ricketyclick

WordPress is currently running its second usability poll on Dashboard features. (The Dashboard is the page that allows registered users to post new articles and generally administer the blog.)

It’s concerned mostly with two things: position of a search box, and the behavior of Scheduling, which allows you to set the date that an article will appear.

They solicited suggestions for new scheduling features, to which I replied:

Expiration date: the ability to set a date and time after which the article would fall off the front page. I know of one project whose manager, normally a Wordpress advocate, rejected Word Press as a framework for her project primarily because it lacked this feature.

I’m thinking of a project Friend Pat is working on. Pat, you should pile on yourself.

I’m updating even though the security problem is a very low risk.

I’m updating to 2.6.1, which has over sixty fixes, but not 2.6.2, which has only a few low-priority fixes, and isn’t yet included in Fantastico.

WP 2.7, with what looks like a greatly improved Dashboard, is in the works. I’m looking forward to that, although it seems to be quite a ways out.

If problems occur, I’ll revert, having just run the (updated to 2.2.1) Wordpress Database Backup plugin. (Which, by the way, works very nicely.)

Anyway, Here. We. Go!

(As part of this process, I’m disabling all plugins, so things might be a bit wonky for a moment. Stand by.)

---

Okay.

Seems to have gone pretty well.

Carry on.

[update: Blogger has acknowledged the problem, and is working to fix it, "despite it being Friday afternoon", which last I am entirely sympathetic with.]

Blogger, the blogging tool hosted by Google, has for maybe a week now been blocking many sites on apparently false charges of being “spam blogs”. Although the sites are still viewable, victims cannot author new posts. Judging by the posts on the Google Help Group here, Blogger is not responding to appeals in a timely fashion. (Granted, though, that they’ve got more than a thousand requests to work through.)

I first became aware of this via David Codrea’s excellent The War on Guns. Codrea was able to activate a sidebar widget (over there on the left) explaining the situation.

Oddly, comments seem to work.

Codrea is, rightfully, I think, reluctant to move, since War on Guns is a very active site with huge archives. (Including the absolutely invaluable Only Ones archive.) It doesn’t help that apparently WordPress cannot import any images associated with Blogger posts. (Can that be right? It seems like such an obvious thing to fix.) Also, he has been using a free Blogger account, and if he goes to WordPress, he’ll have to pay for hosting.

[update: I've been checking around, and it looks like there are migration tools that will in fact bring your pictures over.]

Nevertheless, he’s set up a WordPress site here, holding it in reserve pending resolution of the Blogger glitch.

This is a very tempting tin-foil-hat moment, but it’s not limited to gun blogs, or right-wing blogs, or even political blogs. Knoxviews speculates it might be some kind of anti-spammer bot that Blogger unleashed on itself, which then ran amuck on a rash of false positives. I wonder if it’s a denial-of-service attack which robotically clicks “flag as spam” buttons.

I am so very, very glad I elected to use an independent host (thank you, Hosting Matters), even though I have to pay for the privilege. (I’ve registered the domain through 2011, and my hosting fee is currently $11/month — negligible even on my very limited budget, and there are cheaper hosts out there.) And I think WordPress is a vastly better tool than Blogger, even out of the box with little or no customization.

Fair warning to those who find themselves investing time, effort, and other resources on free sites they do not control.

As noted in the previous post, I’ve installed the “Ajax Edit Comment” plugin, but I was not happy with it, because it did not provide a preview capability.

This post announces the installation of the Ajax Comment Preview plugin. Again, this depends on Ajax technology, which may not work with all browsers.

The great advantage this plugin provides is that the preview is filtered through the Wordpress display engine, so that your preview should look exactly as it will appear when it is posted.

Testing another feature: Show ▼

Wow, I was mistaken. I did not have JavaScript turned off in Firefox. It’s turned off now, and although you can still post a comment, you cannot preview it or edit it after posting. I’m going to have to think about this. Not running JS breaks other stuff in the Wordpress posting editor as well.

The Spoiler plugin I’m using (which protects text with Show/Hide tags) doesn’t work with JavaScript off, and it is not graceful about it, either: spoilers are invisible. I’d prefer a failure mode where spoilers show if JS is not present.

Somehow, I doubt that any editing or spoiler plugin will work without JS.

On the other hand, the spellchecker I’m using in Firefox does work with no JS.

---

OK, I’ve turned my JS back on. I’m keeping the current plugins, because turning off JS breaks so many things, I think most people will have it on.

I’ve added the WP Ajax Edit Comments plugin, which will allow you folks to edit your comments for several minutes after posting. (I, personally, hate having to blindly post comments, only to find that I’ve made some horible speeling misteaks.)

Ajax, the technology platform underlying the plugin, does not work for all browsers. If you are using something other than Internet Explorer 5+ for Windows, Firefox 1+, Mozilla 1+, Safari 1.2+, or Opera 7.6+, please let know, via email if necessary, that this plugin is getting in your way.

---

OK, seems to work. There will be a few minutes while I play around with the options….

---

The original comment form is unchanged, so the comment entry form does not allow you to actually preview. Hm. I kinda don’t like that, and there doesn’t seem to be an option to turn that on.

However, once you post your comment, you have fifteen minutes to edit it. I may adjust this if experience shows you need more time.

I’ve installed the Bad Behavior spam filter, which is aimed at automated attacks (see the Comment Policy on the sidebar). It should present no barrier to real commenters. Please let me know via email if it does.

[update]

Wow. It’s only been a few minutes since I installed the filter, and it’s already blocked six spams. I’ll note that Wordpress says that almost 16,000 comments have been marked as spam since ricketyclick’s inception, and I know I didn’t mark them all by hand, so some have been rejected by other methods.

Originally, I wasn’t posting the name of the plugin, for fear of giving out clues to the spammers. Then I realized Bad Behavior announced itself in the page footer, with a Blocked Spam counter. I could turn that off, I guess, but I’m assuming that the BB writers wouldn’t do that if knowing about the plugin substantially increased vulnerability. Anyway, “security through obscurity” is generally a weak approach. Either BB works or it doesn’t.

Thanks to reader S.R. for recommending this plugin.

[update 2]
I installed Bad Behavior at about 2:30 pm. It’s now a little after eight, only five and half hours later. The banner at the bottom of the page shows over a hundred spams blocked. No posts I judge to be spams have shown up in the logs. I’m pretty happy about that.

[update 3]
Twenty-four hours later: 270+ spams blocked. Die, filthy lying thieving scum. Die slow.

I upgraded Wordpress from 2.5.1 to 2.6 last night — and just discovered that the permalinks to articles are now broken. You should be able to click on the title of a post, and be taken to a page that has that post and nothing else on it. Instead, you get “404 — File not found”.

Damn.

[Update]
Ah. According to the Wordpress support forum, this is a bug in the 2.6 release.

I used this workaround:

…On the Settings->Permalinks screen, add some values in for the category and tag bases. The words “category” and “tag” will do just fine. As long as they are not blank, this should work around the bug.

Weird, but OK. That did indeed make the problem go away.

This should be fixed in the next release, 2.6.1.

I’m upgrading the site to Wordpress 2.6. As always, be prepared for it to just go totally pear-shaped.

---

OK, that seems to have gone correctly. Whew.

Every day I get several new user registrations from the .pl TLD, indicating they are from Poland. Most are from an outfit called o2.pl, which seems to be a Polish ISP. The user names typically do not match the email address. They do not even post comments.

Self-registered users have “subscriber” access, which basically means they no privileges above and beyond any other user (unless I enforced a users-only comment policy, which I don’t).

I have no idea what this is about. However, the notification emails fill up my admin mailbox, it’s a nuisance dealing with them, and I can’t shake the feeling this is somehow spam-related.

Accordingly, I’m setting a policy that prohibits self-registration; I must approve all new users.

If you know what’s going on, please leave a comment below. No registration necessary. For now.

For a while today, Word Press was throwing an odd error:

Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0

I saw this shortly after making three changes–I installed Smedberg’s Atom 1.0 plugin; I’d been playing with directory permissions on my host (Hosting Matters, if it matters); and I’d installed the Java plug-in.

The key turned out to be disabling Java and restarting the browser. Oddly, just to test, I re-enabled Java, and the problem has not yet recurred.

Submitted as a comment here.