Displaying 1 To 30 Of 113 Comments WordPress News Sites And The Bermuda Triangle … which is the rainbow of typical humans, being what they are; people being people, amusing & entertaining themselves in all the diverse ways to which H. sapiens is so charmingly & distressingly inclined. It’s gossip & cleverness & here-hold-my-beer-and-watch-this! It’s mostly just a matter of the cost of the Internet Medium falling toward zero, and thereby affordably lending itself to whatever casual purpose & role folks can dream up. Look at what it costs to smoke tobacco or weed, drink, or – more telling yet – to engage in any of the healthful ‘sports’ … which business people ‘serve’ by selling ‘uniforms’ that participants must replace (he-he-he) with each fashion-season. Again, this trend – the effects & consequences of the falling price of information & the Medium by which it is transmitted – is plainly visible well back into history. By the late 19th C, a blizzard of ‘popular press’ publications were horning in on the technical-fields action that ‘proper’ professionals & comfortable ivory-tower academics previously held & controlled and milked as their private fiefdoms. Amateur technical hobby publication contracted dramatically following the great Hippie Revolution, 40 years back. Dozens of high-profile, profitable tech-hobby magazines fell to the way-side. Today, we are watching a steady growth of the DIY Do It Yourself field, on the Internet. This field was a serious 800 pound gorilla in the publication industry, for about 100 years. It shrunk a lot in recent decades, but is now showing a sustained resurgence on the ‘Net. Is this bad? Well, the high-brows used to pitch a fit about it. Those who wanted to run profit-oriented businesses often ridiculed the ‘homemade and kitchen-table’ crowd. Did this amateurism lead to the collapse of modern civilization? Well … rank hobbyists both constructed & programmed the first generations of Personal Computers …. and, cough, were involved in designing & coding – uh-huh – The Internet. » Posted By Ted Clayton On March 18, 2013 @ 10:11 AM @Dan Knauss -Comments Posted By Ted Clayton
Good information is expensive to create but hard to monetize…
It is the universal truth of Business, that what it costs to offer a product must be exceeded by what the market will pay for it.
This is where things are going downhill for the New York Times. They spend more to create their product than it fetches in the market.
It’s worth noting here, that the price that can got for printed-word products – Information – has been consistently falling, for several centuries. Go back to the Gutenberg Brothers, and follow the business forward. Down, down, down goes the market-price for the product.
[Iirc, the early Gutenberg Bibles cost the equivalent of 10s of thousands apiece - several years' wages - and they fought tooth & nail to keep prices as high as possible as long as possible.]
Many small web-businesses have essentially the exact same problem as the NYT. At an earlier point in history, they designed an approach to creating their chosen product, at a certain cost-point (and demand) … and then subsequently, with changing circumstances, they find the earnings they counted on can’t be realized.
It’s frustrating, and sympathy is in order. But trying to make the world safe for the NYT’s business-model is not in order.
» Posted By Ted Clayton On March 17, 2013 @ 8:06 PM
…[W]hile news “writers” are a dime-a-dozen, journalism on the Internet is rare.@Dan Knauss -
…[K]ids subsidized by their parents for a few years is a likely source of quality tech journalism… [not]Journalism has always had an indecently close relationship with politics, and even religion. It’s tough, trying to holding up one definition over others, or being the journo-police.
Social media and mobile devices are the main drivers behind recent trends in the online & desktop scene, rather than a decline of literacy or citizenship. Even high elected leaders & fancy professors are using txt-spk and 128-character discourse.
Kids in the basement are still teaching themselves matrix algebra. They are still downloading the APIs for the hot new platforms, marching through the night to conquer emerging new turf. Kids still show up in high school & college computer courses, already semi-pro & 10 years ahead of the Instructor.
Matt Mullenweg was once the epitome of what you guys are gripping about. He was just another me-too blog-script kiddie. WordPress was the object of rib-busting hilarity. “Oh dear gawg – have you seen this piece o’ CRAP?! What a drooling maroon this guy is … he should have stuck with the saxophone”.
We do live in exciting times.
» Posted By Ted Clayton On March 17, 2013 @ 1:23 PM
@Dan Knauss – Thanks for the input from an active independent developer & small-business operator!
“[Open source cum journalism] is simply not an activity that can be supported financially without being captured by a big commercial interest.”It is said of the economics of the Internet, that it tends to reduce the cost of both information and communication, toward zero.
But the clear corollary of this pop-axiom, is that making a buck off of info or connectivity therefore gets harder & harder … while the cost of engaging in the ‘Gift Culture’, as described & practiced by our author Jeffro, thereby becomes more-invitingly affordable to ever-more economically-marginalized people.
People living with their parents, as Jeffro relates, have no problem scraping up the spare change to support their online activities.
Jeffro also points out that he didn’t ‘need’ to support himself with income from his website-work … he simply needed to support himself, ‘somehow’. He would have been happy to accept an adequate income that had as it’s only major qualification, that it did not interfer too much with what he really liked doing – ie, contributing to the greater WordPress community.
There’s a lot of room online, for people who don’t care that they will never make a dime off the hours & years they happily spend participating in & contributing to open source culture & projects. Many are financially poor, but many thousands of quite successful Information Technology professionals also freely contribute large amounts of their quality expertise, to maintain & advance Open Source infrastructure.
It’s cool that you are able to make a living in your own business, doing custom web-work. It’s true that large commercial entities tend to Assimilate the small-fry, and reduce the opportunity for gainful enterprise on an independent basis. I too lament this outcome & state of affairs.
But journalism – bereft as it can seem to be – remains very much a going concern … and Open Source continues to thrive, more as an evolving, constructive adaptation to, rather than merely ‘despite’ the economic trends in play.
» Posted By Ted Clayton On March 16, 2013 @ 5:17 PM
The ‘good’ news is, this is an old story on the Internet; folks trying to build their dream website, striving to learn & deploy CMS, or flogging themselves to produce a continuous ‘news’ product. The money-thing is always lurking, and burn-out is an organic reality itself.
The ‘bermuda triangle’ effect, however, is assuredly not something peculiar to WordPress. It’s a constant of Internet culture, across the board. And before the Web, before the Personal Computer, in excess of 80% of all new small businesses failed in their first year. And that’s soft-pedalling the statistical reality.
That curation makes a lot of sense for a lot of folks is a great insight. Work can be done as time, life and interest permits. Sites comprised of real content of lasting value can be constructed like Medieval cathedrals that occupied communities intermittently for long years, often decades and sometimes for generations.
We don’t all have the instincts, aptitude and temperate to make a strong showing in business-roles. In such cases, there are normally OTHER qualities at the fore, empowering us in different roles.
WordPress is one of the best tools & venues available, for those who respond to the vision that Benjamin Franklin saw in pamphleteering.
» Posted By Ted Clayton On March 14, 2013 @ 9:20 PM
ManageWP To Soon Be Available As An iOS App
My apologies, Mr. Prelovac.
» Posted By Ted Clayton On April 25, 2012 @ 6:16 PM
Jeffro reserves the last word here for a link to another post titled:
Death to FreemiumAs one scrolls down the page to bring the article into view, it instantly jumps out that the page-header is locked on the screen. ‘eww. They framed it.’
As a strong rule, the framing of page-elements is not well-regarded. Typically, we ascribe the use of frames to lack of experience, or as indicating a weak grasp of the sensibilities of site visitors. Business-wise, it’s a downer.
“The Bakers’ Dozen” (13) is documented, going back centuries. Few would seriously question that such practices have been standard business technique, since the origin of business in the mists of prehistory. When a smart woodcutter sells a cord of firewood, the customer won’t quite get it to stack into 128 cubic feet.
There are some subtleties & fine points to observe in this game, of course. The potential for foolishness with the gambit will trip-up a few, no doubt. Kinda like pasting a frame into every visitor’s screen.
If SaneBox Blog will commit so elementary an error as to frame their header, where else might their judgement come up a tad clueless?
If Mr. Prevolac and ManageWP are successful in defining the particular marketing approach that seems to be emerging in these discussions, they will unavoidably define a contrasting approach for someone else to exploit.
Freemium & Premium have been making the world safe for each other, all along, and will undoubtedly continue to do so.
» Posted By Ted Clayton On April 25, 2012 @ 3:13 PM
The Biggest Challenge For WordPress?
“Update Notifier” does not seem to have been updated since 2010-9-20…My apologies, David; I was afraid something like this might happen. ;)
I’m not on my own platform, and don’t have access to my stuff right now. I ‘winged it’ by searching for the term that sounded like the plugin I use to do this (and which I do see come up in my Admin Updates, ‘regularly’). I regret puttin out a possibly weak pointer.
Thanks for pointing that out, for everyone who might read this.
The point does stand, though, that there are nice plugin tools to help keep on top of all our plugin-chores. (These tools become important/essential, for people who collect large numbers of plugins. For those who have only a dozen or 2, it’s not hard to keep track ‘manually’. With 100s, tho … one starts searching for tools to help with it.)
And yes … it is not unusual for abandoned plugins to continue working for long periods. If code is written ‘conservatively’, is simple and makes few assumptions about WordPress, some plugins will work close to ‘forever’, without being updated.
» Posted By Ted Clayton On April 28, 2012 @ 2:08 PM
“If wordpress are targeting new users…”Certainly, WordPress wants to attract ‘more’ users. Certainly, in the past, WordPress has been oriented toward less-technical and less-experienced (ie, “new”) users. WP was presented as an easier program to install, and to use, than its competitors. That was it’s ‘claim to fame’, and still largely is, tho it is no longer actually a small or simple program.
What WordPress’ leaders intentions & goals are today (and for tomorrow) are less clear.
The money-quote at the top of this post (from Matt Mullenweg, WordPress founder and lead developer) ends with the statement: “We might not always be the platform people start with, but we want to be what the best graduate to.”
That’s an ‘interesting’ statement. ‘Traditionally’, WordPress has for sure been regarded as “the platform people start with”, and that tends to still be the case. WP established its reputation, as being much more suitable for people to “start with”, because other platforms were seen as too-technical and overly-demanding of the user.
In fact, other platforms and their users openly mocked & ridiculed WordPress, because it was relatively simple, and easy. “Hey – if you can’t handle a real Content Management System, you can always try WordPress! BWA-Ha-ha-ha-ha!!!!”
That is, they laughed merrily until the day it became too-obvious that ‘toy’ WordPress had eaten their lunch.
It is possible to interprete Mr. Mullenweg’s words to perhaps mean that WordPress will henceforth cater to more-sophisticated users, and maybe even try to shed the ‘simple’ users who have traditionally made up so much of its user-base.
I am inclined to ‘dismiss’ this more ‘portentous’ way of interpreting the quote, and lean toward taking it as ‘innocent cheerleading’.
Afaik, WordPress is in fact the tool for ‘simple’ users, has come to wield global influence by virtue of its acceptance & use by the unwashed masses, and has no intention of slaughtering the Golden Goose.
Still … stranger things have happened. There are problems & shortcomings with WP’ defacto user-base. They are mostly freebie-folks, and don’t have a budget to spend. WP must contend with general evolution of the Web scene; must look to how it might ‘capitalize’ or ‘go public’, one day. Maybe WordPress’ formula-for-success must change.
» Posted By Ted Clayton On April 28, 2012 @ 1:37 PM
… “I am of the mentality that if it isn’t broke, don’t fix it”. To be frank, I was shocked at the lack of understanding and unwillingness to upgrade.Firefox’ basic public-relations problem is not that a few users will still be running “a very old version of firefox”, but rather that all users are being forced to upgrade very recent versions of the software, very frequently.
Users have long tended to harbor suspicions about the motives of software developers, particularly when they are asked to allow the developer greater access to & control of their own computer and the resources installed on it. That is how many perceive the new mandatory update policy of Firefox.
Scratch the surface of public attitudes toward the Internet, and we find concerns about its potential to serve as a tool of ‘Big Brother’. We are bombarded by news of sleezy and underhanded maneuvers on the part of such recognizeable developers as Google and Facebook, to, if I may be forgiven the crudity, “screw” the user.
There is a significant, on-going loss of credibility with the public, for developers who claim that they need more control over end-users.
» Posted By Ted Clayton On April 28, 2012 @ 10:58 AM
There should be something within wordpress that informs the user that the plugin(s) they are using are out of date and do not work with their version of wordpress.I read @your message to Ipstenu with considerable interest. Thank you for doing the work to survey users of your plugins, and for sharing the results.
There are ‘reasons’ why WordPress does not support Karen’s desire to “arbitrarily” organize her photos. Any single such prospective solution will leave many/most prospective users dissatisfied, since folks have many different ideas & (often unrecognized) assumptions about what they want to achieve, in organizing pictures.
Likewise, there are ‘reasons’ why WordPress is not currently implementing an ‘Out-of-date’ notification for plugins, built-in. It’s a trade-off that delivers certain good things, at the cost of various undesirable effects.
As your survey makes clear, huge numbers of folks using WordPress are running ‘out-of-date’ plugins. When notified about it, even by the developer himself, most choose to do nothing. Where does that leave you?
Would it be any different, for WP to notify users that their plugins are out-dated? You couldn’t get them to update, just by informing them: how would it be any different for WP?
You (the plugin developer) could install “Death Code”, to prevent a plugin from working after a certain date. When that date arrives, you will suddenly have many unhappy customers, and your days in business will probaby be brief.
WordPress can require that each plugin be properly credentialed, and refuse to run any that aren’t ‘approved’. Then, they would suffer the wrath of users, instead of you. ;)
David, your own research & data show clearly that simple “notification” that a plugin is out-dated, does not lead to up-dating. The customer sees that her out-of-date plugin is actually still doing what she installed it to do, and she sees that you are not going to hit her with a big stick … and so she continues doing what she is doing, old plugin & all.
There are strong benefits for WordPress, that authoring plugins is something that can be done by people who would scarcely qualify as ‘programmers’, and certainly are not ‘developers’. It enriches the WP platform, that in the repository are many plugin-codes that are ‘hobby-grade’, and could not be offered or supported by a ‘proper’ developer.
Could we get rid of the riff-raff plugin authors? Clear their crappy little codes out of the Extend repository? WordPress could make the decision to do that, and install the means to enforce new policies. Maybe one day they will go that way, but obviously they are currently accepting a certain amount of messy ‘downside’, for the fertile upside factors that come along with a relatively ‘wide open’, ‘Come One, Come All’, ‘Wild West’ environment.
And indeed, why should the WordPress core-code perform this update-notification service, when it is such a nicely-defined role for a Plugin? We have developers who seem to be doing a good job, authoring & maintaining plugins to provide this function, for those who want it. Please see eg, in the WordPress Extend plugin directory, Update Notifier.
There are several other notable plugin-maintenance plugins available (which I use), typically authored by high-quality plugin-authors, for any user who cares to be diligent about their installed plugins. It is not necessary for WordPress itself to do this.
» Posted By Ted Clayton On April 28, 2012 @ 10:10 AM
The first such plugin that I have retrieved from my archive is Media Library Categories, by Hart Associates.
To get that link into the WordPress Extend directory, I searched in Admin; clicking Plugins, then Add New, then typing ‘media categories’. There are ‘a number’ of very similar titles (263 total returns, tho they will soon include off-topic items).
I then modified the search-term to ‘media tags’, and at the top of the list of 540 returns are 2 titled “Media Tags”. (Images are of course refered to as “Media”…)
To minimize the likelihood that future WordPress changes might bring heartbreak & anguish to someone who builds an edifice on top of options or facilities provided by 3rd-party plugins, try to pick from titles that are popular with others, and seem to be well-used (or that are very close to what WordPress itself does, anyway). WP will try to avoid leaving such installed user bases ‘in the lurch’, as will an involved & active plugin-author.
Likewise, try to avoid ‘too-clever’ or ‘unusual’ or proprietary approaches which WordPress will feel less obliged to support or avoid ‘breaking’.
Be cautious. Move slowly. Do your homework, first. This is one of those areas or fields where it is said: “Fools rush in where angels fear to tread”. :)
Good luck!
» Posted By Ted Clayton On April 27, 2012 @ 9:00 AM
@Karen -
[Is WordPress] really usable if you have a lot of photos or media that needs to be organized by groups or folders?This is a favorite challenge of mine, too. And, although he is better known for his musical interests, WP founder Matt Mullenweg also is a serious shutterbug. He has a photo collection well up into 5 figures, and has struggled “publically” with how to manage them.
The direct & honest answer to this question (‘How useful..’), in a nutshell, for you, me & Matt, is ‘Not very’ … tho by thinking outside the box, and being flexible, ‘oneself’ (instead of insisting that the key flexibility is in the tool), useful approaches/solutions can be had.
Number one on my wish list would be flexibility & options in how I can organize my media.
WordPress achieves or is able to offer “flexibility & options”, primarily through plugins (and sorta through themes … of which there are ‘photo-blog’ types (etc) specifically aimed at the ‘images problem’).
WP itself might offer ‘some’ solution (in any given area), but offering a ‘pick & choose’ or ‘mix n match’ array of solutions is usually going to be left to plugins.
There are plugins that (try to/purport to) offer what you ask for. And they do it in different ways, using different strategies. I have installed several of them and looked at their Admin interfaces and database tables.
But again, the honest truth is that the general idea of ‘organizing’ images is a tough nut, even for such entities as the CIA and FBI. Our military and Pentagon struggle valiantly with the same media-issues that confront us. Hollywood quietly pulls their hair out.
It is said that in any challenge or confrontation, the first step should be to “Know the enemy“. Just what are we actually ‘up against’, when we set out to organize photographs?
» Posted By Ted Clayton On April 24, 2012 @ 11:36 AM
Matt Mullenweg said:
WordPress’ biggest challenge over the next two years, and where we’re focusing core development, will be around evolving our dashboard to be faster and more accessible, especially on touch devices.
This is a pervasive phenomenon in computer science & engineering, today – to prioritize the case of the ‘small/mobile device’. Or as Matt identifies them, “touch devices”.
It’s pretty hard for me to grasp, or get my head around, the suggestion that the context of a desktop computer, and that of a cell phone, can be addressed as equivalent. That serious software people are shoving all their chips into the kitty, betting on cell phones as desktops, and desktops as cell phones. That they are betting the farm that the cell phone and the desktop can be married at the point of a shotgun, and everyone will live happily ever after.
I’ve scratched my head at this unlikely-seeming proposition for awhile now, watched it evolve at Ubuntu/Canonical, read how Microsoft and Apple (not such a long stretch) are working feverishly on their own versions. KDE and Gnome are turning themselves inside out to be part of the trend. And taking real damage to their ‘actual’ desktop usership.
In fact, “touch devices” were highly developed in the mid-1980s. Hobbyists built mis-named “light-pens” with a discreet optical sensors in the tip, a small electronic shaper-circuit in the barrel, and a cable or wire that reported to the computer. This light pen (touch device) would identity a spot on a raster screen (computer monitor or TV) to within a single pixel … and the computer then provides visual feedback of what is being pointed at (with a cursor … yeah, before the mouse). There were dozens of commercial and freebie models, in the 1980s.
Early IBM PCs were the market for a large range of special voice-recognition chips, and the Commodore-64 et al had built-in Analog to Digital converters which in part met the interest in software development for small-vocabulary voice-input (you spell individual letters, resulting in a sort of “ASCII-speech”).
This is old stuff. OLD. Alternative input devices and IO formats have been the rage for decades. We had a very highly developed community built around the Palm-Pilot devices. Several tens of thousands of mostly small but often impressive programs rather strikingly like WordPress plugins were written and shared freely. Called ‘hand-helds’, they were of course touch devices.
Yet now, ‘all of a sudden’, the “touch device” tail is swinging the desktop computer dog’s-body. Really? Amazing as it seems, there is no doubt that Leadership has gone all-in for it.
On the face of it, the phenomenon seems to be a illusion or mirage. To have cell phones is great. To have desktops is great. To think these two things are, can be, or ought to be transmogrified into essentially ‘the same thing’, seems like one of those unforced errors on major steroids.
=====Is the real explanation ‘the girls’?
Is it really that computers have historically ‘scored’ so abysmaly with females … and now they are growing up inseparable from their (cell) phones? That no “sane” leader in the computer industry can fail to try to make his (yes, his) product seem equivalent to a cell phone? Whether it makes a lick of sense or is at-all likely to suceed?
So … now “choice” is Bad, authoritative designers are informing us. Why? Because you can’t have very darn much choice on a cell phone, obviously. Because girls Like cell phones. Because cell phones are the only form of the computer that has ever aroused a meaningful level of enthusiasm from the female gender.
Is that what this is really all about?
» Posted By Ted Clayton On April 19, 2012 @ 9:18 PM
What Dev4Press Thinks WordPress Needs
Millan in particular has contributed strongly to WordPress. Users, other developers and Team-WP all benefit.
Developers differ/vary a lot. They are both ‘coming from’ and ‘aiming for’ different places. They would not/do not agree on the merits & ranking of functionalities “important to developers”.
And how could it be otherwise? Users – whom develpers server – are themselves ‘totally all over the map’, representing a huge range & diversity of motivations & objectives. Different developer-shops try to build businesses with different parts of a spectrum of sometimes sharply contrasting user communities & needs.
The WordPress Team has a very complex scene to take in, and balance. I myself – gasp! – do not agree with every call they make.
» Posted By Ted Clayton On April 19, 2012 @ 11:05 PM
Ignoring developers…I too agree with Otto:
… [T]hat is a very developer oriented list.Team WordPress of course pays considerable attention to “developers”. The developer community is not, and isn’t about to be, ignored.
» Posted By Ted Clayton On April 19, 2012 @ 9:44 PM
Close Or Leave Comments Open On Old Posts?
Finding comments closed tends to create a somewhat ‘adversarial’, vaguely ‘hostile’ atmosphere for some visitors. It’s not desirable, certainly, in & of itself.
I frequently read old Posts, even seriously old. I am reading posts 4-6 yo, routinely, and posts that have been up a decade are by not means unknown. I don’t often comment on them myself, but I do often see others who have and are currently ‘chiming in’.
Sometimes, due to context, someone comes back to ‘late’ commenters, saying; ‘Hey, the post is 2 (6) years old! It’s all done & over!’. Then you get a little round of ‘omg!’ and ‘lol!’.
WordPress’ problem with comment-spam is WordPress’ problem. They own it, really. For the WordPress world to be all hands-on-hips & glaring & huffing & puffing about spam … hey, WP bought the model, built their whole gig around an obviously spam-vulnerable scheme … so really, WordPress (and those who jump on the bandwagon & buy into WP) need to kinda suck it up & go with the fact that this is the price of the game they chose to play … and not be pushing it off onto visitors to carry the burden & pay the price.
Making the priority the Admin or staff convenience is not the best way to go … tho sometimes it has to be. If spam is too much of a hassle, that area may just need a bit more resources invested in it.
It could for sure help, to have different spam-control methods on Posts of different ages. Keep current-topics wide-open, then after a week or 2 or a month, make the commenter jump through a little bit more of a proof-hoop, and finally after a few months or so, shift the burden of proof that one is a human more-fully to the visitor. We have the templates & CSS to support that. A plugin could probably be forthcoming.
That way, you got the free-flowing action for current stuff, and more-effective spam-security for the old stuff … without slamming the door & shoving the bolt home.
====I believe there is an SEO benefit to having on-going commenting … and that optimally, the clever Admin will even find ways to actively encourage continuing input on posts. You realize, eh … this is substantially the explanation for the fact that I am reading *old posts* … and seeing comments still being made on them. The Engine is showing me the ‘active’ stuff, ahead of the shut-down archives. Hmm? :)
» Posted By Ted Clayton On March 24, 2012 @ 6:24 PM
WordPress Not The Direct Cause Of Mass Site Attacks
@DLE -
[F]or anyone who wants his or her site to be bulletproof[, the] WordPress [model] simply can’t deliver that promise.While that is technically true, it is true only because “bulletproof” is not available.
There is literally no website, anywhere, at any level, that is bulletproof. Not the Pentagon, the Kremlin, the CIA, Microsoft, Google, you-name-it. They’ve all been hacked. Not ‘could be’, not ‘are vulnerable’, but, quote “have been hacked”. Repeatedly. Every one of them.
There is no amount of money or expertise that can make any website bulletproof.
There is no alternative to WordPress that can make your website bulletproof. Drupal? Joomla? Bulletproof? No.
What can we do?
1.) Do backups.
2.) Keep copies of the site. Localhost. Mirrors. Duplicate hosts.
3.) Learn to actually restore from backup. Rebuild. Mirror. Localhost.
When an exploit goes ripping through gigabytes of stuff in a government site, or in a major social media site, do they “fix” all that mangled content? Heavens no. It could take centuries. No – they just switch to a copy.
If you are fairly modest in scope, you just perform backups, and if something bad happens, you wipe the site slick, and rebuild with a fresh copy of WordPress (or Drupal, Joomla, etc) and your backup file. If you are getting pretty seriously-big, then you make mirror copies of everything, real-time.
In a few hours, a few days, you’re back in business. “Fixing” compromised website is oh-my-gawd the hard way to do things.
==========If we don’t quite understand a plugin or theme, we don’t contact WordPress about it, because we know that it isn’t theirs, they didn’t write it, and they aren’t supporting it. We know that questions about a plugin/theme have to go to its author.
The plugin/theme author is responsible for her own code. It is our decision to put that author’s code on our website. We the site owner is responsible for 3rd-party software additions that we make to WordPress. Not WordPress.
Many of us ought to do more looking-into a plugin, instead of just reading a one-line blurb, and clicking “Install”. (This is a personal weakness of mine … but these days I don’t activate them right away. I stick them in ‘quarantine’ while I read their docs, peek at the code, and do some searches using ‘plugin-name’ with words like ‘broken, “doesn’t work”, problem, sux’, etc.)
The problem of ‘dirty’ plugins and themes is not nearly as big as it once was. WordPress made the Extend Library, so that they can enforce some basic standards, to weed out obvious bad apples. This is a huge help. Problems with add-ons are diminishing.
It helps to pick plugins that are small & simple, and/or broken down into small & simple components, which work together in a transparent way. If the code is small/simple, then it is harder to hide crap in it, and – most importantly – it is far more likely that someone knowledgeable has or will spend the time and make the effort to study the code and understand what is there & how it works.
Hairball, bloated, Gotham City code makes the task of investigating a plugin too much of a challenge. People who have the ability to do this, have too many other things to do with their lives, than to get tied up doing heavy-duty, long-term forensics on a freakin’ bad plugin.
Go for the small & simple plugins. Make a conscious effort to replace the big, does-everything plugin, with several that do one thing each. There is a logarithmic/geometric complexity-cost, with do-everything plugins.
When an issue arises with a small code, it is approachable/addressable. When the big one goes bad, the effort to tackle it is prohibitive.
==========My condolences, DLE, on the bad experiences you’ve had with WordPress. I know these things happen, and that the personal impact can be severe. My apologies, too, for riffing off on your straight-up report with a bunch yeah-buts & ya-knows … but you gave me such a great opportunity. :)
» Posted By Ted Clayton On March 13, 2012 @ 6:16 PM
@Terence -
That you are a WP-Config.php Heretic, and Blaspheme the security of WordPress is, in & of itself, not what invites my Torquemada upon you.
Rather, your feet are held to the fire on this spurious assertion of Config-danger, because this is no ordinary WordPress chit-chat and back-scratch blog. A link to WP-Tavern is installed on the Admin Dashboard of every WordPress installation out there, and many newcomers & novices could be in the audience.
It is not necessary that I save your eternal soul from the awful fate your willful words incur, but we do wish that the many supplicants who may come here seeking WordPress enlightenment, are not led astray.
You have modified your impetuous config-assertion to :
[T]he SQL credentials [in wp-config.php] are in a known location and often. through inexperience or carelessness, not as well protected as they might be.The SQL credentials are safeguarded in what amounts to a nuclear bunker. Is a nuclear bunker actually perfectly unassailable? No, it is not. But the fact is, the Read-Permissions that you do not have in order to access Chip Bennett’s wp-config.php file (go ahead. you know exactly where it is. you can’t, can you?) place the config-info behind the software version of a steel-reinforced concrete wall.
These config files, which everyone has, are seriously secure. There is nothing off-hand, casual or in any way even faintly irresponsible about the way that WordPress handles these data. Other website softwares use the same method. It is safe, secure, and sensible.
Now then, Terence, lay down upon the Rack. You will feel so much better when we have freed your spirit of these demons.
- Ted the Terrible ;)
» Posted By Ted Clayton On March 13, 2012 @ 10:40 AM
The Securing wp-config.php sub-section of the Hardening WordPress page in the Codex says, in its entirety:
You can move the wp-config.php file to the directory above your WordPress install. This means for a site installed in the root of your webspace, you can store wp-config.php outside the web-root folder.Note that wp-config.php can be stored ONE directory level above the WordPress (where wp-includes resides) installation. Also, make sure that only you (and the web server) can read this file (it generally means a 400 or 440 permission).
If you use a server with .htaccess, you can put this in that file (at the very top) to deny access to anyone surfing for it:
(code omitted: see link)
The key thing to note here is:
“Also, make sure that only you (and the web server) can read this file (it generally means a 400 or 440 permission).”
Since read-permission for the file restricts access, the fact that the file is ‘just laying there’ in a specific location on *everyone’s* server … makes it effectively ‘not there’, to everyone but “you”, and “your server”.
I think the rationale in suggesting wp-config.php “can” be moved, is that it offers an added level of security, if your server is compromised and access were possible through it. I believe that is a rare occurrence.
» Posted By Ted Clayton On March 12, 2012 @ 6:47 PM
@Terence -
You need to – actually – “make your case” that wp-config.php is providing the means to compromise sites. You aren’t doing that.If you have serious accusations to make, you need to do right by yourself, by making them well.
You might need to do homework. You certainly need to find & present some specific evidence.
I understand that this config info might look like an exposure. However, Terrence, Ipstenu points to the key clue/fact – that these files exist and are not leading to issues.
I think there are other elements involved, that forestall the scenario you think config-info is posing.
There has been a problem, but again, the wp-config.php file was not involved.
» Posted By Ted Clayton On March 12, 2012 @ 6:13 PM
In its discussion of the exploit, the Sucuri article (linked above in this post) does not mention the wp-config.php file. There is no indication that it is involved at all.
Sucuri then links to a previous post of theirs, Malware Campaign from .rr.nu which offers more info on how the exploit is (and isn’t) being conducted.
This is an organized campaign.
To repeat the repetition – Sucuri says:
We can safely rule out any new vulnerability on WordPress itself.It should be noted, that older versions of WordPress could be the target, in part simply because older versions have been available for study, longer. Given time, the current version could prove vulnerable, too.
Does that mean that Matt Mullenweg is a security silly-goose and his product is a threat to Civilization? Probably not. Recall, that the CIA, FBI, Microsoft, Google, etc, are also subject to attacks, with some interruptions and other problems resulting.
It has more to do with ‘the price fame & prominence’.
» Posted By Ted Clayton On March 11, 2012 @ 5:03 PM
Interesting Take From A Female Developer
More-worldly folks, those with larger & ‘higher’ levels of social experience, tend to learn not to express the obvious, when it may (oops) be unwelcome.
When I was a kid, my small taste of it was … “(smile) You look like Paul Newman”. When I was little, I kinda liked the famous actor. When people wanted to interact with their perception of my resemblance to him (instead of “me”), I came to resent the guy, a bit.
At our country general store, a nice girl works the counter, stocks shelves. She is very tall, I will say surely in excess of 6 and a half feet, very possibly pushing or actually, 7 feet. And she is massively and powerfully built.
The store is actually a ‘tourist attraction’, very quiant & delightful to visitors. The post office is in one corner, so we go in the store often. It is also our gas station. Well … the looks we see on visitors faces when they see her … and my cringe when someone blurts out the obvious … are all-too-familiar.
Of course, the truth is, she is quite startling. She is, indeed, quite an “anomaly”. As, indeed, are female web developers. “Wow! A girl! [hey! shush you fool!]”
We hope that folks ‘catch’ themselves, before expressing their surprise at suddenly encountering a striking anomaly … when that anomaly is another human person, with feelings, who gets sensitive to having something that seems irrelevant, made the ‘center of attention’.
But it will still happen.
» Posted By Ted Clayton On March 1, 2012 @ 11:18 AM
2012 Theme Customiser In WP 3.4
I was unclear if this is for only the new “2012″ theme, or would affect any well-made theme (and could not view your linked tweet).
But I see in your Trac-link, Koopersmith says:
One of the main goals here is to make it easy for plugins and themes to add to the customize controls and preview without having to unbind large portions of core code.That sounds like this control will be a generic UI element that any theme could be given (or plugin!). Hmm!
Is that correct?
» Posted By Ted Clayton On February 29, 2012 @ 6:30 PM
500 Plugins To Possibly Be Purged From The Repository
@Andrew Nacin -
What I’m getting at is, even under the widest definition — including people I interact with in the community, ranging from contributors, to forum volunteers, to users I might meet at a WordCamp — I have not heard of a Ted Clayton, I’m afraid.That’s right Andrew. I have no role with WordPress.
I do think that Ted works in some larger organisation because I have experienced how companies and organisations change as they grow.I’ve been self-employed for decades, work on my own or sometimes with or for other self-employed people.
» Posted By Ted Clayton On February 28, 2012 @ 12:20 AM
@Tim H. -
As an after-thought…. I’ve probably authored a good dozen or so WordPress plugins that I would provide to the community if I actually thought my time would be worth it to others (they could actually find them). I’m not too interested in providing a free working product if I have to jump through hoops to give it away.@Terence -
I have to admit that’s an aspect I totally overlooked — the number of authors who have valuable, if not unique, contributions to make, who are totally put off by the intransigence at WP which for years hasn’t been able to see this particular nose in front of their face.There is a plugin that might be of interest:
Self Hosted PlugingsThis plugin helps you to self-host your WordPress plugins on your own site. It even uses an extend/plugins/ structure
When I first went to host my plugins on my own site, I was surprised that there wasn’t anything out there to help me with the tricky job of deploying updates. WordPress has updating built into it, but it’s not easy to apply that to plugins hosted on your own site.
Until now…
» Posted By Ted Clayton On February 27, 2012 @ 10:25 PM
Sorry that I seem to be sowing consternation, Don. I must make a quick reply now, to leave soon for an outdoor workday away from all comm. I’ll carefully address this tonight.
As admitted, I have not used the SearchWPPlugins tool. And, conspicuously, no one else is reporting doing so, either – and until we are seeing a pattern of ‘satisfied’ user-reports (this is the ‘proof of the User Interface pudding’, as always … but Especially with database interrogation tools) we remain at the ‘Hmm! Interesting!” stage. I do think it is interesting, and from me, that is positive input! :)
We are all familiar with the phenomenon of ‘Editor Wars’. This refers to differences of opinion, often very strongly held & defended, about the merits of different Editors – all of which may be fully professional, mature and polished software tools.
Well, slightly less visible to the general crowd, is a much more severe conflict & struggle, over the tools & methods for getting what is wanted out of an existing Database. “SQL” itself is a direct acronym for the REAL challenge of preparing User Interfaces for databases. It’s ALL about trying to get what’s in there, the way you want it.
I am thinking about, and I suggest others roll it around too, how to construct cases that will show in a reasonably ‘scientific’ way that the SearchWPPlugins does things better than the WordPress.org facility … and for extra credit, ‘vice versa’! We need ‘set-ups’ that will allow for ‘meaningful’ comparison of two different facilities.
Of course, it will be necessary to FIRST actually learn to use it, and gain some minimum level of skill/competence with it. It may seem totally transparent to its creator & author, but that may not be what newcomers are experiencing.
Later! – Ted
» Posted By Ted Clayton On February 27, 2012 @ 9:42 AM
@SearchWPPlugins -
I tried 3 times to Subscribe, Don, but each returned a Captcha error. They were clear & easy to read. – Ted» Posted By Ted Clayton On February 27, 2012 @ 12:25 AM
@Mike Schinkel -
Let me do some digging on this, and clue me further as you think is indicated. I would like to stay with this, and follow through on it. I will return to the Trac page, where I noticed you, and bear down on it.I have known of this general problem/issue/fear, since the early days of OS. I am aware that conflicts/incompatibilities with Apache have steadily become more prominent, and will get up to speed on the details here.
I think we can take it, that DotOrg wants a plugin library that gives them recognition, and draws users, ‘in & of itself’. Ubuntu is pushing 40,000 Debian-vetted & supervised projects … “at the push of a button”. Apple, Google, Firefox … all the big kids are doing it, and it’s big.
I think this is resolvable. I have a heavy money-day tomorrow, but will be back late in the afternoon (Pacific).
Ted
» Posted By Ted Clayton On February 27, 2012 @ 12:04 AM
«« Back To Stats Page@Ted, what do you mean: “… but, but – has anyone actually tried using this thing??”
Don’t you like it? Am open to suggestions.
Don”Hi Don! Good to see you on the thread!
There were several ‘levels’ intended in my theatrical question.
First, although several here have expressed pleasure at finding your site, praising it, none have related an experience using it. Have, indeed, these folks taken it for a test-drive? (And the corollary – is the site itself receiving growing & return-usage? Indicating that it is meeting needs & proving useful? I know too, that a ‘discovery’ process may be necessary, and your server-logs thus far, may not be a good reflection of potential.)
Second, the default search facility on SearchWPPlugins is only slightly different than what we have on the official WordPress plugin repository. (‘What’s all the excitement about’?)
Third, what is actually significantly different on your project, is the Boolean Operators option … which nobody has mention. “Holy cow! Didja get a load a that guy’s Booleans!?!?” Not a peep.
I’m seeing the Boolean cheat-sheet on the About page. I stumbled into it, snooping around. I have since flipped back & forth between the Home/Default Search, the About page (cheatsheet), and the Advanced Search page (which looks like the Default) … and I’m not noticing any other connection between the Search interfaces, and the Booleans-guide, other than by clicking on the About link. That is not real intuitive.
Booleans are the potent stuff here. The rest is available on DotOrg.
Have you guys been using it? They didn’t answer, eh?
I am intrigued & hopeful, Don. “I provisionally like it!” I have not actually tried it. It needs to be compared with functionality already centrally available, and the Boolean tools require study, and testing. I’m not negative, but I am cautious. :)
Ted
» Posted By Ted Clayton On February 26, 2012 @ 11:22 PM