Category Archives: CMS

WordPress Collapse-o-matic plugin retired

For anybody using the very handy Collapse-o-matic plugin on WordPress, according to a (slightly vague, and difficult to find) support post, it’s being retired due to ongoing security issues.

The plugin provides an expandable section in blog posts.

Fortunately WordPress now supports this natively via the Display block type. Some people are hunting around for other plugins with additional functionality, but Display looks good to me.

One issue I had was finding which blog posts used Collapse-o-matic.

The solution I found was in the WordPress admin posts page, search for [expand

Then it’s hopefully easy enough to move the relevant content into a Display block, and deactivate the plugin.

For anybody else using WordPress, this is probably a nice reminder to review WP plugins and check for any other vulnerabilities that haven’t been widely advertised.

WordPress issues and Cloudflare

Cloudflare will speed up one web site for free. I’ve used it a fair bit over the years for my main blog, and it seems to have been pretty good.

Recently I struck some issues:

  • I could not save a post with the word “Casin0” in it. (actually spelt with an “o”; I was referencing the town in NSW.)
  • Sporadic “Updating failed. you are probably offline” errors from WordPress when trying to save (existing) posts
  • Sporadic image upload failures

On the first I temporarily gave up and spelt it with a zero. This is still unresolved, and it affects this blog too. It’s probably a web host issue – a security filter somewhere.

But while researching the second issue, I saw a reference to Cloudflare, and tried turning it off. It resolved it immediately. I suspect it was the cause of the third problem too.

Now I’ll need to more thoroughly investigate WordPress caching. The W3 Total Cache free plugin seems to do an okay job.

UPDATE: And then the error started coming back, but only for saving new posts – not editing existing ones. It seems I need to keep investigating.

One problem I’ve had is WP Multi-site seems a bit dodgy, at least with my setup. There are instructions for turning it off here.

Still worth trying turning off Cloudflare if you’re having issues though.

WordPress’s autosave freezes up

I’m glad it’s not just me: WordPress’s Gutenberg editor is very nice, but it has an autosave feature which gets stuck regularly.

Very annoying. If you browse away, you lose changes. You can’t do a conventional Save Draft while the autosave is stuck.

It’s not constant, so I’m not really sure how to fix it. But there are a couple of workarounds.

1. Noted on this thread: add this to wp.config:

define(‘AUTOSAVE_INTERVAL’, 86400);

(that’s a full day, so it should rarely be a problem then)

2. This method seems to work for me:

  • Press Ctrl-A twice, to highlight the entire post text
  • Ctrl-C to copy it to the clipboard
  • Paste it into a text editor. You’ll see the WordPress markup, which shows <!– wp:paragraph –> at the start of each paragraph.
  • Jump out of the draft. Ignore the warning about losing your work
  • Go back into it. If it’s like what happens with mine, anything since the previously successful draft save will have been lost
  • Ctrl-A twice to highlight the entire post text, then Delete it all
  • Then Paste from your copy in the text editor. The entire post should be back, including references to articles

Okay that’s a lot of steps, but for an occasional problem, seems like a reasonable workaround, especially if fiddling with the wp.config isn’t your thing.

Comment numbering on WordPress

One thing I find quite handy on my blog is comment numbering.

I had it for a little while ages ago, and people liked to be able to say they were responding to Comment Number Whatever.

Alas, whatever mechanism I had been using stopped working.

If you Google for it, you’ll find any number of hints and tips pages from about 2013 which refer you to Greg’s Threaded Comment Numbering plug-in… which is no longer maintained, and no longer works with new versions of WordPress.

Thankfully I found a way that works – and it’s actually simpler.

The new ability to add custom CSS into Themes means you can add this:

li.depth-1 {
    list-style-type: decimal;
}

There are further tweaks you can do if you’re using threaded comments, but the above works for me.

One catch: On some templates, a comment by the blog author is highlighted. This may suppress the numbering for that comment (so it misses out). It’s doing that on my personal blog template, but not here on geekrant. I’ll look for a fix for that.

Comment spammers try to get clever

On my personal blog, on a post about the Melbourne public transport smartcard Myki, this comment popped into the moderation queue:

I found another very uefsul behaviour this morning.I don’t touch off when I get home at night. While, this seems weird how do they know I got off in Zone 1 (for which I have a pass) and didn’t travel into Zone 2 (for which I should be charged Money)? But, the fare manual says that if you have a MyKi Pass and you touch on in a zone for which that pass is valid (Parliament in my case) then there is no default fair.So, every morning when I touch on, it tells me deducting fare for previous trip . Which is $0.00. Cool.This morning I forgot to touch on some power issues on our line, got to chatting with the Station Hosts, just forgot. When I got to Parliament, I fully expected the gates to deny me egress and I’d have to do the silly thing where you act exasperated and they just wave you through the end gate even though you’re holding nothing but a wallet in your hand (MyKi works while in the wallet).BUT, it let me through. Seems that it’s happy enough that I started a trip (at Parliament) last night, spent 16 hours travelling and ended my trip back where I started. So it let me out basically a touch off of the trip home last night.Bizarre. But uefsul.

At first glance, it looked on-topic. But I was suspicious because the user link was to facebook.com/profile.php?id=XYZ (I’ve removed the ID) — and it came in the middle of a bunch of other (less-relevant) comments linking to similar URLs.

Googling around for key words in the comment, I found that it’s a copy of a comment from a completely different blog, with various misspellings inserted, and paragraph breaks removed. The original:

I found another very useful behaviour this morning.

I don’t touch off when I get home at night. While, this seems weird – how do they know I got off in Zone 1 (for which I have a pass) and didn’t travel into Zone 2 (for which I should be charged Money)? But, the fare manual says that if you have a MyKi Pass and you touch on in a zone for which that pass is valid (Parliament in my case) then there is no default fair.

So, every morning when I touch on, it tells me “deducting fare for previous trip”. Which is $0.00. Cool.

This morning I forgot to touch on – some power issues on our line, got to chatting with the Station Hosts, just forgot. When I got to Parliament, I fully expected the gates to deny me egress and I’d have to do the silly thing where you act exasperated and they just wave you through the end gate even though you’re holding nothing but a wallet in your hand (MyKi works while in the wallet).

BUT, it let me through. Seems that it’s happy enough that I started a trip (at Parliament) last night, spent 16 hours travelling and ended my trip back where I started. So it let me out – basically a touch off of the trip home last night.

Bizarre. But useful.

It seems the spammers are trying to get a bit more clever at sneaking their comment posts past moderators.

I still don’t know why, given WordPress has used NoFollow on their comment links for about ten years now.

Hacked!

It seems this blog got hacked recently. A couple of posts had the following code inserted into them:

	 
/* < ![CDATA[ */
var quicktagsL10n = {
	quickLinks: "(Quick Links)",
	wordLookup: "Enter a word to look up:",
	dictionaryLookup: "Dictionary lookup",
	lookup: "lookup",
	closeAllOpenTags: "Close all open tags",
	closeTags: "close<div style="display: none"><a href='http://buycheaplasixonline.org/' title='buy cheap lasix'>buy cheap lasix</a> tags",
	enterURL: "Enter the URL",
	enterImageURL: "Enter the URL of the image",
	enterImageDescription: "Enter a description of the image",
	fullscreen: "fullscreen",
	toggleFullscreen: "Toggle fullscreen mode"
};
try{convertEntities(quicktagsL10n);}catch(e){};
/* ]]> */
 
 
	 edToolbar() 
	 
...(post text)...
	 
	edCanvas = document.getElementById('content');

This was on WordPress 3.2.1. I’ve now updated to 3.5; hopefully this won’t recur, but it’s something to watch out for if you’re running blogs using older versions.

Blogger introduces country domains, breaks some addons

Blogger has split itself into separate country domains, such as blogspot.com for US, blogspot.co.uk for UK, blogspot.com.au for AU.

But what’s really puzzling is that these apply to the user, not the blog. The blog may be visible on a multitude of different blogspot country domains, dependent on where the user is located.

This has broken a number of addon tools, such as commenting and social networking.

More details at Girl Does Geek

Google’s information on this

How to override it (though it only lists a few of the country domains; you’d need to find as many as possible to add in to make it work for everybody)

— It rather appears that Google/Blogger didn’t think too carefully about this.

Microsoft’s open-source CMS

Interesting — Microsoft has launched its WebMatrix open-source web development bundle, as well as the first version of its open-source “Orchard” content management system.

Wonder if these means MS has WordPress, Joomla and Drupal as its targets? Perhaps it’s realised that having some kind of open-source CMS is vital to winning the hearts and minds of web programmers, and weaning them off PHP and MySQL back to ASP.Net and SQL Server.

(via Mary-Jo Foley)

Keeping old content

Unlike many organisations, the BBC has a very enlightened policy on leaving old content up on their web site.

Among other things, it says:

Our view is that these pages often contain a lot of information about the programme or event which may be of interest in the future. We don’t want to delete pages which users may have bookmarked or linked to in other ways.

In general our policy is only to remove pages where the information provided has become so outdated that it may lead to actual harm or damage.

If only more web sites took this view.

Working on the server

Upgrading to WordPress 3, that kind of thing. Hold off new comments and posts until done. I’m also moving servers.

If you can see this, it’s done!

Here’s the process I’m following for moving these various sites:

Take an export of the database.

Run the SQL: update wp_posts set comment_status = ‘closed’ so nobody comes in and writes a comment subsequently lost.

Import into the new site and upload the new WP installation and the old theme and images etc onto the new site.

(I’ve found my new web ISP’s DDOS protection gets antsy if I use the default Filezilla setting of two simeltaneous connections.)

Hack the hosts file to look at it while getting it perfected.

Run /wp-admin/upgrade.php and let it upgrade the database

Go into the Admin screens, to the Permalink settings and save the default so the .htaccess file is updated

Apart from then switching the registrar so the domain looks at the new IP address, that’s about it.

Will also re-load the old .htaccess settings like the deny list for the big-hitting bandwidth thieves.

And I’m installing the W3 Total Cache plugin to optimise the site a bit. (I used to have WP set to deliver gzip-compressed pages; sometime before version 2.9, that option’s been removed.)

Update: Finally, WP3 seems to have fixed the weird bug that caused some comments and posts to be rejected dependent on particular words being present.

Don’t panic

This is not a Towel Day post. Rather, it’s just to say I’m upgrading WordPress tonight to 2.9.2, so things may be a little weird.

Update 10:07pm. Done. The big question is: have they fixed this bug?

If they have, I’ll be able to say Lynx with a space after it (in a post or a comment) and not have it give me back an error.

No. It still does it. (I’ve used a &nbsp; above.)

Hello to Sam Hamilton and James Dee

So I was looking at the comments awaiting moderation. Two showed up on this post: Why Facebook sucks, a rollicking read about over-bearing security dialogues just to use Facebook’s video application.

Here’s the first comment — I’ve zapped the email address, but one was left:

Sam Hamilton 76.243.71.190
Submitted on 2009/05/29 at 9:37am

If you are tired of facebook but want a way to connect with artists and musicians
then you should check out http://www.putiton.com
If you are tired of facebook but still want to connect with your friends then pick up the phone…

Fair enough.

Here’s the second:

James Dee 75.85.9.225
Submitted on 2009/06/03 at 3:16pm

I’m an artist and I haven’t been satisfied using facebook or myspace to promote myself… too slow and too much junk. I’ll give putiton a try… it looks clean

The problem here is that the first comment is still awaiting moderation. (Yes, it’s several days old. I don’t check as often as I should.)

So why would “James” decide to try putiton, a social networking site which basically nobody has heard of (well at least I haven’t) if nobody else has suggested it (eg the first comment isn’t visible to anyone)?

Curiously, “Sam” and even “James” have left similar messages on other, similar posts on other blogs.

(Sam has a profile on the offending site.)