But wp-cache comes with a security flaw. It requires the webserver to have write access on $WP_HOME/wp-content/cache and $WP_HOME/wp-content. The first part is perfectly reasonable, the second not.

wp-cache creates it’s wp-cache-config.php in that place and edits this file consequently while being configured.

wp-cache comes with a sample config you can put in place. After that, chmod this file to 660 or something else that allows your webserver to edit it. Please don’t give your webserver write access to $WP_HOME/wp-content, especially not facing the current attacks on wordpress bloggers as described here.

I assume you know what your doing in the next step. All recommendations are tested and working with wp-cache 2.1.2. Open the file file wp-cache.php in your favorite editor, navigate to line 471 in function wp_cache_verify_config_file and change the following code

if ( !is_writable($dir)) {
    echo "<b>Error:</b> wp-content directory (<b>$dir</b>) is not writable by the Web server.<br />Check its permissions.";
    return false;
}

to

/*
if ( !is_writable($dir)) {
    echo "<b>Error:</b> wp-content directory (<b>$dir</b>) is not writable by the Web server.<br />Check its permissions.";
    return false;
}
*/

Alternatively, you can use the file i prepared: wp-cache.php. Rename it from *.php.txt to *.php and replace the old file with it.

Read more about the attack on wp blogs here. It’s shown that the attackers create a subfolder in your wp-contents. So it’s essential to chmod this folder to 0755 or even better to 0555 if you’re paranoid and only change it if you upload updates.

Share This

Otherwise, the update went smooth as far as i can tell.

Edit: Oh dear… To me it seems that IE6 shows a browser default page everytime and IE7 sometimes displays the WP error page and sometimes not. If anyone can confirm this?

Edit 2: It’s silly. The Internet Explorer masks all 500 pages if their content is below a threshold of 512bytes with “User friendly messages”. User friendly your mom. The user can turn this off as described here but i don’t think that all IE users will do this just for the WP bloggers.

Summarizing it: It’s a plain stupid idea to use the http error 500 code for errors generated by user input as some users just cannot read them as the messages are not displayed to them.

Share This

I recommend the following 2 steps program:

Stop sending your url

If you already have used WordPress 2.3, use the 123 Anonymer Versionscheck 0.10. It will anonymize your data, but a minimum of 1 request with personal data will happen, that is while using the plugin page.

If you do a fresh install of WordPress 2.3, i’d go with the my-hacks.php solution, because that way, no personal info will be send.

Lots of unnecessary Akismet informations

After finding the update problem this morning at Lumières dans la nuit, i read the following group. To my surprise i’ve learned, that the Akismet Spamchecker sends all of the $_SERVER environment variables from your server to the Akismet server. W T F?? I myself use Akismet in a custom project, there is absolutely no need to send this information. To stop sending this information, open akismet.php in your favorite editor, search and remove the following lines:

foreach ( $_SERVER as $key => $value )
    if ( !in_array( $key, $ignore ) )
        $comment["$key"] = $value;

Share This

The Nighwatchman has an in depth analysis about the data transferred to api.wordpress.org, read it here: Datenschutzproblem in WordPress 2.3 (Privacyproblem in WordPress 2.3).

I will use the following hack to omit my URL. Alternatively, uptodate checking can be completely disabled with this plugin.

Share This

As danger is my second name, i didn’t backup or anything especially for upgrading (ok, honestly i have a nightly cron’ed backup) and run the patch with

patch -p2  diff-from-tags_2.2.3-r6166-to-tags_2.3-r6166.diff.txt

from my install dir and boom, i had 2.3 (get the patch file at the wordpress trac (for upgrading 2.2.3 to 2.3)).

Things, that didn’t work but didn’t break the blog either were: Ultimate Tag Warrior. It’s still there and still working. Things that didn’t work were my theme and the Extended Live Archives by Sons Of Skadi.

For testing purpose, i completely disabled wp-cache.

Luckily, someone had already patched ELA, you can download a modified version here, see it in action here. Be aware, you also need the original release from above. Before this thingy works, you need to clean it’s cache. Otherwise you’ll get some weird error messages.

Things i need to fix in my theme were UTW related. I imported my tags into the new taxonomic scheme and finally, dumped the warrior. The import worked well, but it killed the blanks in tags and replaced them with underscores. Thanks for that :/

I did the following replacement in my theme:

UTW_ShowCurrentTagSet

single_tag_title('');

UTW_ShowTagsForCurrentPost("commalist")

the_tags('',', ');

UTW_ShowWeightedTagSet("sizedtagcloud")

wp_tag_cloud('smallest=70&largest=130&unit=%&orderby=count&order=DESC');

The arguments to the functions corresponds with my former UTW settings. Speaking of which: WordPress 2.3 tagging system is completely naked. There are no settings and what is worse, there is no such thing as a dropdown thingy while writing, just a plain text field. As a first solution, i’ve tried the Advanced Tag Entry WordPress Plugin. Seems to work fine, but not as comfortable like UTW.

All other plugins i use, seem to work fine:

In the meantime, i have the impression that 2.3 is somewhat slower than 2.2.3, but i can be wrong.

I’m in doubt about upgrading my other blog planet-punk.de. I like and do use tags a lot, but for the time being, the greatest db scheme doesn’t help a somewhat unusable ui. Don’t get me wrong, i really like the changes in the scheme going on, but for now, i see little benefit.

Another nice post with the same title as mine has some suggestions for people who ran into problems: read it at the Weblog Tools Collection.

Share This

The plugin broke with WP 2.2, if you try to change you subscriptions, you ended up with the following message: “You may not access this page without a valid key.”.

So please all your WordPress users who updated to 2.2 (you really should do this!), get the latest version of Subscribe to Comments here for satisfied readers and subscribers

Share This

The developer blog mentions some severe security issues here so i recommend upgrading as soon as possible.

Share This

Ticket #4337 (new defect)

And there went another sunny nice rainy morning…

Share This

If anyone else has this problem, add

$typelimitsql = "(post_status = 'publish' OR post_status = 'static')";  // From previous version of utw

in ultimate-tag-warrior-core.php right before the class definition. It’s taken from the previous UTW Version.

Edit:
Upgrading to WP 2.1.x changed the table structure… A little hint would have been nice in the utw changelog.

Share This