Franky Branckaute over at BloggingPro.com has published his review of a new book called WordPress In Depth written by Bud Smith and Michael McCallister. According to his review, the book is aimed at beginners but near the end, provides ample opportunity to explain themes and plugins a little more in-depth providing a stepping stone to not only more advanced topics, but advanced books as well. The book is on sale at Amazon for $21.59 which is pretty affordable. For those that still have the time to read books, there is no shortage of WordPress material to read ranging from beginners to developers.
WordPress In Depth – The Book
Toni Schneider To Speak At Freemium Summit
Automattic CEO Toni Schneider will be presenting at the Freemium Summit taking place in San Francisco at the Mission Bay Conference Center on March 26th 2010. The price for admission is $449.00 which is a reality check to anyone who is used to attending a WordCamp. However, there will be a number of speakers from companies that are in the middle of capitalizing on the hybrid business model of free mixed with premium. Speakers such as Tom Conrad of Pandora, Phil Libin of Evernote, Lincoln Murphy of Sixteen Ventures, and Ben Chestnut of Mailchimp will be on hand.
Although I won’t be in attendance for this summit, I plan on doing something similar on my own through WordPress Weekly for the month of April. Each week will be dedicated to a specific commercialization aspect of WordPress. We’ll cover themes, plugins, services, and at the end of the month, have a wrap-up show. Jake Goldman, one of the organizers for WordCamp Boston will be joining me on these shows as a co-host. I’m currently in the middle of getting the round table of speakers set for each week. Keep an eye out on the WordPress Weekly category as when I have things set in stone, I’ll announce them there.
WPTavern Was Trackbacked To Death
Now that things have calmed down, it’s time to discuss what happened that took WPTavern.com offline. It all started the day I published my review of the Backup Buddy plugin from PluginBuddy.com. That post not only received a large number of comments, but it ended up on StumbleUpon and was overall a large success. However, a few hours after that post had been published, I started to receive a large number of trackbacks to that particular post. The trackbacks were from different URLs which appeared to be junk domains. The site was setup so that an article was published near the top of the page and below the article was a list of related links. Each one of those related links pointed to a source outside of the parent site. I chalked all of these trackbacks as just typical splog spam and didn’t think nothing of it.
The next day, I woke up to see at least 50 more trackbacks in my Akismet queue all pointing to the Backup Buddy review post. When I started to look at the various junk domains, I noticed that the word Backup appeared to be the keyword these sites were after. Again, I deleted the trackbacks as I thought it was typical to see a large number of illegitimate trackbacks on a post that was popular. Things started to get interesting once I published the winners to the Backup Buddy give away as well as the WPTavern Backup Buddy coupon posts. At the time, I didn’t know this but I now realize that those extra posts with Backup in the title were adding fuel to the fire. I started to receive a large number of trackbacks on those posts with the word Backup in the title. I just kept deleting the trackbacks thinking nothing of it.
After I came home on March 9th, I took a 4 hour nap as I was exhausted from working on 4 hours sleep. During this time, AnHosting decided to suspend my account due to processor overload. Thanks to everyone on twitter for your concern as it prompted me to wake up and get into action. Since I couldn’t access cPanel or anything else tied to my account, I visited the AnHosting web page which gave me the option to perform a live chat with a technician. They explained to me that XMLRPC.php and Index.php were the two culprits sucking up all the CPU power. Once I told them I would disable XMLRPC on WordPress as well as disable trackbacks and pingbacks, they temporarily restored my site. After disabling those, I also used a trick I learned from Brad Williams where I viewed the source code on the index of the site and pasted that into index.html and renamed index.php. This was just in case a large amount of human traffic was the source of taking down the site. However, it struck me as odd that Woopra showed no signs up a large influx of human traffic on the site during that time or just prior to the site being suspended.
Once I renamed XMLRPC.php and index.php, the CPU on the server immediately went back to stable levels. However, WordPress needs index.php to function properly. Thanks to this line of code from Will Anderson, I was able to successfully use index.php without the scrapers being able to access it.
1 2 3 4 5 6 7 | if ( '/index.php' == $_SERVER['REQUEST_URI'] ) { header('Location: http://wptavern.com/'); die('Do not request this file directly'); } |
According to Will Anderson, this is just a little redirection code with the hope that the scrapers will not be able to handle the redirect. Oddly enough, it worked and prevented index.php from being loaded by an external source. I say external source because according to Woopra, the source of the CPU overloading was not caused by human beings browsing the site. Instead, some type of software whether it was a bot or something else was loading my index.php file and either scanning the content for posts or doing something else. The irony to all of this is that during the attack, I noticed a comment in the Akismet queue advertising Trackback Submitter software. I’m pretty sure that XMLRPC deals with Track/Pingbacks in WordPress and if that’s the case, that would explain why that file was used so heavily. Once I was able to navigate within the administration panel of WPTavern, I noticed I had over 250 trackback spam links waiting in my Akismet Queue. While some of the IP addresses attached to them were the same, a large number of them were different. Also, the webhost for these junk domains also varied. It was as if I was attacked by a distributed denial of service through trackbacks. A cheap ass way to take a down a site in my opinion.
This is the first time I’ve ever experienced something like this. I really want to thank the tech support guys from AnHosting for allowing me to chat with them directly and work on resolving the issue. Obviously in a shared hosting environment, one bad apple can take down the whole tree. I apologize for being that bad apple. Furthermore, although Ozh had different reasons for doing so, I am highly considering disabling trackbacks/pingbacks for good considering I’ll see incoming links from either the Incoming Links dashboard widget or through other analytic software. Alternatively, I can use a plugin called Simple Trackback Validation which so far, has received a lot of good feedback from those who have used it.
I can’t believe how easy it was to perform a DoS attack on WPTavern.com through the use of trackbacks and XMLRPC. Although not an inherit flaw within the WordPress software, I wonder if anything should be done to prevent this sort of attack from happening? In fact, what can be done by WordPress to help prevent this from happening? If the Simple Trackback Validation plugin is as good as what people have told me, I’m guessing it could be absorbed into core?
Congrats To Alex aka Viper007bond
Congratulations to Alex also known as Viper007Bond, creator of Viper’s Video Quicktags plugin and major contributor to the oEmbed feature introduced in WordPress 2.9. Alex has been working for Automattic through contract work for a few months and today, he has announced that he’s become a full-time employee. Another piece of solid talent picked up by the company. I imagine if I ever had the chance to attend an Automattic retreat, my head would explode from all the geekiness in such close proximity.
Backup Buddy Winners
After I published my review of BackupBuddy yesterday, I managed to talk Cory Miller into letting me give away a single and a developer membership option to two lucky commenters. I’d like to announce that Kevin has won the single membership version while Jeremy LeRay takes the developer version. In order to choose the winners, I took the comment ID number from the first comment and then the comment ID number in the last comment on the post and put them in a random number picker. After letting the picker choose a number a few times, I matched that number to the comment ID. A fair way to choose the winners I’d say.
I’d also like to thank each and every one of you that purchased BackupBuddy through my affiliate link. Purchases as well as the number of comments to the post were overwhelming. I simply couldn’t believe all of the developer version memberships that people were buying through me. In one day, I made enough money to travel to at least one more WordCamp this year if I chose to do that.
Congrats to Keven and Jeremy LeRay, backups are no longer a problem for the both of you! Also congrats to Cory Miller and the PluginBuddy team on a great launch.
Can’t Access Trash Within WordPress iPhone App
Yesterday on Twitter, I mentioned that I had accidentally deleted a comment in the WordPress iPhone app. I thought I was in trouble considering the comment disappeared and there was no way to access the trash-can feature implemented in WordPress 2.9. When I logged into the WPTavern back-end today, I was relieved to see that the comment I deleted on the iPhone was in the trash bin. Upon searching the iPhone app forums today, I didn’t find any references to the trash feature but this could have been due to the fact that the search box on the forum doesn’t appear to search the forum at all. Instead, it performs a search of the WordPress.org support forums. Not sure why those two are linked together as it makes the iPhone forum search box useless.
To make matters slightly worst, there is a trash can icon that is used from within the app that deletes comments. This causes confusion, especially when I’m used to the trash button within WordPress itself.
I’ll be filing an inquiry today in the forum to see if trash will be put into the next version of the iPhone app. Until then, don’t blow a gasket when you accidentally delete a comment from within the WordPress app.
GPL Drinking On The WP Community Podcast
Due to some scheduling conflicts with their original guests, I was invited to participate on the WordPress Community Podcast hosted by Yoast and Frederick Townes. In this episode, we spent the majority of time talking about the GPL. It was good timing since Grant Griffiths of the Headway theme was also part of the show. We also chatted about the issue of how much credit should plugin and theme authors give themselves outside of the usual spots as discussed here.
One thing to note about this particular episode. There was no flamewar or vicious GPL debating going on. Rather, it’s a general conversation with someone that has not yet decided to go with the GPL and their reasons into why. According to Grant, their current business model is working, despite the lack of being GPL compliant. Since their business is running well, the only reasons I can see them switching to GPL compliance either with the full theme or just the PHP code is to be in the good graces of Matt and the majority of the WordPress community. Being GPL compliant would give them much more advertising and more people would review the theme. I can’t review Headway and tell everyone about it because of my agreement to only support GPL compliant products as they relate to WordPress.
P.S. I was drinking Smirnoff during the show and each time GPL was said, I took a drink. I felt pretty good by the end of the show.
Big Congratulations To Ian Stewart
For those that follow Ian Stewart on Twitter, you know that he recently quit his job. He continuously hinted to something bigger happening in his life. Today, we learn what that something is. Ian Stewart has become the newest member of the Automattic team.
Today marks the first day of my employment as a Theme Wrangler with Automattic and it feels great. I’m more than excited to finally let you know what I’ve been up to for the last little bit.
According to Ian, ThemeShaper.com will be the new location for the theme team being put together at Automattic. Also, all of the child themes that contained a price tag are now free for all. Considering Ian’s work in the community with his tutorials, his Thematic Framework and his mark that will be left on anyone using the new Twenty Ten theme when it’s released with WordPress 3.0, Ian definitely deserves this position. It’s the dream job for anyone who loves WordPress with a passion. Also, Ian has recently announced on Twitter the arrival of a newborn in the near future so it has to be comforting to know that he’ll have a kick ass job to support his family.
In his announcement, I find it interesting that he mentions a theme team. Could this be a hint that more theme designers will be hired in the near future? Also, will their work be tied strictly to WordPress.com or is this more for WordPress.org? The other question I have is if the position Ian has taken has anything to do with the Theme Czar role that has been published on the Automattic Jobs page for some time. Ian certainly fulfills the requirements.
Again, congrats Ian.
Version 2 Of DiggingIntoWordPress Is Out
Version 2 of the awesome book, Digging Into WordPress has been released today. This new version includes a refreshed book cover and information about WordPress 2.9. According to Chris, right when the first print editions of the book sold out, WordPress 2.9 was on it’s way to being released so instead of re-printing the book, they decided to include an extra chapter that exclusively covers WordPress 2.9.
If that weren’t enough, the new book now comes bundled with new themes in light of a brand new chapter that describes how to perform some cool tricks with themes. The only way to get these themes is to purchase the book bundle which is available for the print, and digital editions of the book.
Bundled Themes
Even with all the new themes and 30+ new pages, the price point for the book and PDF stay the same. $27 for the PDF and $67 + S&H for the Book/PDF Combo. If you buy the print book, remember that automatically comes with the PDF which now comes as a bundle with the themes, so you don’t miss out on that action.
You can see demos of the bundled themes here, here, and here. Remember, if you decide the purchase the books through me, please use this link as I receive a cut back.
IntenseDebate Introduces Moderator Role
By Jeffro on March 11, 2010
Moderators will have access to the moderation and comment history pages. They’ll also be able to remove comments that are out-of-line directly from the comment section which is convenient. I wonder if IntenseDebate will at some point create their own user roles/capabilities system or if they will keep things simple with pre-defined roles such as the Moderator position.
IntenseDebate has also added the option to disable thumbs-down voting just in case you want to make your comment system look a little more positive. I have to question why someone would want to enable that feature. Maybe Michael can fill me in on that.
Posted in News | Tagged commenting, intensedebate, moderator, voting | 4 Responses