1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
---
date: "2006-01-23T08:39:11Z"
title: WordPress En Masse and Akismet
---
<p>Saturday evening I spent several hours upgrading <a href="http://erinmduncan.com/" title="My sister Erin's web page.">erinmduncan.com</a>,
<a href="http://saraduncan.com/" title="My sister Sara's web page.">saraduncan.com</a>, <a href="http://richandrobynn.com/" title="My sister Dad and stepmom's web page.">richandrobynn.com</a>, and <a href="http://drotedogg.com/" title="My friend Nick's web page.">drotedogg.com</a> to the
latest and greatest versions of <a href="http://wordpress.org/" title="The ever-popular blogging tool.">Wordpress</a> and <a href="http://gallery.sf.net/" title="Web-based photo gallery written in PHP.">Gallery</a>. The
upgrades themselves were relatively painless (especially the <a href="http://gallery.sf.net/" title="Web-based photo gallery written in PHP.">Gallery</a>
one, which I won't even mention here), but I did jot down some
notes that might be useful to anyone else who has to do this kind of
upgrade.</p>
<p>Tip #1: Try and stay current with your version of <a href="http://wordpress.org/" title="The ever-popular blogging tool.">WordPress</a>.
All of the aforementioned pages were running <a
href="http://wordpress.org/" title="The ever-popular blogging
tool.">Wordpress 1.2</a> which,
besides being chock-full of vulnerabilities (that were
<a href="http://pablotron.org/files/saraduncan.com-owned-20051203/" title="Sara's front page after it was defaced by a Brazillian group.">expoited at least once</a>), doesn't have an
immediate upgrade path to <a href="http://wordpress.org/" title="The ever-popular blogging tool.">WordPress 2.0</a>. The
<a href="http://codex.wordpress.org/Upgrading_WordPress" title="How to upgrade from WordPress 1.5 to WordPress 2.0.">WordPress 2.0 upgrade instructions</a> recommend
<a href="http://codex.wordpress.org/Upgrade_1.2_to_1.5" title="How to upgrade from WordPress 1.2 to WordPress 1.5.">upgrading from WordPress 1.2 to WordPress 1.5</a> before
upgrading to <a href="http://wordpress.org/" title="The ever-popular blogging tool.">WordPress 2.0</a>. Unfortunately, the
<a href="http://wordpress.org/download/" title="WordPress download page.">WordPress download page</a> only links to the latest release, and it
wasn't immediately apparent from the instructions how to obtain a copy
of <a href="http://wordpress.org/" title="The ever-popular blogging tool.">WordPress 1.5</a>. Fortunately, a bit of digging turned up
<a href="http://static.wordpress.org/archive/" title="Every release of WordPress, ever.">this page</a>, which has every release of <a href="http://wordpress.org/" title="The ever-popular blogging tool.">WordPress</a> since
the dawn of time. There are at least two other pages indexed by
<a href="http://google.com/" title="Apparently this is a search engine or something. Who knew?">Google</a> with <a href="http://wordpress.org/" title="The ever-popular blogging tool.">WordPress 1.5.1.3</a> tarballs, but both have
incorrect <acronym title="Message Digest 5 (cryptgraphic digest algorithm)">MD5</acronym> checksums, and at least one had some a code
change (which, upon inspection, appeared to be a bug fix). To be safe,
I stuck with the version from the <a href="http://static.wordpress.org/archive/" title="Every release of WordPress, ever.">legitimate WordPress archive</a>. </p>
<p>I also switched all of the pages to a much simpler form of comment
spam filtering. Previously, the spam filtering was of a
convoluted combination of a phrase blacklist ("penis", "poker",
"viagra", etc), hacked in <a href="http://www.gudlyf.com/index.php?p=376" title="CAPTCHA plugin for WordPress 1.2, 1.5, and 2.0.">AuthImage</a> support, and a tweaked
<code>xmlrpc.php</code>. In fact, one of the reasons I was hesitant about
upgrading to <a href="http://wordpress.org/" title="The ever-popular blogging tool.">WordPress 1.5</a> was that I wasn't too optimistic about
duplicating all that nonsense. </p>
<p>As of <a href="http://wordpress.org/" title="The ever-popular blogging tool.">WordPress 2.0</a>, all that hackery has been replaced by the
built-in <a href="http://wordpress.org/" title="The ever-popular blogging tool.">WordPress 2.0</a> plugin for <a href="http://akismet.com/" title="Free comment spam filtering system with an open API and a plugin for WordPress.">Akismet</a>. I haven't tested
it, I have a feeling it's something blog spammers can circumvent,
and I don't see how the company can stay afloat providing this as a free
service. But hey, I'm lazy.
<a href="http://akismet.com/" title="Free comment spam filtering system with an open API and a plugin for WordPress.">Akismet</a> requires zero administration, zero
tweaking, and, most importantly, zero patching, so I'm willing to give it a try and see what happens. Plus, the <a href="http://akismet.com/development/"><acronym title="Application Programming Interface">API</acronym></a> is
relatively straightforward, so if there are any hijinks on the their part, then
it's easy enough to switch to a comparable open system. There
are even <a href="http://www.blojsom.com/blog/nerdery/2005/12/02/Akismet-API-in-Ruby.html" title="Ruby bindings for Akimset.">Akismet bindings</a> for <a href="http://ruby-lang.org/" title="No post is complete without a reference to my favorite programming language.">Ruby</a>, although my initial perusal
of the source code tells me they won't work in <a href="http://linux.com/" title="Penguins, free beer, that sort of thing.">Linux</a> without a bit
of tweaking (hint: case-sensitive filesystems mean case-sensitive file
names). The only real <a href="http://akismet.com/" title="Free comment spam filtering system with an open API and a plugin for WordPress.">Akismet</a> annoyance is that in order to get an
<acronym title="Application Programming Interface">API</acronym> key, you <em>have</em> to sign up for a <a href="http://wordpress.com/" title="Free blog hosting system running, you guessed it, WordPress.">WordPress.com</a> account. It's
free, but it means I have yet another throw-away account, not to mention
a blog that I'll never update (everyone say hello to
<a href="http://pablotron.wordpress.com/">http://pablotron.wordpress.com/</a>!).</p>
<p>Overall though, I have to hand it to the <a href="http://wordpress.org/" title="The ever-popular blogging tool.">WordPress</a> developers. It looks
like there are a fair number of changes under the hood, and I'm
impressed by how seamless they made the both of the upgrades. Or
maybe I'm just excited about not spending Sunday afternoons sitting at
the <a href="http://mysql.com/" title="Mostly open RDBMS.">MySQL</a> console deleting comment spam any more. Either way, I'm
happy.</p>
|