Home » Website Administration (Page 5)
Category Archives: Website Administration
WordPress 2.5.1 released, major security fix required
WordPress 2.5.1 has been released, and all 2.5 users should immediately upgrade to the new version. There is apparently some kind of security vulnerability fix in the new version, so this is a critical upgrade for all users. I suspect it’s probably related to the ongoing series of issues that are causing spam attacks on older versions of WordPress, so this is a pretty big reason to be constantly on the lookout for irregular things occurring on your sites and make sure you always have the most updated versions of plugins and such installed.
So far it looks like all of the AWSOM plugins are unaffected by the upgrade and still work properly. If you encounter any issues though please let me know.
Language Display issues in WordPress
I’ve had a few reports come in that people using the AWSOM News Announcement plugin or Pixgallery have been having some issues displaying different language types, most notably Asian or other non-English based character sets. The fix for these issues with AWSOM plugins, or any other plugins displaying this phenomenon, is within the WordPress database. When a database is set up in MySQL one of the things you can assign to it is the language encoding type. In addition, all of it’s fields and tables can also be assigned a language encoding type. By default MySQL utilizes Swedish as it’s encoding type (MySQL was developed in Sweden). WordPress typically tries to set up it’s database as UTF-8. In some cases this doesn’t work right, especially if the admin has updated their version of WordPress continually from a version previous to WordPress 2.1.x where this wasn’t defined.
So, the fix is to go to the database directly though phpmyadmin or another database editor and change the language type for the affected Tables and fields to the language type that you need to display. For AWSOM plugins it’s pretty obvious which tables are for what plugin by their name (I make great pains to place the plugin name as the table name)
In extreme cases you can contact me to help you out, but the best bet is to do a google search for how to use phpmyadmin.
Spam Hack in Progress across WordPress sites
There is currently a large scale spam attack on WordPress sites that is ongoing and affects primarily WordPress versions 2.1.x and 2.2.x (it’s not clear if 2.3.x or 2.0.x are affected, but it seems likely they aren’t). The attack results in a large number of spam listings injected into either posts or theme files which are then set to be hidden through css. Your will typically find that you’ve been affected when Google contacts you to say you are being de-listed due to a high number of spam links on your site. It is also typical for the attackers to delete all of your pages from your site for some reason, so if you load your site and all of your pages are gone you may have been hacked.
It’s not entirely clear what method the hackers are using to get admin access to the affected sites, but from my observation it may be a privilege escalation attack using the comment system. In some cases a random user account was created right before the attack. It was also noted that the comments.php theme file was altered to add in a console access applet which allowed for low level server access. If you get hacked make sure you check every theme file to make sure no malicious code was added–or better yet, reload your theme files from a backed up or fresh copy, and delete out any suspect user registrations.
WordPress 2.5 is apparently not affected by this problem, so an upgrade should help. I have upgraded my sites to 2.5 and have managed to mostly get things working (though my archive page on this site is currently non-functional). It looks like this is the unfortunate little push that will force most people to upgrade, though I strongly suggest making sure first that there are updated plugins that work with 2.5.
Ping Services
One powerful feature built into WordPress is it’s ping services capability. Basically, whenever you update your blog with a post, WordPress has the ability to reach out and notify various websites that you’ve added new content to your site. Therefore, you can possibly be listed in various search areas and other locations and gain more traffic passively. It’s really a no-brainer to get this enabled, since it generally doesn’t do anything negative and can only add more traffic to your site. To get more information on a good selection of ping sites check out the Update Services page at the WordPress.org codex.
Oh, one thing I do need to mention, the one negative that can happen after adding services to your list can be that your posts take longer to add to your blog. This is because at the moment you add the post, it sends out the ping–so a delay at any of the servers on your list can slow down the total process of posting. There is a plugin called “No Ping Wait” that’s out there for those of you using WordPress 2.0.x though to help with this. For versions past 2.0.x the delay has been mostly eliminated though, so it shouldn’t be a major issue for those users.
As Expected, Many Upgrade Issues with WordPress 2.5
As I expected, the WordPress.org forums are filled with issues in regard to upgrading and using WordPress 2.5. I would highly suggest most people wait a bit on upgrading until the issues with plugins and themes are dealt with by either new versions of the plugins becoming available, or a new version of WordPress comes out that handles memory a bit better. I’m definitely seeing many people having issues with the “Server 500” error which I believe has much to do with the 8mb php default memory limit. So unless you have to upgrade, you might want to wait awhile.