Home » Software Updates (Page 6)
Category Archives: Software Updates
Be Careful of the Autoupgrade Feature in WordPress
As many of you who’ve upgraded to the new WordPress 2.5 version have maybe noticed there is an option on the Plugins page which basically suggests that you can auto-upgrade a plugin. I would strongly suggest you do NOT use this function right now. First off, this is not a feature that is directly supported by plugin authors, it is a function that works outside of the plugin. So if something goes wrong there may be no way for any plugin author to help you fix the situation since the plugin itself did not do the action. Secondly it’s been acknowledged that this feature is really not very robust yet and may very well fail and hose your entire WordPress insall.
I would strongly suggest that you continue to download all plugins yourself and upload them to the server. In the case of AWSOM.org plugins they all upgrade themselves properly when you reactivate them, so it’s actually not really more difficult anyway.
UPDATED: AWSOM News Visual Editor Test File Available
I have a test file now available for the AWSOM News Announcement plugin that I hope starts to fix the major issues present in the Visual Editor in WordPress 2.5.1. The files are available at http://www.awsom.org/filerepository/awsomnewstinymcefix.zip . Simply unzip the folder and replace the files on your server with the ones in the zip file. This file does not fix the weird name problem (where the image popup window has only variable names displayed), but I think it fixes the major issue of changing absolute links to relative ones, which was breaking adding images using the add image function. The editor now looks more like the Post/Page version.
Please email me or comment here or at Harknell.com and let me know if the new file helps the situation.
UPDATE:I’ve decided to skip the idea of integrating with the built in WordPress tinyMCE and now have packaged a version of the Visual Editor directly into the AWSOM News plugin. Right now this is a test so literally every possible function is enabled. I can’t guarantee everything works in this test version though, so it’s for people who really need to use the Visual Editor and want to try out something immediately to see if it will work for them now. I’ll package up a formal update soon.
Visual Editor Issues in AWSOM News and Pixgallery
The Visual Editor function in the current versions of AWSOM News Announcement and AWSOM Pixgallery do not function entirely properly with WordPress 2.5.1. The new version of WordPress added in a new version of tinyMCE (updated from 2.x to 3.x) and as a result broke the code that I use to add the editor to my plugins. The Visual Editor still works fine for versions of WordPress previous to 2.5.1, but I’m working to get it to work properly in the current version. The most obvious issues are with missing language text for some of the functions, and improper relative URL paths being created when attempting to add images using the editor. Keep checking back and I hope to get this fixed soon.
WordPress 2.5.1 released, major security fix required
WordPress 2.5.1 has been released, and all 2.5 users should immediately upgrade to the new version. There is apparently some kind of security vulnerability fix in the new version, so this is a critical upgrade for all users. I suspect it’s probably related to the ongoing series of issues that are causing spam attacks on older versions of WordPress, so this is a pretty big reason to be constantly on the lookout for irregular things occurring on your sites and make sure you always have the most updated versions of plugins and such installed.
So far it looks like all of the AWSOM plugins are unaffected by the upgrade and still work properly. If you encounter any issues though please let me know.
Spam Hack in Progress across WordPress sites
There is currently a large scale spam attack on WordPress sites that is ongoing and affects primarily WordPress versions 2.1.x and 2.2.x (it’s not clear if 2.3.x or 2.0.x are affected, but it seems likely they aren’t). The attack results in a large number of spam listings injected into either posts or theme files which are then set to be hidden through css. Your will typically find that you’ve been affected when Google contacts you to say you are being de-listed due to a high number of spam links on your site. It is also typical for the attackers to delete all of your pages from your site for some reason, so if you load your site and all of your pages are gone you may have been hacked.
It’s not entirely clear what method the hackers are using to get admin access to the affected sites, but from my observation it may be a privilege escalation attack using the comment system. In some cases a random user account was created right before the attack. It was also noted that the comments.php theme file was altered to add in a console access applet which allowed for low level server access. If you get hacked make sure you check every theme file to make sure no malicious code was added–or better yet, reload your theme files from a backed up or fresh copy, and delete out any suspect user registrations.
WordPress 2.5 is apparently not affected by this problem, so an upgrade should help. I have upgraded my sites to 2.5 and have managed to mostly get things working (though my archive page on this site is currently non-functional). It looks like this is the unfortunate little push that will force most people to upgrade, though I strongly suggest making sure first that there are updated plugins that work with 2.5.