Get WordPress to stop asking for “Connection Information” when upgrading plugins

Recent versions of WordPress have taken a queue from Janis Elsts’ One Click Plugin Updater and made it *much* easier to keep plugins up-to-date without having to fire up FTP. The problem is that WP seems to use permissions of it’s script files to determine whether or not plugins and themes can be uploaded to the server or not. Really WP should be looking at the target directory rather than the executing script; consequently I assume most folks just assign web server ownership to the entire WP source tree. Which, frankly, kind of freaks me out security-wise.

If you’d also rather avoid recursively chown’ing the WordPress tree to your web server, then simply give web server ownership to three files in the wp-admin directory: plugin-install.php, plugins.php, and update.php. Of course the web server will also need to own the plugins directory (and everything therein), the upgrade directory, as well as the wp-content directory itself. The “upgrade automatically” links should now work without kicking you to the “Connection Information” screen.

Replying to the crowdsourced comment spam…

I don’t know where this is coming from, but it started about a month back: (Semi-)Intelligent post comments, highly unlikely to be from a bot, all clearly intended to get people to jump over to “Check City” or “Cyber Gifts” or whatnot. Either this stuff is crowdsourced, or these guys somehow think that my blog is a gateway to a deluge of traffic.

Replying to the comments here.

@cyber gifts: I tested the latest versions as of summer last year. I’m not posting your link.

@eblogger: Yes, the PayPal shopping cart may be a good solution for newbies. I’m not posting your link.

@payday loans: I’m glad you like my Haikus. And I’m glad you like Transformers. And, yes, baby porcupines are very cute. I’m not posting your link.

@payday advance online: Okay, so I just posted your comment, with your link, because it clearly took at least a minute or so to type up. But… c’mon, the Democratic party is the epitome of “can I get some of that action”?? What does this even mean? Note that the Obama plan only called for an in increase in taxes for the 250k plus bracket, not 120k, and the rollback of tax cuts is still less than the Reagan era or even the Papa “read my lips” Bush days. I agree that the loopholes should be eliminated; really I think we should just go for a flat tax. Problem is that this would kill an entire industry that thrives on the ridiculous complexity of the US tax codes.

@penisenlargementz: I am glad that you find this blog informative. And I’m glad that I in some un-small way may have helped you on your purported quest to achieving superlative manhood. No I will not produce more blogs with content related to penis enlargement. And, no, I do not know where you can find more information about this, except maybe on your own site. Speaking of which, the “devices” section on your site is rather disturbing. I am not posting your link.

Scratch that WordPress Etch

This post comes via notes taken from another blog… seemingly gone awol.   Here for posterity.

Etch naturally has an older version of WordPress.  To upgrade to a more recent, possibly though unlikely more secure version,  the easiest way is to change your tracking to testing, install WordPress and then change back.  How to do it:

1.  Edit your /etc/apt/sources.list to track testing. If your sources.list says etch or stable, change that to testing.  For example if your source.list has:

deb http://debian.lcs.mit.edu/debian etch main contrib non-free
deb-src http://debian.lcs.mit.edu/debian etch main contrib non-free

change those to:

deb http://debian.lcs.mit.edu/debian testing main contrib non-free
deb-src http://debian.lcs.mit.edu/debian testing main contrib non-free

2.  After you change your tracking to testing do an apt-get update.

apt-get update

3.  Install WordPress

apt-get install wordpress

this may pull in a few new php libraries, such as libphp-phpmailer.  Let it.

(Note that you do not want to do an “upgrade”, but rather “install” as listed above.   “upgrade” will try to upgrade a ridiculous number of packages, whereas install will focus only on packages required for installing and/or upgrading WordPress.)

4.  Change your tracking back to Etch. just reverse what you did in step 1. that is change testing back to etch.

5.  Clean everything up.

apt-get clean && apt-get update

After all this is done, login back in as admin to WordPress, and it will tell you that you have to update your WordPress database tables.  Do that and you’re done.

WordPress Category Intersections Revisited

WordPress has included native support for intersections since (I think) version 2.3. Unfortunately, however, robust post retrieval support is only available for tags (eg. tag=A,B retrieves the union of “A” and “B”; tag=A+B retrieves the intersection of “A” and “B”).

Categories still require a hack, and the old plugins for this of course now no longer work.

To get intersection working, try adding the following line before the loop:

<?php <span style="color: #ff0000;">if ($_GET['cat']) query_posts(array('category__and'=>preg_split('/[\s,]+/',$_GET['cat'])));</span> ?>
<?php while( have_posts()) : the_post(); ?>

This applies an intersection to any list of categories separated by space, comma, or “plus” signs in the request.

See Ryan Boren’s post on WordPress intersection and union taxonomies for details on the various forms of post retrieval queries now available.

Visual editor broken in WordPress 1.3.2

Seems there is a bug in the latest WordPress check for gzip support which breaks visual editing. I’m not sure which condition below is causing the confusion

but if you modify the $supportsGzip variable to always return false as above, the problem goes away.

Intersecting Categories in WordPress

The default behavior of WordPress is to pull the union of multiple categories rather than the intersection. So, for example, ?cat=3,4 will show all items tagged to categories three and four. I think most people would expect this to be the reverse.

iSusi from Korea has a nice little plugin to fix this. InterCat sets the default behavior to generate, without additional joins, intersected category lists. Great for using WordPress to publish select streams of data to different sites.

Also of note: Olivier Crête’s Intersect Plugin

Working out karmic issues in WordPress

“Spam Karma” that is.

I’ve set up a couple of WordPress blogs over the last year or so. Some (unlike, say, this one) have become quite popular. Especially with comment and trackback spam.

Tried Dr. Dave’s Spam Karma 2 for awhile. SK2 comes with a host of modularized spam countermeasures. The good Doctor calculates a spam “karma” per module for each inbound comment. Comments with good karma pass through to enlightenment and… the dashboard. Those with outstanding karmic issues find themselves in purgatory to await ultimate review.

SK2 worked quite well for us, though there was the occasional false positive. And periodically reviewing hundreds of messages in comment purgatory was getting to be troublesome.

Recently however I’ve come across two plugins that seem to completely eliminate spam: WP Hashcash and Simple Trackback Validation.

Hashcash uses a JavaScript proof of work countermeasure to test that a browser, not a robot, is visiting one’s site. (Robots don’t run JavaScript.) STV uses two simple checks to confirm the validity of incoming trackback links.

Since implementing these two plugins last month, spam has gone from hundreds per day, to zero. What’s more, no missed comments.

All due respect to the good Doctor, but enough of karma. I’ve finally seen the light.