Data Circle

Some interesting WordPress Q&A videos:

• Future of WordPress
• WordPress & Open Source
• WordPress and the GPL

Hat tip to Matt for all the links.

WordPress 2.8.5 has just been released. There are no new fancy features included, this is purely a “hardening” release which is intended to fix a few security issues. As always, the advice is to upgrade as soon as possible, and to check out the Exploit Scanner plugin if you think your blog may have been compromised at any point.

If you’re running a version of WordPress prior to 2.8.4, or have only upgraded in the last few days, you should stop what you are doing and head over to this post on the WordPress development blog: How to Keep WordPress Secure. It discusses a worm which is currently doing the rounds, attempting to exploit older versions of WordPress by creating a “hidden” admin user. Incidentally, all the methods suggested to find the hidden user seem unnecessarily complicated – if you have a tool which allows access to your database (e.g. phpMyAdmin), just check the wp_users table manually.

Subscribing to the development blog is a must if you use WordPress, unless you are a WordPress.com user, where everything is taken care of for you.

It’s been some time since the last major WordPress release, but version 2.7 is now out and I’ve just finished upgrading my various blogs.

The dashboard is quite different is the new version and takes some getting used to, though all the same functionality is there. Personally I preferred the old design, but I think that may be largely down to familiarity and I think after a few weeks I’ll be using the new dashboard without any problems. Looking at the new design also reminded me that I’m still running the same boring default theme, so I probably change that at some point, perhaps after my thesis has been handed in.

As always, I’d advise upgrading as soon as possible—for the security fixes if nothing else. I’m not convinced by the new features yet, although the automatic upgrade sounds like a useful addition (assuming it works—naturally I can’t try it until the next release) and something which will hopefully help increase security generally.

Things To Consider When Using WordPress as a CMS (via: Matt)

I’ve been looking for a half-decent content management system for some time, as until now I’ve been writing my own code for each site that I run (Game Demos is just one example of this). This is a real pain, as I never have the time to write an admin interface—and therefore end up using phpMyAdmin—and I’m not as good as designing interfaces as other people. However, I have thought several times about using WordPress as a content management system—even though it started as a blogging platform—which is why the above article is particularly of interest to me.

Reasons why I would consider using WordPress as a CMS:

• Spam protection: Akismet is by far the most effective anti-spam solution I’ve come across, it probably performs better on blog comments than SpamAssassin does on my email. Sure, there are plugins available for several other systems, but with WordPress the support is practically built-in. Yes, it is technically a plugin, but it comes shipped with the distribution, so there’s one less step to mess around with.
• Familiarity: I use WordPress on several other blogs, including Rogue Tory and Politics Watch, so I’m comfortable with the interface and the way the software does things. In a similar vein, readers of my sites/blogs are also more likely to be familiar with the commenting interface for WordPress than for other content management systems.
• Theme availability: WordPress seems to have more themes available for it than any other blog or content management system I’ve seen. You can download thousands of free themes, pay less than $100 for an off-the-shelf professionally designed theme, or cough up for a designer to create a unique theme especially for your site—there are plenty of companies and individuals around who offer this service. What’s more, WordPress themes can be made—one of my major bugbears with Drupal is that all of the themes tend to look like Drupal sites.
• Plugins: Like themes, there are thousands of plugins available, enabling pretty much anything you could possibly want to do with WordPress—from formatting posts with Textile to cross-posting to other sites (e.g. LiveJournal) automatically. I’m not aware of any other system with the same variety of plugins (though Drupal probably comes a close second), and I suspect this is largely due to the ease of creating and installing plugins for WordPress.

I don’t have much time at the moment to play around with WordPress, as I’m busy writing up my MPhil thesis, but once that’s out of the way I think I will give it a whirl on Politics Watch as an experiment and see how far I get.

WordPress 2.6 is now available for download, with a fantastic array of new features, including:

• Wikipedia-style tracking of changes.
• Support for Gears, to allow static files (stylesheets, images etc.) to be downloaded to your local drive for faster access – though I’m not entirely sure how this differs from having files stored in your browser cache.
• The ability to preview themes before pushing them live.

From my own point of view, I’m not sure that I’ll get a great deal of benefit from any of the major changes, though I do like the automatically updating word count feature, and of course I’m glad to see nearly 200 bugs closed in this release.

As always, my advice is to upgrade as soon as possible, if only to take advantage of the security fixes. Upgrading is fairly simple, though you may need to be careful if you have lots of plugins or themes installed, and of course you should always take a backup of your database and existing installation, just in case something does go wrong. Naturally, if you have a WordPress.com blog, all of this will have been taken care of for you anyway.

WordPress, perhaps the most popular blogging software out there, has a new version out today, which plugs several security holes (though I’m not sure that exposing your draft posts really counts as a vulnerability) and fixes a few minor bugs.

Upgrading from any version post 2.1 seems to be pretty easy – I’ve just upgraded Data Circle, Politics Watch and Rogue Tory, all from different versions, and it took me about ten minutes in total. The CSS for the admin panel has been improved, so the fonts look a lot better under Linux. Security updates and bug fixes are of course also welcome, although these are less obvious improvements in a way because I haven’t seen the problems they cause.

Anyway, if you’re running WordPress on any of your sites, I’d strongly recommend that you download the latest release and then follow the upgrade instructions. It shouldn’t take more than a few minutes, and you’ll be protecting your site from several vulnerabilities by doing so. If this is too much effort for you, WordPress.com will keep things up to date for you, and items such as domain mapping cost a minimal amount per year.

If you’re running any blogs on WordPress, you should be aware that version 2.2.1 is now available. As well as a number of small bug fixes consisting mainly of cosmetic changes, the release also fixes three security vulnerabilities and so is a required upgrade. I’ve already upgraded one of my blogs without any problems and it was a fairly simple process, although I do wish there was an automated way of doing this, especially for people like me who have multiple blogs (I haven’t got round to trying WordPress MU yet).

I’ve just found out about Mrs. Wordpress, a site which sends up the “Mr. Wordpress”—the imaginary figure who is the first person to post a comment on every new Wordpress blog. It’s rather amusing, though I don’t know how long the author of the site will keep updating it.

I’ve finally got around to updating the WordPress installation that powers Data Circle to version 2.1. Initially there were a few teething problems caused by insufficient permissions for the upgrade script to make the necessary database changes, but these have now been fixed and everything is back to normal. I don’t think that any of the improvements are likely to be noticed by viewers of the site as they mostly seem to be backend changes, but hopefully things like the new version of the Akismet plugin will help keep spam away from the site.

I know that I haven’t posted for some time either but I’m hoping to rectify that over the next few weeks, so look out for new material coming soon.