UPDATE: BP Dev Andy writes in a comment to this post that this bug will be fixed in BP core soon. If you’re running a recent version of BP, it’s likely that you won’t need this plugin. Please make sure you can reproduce the issue before installing.

This plugin fixes a small but potentially annoying quirk in BuddyPress. If you, as a blog owner, edit a comment that appears on your blog, BuddyPress adds an entry to the sitewide and individual activity streams – but it doesn’t delete the old entries. As a result, if you end up (for example) editing your own comment a few times in a row, you’ll see multiple items on the activity feed.

This plugin fixes the problem by checking whether a submitted comment is an edit, and if it is, by deleting previous versions of the comment in the activity stream.

Until the plugin is in the WordPress repository, I’ve made it available in a zip file here. Just load bp-activity-skip-comment-edits.php into your /wp-content/plugins folder, activate in Dashboard > Plugins (sitewide, if you’d like), and you should be good to go.

Another BuddyPress plugin for you. This one makes sure that you don’t get multiple versions of the same comment in your activity streams when a comment is edited. Sounds like a small thing, but it was kind of a bear to program. Anyway, check it out at the CUNY Academic Commons Dev Blog.

Related posts:

1. Custom Profile Filters for BuddyPress
2. New MediaWiki extension: BuddyPressActivity
3. New version of Custom Profile Filters for Buddypress

Sitewide Tags is a cool plugin by Donncha O Caoimh that pulls blog posts from all over a WordPress Multi-User installation – like the one here on the CUNY Academic Commons – into a supplementary catch-all blog. The power of this plugin is that, with all sitewide blog posts aggregated into one place, you can begin to see the kinds of topics and trends that emerge from the community of bloggers. More specifically, Sitewide Tags allows you to create a tag cloud that reflects blogging activity across the entire community. (See the tag cloud at Wordpress.com for a sense of what this looks like.)

I’ve got Sitewide Tags up and running here on the Commons – see our tag cloud (scroll down the page) and our aggregated blog. Getting things running seamlessly took a bit of tinkering though, and I thought it might be useful to share some of the tinkering here.

Read on for more of this (unexpectedly!) long process.

Theming and navigation

The appearance of the Commons’s main page is determined by a fairly heavily-modified version of the WPMU Nelo theme. The first step to integrating the tags blog into the rest of the site was to apply the Nelo style. Simply applying the Nelo style wholesale doesn’t work right, for a few reasons that I’ll discuss; the tags blog’s theme needs some modification. There are really two ways to accomplish this: (1) apply the same Nelo theme to the tags blog and then create new page templates that are customized for the tags blog, or (2) copy the Nelo theme, rename it (in the header of style.css), and make the necessary modifications to that theme’s template. Option 1 is probably the more streamlined and upgrade-friendly route, but of course I didn’t really think of this until I had pretty much finished the customization, so I went with option 2.

Perhaps the most important modification I made to the nelo-for-tags theme (as I, in a fit of extreme creativity, dubbed the copied skin) has to do with the navigation. On the main site, the nav buttons that appear directly below the CUNY Academic Commons logo are links that point to WP pages within that blog. An easy way to copy the nav into nelo-for-tags would be to copy and paste the nav markup into nelo-for-tags/header.php (in place of the wp_list_pages command) , but this is not very future-friendly: if we change the name or order of any nav pages in the future, we’d have to apply those changes manually to the tags blog. A bit of Googling led me to a solution. Dusty Reagan wrote a function that he calls wp_list_main_pages that pulls the navigation dynamically from the main site blog onto any other blog on the site. Brief instructions:

• place the function into nelo-for-tags/functions.php
• change the number in $wpdb->set_blog_id(1); (near the end of the function) to the id of your main blog – in our case, it was 1, which means that no change was necessary
• in nelo-for-tags/header.php, change wp_list_pages to wp_list_main_pages

A few things need to be done to clean up the nav. First: wp_list_main_pages imports nav links as relative links, which means that (for example) “Groups” points to http://tags.commons.gc.cuny.edu/groups instead of the correct http://commons.gc.cuny.edu/groups. So I added a line to wp_list_main_pages, immediately after the line that reads $output = str_replace("pressroom/", "", $output);, that looks like this:

$output = str_replace('http://tags.commons', 'http://commons', $output);


In other words, replace every instance of (the incorrect) ‘http://tags.commons’ in the nav bar to ‘http://commons’. Next, because wp_list_main_pages makes the nav import work by tricking WP into thinking that the current blog (tags) is actually the main blog, we need to end the ruse if we want further self-reference to work on the page. Immediately after the line just added, add another line:

$wpdb->set_blog_id(28);

where 28 is the number of your tags blog. Finally, there are some remaining places in the nav bar – places, in particular, where the nav structure is not determined by the pages on the main blog – where the href must be changed manually. Replace instances of <?php bloginfo('url'); ?> in header.php with the URL of the main blog (http://commons.gc.cuny.edu in our case). This final step is perhaps not all that elegant, but it’s far less likely that the URL of the home page will change in the future than that the main blog’s nav pages will change.

Other changes to the tags theme

On an aggregating blog, it’s helpful to include different information than what is included in the standard page template of a regular blog.

1. Blog title – Because the posts on the page will come from many different blogs, it’s helpful to include “From the blog…” information alongside the title of each post. Two things need to happen for this information to appear: (a) you have to make sure that the required data (the title and URL of the post’s original source blog) gets written to the tag blog’s db table; and (b) you have to call that information into the template. Here’s what I cobbled together:
   1. Open up the Sitewide Tags plugin (stored at /wp-content/plugins/wordpress-mu-sitewide-tags/sitewide-tags.php, if you’ve already installed it). Lines 179-183, or thereabouts, should read like this:
      

      $post->ping_status = 'closed';
$post->comment_status = 'closed';
$p = wp_insert_post( $post );
add_post_meta( $p, "permalink", $permalink );

      Replace these lines with the following code:

      $post_blog_table = 'wp_' . $post_blog_id . '_options';

$global_post_source = $wpdb->get_row( "SELECT * FROM $post_blog_table WHERE `option_name` = 'siteurl'" );
$source_blog_uri = $global_post_source->option_value;


$global_post_source = $wpdb->get_row( "SELECT * FROM $post_blog_table WHERE `option_name` = 'blogname'" );
$source_blog_name = $global_post_source->option_value;

$post->ping_status = 'closed';
$post->comment_status = 'closed';

$p = wp_insert_post( $post );
add_post_meta( $p, "permalink", $permalink );
add_post_meta( $p, 'siteurl', $source_blog_uri);
add_post_meta( $p, 'blogname', $source_blog_name);


      The short story of this code: every time Sitewide Tags kicks in (which is whenever a blog post is published across the site), the plugin goes to the source blog’s table, finds the blog’s URL and title, and writes it as metadata to the new post in the tag blog’s table.

   2. Next, open up nelo-for-tags/page.php (or whatever your theme directory is) and find the place where you want the “From the blog…” information to appear. (I like it right below the title of a given post – see our tags blog to see my positioning.) Insert the following code:
      

      
<?php if ( is_object($id) && isset($id->filter) && 'sample' == $id->filter )
$post = $id;
else
$post = &get_post($id);

$post_id = $post->ID;

if (get_post_meta($post_id, 'siteurl', true)) {
$source_url = get_post_meta($post_id, 'siteurl', true);
$source_blog = get_post_meta($post_id, 'blogname', true);

echo '<h2 class="tags-blog-title">From the blog <a href="' . $source_url . '">' . $source_blog . '</a></h2>';
}?>

   Keep in mind that your tags blog will only show the source blog data for posts that are created after this point – the plugin does not go back and find source blog data for existing posts. So you’ll have to create new posts to test this.

2. Tag-specific page titles – In nelo-for-tags/home.php – the template that creates the main page at http://tags.commons.gc.cuny.edu – I added a page header just after the line <div id="post-entry">, so that visitors would know what this site was all about:
   

   <h1>Sitewide Posts</h1>
<h3>New blog posts from across the CUNY Academic Commons</h3>

   For nelo-for-tags/index.php, which creates the pages corresponding to specific tags (like this), I thought it would be helpful to include the tag itself in this header. So I inserted the following instead:

   <h1>Sitewide Posts - <em><?php wp_title(''); ?></em></h1>
<h3>New blog posts from across the CUNY Academic Commons</h3>

Tweaking the tag cloud

I wanted the sitewide tag cloud to be widgetized, so that we’d be able to put it on our News page, as well as anywhere else on the site that we might like. Sitewide Multi Widget by dsader is a flexible way to get this done. Once you’ve activated Sitewide Multi Widget, you can add it through Dashboard > Appearance > Widgets to any blog on the site.

I made a tweak to Sitewide Multi Widget code so that it would display all tags in the cloud, instead of the default 25 or 40 or whatever it was. Here’s how: Find the line that includes wp_tag_cloud(); (around line 112). The WordPress Codex URL in the comment http://codex.wordpress.org/Template_Tags/wp_tag_cloud has all the details about this function’s options. I changed mine to

wp_tag_cloud('number=0');

which displays all tags.

As it’s now configured, I think that the tags blog, and the sitewide tag cloud that it supports, is poised to be a real discovery engine for members of our community. I can envision putting the tag cloud widget in lots of places all over the site. I can also envision getting more information into the tags database – once BuddyPress supports tags natively, for instance.

I hope that someone out there can get some use from some of this information!

Cross-posted at the CUNY Academic Commons Development blog

Sitewide Tags is a cool plugin by Donncha O Caoimh that pulls blog posts from all over a WordPress Multi-User installation – like the one here on the CUNY Academic Commons – into a supplementary catch-all blog. The power of this plugin is that, with all sitewide blog posts aggregated into one place, you can begin to see the kinds of topics and trends that emerge from the community of bloggers. More specifically, Sitewide Tags allows you to create a tag cloud that reflects blogging activity across the entire community. (See the tag cloud at Wordpress.com for a sense of what this looks like.)

I’ve got Sitewide Tags up and running here on the Commons – see our tag cloud (scroll down the page) and our aggregated blog. Getting things running seamlessly took a bit of tinkering though, and I thought it might be useful to share some of the tinkering here.

Read on for more of this (unexpectedly!) long process.

Theming and navigation

The appearance of the Commons’s main page is determined by a fairly heavily-modified version of the WPMU Nelo theme. The first step to integrating the tags blog into the rest of the site was to apply the Nelo style. Simply applying the Nelo style wholesale doesn’t work right, for a few reasons that I’ll discuss; the tags blog’s theme needs some modification. There are really two ways to accomplish this: (1) apply the same Nelo theme to the tags blog and then create new page templates that are customized for the tags blog, or (2) copy the Nelo theme, rename it (in the header of style.css), and make the necessary modifications to that theme’s template. Option 1 is probably the more streamlined and upgrade-friendly route, but of course I didn’t really think of this until I had pretty much finished the customization, so I went with option 2.

Perhaps the most important modification I made to the nelo-for-tags theme (as I, in a fit of extreme creativity, dubbed the copied skin) has to do with the navigation. On the main site, the nav buttons that appear directly below the CUNY Academic Commons logo are links that point to WP pages within that blog. An easy way to copy the nav into nelo-for-tags would be to copy and paste the nav markup into nelo-for-tags/header.php (in place of the wp_list_pages command) , but this is not very future-friendly: if we change the name or order of any nav pages in the future, we’d have to apply those changes manually to the tags blog. A bit of Googling led me to a solution. Dusty Reagan wrote a function that he calls wp_list_main_pages that pulls the navigation dynamically from the main site blog onto any other blog on the site. Brief instructions:

• place the function into nelo-for-tags/functions.php
• change the number in $wpdb->set_blog_id(1); (near the end of the function) to the id of your main blog – in our case, it was 1, which means that no change was necessary
• in nelo-for-tags/header.php, change wp_list_pages to wp_list_main_pages

A few things need to be done to clean up the nav. First: wp_list_main_pages imports nav links as relative links, which means that (for example) “Groups” points to http://tags.commons.gc.cuny.edu/groups instead of the correct http://commons.gc.cuny.edu/groups. So I added a line to wp_list_main_pages, immediately after the line that reads $output = str_replace("pressroom/", "", $output);, that looks like this:

$output = str_replace('http://tags.commons', 'http://commons', $output);


In other words, replace every instance of (the incorrect) ‘http://tags.commons’ in the nav bar to ‘http://commons’. Next, because wp_list_main_pages makes the nav import work by tricking WP into thinking that the current blog (tags) is actually the main blog, we need to end the ruse if we want further self-reference to work on the page. Immediately after the line just added, add another line:

$wpdb->set_blog_id(28);

where 28 is the number of your tags blog. Finally, there are some remaining places in the nav bar – places, in particular, where the nav structure is not determined by the pages on the main blog – where the href must be changed manually. Replace instances of <?php bloginfo('url'); ?> in header.php with the URL of the main blog (http://commons.gc.cuny.edu in our case). This final step is perhaps not all that elegant, but it’s far less likely that the URL of the home page will change in the future than that the main blog’s nav pages will change.

Other changes to the tags theme

On an aggregating blog, it’s helpful to include different information than what is included in the standard page template of a regular blog.

1. Blog title – Because the posts on the page will come from many different blogs, it’s helpful to include “From the blog…” information alongside the title of each post. Two things need to happen for this information to appear: (a) you have to make sure that the required data (the title and URL of the post’s original source blog) gets written to the tag blog’s db table; and (b) you have to call that information into the template. Here’s what I cobbled together:
   1. Open up the Sitewide Tags plugin (stored at /wp-content/plugins/wordpress-mu-sitewide-tags/sitewide-tags.php, if you’ve already installed it). Lines 179-183, or thereabouts, should read like this:
      

      $post->ping_status = 'closed';
$post->comment_status = 'closed';
$p = wp_insert_post( $post );
add_post_meta( $p, "permalink", $permalink );

      Replace these lines with the following code:

      $post_blog_table = 'wp_' . $post_blog_id . '_options';

$global_post_source = $wpdb->get_row( "SELECT * FROM $post_blog_table WHERE `option_name` = 'siteurl'" );
$source_blog_uri = $global_post_source->option_value;


$global_post_source = $wpdb->get_row( "SELECT * FROM $post_blog_table WHERE `option_name` = 'blogname'" );
$source_blog_name = $global_post_source->option_value;

$post->ping_status = 'closed';
$post->comment_status = 'closed';

$p = wp_insert_post( $post );
add_post_meta( $p, "permalink", $permalink );
add_post_meta( $p, 'siteurl', $source_blog_uri);
add_post_meta( $p, 'blogname', $source_blog_name);


      The short story of this code: every time Sitewide Tags kicks in (which is whenever a blog post is published across the site), the plugin goes to the source blog’s table, finds the blog’s URL and title, and writes it as metadata to the new post in the tag blog’s table.

   2. Next, open up nelo-for-tags/page.php (or whatever your theme directory is) and find the place where you want the “From the blog…” information to appear. (I like it right below the title of a given post – see our tags blog to see my positioning.) Insert the following code:
      

      
<?php if ( is_object($id) && isset($id->filter) && 'sample' == $id->filter )
$post = $id;
else
$post = &get_post($id);

$post_id = $post->ID;

if (get_post_meta($post_id, 'siteurl', true)) {
$source_url = get_post_meta($post_id, 'siteurl', true);
$source_blog = get_post_meta($post_id, 'blogname', true);

echo '<h2 class="tags-blog-title">From the blog <a href="' . $source_url . '">' . $source_blog . '</a></h2>';
}?>

   Keep in mind that your tags blog will only show the source blog data for posts that are created after this point – the plugin does not go back and find source blog data for existing posts. So you’ll have to create new posts to test this.

2. Tag-specific page titles – In nelo-for-tags/home.php – the template that creates the main page at http://tags.commons.gc.cuny.edu – I added a page header just after the line <div id="post-entry">, so that visitors would know what this site was all about:
   

   <h1>Sitewide Posts</h1>
<h3>New blog posts from across the CUNY Academic Commons</h3>

   For nelo-for-tags/index.php, which creates the pages corresponding to specific tags (like this), I thought it would be helpful to include the tag itself in this header. So I inserted the following instead:

   <h1>Sitewide Posts - <em><?php wp_title(''); ?></em></h1>
<h3>New blog posts from across the CUNY Academic Commons</h3>

Tweaking the tag cloud

I wanted the sitewide tag cloud to be widgetized, so that we’d be able to put it on our News page, as well as anywhere else on the site that we might like. Sitewide Multi Widget by dsader is a flexible way to get this done. Once you’ve activated Sitewide Multi Widget, you can add it through Dashboard > Appearance > Widgets to any blog on the site.

I made a tweak to Sitewide Multi Widget code so that it would display all tags in the cloud, instead of the default 25 or 40 or whatever it was. Here’s how: Find the line that includes wp_tag_cloud(); (around line 112). The WordPress Codex URL in the comment http://codex.wordpress.org/Template_Tags/wp_tag_cloud has all the details about this function’s options. I changed mine to

wp_tag_cloud('number=0');

which displays all tags.

As it’s now configured, I think that the tags blog, and the sitewide tag cloud that it supports, is poised to be a real discovery engine for members of our community. I can envision putting the tag cloud widget in lots of places all over the site. I can also envision getting more information into the tags database – once BuddyPress supports tags natively, for instance.

I hope that someone out there can get some use from some of this information!

Related posts:

1. Sitewide Tag Suggestion in Wordpress MU 2.8+
2. Removing previous comment edits from BuddyPress activity – a plugin
3. Custom Profile Filters for BuddyPress

The release was tagged this morning. It has fixes for a number of bugs in the 2.8.1 version. Download it.

• August 7, 2009 — Wordpress MU 2.8.3 (1)
• July 6, 2009 — WordPress MU 2.8.1 Beta released! (5)
• August 23, 2009 — Show user id in site admin (1)
• August 19, 2009 — Getting member blog posts on the main page (4)
• August 13, 2009 — Another new release, and upcoming (6)

© ahome for WPMU Tutorials, 2009. | Permalink | One comment | Add to del.icio.us
Post tags: release, wpmu

Need real genuine helpful support? MU Support.

Feed enhanced by Better Feed from Ozh

I released a new plugin yesterday which you can download here.

The author link from the template tag on the blog will link to the author’s buddypress member profile instead of the author’s posts page. This plugin can be installed in either the mu-plugins or plugins folder.

If you are running multiple WPMU sites in your install, the plugin will not affect the author link on sites where BP is not activated. It is compatible with WPMU 2.7.1 - 2.8.1 & BP 1.0 - 1.0.3.

• June 27, 2009 — Week #3 Build a better blog site - User themes and plugins (4)
• August 13, 2009 — Another new release, and upcoming (6)
• July 3, 2009 — Building a Better Blog host: Week 4, the SEO and stats edition (1)
• June 19, 2009 — Building a better blog host: Week 2 - the front page (8)
• June 6, 2009 — Spam blogs and Buddypress (2)

© ahome for WPMU Tutorials, 2009. | Permalink | 4 comments | Add to del.icio.us
Post tags: author, buddypress, mu-plugin, Plugins, sitewide plugins, wpmu

Need real genuine helpful support? MU Support.

Feed enhanced by Better Feed from Ozh

1. Issue with überadmin not being able to login into users’ blogs. The user blog still recognized me as a siteadmin and would show me edit links, etc., but could not access backend.
   Fixed! Solution: Caused my the ardx.php plugin in mu-plugins (that has been deleted)
2. BuddyPress 1.0.3 is creating havoc in the backend ajax. All sorts of things won’t work, and it generally makes the backend unusable. No image uploads, timestamp changes, etc.
   Not Fixed. BuddyPress de-activated, searching for solution, think it may be a plugin conflict—though ruled out a mu-plugin conflict. This one has got me on the ropes. Update: Turns out this was an issue with WPMu 2.8.1, when I upgraded to 2.8.2 this issue stopped.
3. For some reason Anarchy Media Player freaked out on me today as well. [What a nightmare today and yesterday have been.]
   Fixed. Went to An-archos site and downloaded a fresh version of Anarchy media Player for WPMu, things seem to be working fine now.
4. Yesterday got a note that a student could not add a tag to her post. Seemed odd, but when I tried to log into her blog, however, the first issue on this list came to my attention After I finally fixed that, I realized she was right, I killed myself over this for a bit today, and still have no solution. But I think if you try to add a pre-existing tag or category to another post in the same blog it will not take (at least that’s the case on UMW Blogs). This is a huge bug, and I’m not sure if others are having a similar issue, or if it is tied to global tag/category tables and multi-db. I’m still stumped here.
   Not Fixed. This one is gonna take some testing and I think the last of my hair will be gone by the time it is ready to go. Update: this issue was finally resolved, turns out the multi-db database setup was causing this issue. Special thanks to D’Arcy Norman for figuring out the issue, and posting a plea on the Premium WPMuDev forums for a fix.

How do I feel about hosting a blogging platform and the idea that this is becoming a system? Well, now’s probably not the best time for that discussion, honcho. System? Fragile? DIY? Some things just ain’t easy, and that’s why they’re good, innovation ain’t free even though nobody is paying me to kick web ass.

One thing you really need to do when running a blog platform of your own is to secure the site. Not just the software you use, but the server as well.

There have been many tips about securing WordPress. In fact, the same twelve tips seem to be making the rounds. While they are good tips in general, in the case of WordPressMU some are not applicable (blocking admin area by IP for instance), and a couple can actually lock you out of your own site. Like removing the admin user.

To start, let’s tackle one of the more common reasons for security breaches.

Passwords

Choosing a decent selection of passwords is really vital. Notice I said a selection. You have one password as the admin user. You also have a database password, an ftp password to your web account, and possibly another password to get into the server itself. These should all be drastically different passwords.

A few years ago, one of my own sites got hacked. The hacker was thankfully a nice person, and just left an index.html file on the server to let me know I’d been breached. How’d he do it? He managed to download or read my wp-config file (even though it had the right permissions) and get the database user password… which was the same as the cpanel password.

Oops. That was dumb.

I have read a tip on passwords recently where they stated that if you could remember your password it wasn’t a good one. I have a weird memory; I can remember things like my medicare number, my SIN, and the last 6 phone numbers I’ve had. A few reasonably decent passwords I use have enough of a meaningful pattern to me that I can remember them.

Here is an example of creating a password that is easy to remember but difficult to guess:

• Ronald & Roland are the same name except the l & n are transposed
• Rol/nald add in the either/or of the l/n
• Rol/nal<nd add the second either/or by logically comparing the 2 letters
• R0l/nal<nd substitute a ‘0′ for an ‘o’
• R0l/n+l<nd substitute a ‘+’ (add) for an ‘a’

By doing something like this you don’t necessarily need to be able to remember the password. As long as you can remember the process you followed to create the password you can recreate it any time you need to. (We don’t use that one anywhere, it’s just an example.)

Securing WPMU

• Instead of renaming the admin user (which is one of the WP security tips), create a second user account for you to use on a day to day basis and add it to the site admin list. That way, you can make the admin user’s password as difficult/unrecognizable as you want.
• Ensure that the files in your site are not left with a protection of 777. 755 is the recommended protection. This permits only the owner to have write access to the files and folders.
• Follow the recommendations for themes and plugins below.

Securing the Server

If you are on a shared host there isn’t much you can do here. If you have a VPS or dedicated server, a few things you should do are

• disallow remote root login. This way root can only log in from within a logged in account. Someone trying to break into your server now has to guess a username and 2 passwords to gain superuser access to your server.
• change the SSH port to a number greater that 1500 and less than 65535. By default SSH runs on TCP port 22. Changing the port makes one more thing that a would be intruder has to guess. You could also rotate your port once a month or so.
• run a firewall (ex. iptables) utility on the server.
• run a BFD (brute force detection) utility on your server.
• avoid using FTP unless you absolutely have to. Use SFTP instead.

Themes

• Before putting a theme on your live site search the template files for ‘base64′, ‘bzip’ & ‘gzip’. If it has any of those it may have some freeloading extra code in it. Most themes we’ve found code buried in, it’s been in the footer.
• Also, check a theme’s template/function files for $wpdb. Unless the theme has custom coding that you have asked someone to write for you, a theme should not use $wpdb.
• Once you have checked the files, thoroughly test themes on a test blog before enabling themes for user blogs.

Plugins

For site admin plugins that have a user interface you should be able to find a check for is_site_admin. Similarly, plugins with a user interface should have the following checks:

• the plugin file blocks being called directly -
  if(!defined('ABSPATH')) {
die("Don't call this file directly.");
}

• appropriate user level -
  if(!current_user_can('import')) {
die( 'You don\'t have permissions to use this page.' );
}

• string variables coming from $_GET, $_REQUEST or $_POST should be processed to prevent SQL injection -
  $post_type = isset($_GET['post_type']) ? wp_specialchars($_GET['post_type']) : ‘all’;
$status = isset($_GET['status']) ? wp_specialchars($_GET['status']) : ‘all’;


The above security examples came from my advanced export plugin. You can look at it if you want to see the context of where the blocks were used.

And finally, the best way to keep up with security, is to follow the issues on trac. I also keep tabs on a couple of security related blogs, like Blog Security, for general notices.

• July 13, 2009 — WordPressMU 2.8.1 now out, features and a couple bugs (3)
• May 21, 2009 — How to move WordpressMU (0)
• April 29, 2009 — Picking the right web host (7)
• August 19, 2009 — Getting member blog posts on the main page (3)
• August 13, 2009 — Another new release, and upcoming (6)

© andrea for WPMU Tutorials, 2009. | Permalink | 6 comments | Add to del.icio.us
Post tags: passwords, permissions, securing, security, server, tips, wordpressmu, wpmu

Need real genuine helpful support? MU Support.

Feed enhanced by Better Feed from Ozh

The last few days I have been doing the arduous work of making sure the BuddyPress admin bar and D’Arcy’s Akismet Credit Inserter plugin work cleanly with all the themes on UMW Blogs. It’s painstaking work, but pretty important if BuddyPress is going to go live this fall. So, anyway, as I was going through our over 120 themes (the edited versions of which i will make available when finished) I found that almost 50 of the theme previews were just showing a white screen. Odd, so while I still haven’t updated UMW Blogs from 2.7.1 to 2.8.1 (still making sure the userthemes plugin is rock solid), I tested the same theme previews on the bava, which is running 2.8.1, and they worked. Long story short, this bug is fixed in 2.8.1, but if for some reason you can’t upgrade from 2.7.1 just yet, here is the fix which refers to the themes.php files within the wp-includes directory (wp-includes/theme.php):

Around line 852 replace

$_GET['template'] = preg_replace('|[^a-z0-9_.-/]|i', '', $_GET['template']);

with

$_GET['template'] = preg_replace('|[^a-z0-9_./-]|i', '', $_GET['template']);

and around line 861 replace

$_GET['stylesheet'] = preg_replace('|[^a-z0-9_.-/]|i', '', $_GET['stylesheet']);

with

$_GET['stylesheet'] = preg_replace('|[^a-z0-9_./-]|i', '', $_GET['stylesheet']);

And if you are upgrading—which you should—then this is one more thing to cross off your list, cause 2.8.1 makes this bug go away.

Late on Friday, if you missed it over the weekend, Donncha announced that WordPressMU 2.8.1 has now been officially released. He skipped right over 2.8, in case you’re wondering where that went.

Right now, if you upgrade the biggest bug seems to be the upgrade nags persists. As in, it doesn’t go away. Not for the regular upgrade, nor for plugins that need upgrading. Multiple trac tickets have been filed. If you want to disable that update nag, there’s a plugin for that.

UPDATE: this has been fixed, see ticket 1037

Also, if you run a BuddyPress site, Andy has asked that you hold off until he releases BuddyPress 1.0.3 before upgrading WPMU.

So, what’s new in 2.8.1? Well, if you noticed back in 2.7, the admin area seemed to lag. That was a problem initially with single WordPress that trickled on through. It seems to have cleared up a bit.

There’s a new widget class as well. Old widgets should still work, but you no longer have to specify them for multiple use. They all are now. Check out the complete guide to creating a widget from Justin Tadlock.

Speaking of widgets - there’s a completely new interface for widget management. We’re back to dragging and dropping.

The theme editor and plugin editor are still disabled, but differently. Instead of a die in each file, they are disabled in the /wp-admin/includes/mu.php file.

You can now add users when importing another blog. Before, this failed.
You also now have the option to disable a notification email if the site admin is manually adding users in the backend.
There’s a link under the Dashboard menu item that lists all your blogs “My Blogs” on a separate page. This had been added to the profile page, and is now moved.
More support for IIS rewrite rules is included.
The theme installer now works and searches the official theme repository. This is only available to site admins.
There were a few security issues fixed as well.

And as a minor enhancement, Ron & I submitted a change to the install screen which highlights the radio buttons to choose between a subdomain or subfolder install. Too many people just didn’t seem to “see” it on the page.

There’s a full log of changes here if you want to see all the tickets and what was rolled in when, and you can also see a through list of what when in to Wordpress 2.8 and 2.8.1.

The merge is 99% of the way done, so there’s really only the tricky parts left. Most of the single-user information is now the same in WordPressMU.

• July 17, 2009 — Build A Better Blog Host Week 5 - Security (6)
• July 6, 2009 — WordPress MU 2.8.1 Beta released! (5)
• August 19, 2009 — Getting member blog posts on the main page (3)
• August 13, 2009 — Another new release, and upcoming (6)
• July 3, 2009 — Building a Better Blog host: Week 4, the SEO and stats edition (1)

© andrea for WPMU Tutorials, 2009. | Permalink | 3 comments | Add to del.icio.us
Post tags: 2.8, 2.8.1, bugs, fixes, security, update, wordpressmu, wpmu

Need real genuine helpful support? MU Support.

Feed enhanced by Better Feed from Ozh