any of the other security sites.

Geek users are probably more likely to play with stuff and are probably going to install lots of plugins.

Now a hardcore geek might check into the source of a plugin to see if the code is "sane", but the average blog jockey probably isn't that concerned with security.
They're not going to worry about the security holes that CMS with php code in its templates could actually cause.

Why would they?

So WordPress has had security issues in the past.
Surely the latest version resolves all of these?
Surely a major update would bring more than just eye candy?

Seemingly not.
According to Security Focus WP 2.5 is open to SQL injections.
What does that mean in English?
It means, simply, that an evil person could inject data into your blog's database ie. content

There's a longer article discussing some of the implications over here with some back and forth between the author and Mr WordPress - Matt Mullenweg.

In typical fashion Mullenweg tries to attack the author instead of addressing user concerns.

A simple "we aren't aware of any issues" or something along those lines would have been so much more graceful, but no, that was not the case.

I'm no longer a WordPress user, so I can't tell first hand, but is there a glaring big flashing light going off on WP installs if the software is out of date and needs to be upgraded to address security issues? Is there?

Open X has had that for ages. It practically forces you to upgrade as soon as you login to an out of date install. They also don't mind telling users about security holes, instead of adding them as an afterthought.

Now whether or not the latest security hole is a real danger or not is irrelevant. It doesn't matter. Seriously.

What does matter is that people trusted WordPress, but are now being embarrassed when their sites are defaced or hijacked

Transparency and honesty nearly always win out and taking a proactive stance on webapp security should be part and parcel of any developer's modus operandi. Shiny interfaces may help the bubble 2.0 crowd, but when the bubble bursts it would be nice to see things with a proper foundation.

(And WP isn't the only webapp with a dire security history - I'm looking at you Joomla and you PhpBB)

Related Posts:

March 20, 2008

WordPress.com Censoring Blog Content?

I came across this earlier this evening.

I don't use certain types of language in my own writing and have mentioned this more than once in the past, but can a company offering a blog hosting service suspend a site for language use?

Where exactly do you draw the line?

What exactly is "offensive"?

Thoughts on a postcard ....

Related Posts:

February 12, 2008

MovableType Developer With A Sense of Humour – WordPress For Movable Type!

Mark Carey is one of the more active MovableType plugin developers. Some of his plugin have to be simply categorised as "cool". There's no other word that sums them up aptly, though I'm sure you could find plenty if you tried.

His latest plugin release is a stroke of genius - WordPress Interface for Movable Type

It does pretty much what it says "on the tin" and replaces the MovableType "classic" interface with one that not only looks and feels like WordPress, but also emulates a lot of the behaviour (from a UI perspective).

You can give it a whirl here  - username: demo pass: demo

Screenshots and more details on his original post

He may have done it almost as a joke, but it also shows how incredibly flexible Movable Type can be.

Evil thought - you could replace someone's WP install with this and they probably wouldn't even notice!

Related Posts:

February 7, 2008

MovableType Gets Ping!

Byrne Reese is a really cool guy who seems to come up with cool stuff on a regular basis.

He's just released a small plugin for Movable Type that will bring "pingback" to Movable Type and make the transition from WordPress that bit easier for users.

Very cool!

(It's implemented here as of 5 minutes ago, but may explode!)

Related Posts:

January 28, 2008

Back in the Office – WordPress Without Caching is Evil

I'm back in the office this morning and trying to catch up on emails etc.,

If you've emailed me in the last week or so and haven't got a reply now you know why :)

Of course if your email didn't have a semantic subject line I probably won't find it ever - sorry!

I've also got a bit tired of clients being negatively affected by WordPress' dumb caching (or simple lack of it!) which has led to this.

All I'll say is this. When this site made it onto the frontpage of Digg the server barely flinched. If I'd been using a default install of WordPress the site would have taken out the entire server...

Related Posts:

September 25, 2007

WordPress Release Raises Privacy and Security Concerns

The latest release of WordPress was made public earlier today. Since I've stopped using WordPress I wasn't aware of it until I caught up with my RSS feeds a short time ago.

Whether the new release brings enhancements or new features won't really matter to anyone, as the new release brings with it a new "phone home feature":

Our new update notification lets you know when there
is a new release of WordPress or when any of the plugins you use has an
update available. It works by sending your blog URL, plugins, and
version information to our new api.wordpress.org service which then compares it to the plugin database and tells you what the latest and greatest is you can use.

How?
Well it seems that it sends a lot more data back to WordPress than is actually necessary and the lead developer, Matt Mullenweg, doesn't seem to have a reasonable explanation for this.

There's a couple of posts about the issues this raises and a very long discussion of it on the a mailing list (worth reading!)
The key point being raised time and again is that people aren't given an option to opt-out of sending the data. It might also be seen as breaching EU privacy legislation according to one contributor.

UPDATE: You can disable the call home function via a 3rd party plugin. If you read the mailing list thread there's one or two options mentioned.

Related Posts:

August 26, 2007

Blog Migration

If you're seeing this entry in your browser or RSS reader you are looking at the new home for this site.

There are probably a few broken things, but they'll get fixed (I hope!)

Related Posts:

css.php