3.7.26
WordPress Site Health had been nagging me to use a persistent object cache. I already run Zend OpCache, so I wondered what else I needed.
OpCache is an opcode cache: it stores the compiled bytecode of the PHP source so the engine need not recompile it on every request. The object cache is a different layer, holding the results of database queries and transients. WordPress ships with a non-persistent object cache that lives only for the duration of a single request; making it persistent means backing it with something that survives across requests, such as Redis.
On this site I manage the WordPress tree with svn and do not let PHP write into it, which changes a couple of the steps from the usual click-in-the-dashboard instructions. While I also generally prefer nginx and PHP-FPM, this site is still on Apache with mod_php. However, the installation is basically the same regardless of the web server software, but troubleshooting differs between them. I’m covering both here. (more…)
23.4.13
Content management systems are being targeted by brute-force password attacks. Improve the security of your self-hosted WordPress blog by installing the Google Authenticator plugin. (more…)
6.12.07
For a long time now I’ve removed the generator meta tag from all WordPress installations I’ve setup. Mentioning WordPress is just honey for the bees. Since I removed the meta tags the amount of spam has decreased remarkably. Posts about WordPress are targeted much sooner and for much longer than other posts.
Starting with WordPress 2.4 the generator information is inserted by the core code, as opposed to the theme. This means that the meta tag will reappear even if you have removed it from your theme. However, this is actually a good change, because now you can disable the tag not only from the HTML pages generated by the theme, but also from all other formats WordPress outputs. The information is created by a couple of functions centrally instead of scattered instances through the code.
I’ve created a plugin to accomplish this: No Generator works with the trunk code from svn, and will work with 2.4 once it is released.
8.9.07
WordPressin versio 2.2.3 on tietoturvapäivitys. Sen asentamista suositellaan välittömästi.
Lataa suomenkielinen WordPress 2.2.3
Lisätietoa englanniksi: korjatut bugit ja muuttuneet tiedostot.
5.8.07
Suomenkielinen WordPress on taas ajan tasalla. Versiot 2.2.2 ja 2.0.11 julkaistiin 3 tuntia sitten englanniksi ja sisältävät tietoturvaan liittyviä korjauksia. Suomenkieliset versiot niistä voi nyt ladata suomenkielisen WordPressin kotisivulta:
http://kimmo.suominen.com/sw/wordpress-fi/
Itse törmäsin päivityksessä palvelimen oletusasetusten tuomaan yllättävään lisäongelmaan. (jatkuu…)