Locking Down WordPress Admin and Login URLs

For those WordPress admins who are lucky enough to only access via certain defined IP addresses (IPv4 or IPv6) you can lock down access to the wp-admin and wp-login.php URLs in your Apache configuration with just:

<location /wp-admin/>
    Order deny,allow
    Deny from all
    Allow from 127.0.0.0/255.0.0.0 ::1/128 10.1.2.3/32 1234:5678:90ab:cdef::/64
</location>

<files wp-login.php>
    Order deny,allow
    Deny from all
    Allow from 127.0.0.0/255.0.0.0 ::1/128 10.1.2.3/32 1234:5678:90ab:cdef::/64
</files>

Hopefully that helps someone!

Upgraded to Twitter Tools 3.0 and Social plugin

The latest Twitter Tools upgrade (v3.0) now has a dependency on the Social plugin from MailChimp to take advantage of the open source “don’t reinvent the wheel” philosophy.

Having now installed Social and upgraded Twitter Tools you should be able to now login with your Twitter account (should you so wish) to leave comments. It also claims comments get tweeted too, but no idea how that works yet so I’ll use this post as a test.. 🙂

How to test a WordPress install against a new version, without breaking the old one

One problem with upgrading any piece of software is the question of what’s going to break? WordPress is no different in this regard than any other piece of software so before major upgrades I run a test upgrade whilst leaving my real blog alone. There’s no substitute to testing with your real data so what I do is run another WordPress instance under a different virtual domain with a copy of both the database and the installation.

The rough steps I use are:

  • Create a new test domain in DNS
  • Copy the database WordPress uses to a new one and set up appropriate grants on it
  • Go to the options table in the database and change the two references to the old URL of the blog (the siteurl and home rows) to the new URL (otherwise you’ll find yourself constantly getting redirected to the production blog!)
  • Copy your WordPress installation to a new directory (I use rsync -aP to preserve permissions) and configure Apache to serve the new domain from it
  • Edit the copies wp-config.php file to match the new database copy and the username and password for it
  • Go to the new domain and make sure it works!

That should be it really. I first did that for my upgrade to WordPress 2.5 RC1 and it just worked for WordPress 3.2.1.

Caveat emptor: Now warranty, batteries not included, if it breaks you get to keep both parts! 🙂

WordPress Upgraded to 3.1

OK, just done an svn switch http://svn.automattic.com/wordpress/tags/3.1 to upgrade my blog to WordPress 3.1, and nothing looks too broken so far. 😉

If you spot any problems do let me know, either by a comment here or by email to chris at this domain name (csamuel.org).

Wordcamp Melbourne 2011

This coming February (26th-27th) there’s going to be “WordCamp Melbourne 2011” held at North Melbourne Town Hall.

If you’re into WordPress – the free and open source personal publishing platform – then you’ll love WordCamp – a casual, locally-organised conference catering both to budding bloggers and experienced developers alike. The first such event to be held in the city, WordCamp Melbourne 2011 features a range of guest speakers including Glenn Todd and Bronson Quick.

I know that my friend Rich Boakes has been enthusiastic about them in the UK so I’m hoping I might be able to make it to this one!

(Hat tip to Kathy Reid for pointing this out on Twitter)

WordPress “Worst Offenders” Plugin Works in WP 2.9.x!

I’ve just spent a bit of time fixing up a fairly simple bug that was preventing Rich Boakes’sWorst Offenders” plugin (( This plugin classifies your Akismet spam queue by various criteria to let you do bulk deletes for comments matching various criteria )) from working in current WordPress versions (basically it was assuming it had created a submenu somewhere it wasn’t) and merged my branch back into trunk to check the content of comments for a list of bad words. No release yet, this is just in trunk, but if you are feeling adventurous you can go into your WordPress’s wp-content/plugins directory and do:

svn co http://plugins.svn.wordpress.org/worst-offenders/trunk/ worst-offenders

Of course make sure you’ve nuked any earlier version of Worst Offenders first!

WordPress 2.8.5 released – security fix and hardening work

WordPress 2.8.5 has just been released:

As you know over the past couple of months we have been working on the new features for WordPress 2.9. We have also been working on trying to make WordPress as secure as possible and during this process we have identified a number of security hardening changes that we thought were worth back-porting to the 2.8 branch so as to get these improvements out there and make all your sites as secure as possible.

It includes a fix for a trackback DoS attack that’s apparently going on at the moment. I’ve updated the 3 blogs I look after with a quick svn switch http://svn.automattic.com/wordpress/tags/2.8.5.