A recent entry by Ryan Boren talks about the features that will be added to WordPress 2.6.  Some of them are performance-related or bug fixes, while there are also a number of features that some people will probably find useful.

One I’m glad to see listed is the ability to move wp-config.php out of the root directory of the webserver.  This file defines a number of mission-critical variables that are used by the rest of a WordPress installation, including the connection information for the MySQL database, information about the database schema and other things that you don’t want to have accessible to the general public because they can be used to exploit vulnerabilities in your system.  Fortunately, if your server is properly set up anyone trying to access it through conventional methods will get an empty file for their efforts.  But, if your server isn’t properly set up then it’s possible that they could get a copy of the information contained in it, which is a Bad Thing.

As well as the security tweaks, there is a feature to make it easier to track changes to entries called post revisioning.  Though I use Windows Live Writer to write most of my entries, this will still be handy.  And if you’re running a multi-author blog using WordPress, this will help you track changes made by different authors working on the same entry and even go back to a previous version, if necessary.

The next version is currently in the beta-testing stage and if you’re really keendaring, you can download the WordPress 2.6 Beta 1 here.  Assuming everything goes according to schedule, the production version should be released sometime in July according to Ryan’s entry.

I’ve been blogging for more than ten years.

Initially, it consisted of putting up some HTML pages when I was on a trip or when I did something particularly noteworthy, such as my first flight with a passenger as a licensed pilot.  Eventually, I found a piece of software called Pivot, which made it easier to blog, but I found it a bit cumbersome to customize.  One thing that set Pivot aside from other blog systems is that it did not rely on a database behind the scenes, meaning it was fairly straight-forward to set it up.  Instead, it generated HTML files for each entry.  But I couldn’t do everything I wanted to with it and updating the look-and-feel was becoming increasingly frustrating.

So, I looked at other blog systems out there and eventually settled on WordPress.  A slick, database-driven system, it had lots of bells and whistles and it was just easier.  My frustration level went down significantly.

Since then, WordPress has become very popular and is used by some of the largest blogs on the Internet.  The user community is very active and they hold events called WordCamps, one- or two-day events with various speakers and networking activities.  I noticed that there’s going to be one held the first weekend of October in Toronto, so I signed up.  It’s only $25 and for that I get lunch both days and a t-shirt, too.  Hopefully, my schedule won’t change between now and then. 🙂

WordPress 2.5.1 was released earlier today.  It fixes some bugs and has some performance enhancements.  More importantly, it contains a very important security fix.

The security fixes affect the following files:

• wp-includes/pluggable.php
• wp-admin/includes/media.php
• wp-admin/media.php

If you’re using Subversion to maintain your WordPress installation, you should only need to login to the server, switch to the root directory of your blog and enter the following command:

svn sw http://svn.automattic.com/wordpress/tags/2.5.1/

Since WordPress 2.5.1 does contain a security fix, you should upgrade immediately.

A few months ago, I wrote about encountering a spam injection exploit affecting my WordPress blog and what I did to expunge it from my system.  A few days later, I wrote a short entry about how to identify sites affected by this particular exploit using Google.  There were a lot of sites at the time, but now it looks like the list is shorter, which is a good thing.

But, there are still a lot of similar exploits affecting WordPress blogs and indexing services, like Technorati, are starting to react.  Mark Ghosh over at the Weblog Tools Collection and Dougal Campbell at Geek Ramblings both wrote about an announcement from Technorati, one of the larger blog search engines, announced in their blog that they are going to stop indexing sites that have been exploited by things like what I wrote about because it’s polluting their databases.  This means that a lot of sites are at risk of dropping off the radar, so to speak, because they haven’t stayed current with the latest version of WordPress.

Currently, anything before WordPress 2.3.3 should be upgraded immediately to version 2.3.3 or later.  Ideally, upgrade to WordPress 2.5, which also offers a bunch of cool new features.  I upgraded at the end of March and haven’t had any problems as a result.

What’s stopping you?

WordPress 2.5 was released earlier today so after making backups of things, I checked out the upgrade instructions when using subversion and was happy to find that it basically involved changing to the root of my WordPress installation and then issuing the following command:

svn sw http://svn.automattic.com/wordpress/tags/2.5/

After watching the files scroll by, I pointed my browser at the upgrade URL, logged in and found everything appeared to be working.  I re-enabled my plugins and everything still seems to be working.

Sweet. 🙂

My congratulations to the WordPress development team for a job well done!

Though I have other things in place to ensure that blog spam doesn’t make it through in the comments, I still have to periodically have to review those that were blocked to ensure they aren’t false positives.  On the things-that-annoy-me-scale, this doesn’t rank very high, but it still registers.  To deal with this, I’ve added a captcha challenge that you have to pass when entering a comment.

Hopefully this doesn’t break anything else.

I’ve been using Windows Live Writer to compose my blog entries for about six weeks now.  It’s an amazing program that lets you write blog entries offline in a robust editor and then upload your entries to your blog painlessly.  Very slick!

When I upgraded to WordPress 2.3.x at the end of December, I also started using Subversion (svn) to manage the upgrades.  People with access to a shell on their webhost can use it to check out the latest version (or any version) of WordPress and it’ll handle downloading just the files that have changed since you last upgraded.  (Instructions on how to switch to using Subversion to manage your WordPress installation can be found here.)

Chances are good that you won’t encounter this problem when upgrading to 2.3.3, but if you do, hopefully this helps.

WordPress 2.3.3 was released sometime overnight and so I went to upgrade using Subversion.  After making a backup and deactivating all of my plugins, I followed the instructions and encountered the following error:

   1: [gordon@mon WORDPRESS]$ svn sw http://svn.automattic.com/wordpress/tags/2.3.3/

   2: svn: Working copy 'wp-includes/images/wlw' is missing or not locked

(more…)