WordPress, the premier free open-source blogging utility, has gone through several upgrades in its life. Today it’s one of the most popular blogging tools on the Internet; it’s easy to use, powerful, and very versatile. It also has a very active base of skilled users who are eager to improve the product and to help out those who haven’t tried it before.
Though the Strayhorn 1.5 version is the favorite for many, it is not as stable or as secure as the newest version 2.0.3. The best part of the new version is the security patch; the new “nonce” security key reduces the chances of a malicious hacker finding a way into your admin panel. Besides the security patch, though, several minor bugs have been squashed with this version. Though a major upgrade to 2.1 is due out soon, the 2.0.3 is something you should definitely download and install if only because of the security fixes, which were actually backported from the major upgrade files.
In addition to the 2.0.3 install, you should be aware that some bugs have already been found, and that a plugin will need to be installed to repair those bugs. If you modify any of the files that this patch plugin fixes, you’ll need to either merge the changes with the new files or make those changes manually once again. You can find these issues by running a diff to locate changes; if the only changes you find are your own, then you’re fine, and otherwise you’ll need to merge them manually into the new files.
The short list of what WordPress 2.0.3 fixes includes:
•Small performance enhancements
•Movable Type / Typepad importer fix
•Enclosure (podcasting) fix
•The aforementioned security enhancements (nonces)
One mostly annoying bug shipped with 2.0.3 as well. It gives you an “Are You Sure?” dialog when you edit comments, and adds a backslash before each quotation mark in the post you’re editing. Make certain to download the patch.
What’s Up With The Security Problem?
The security problem seems minor, but the WordPress team is fixing it before it grows into something major. It’s a bug that takes advantage of the cookie you download when you sign into WordPress. The cookie in question prevents anyone unauthorized from accessing your admin panel. It’s tied to your user account, and verifies that you are the authorized administrator of the account you’re working on.
The bug that’s being fixed is one that takes advantage of a sociological trick. If someone created a link or a form pointing to your WordPress admin account, they might possibly be able to trick you into clicking the link. In the case of the one here, you delete a post. This sounds both minor and highly unlikely; but a small crack in the door can be exploited later by a dedicated hacker. And this is also the kind of bug that, a few years ago, allowed a hacker access to the Microsoft databases, from which he stole portions of the Longhorn and other codes. So yes, you do need to take it seriously.
WordPress had ensured you were safe from this kind of hacking by using a utility called HTTPREFERER. But this utility has some issues. For instance, with JavaScript in Internet Explorer, it can be spoofed. In addition, certain firewalls and proxies can strip the information it’s supposed to carry out, causing some people to be unable to use their WordPress admin accounts the way they’re supposed to be able to.
Now, instead of the HTTPREFERER, a nonce is used; this is a number used once. It’s like a password that changes every twelve hours, and is valid for twenty-four hours. The nonce is unique to the specific WordPress install being used, the WordPress user logged in, the action, the object of the action, and the 24-hour time of the action. When any of these is changed, the nonce is no longer valid. All plugin authors will have to ensure the nonce is added to their forms and other interactive capabilities that may be affected.
Upgrading from WordPress 2.0.2 to 2.0.3
As with any upgrade, the first thing you should do is back up everything: the files in your WordPress directory, the database plugin with any changes, and any data you have added should be backed up as well. In addition, it might be a good idea to do a second backup of your entire WordPress directory just in case something goes wrong with your install.
Now remove the wp-admin directory entirely. Also remove the wp-includes directory, except for any translation and language files or directories you may have added; add these files to the backup files you created earlier. Finally, remove all the files where WordPress is installed with the exception of the file http://wp-config.php.
Now you’re ready to start your install. Download and unpack the 2.0.3 version in a separate install directory. You want to make sure you can control files and directories you copy over. Now install the new wp-admin and wp-includes directories.
Install the rest of the files of the top directory, with the exception of the http://wp-config-sample.php file.
Now enter the admin panel. You should see the following message: “Your database is out of date. Please upgrade.” Follow the link provided to update the database, and follow the directions there. Now remove the files wp-admin/upgrade.php and wp-admin/install.php. Download the plugin fix; add it and activate it. Replace your backup files where they need to be, and do the comparisons if you’ve modified any of your earlier files. This should take care of the whole thing.
For geeks, there is also an upgrade package that only includes the changed files. Look for it under Changes Diff (2.0.2 > 2.0.3). It consists of a zip file that is much quicker to install, but you should be certain you can handle it before using it.
Posts Tagged ‘Software Solutions’
Wordpress Version 2.0.3 Review
Tuesday, August 4th, 2009The Wordpress Plugin Repository
Friday, July 31st, 2009WordPress is a great open-development community that encourages its users to innovate. But a few years ago, it started getting hard to keep up with those innovations. That’s when the WordPress Plugin Repository was born (currently hosted at http://WP-plugins.org).
The repository is a place where all WordPress plugins are pulled together and shared with the community of users. But more than that, it’s a place where developers can go to see what’s already out there, what they can base their new work on, and what needs to be improved. In addition to end-user utilities that anyone can download for their WordPress needs, there are plenty of development tools, including wiki-based version control and a bug tracker, that the WordPress development community is welcomed to use. Everything is licensed under GPL unless noted in the source, so almost everything is open.
If you’re new to the WordPress plugin repository but not to the WordPress support forums, you should login with your forum username and password; they are currently synced. If you have any problems, you should email the forum webmaster to ask what’s going on. Only logged-in users may edit on the Repository, though everyone is welcome to view what’s going on.
What’s Available on the WordPress Plugin Repository?
The Repository is designed to be a complete, organized, efficient method of seeing what’s in development and what has been developed for WordPress. As such, the core offerings here are the plugin directory and a robust version control mechanism. You can also use a special interface, downloadable for free, to work with the Repository more easily. The Repository is powered by Trac, a source control management and project management tool. Subversion is a wiki tool providing version control, and is also the source management tool WordPress is using today.
Developers using this directory can host all their WordPress developments for free, even organizing teamwork through the WordPress Plugin Repository. By hosting here, they have high visibility, can easily manage their code and track bugs, and develop wiki-based documentation with end users more easily than they could ever do it by themselves.
But developers without users are like stores without customers. WordPress users, too, are welcome to download plugins that are in alpha or beta form, or to download and use the plugins that are fully-functional but not integrated into WordPress yet. There are tools available for users to:
• Browse plugins and themes available at the Repository
• Download all desired plugins and themes from one stable location
• Give their own feedback and suggestions to developers by using the tracker.
• Help develop documentation and improvements by using the plugin’s wiki page.
• Know what’s going on at all times by using RSS feeds.
Anyone developing or looking for WordPress plugins and themes is encouraged to use this resource. An email will get you the hosting you need for your project, and just coming and looking around will tell you a lot about what’s going on in the WordPress development world.
What Plugins Are Available Right Now?
While plugins are changing fast, a few core plugins are available and certainly worth the time they’ll take to check out. The best ones right now include:
Main Categories for WordPress allows you select “main” categories on your blog’s navigation bar. This allows you to highlight the parts of your blog you find most important, while still displaying everything else.
The WordPress DBManager manages your WordPress database so you don’t have to. Instead of worrying about lost data, you can use this manager to optimize, back up, restore, delete backed up databases, and even run queries for specific data.
WordPress Email allow you to send your blog entries to friends, enemies, or anyone you choose.
WordPress PageNavi gives you advanced page navigation.
WordPress Polls allows you to run the ever-popular polls and make the results public when you’re ready.
WordPress PostRatings allows you to have rating systems for your blog posts.
WordPress PostViews lets you display for users and for yourself how many times a post has been viewed.
WordPress Print will display for the user a printable version of any given WordPress blog post.
WordPress RelativeDate displays a relative date beside your post or comment actual date.
WordPress Stats displays WordPress statistics you want to brag about.
WordPress UserOnline allows you to note which users are currently browsing your blogs
WordPress Wap allows you to use a Wap-enabled cell phone to brows your WordPress blog entries from anywhere.
Other projects that are in development include:
• Joystick controls
• RPMView
• A WordPress XHTML validator
• Tons of tools for Python, including MySQL tools
• Recording level monitor
• An admin themer
• A post editor enhancement
• Fix broken links
• Palm usage manager
There are always new things in development in the repository, like new themes and small fixes such as a way to make WordPress allow dashes.
Even if you’re not a developer or interested in expanding your blog beyond what it has now, it is a good idea to check out the Repository. It’s certain that many of the plugins provided or in development today will eventually be incorporated into the newer upgrades of WordPress. By keeping an eye on the Repository, you’ll know what new developments are around the corner – and by logging in and discussing them on the wiki logs, you’ll be able to give your own input regarding how things ought to be done. While there are other places to find WordPress plugins, it’s to be hoped that most people will use the Repository in the future, making life easier for everyone.