Posts in the WordPress Category

Fixing My WordPress Install

Published 16 years, 1 month past

Okay, so my “Whole Magilla” feeds—both full-content and summary—are working again, and the main archive page actually shows content.  The problem in both cases, as I mentioned in my previous post, was that WordPress’ code was throwing 404 responses.  In the case of the archive page, it would literally put up a 404 page generated by WordPress, instead of list the most recent posts.  For the Magilla feeds, the RSS files were being served up, but with HTTP 404 headers.  In feed readers that respected HTTP headers, like Firefox or NetNewsWire (and probably most others), that meant the feeds were broken.  Other feeds, such as the tech-only feed, were unbroken, but of course the most popular feeds are the Magilla feeds.

In the end, a post from Alex King showed me the way to a “fix”.  I put that word in quotes because this is really more of a hack.  No, actually, it’s just gross, but it works.  In order to get WP to stop throwing inappropriate 404s, I commented out lines 35 through 135 of classes.php in the WordPress core.  Here’s the beginning and end of the block I commented out:

if (! empty($rewrite)) {
   // If we match a rewrite rule, this will be cleared.
   $error = '404';

[...a ton of redacted lines...]

      $this->did_permalink = false;

There you go: with one hundred lines of code commented out, my feeds and archive page work again.  This is not a good idea, but it’s all I could figure out to do.  Obviously, having modified a core file, I’m taking a chance that this won’t cause other problems.  So far I haven’t seen any, but you never know.  I’m also making upgrades much harder on myself, given that the new core file won’t have my modifications.

Similarly, I commented out the mod_rewrite.c block WP added to the end of my .htaccess file, so that I can use my own rewrites and not invoke WP’s rewriting.  With every upgrade, I’ll have to check that file to make sure the block didn’t get added back.

I’m mostly posting this as a reference for anyone who might run into similar problems with their WP 2.x installation.  It’s my hope that a future version of WP will offer some kind of hook or option that will let me easily disable WP’s rewriting and error handling code, since I already have a web server that’s configured to do those things for me.  I don’t mind if it’s a hook that I can address via a plugin as opposed to an option in the preferences, but I’d like to have it.  It would make WP a little more attractive to power users as well, since they’d know that they could do their own rewriting and error handling without having to fight with WP’s internals.

WP 2.1 Breakage

Published 16 years, 1 month past

So I upgraded to WordPress 2.1, and it immediately broke stuff.  For example, check out the RSS feed validator’s results for the summary version of my all-posts feed (full-content feed validation results; same problem).  I think it’s just so cool how the software manages to get the sever to return a 404 for a file that’s clearly being served.

Of course, I only got to that point after commenting out the IfModule mod_rewrite.c stuff WP apparently tacked onto the end of my .htaccess file.  Before that, the above-referenced feed URLs just brought up the home page of the site while preserving the feed URL in the address bar.  Keen.

Exactly the same progression of trouble has applied to the Distractions feed, too.  At first the server (or WP) was filling in the home page, and now it returns the feed along with a 404 response.

I’ve also had the same problems with the main page of the post archive—at first, it redirected to the home page.  Now it just returns a 404, although unlike the feeds, it doesn’t also create a full page to go with the 404.  At least, I don’t think it does.  I can’t see it, anyway.  A shame, too, that it does its own thing rather than use the 404 page I already defined in the .htaccess file.

Anyone have any guesses at all as to what’s going wrong, and how I can get WP to stop throwing around inappropriate 404s?  I assume this has something to do with my .htaccess file’s Rewrite rules—which worked just fine in WP 1.5.2, by the way—and the new error handling routines.  Or maybe it’s just the new error routines.

Oh, and while we’re at it, what’s the story on the “new tabbed editor” that’s supposed to let you “switch between WYSIWYG and code editing instantly while writing a post” that was mentioned in the WP 2.1 announcement?  Because I’ll be switched if I can find it.

Ah, the joys of upgrading…

Addendum: anyone know of a quick and simple way to just disable WordPress’ internal rewrite code, so I can go back to using my .htaccess file?  That might solve the problem just as well as trying to hack my way around the problem with WP, and a lot more simply.

Gatekeeper 1.5 rc5

Published 17 years, 2 weeks past

It only took most of a year for this to happen, but WP-Gatekeeper 1.5 RC5 is now available.  The only change is that it will now auto-add the challenge to any standard WordPress 1.5 install from the moment you activate the plugin.  Before now, this auto-insertion wasn’t working on any WordPress install that had gzipping turned on, as many do.  A heap of thanks to Jeremy Dunck, who first identified the problem; and Andy Skelton, who showed me how to solve it.

For those who joined the party in the long silence since RC4, Gatekeeper is a WordPress plugin that lets you manage a series of challenge/response pairs.  The default challenge is “What color is an orange?” (correct response: “orange”), though you should definitely disable that one and add your own.  This helps stymie spambots, though of course it is easily defeated by a manual spammer—and they do exist—and it can do nothing to stop trackback spam.  I actually stopped using Gatekeeper on meyerweb when I installed Akismet, which may be good enough for most people.  For those who can’t or won’t run Akismet, though, Gatekeeper is a decent alternative.

Gatekeeper is technically a CAPTCHA, but it is a fully accessible CAPTCHA, as it uses no images.  It’s also highly configurable, allowing you to add as many challenges as you like and then rotating between them randomly.  I know of a few sites that are quite happy with Gatekeeper, and recently caught wind of a Django implementation of the same concept.

So it’s there and ready for use by those who are interested.  If I haven’t heard about any bugs within the next month or so, I’ll strip off the RC designation and go with 1.5 final.  And about time, too.

Note to WordPress 2.0.x users: I have no idea if WP-Gatekeeper 1.5 will work in WP2.  It may.  Then again, it may not.  I’d be interested to know either way.


Published 17 years, 4 months past

Matt Mullenweg announced Akismet yesterday.  It’s a comment-spam defense system for WordPress, and I’ve been using it for a few weeks now.  (This is why Gatekeeper disappeared from the site near the beginning of the month.)  It isn’t perfect, but it’s darned close, and it’s been getting better as time has progressed.  That’s one of the promised features: the longer it’s used and the more people who use it, the better it gets.

I don’t pretend to understand all the details of Akismet’s workings, although I have a fairly good idea of how it works.  I have some concerns, mostly in that it seems like spammers could poison the well by injecting tons of false “not spam” data into the service in order to get their messages through.  I also worry about attacks on the service itself.

Furthermore, I have to say it’s a bit frustrating that you have to have a API key, which means you have to have a account, which means it’s not a one-stop plug-and-play solution.  (Especially since getting an account is, currently, an invitation-only sort of thing.)  On the other hand, having to have an account probably confers some control advantages—if an account is found to be consistently marking things as “not spam” when everyone else is marking them spam, it can be kicked out of the service.

Some have raised privacy concerns because every comment submitted to your site gets analyzed by the Akismet service.  This doesn’t bother me, but it might some.

Overall, I’ve been pretty happy with Akismet.  It has let through less spam than Gatekeeper did in the weeks before I disabled it and all my other anti-spam measures to test out Akismet.  You’d think a Gatekeeper setup wouldn’t let anything through, but you’d be wrong; I assume there was a hole in my PHP.  Akismet may not be the end-all solution—after all, if it becomes effective enough, the spammers will have major incentives to defeat it, and will most likely find ways to do so—but it seems to be working very well for now.

Comment Turbulence

Published 17 years, 7 months past

Some of you may have tried to comment recently and been hit with a “comments are closed for the time being” error.  That was Gatekeeper, actually, and it was being tripped even by valid responses to the Gatekeeper challenge.  The weird thing is that some people were able to comment, whereas others were not.  I have no idea why this was happening.

The point of this being to say that I’ve updated Gatekeeper to return a more helpful error message, and also believe some changes I made should make gatekeeper less random.  If I’m wrong and you get an error, please use the e-mail link in the error message to send the error to me.  If I’m right and you get no error, then no worries.

If I get a lot of error reports, I’ll hobble or disable Gatekeeper, but I hope it doesn’t come to that.  We’ll see.  In the meantime, my sincere apologies to anyone who got bitten by this bug, and I hope things will be better from here on out.

Gatekeeper 1.5 rc4

Published 17 years, 8 months past

Now out the door: Gatekeeper 1.5 RC4.  It really does (so far as I can tell) allow pingbacks and trackbacks, as this post’s comments show.  So if you tried to ping or track back to a post here in the last three months, and you really wanted it to show up here, you might want to try again.  If you’re running Gatekeeper and want tracks and pings to work, you should definitely upgrade to RC4.

The auto-addition of the challenge to forms that don’t contain the pose_challenge call is still broken.  ‘Jim’ has more information and some examples of forms that fail to get an auto-added comment if you’d like to take a crack at solving that particular puzzle.

Gatekeeper 1.5 rc3

Published 17 years, 9 months past

It’s update day!  I just pushed WP-Gatekeeper 1.5rc3 into the public eye.  The major change in this version is that Gatekeeper no longer prevents trackbacks (or pingbacks) from ever reaching your site.  See, before, it was effectively destroying all those without notice or appeal.  Now it just lets them through, whatever their content.

What this means is that Gatekeeper is, as it always was meant to be, a way to prevent comment-form spambots from succeeding.  Trackbots will now get through unless you take other steps, like disabling trackbacks or running another spam filter or something.  I’d actually like to see WordPress split tracks/pings apart from comments, and let you set their “always moderated” flags separately.  Thus you could set things up so all tracks and pings are moderated, but comment-form comments are not.  That would work great for me.  Maybe not so well for others, though.

Unfortunately, rc3 still has that problem where it doesn’t always automatically add a challenge to your comment forms, though you can still get the challenge by manually adding gatekeeper_pose_challenge to the comment forms in your theme.  My grep-fu (or maybe it’s my PHP-fu; or, hell, both) is weak; I can’t figure out why the routine fails.  Anyway, head on over to the Gatekeeper page if you’re interested, and especially if you can figure out why the auto-challenge routine is failing.  Thanks.

My Two WordPress Cents

Published 17 years, 11 months past

I was going to ignore the whole WordPress search engine gaming situation, especially with Matt on vacation and so unable to speak for himself at the moment.  Dougal and Jonas have weighed in with their bits, and that seemed good enough.  But as a high-profile WordPress user and supporter, I’ve had some readers ask me about my opinion.  So okay, here it is.

I’m not going to call Matt any names, or declare his actions to have been evil.  Matt and I, along with Tantek, founded GMPG and worked together on XFN.  I would consider Matt a very good acquaintance.  (Don’t read too much into that: I’m unusually choosy about using the term “friend”.)  He’s young, enthusiastic, and very smart.  That doesn’t mean that he doesn’t make mistakes, but it might mean he’s more willing to try things out just to see how they go.

From a technical point of view, though, this isn’t much of a change from past practices.  Anyone who’s installed WordPress has probably noticed that, by default, the system contains links to all of the big WordPress contributors.  If you just set up the default template and don’t fiddle with anything, those links show up in your blog.

And what effect do those links have?  They can pump enormous amounts of Google juice into the sites of those people, for one.  Remember when Matt reached the #1 result on Google for “Matt”?  The pre-installed links can seriously skew blog-networking systems, for another.  If Technorati didn’t exclude those people from the ranking lists, they’d dominate the Technorati Top 100.  As of this writing, has more links from more sources than does Boing Boing.  So do most, if not all, of the other blogs that come with your WordPress install.

Adding hidden article links seems to me to be another step along the same path.  Is it a good path?  All I can say is that it isn’t a path I would have followed.  Then again, I’m such an old-school hippie-Utopian pseudo-socialist about the Web that I don’t have retailer affiliate accounts, and never did.

Based on what I’ve been picking up from conversations and sessions at the Search Engine Strategies conferences, what Matt did with these hidden links is at best a gray-hat SEO tactic, and probably a black-hat move.  There will be (and already have been) reprecussions, and Matt will have to deal with them.  How he deals with them will, I think, be far more important than what he did.  We’ll just have to wait to see how that unfolds.

Meanwhile, I fully intend to keep using, hacking on, and contributing to WordPress, because it’s a good system at a great price with an even better license.

Update: Matt has explained his side of the story.

Browse the Archive

Earlier Entries

Later Entries