TIL: Switching a WordPress site to HTTPS will result in mixed content. (more…)
WordPress 4.0 “Benny” is out!
When I click on Preview in the WordPress editor, Fluid makes a GET request to the web server. It still uses the action address specified in the #post form (post.php), just not the POST method. But none of the form values are included, so I end up staring at a listing of all posts instead of the preview I wanted. Maybe it is getting confused by the fact that the #post-preview “button” is actually an HTML link (an a element)? There is also some JavaScript that attaches to the click event of the link (see the doPreview() function).
Upgraded to WordPress 3.6. The admin bar went missing on the front end…

Two-factor authentication for WordPress

Written late in the morning in English • Tags: , , ,

Content management systems are being targeted by brute-force password attacks. Improve the security of your self-hosted WordPress blog by installing the Google Authenticator plugin. (more…)

Hiding from spammers

Written at lunch time in English • Tags: ,

For a long time now I’ve removed the generator meta tag from all WordPress installations I’ve setup. Mentioning WordPress is just honey for the bees. Since I removed the meta tags the amount of spam has decreased remarkably. Posts about WordPress are targeted much sooner and for much longer than other posts.

Starting with WordPress 2.4 the generator information is inserted by the core code, as opposed to the theme. This means that the meta tag will reappear even if you have removed it from your theme. However, this is actually a good change, because now you can disable the tag not only from the HTML pages generated by the theme, but also from all other formats WordPress outputs. The information is created by a couple of functions centrally instead of scattered instances through the code.

I’ve created a plugin to accomplish this: No Generator works with the trunk code from svn, and will work with 2.4 once it is released.

Suomenkielinen WordPress 2.2.3

Kirjoitettu puoliltapäivin suomeksi • Tägit:

WordPressin versio 2.2.3 on tietoturvapäivitys. Sen asentamista suositellaan välittömästi.

Lataa suomenkielinen WordPress 2.2.3

Lisätietoa englanniksi: korjatut bugit ja muuttuneet tiedostot.

WordPress 2.2.2 ja 2.0.11 suomeksi

Kirjoitettu puoliltapäivin suomeksi • Tägit:

Suomenkielinen WordPress on taas ajan tasalla. Versiot 2.2.2 ja 2.0.11 julkaistiin 3 tuntia sitten englanniksi ja sisältävät tietoturvaan liittyviä korjauksia. Suomenkieliset versiot niistä voi nyt ladata suomenkielisen WordPressin kotisivulta:


Itse törmäsin päivityksessä palvelimen oletusasetusten tuomaan yllättävään lisäongelmaan. (jatkuu…)

Version 3.0 of the DoFollow plugin can differentiate between comments left by registered users and other visitors. (more…) (4)
One of the recent posts has been showing up as new over and over again on feed readers. I narrowed the problem down to the email address obfuscation in Markdown & Extra. I just upgraded to a more recent version (two new versions had come out since the beginning of December), and one of the changes is that the obfuscation algorithm is now deterministic instead of random. So you should see that article pop up once more as new, if you are reading through the feed, and then never again.