Tag: wordpress

Why Does The WordPress Background Auto-Upgrade Work?

Way back in the stone ages I wrote an explanation as to why the WordPress Upgrade didn’t work all the time. In that post, I pointed out that servers and your installs are special snowflakes and not all the same, and that’s why an upgrade doesn’t work all the time. I’m amused that no one pointed out to me that stance (one which I still maintain by the way) seems contradictory to my proclamation that we should love the built-in updater as of WordPress 3.7.

Allow me to challenge myself.

Your server, with your install and your plugins and theme and tweaks, is still a special snowflake.

The background updates for WordPress keep this in mind.

Oh, I have to go further into this? Fine. The reason the updates are restricted to just minor, security/maintenance, updates is that, in general, they do not cause the problems people experienced 2010. It’s been three years. We’re smarter, we learned a lot, and most importantly, if the problem in 2010 showed up again, WordPress would not to install. I heard the sounds of brakes screeching. Let me explain. We want WordPress to not install itself if it can’t. We’re not defining that as a ‘failure’ because while your install did fail to upgrade, your site didn’t break.

Let’s get the down low from the man himself:

All "Update Now" clicks to WordPress 3.7.1 have a 99.75% success rate. That 0.25% is mostly just temporary download failures.

— Andrew Nacin (@nacin) October 30, 2013

About 24,000 auto updates have taken place without any problems. Half of all installs are now being told to update as the rollout continues.

— Andrew Nacin (@nacin) October 30, 2013

Oh no! After 29,000 auto updates to 3.7.1, one site had a critical error. Haha just kidding, the updater simply rolled the site back to 3.7.

— Andrew Nacin (@nacin) October 30, 2013

3.7.1’s fixes were written in such a way to ensure a working site despite any failed file copies. So even a critical failure isn’t critical.

— Andrew Nacin (@nacin) October 30, 2013

Those seem pretty straight forward. WordPress 3.7.1 was made so that a failure to update didn’t break your site, because if it couldn’t apply the install, it would rollback seamlessly to 3.7 without you noticing. Well, except for the email you got to say “Hey, this didn’t work, man. Sorry.”

Why does this work and the major upgrade does not?

That’s the real question, isn’t it? Why are we having such a monumental success for 3.7 to 3.7.1, where we didn’t from 3.6 to 3.7? Actually, we did, but you’re not comparing the right things.

First of all, the 3.6 to 3.7 upgrade is one of the more stable ones we’ve had in a while. 2.9 to 3.0 was the birth of my OMGWTFBBQ!!! post in the forums (and the catalyst for why I’m working for DreamHost). It was a major overhaul, with a lot of changes, and a lot of complicated tweaks. Let’s be frank, it was a re-write of a crap-ton of modules, and it was just going to break things. WPMU folded into WordPress and changed to Multisite? Yikes! But as time has moved on, I’ve been reporting more and more “Everything’s okay in the forums.” This does not mean everyone is perfectly happy and perfectly safe, and the upgrades were a 100% success. We have the same type of complaints as we always have. Themes and plugins were not robustly tested enough with the new release, so they broke when the upgrade happened. This is (currently) unavoidable.

So again, why is this working so well?

Because the core team who wrote the update script learned from their mistakes in the past. The changes made in WordPress may be bold and large, but they’re also done carefully. Instead of just saying ‘What’s done gets into the new version,’ 3.7 took the ‘feature teams’ trend started a few releases back to the next level. Only if the feature was done-done did it get into 3.7. This meant that while we did not have a major ‘feature’ this release (like we did with the Media Release in 3.5), we had the opportunity to make each feature rock solid on it’s own. And this worked better than many expected because of “features as plugins.”

While some aspects of core have to be developed in core, others begin their lives as plugins. Like the password-strength improvements and auto-upgrades were both plugins before they were added to core. Also if you look at 3.8, pretty much every major feature that can be a plugin is one. This means that one feature, a new post editor, didn’t make it because right now it’s not ready. Having things be plugins also lets more people test them, by installing the plugin without having to upgrade to a beta version of WordPress!

Finally, and this is really important, not everyone gets upgraded at the same time. Within 24 hours of the release of WordPress 3.7.1, only 75% of English installs were updated. This was done to keep an eye out for load issues on WordPress.org’s boxes, but also on shared webservers. Which by the way are doing just fine. As we go forward, Nacin’s said he expects this to be sped up, especially for a 100% security release.

How does it work? Glad you asked! The best explanation I got at this was over beer with Nacin, and sold me. At 7am and 7pm your site pings WordPress.org to see if there are updates. When this happens, your URL is hashed into MD5. Then the first three letters of that is converted to a base 10 number (MD5 being based on base 16, which doesn’t do you any good unless you have 6 extra fingers) and that’s used to decide if you get an update or not. The cool part of this is that it can be used to push to only one out of four thousand sites.

I know this is all probably sounding like fan service. Like I can’t see anything wrong with this. Nothing is perfect. I’m well aware that things can break. I’m well aware there are possibilities like WP being DNS highjacked, or a plugin circumventing the updater. But. If the DNS is jacked, the API just won’t work unless the jacker has a duplicate that works. And the evil plugin would kind of have to do the same thing, or they would only be able to impact you when a natural upgrade occurred. And neither of those are actually related to background updates. They could have happened at any time in the past. They could happen tomorrow.

Why do the upgrades work?

Because WordPress grew up.

And that’s pretty cool.

4 December, 2013
Is SEO Best Handled by a Plugin or Theme?
I’m not an SEO expert, but I know a heck of a lot more than many people who claim they are. For the record, I’ve been messing with SEO since it was ‘correct’ to put hidden text in the source code of your site. I used to spend time getting sites to rank well on Lycos and Altavista, back when I was but a wee intern for my friends. It’s fair to say I’ve been around the block with SEO.

I don’t consider myself an expert because of skill, though in the last couple years, I’ve decided not to keep up as closely with things like schema, mostly because I don’t have to. I still retain a solid grounding in what does and does not make for good SEO (content!), and I understand that part of good SEO isn’t just content, it’s how the content is displayed for the reader, but also how the information is sorted for the computers at search engine companies.

Credit: Plymouth UK
About every couple months, someone asks me if I prefer using a theme or a plugin to manage my SEO, and I have been giving the same answer for a couple years now. I don’t use either.

This does not mean that the themes I use aren’t ‘SEO’ optimized, of course. It means that I don’t use their ‘extra’ features. I use, primarily, StudioPress’ Genesis Framework right now, and that comes with an SEO settings page which I never use. Ever. In fact, I turn it off in any child theme I make. This is not because I don’t think that it’s useful, but that what I do ‘use’ for SEO is already included.

My SEO consists of making my content fantastic, using a theme that includes schema headers (or adding them myself if not), and following the guidelines Yoast outlines in his article WordPress SEO Tutorial. I don’t do everything he says (he likes ‘category/postname’ for permalinks, I like ‘year/postname’ but if date doesn’t really matter, I use category instead), but I do read and think about what it means.

That’s the crux isn’t it? I don’t blindly follow advice, or use a plugin or theme because people say I have to. I read, I think, and I come to logical conclusions, and I apply them after I write my post.

For example, Yoast says not to use ‘stopwords’ in titles and make them SEO friendly. I take this to mean your human readable title should be gripping, but the title slug should be short, to the point, and descriptive. So I customize every single title. I come up with four or five before I post, and then when I have one with a good grab, I tweak the title slug to be as short as possible, while still being descriptive. Sometimes I’m better at this than others, but I keep working it.

Next I customize my ‘publicize’ lede. This has to be good and it has to be short. I know I’m using my helf.us yourls, so the URL itself will be tiny, but that doesn’t mean I should use just my title for Twitter. I customize it, trying to make it a little more witty and pithy, to reflect me and my readers. Finally I customize my excerpt. Oh yes, my excerpts are all custom written, and they are intended to grab you hard. Like Yoast, I feel the only well written description is a hand written one, and I do it. For everything.

This puts me at a funny disadvantage. Most plugins and themes I’ve seen tend to want you to make a custom meta description. There are plugins (like the one I do use, listed further down in this post) that allow you to use your excerpt as descriptions, but I’ve never quite understood why themes make this so hard. In Genesis, I have a field for “Custom Post/Page Meta Description” in every post, which if I use it, will change the meta value for description.

When I dug into the code, I saw that it was pulling this:
```
genesis_get_custom_field( '_genesis_description' );
```
Clearly all I need to do is make that default to what I want. And when I figure that out, I’ll let you know. Right now, all I could do was remove Genesis’ function and replace it with my own. Not elegant at all.

Now all that said, there are times when I see to ‘improve’ upon the SEO I’ve been given, because someone else is handling the content will far less care than I give. When that happens, I grab Yoast’s WordPress SEO Plugin. But for the most part, I don’t do anything on a regular basis that involves having to ‘customize’ my SEO, so it’s infinitely portable to any theme I want.
2 December, 2013
WPwatercooler – Multisite Edition

Half an hour kbittzing about Multisite with the players from WPwatercooler

Credit: WPwatercooler

It’s also going to be on podcast and sticher and apparently I have a nice, soothing, voice. Thanks, Cousin Dan, for the tips and tricks about that!

25 November, 2013
Command Line Cleaning WP
I’m a huge fan of the scorched earth clean up for WordPress. By which I mean when I clean up WP, I rip it out, scrub it, and reinstall. This scares the heck out of people sometimes, and if you’re doing it in a GUI, yeah, it can be sucky and time consuming. Me? I do it in 5-10 minutes, depending on if my cat wants to be petted.

I’ve been asked ‘How do you do it that fast?’ so here are my steps for cleaning up WP, with the following assumptions:
1. I’m working in the folder where WP is installed
2. wp-config.php is in this folder
3. WP is in ‘root’ (i.e. I’m not giving WP it’s own folder)
If any of those aren’t true for you, adjust the folder locations in the commands:

Download WP: wget -P ../ http://wordpress.org/latest.zip

Unzip it: unzip -qq -d ../ ../latest.zip

Backup DB: wp db export

Pause. Here I’m using WP CLI, which makes my life way easier. If you’re not, you’ll need something like this: mysqldump --opt --user=username --password=password --host=yourMySQLHostname dbname > domain_com.sql

Zip up the files I want to backup: zip -r ../domain.zip *.sql wp-config.php .htaccess wp-content/

Set glob. Glob is scary, I know, but read about glob before you dismiss it (if you’re on korn, you can usually skip this): shopt -s extglob

Delete files: rm -rf !(wp-config.php|wp-content)

Pause. At this point, It’s probably wise to consider that my hack may be in my theme and/or plugin. If so, I want to nuke them and JUST keep my uploaded files, so I use this instead…

Delete files: rm -rf !(wp-config.php|wp-content) wp-content/!(uploads|blogs.dir)

Pause again. No matter what, want to scan for evil files, but this way I do it over a much smaller group of files. Either way, though, I do want to scan the folder for evil, because leaving behind hacks in themes and plugins is really common. Also it’s a good idea to delete every plugin you don’t use, and theme as well. Since you really can’t delete all themes but one on a Multisite, this gets harder. Generally I don’t delete the themes automatically, but instead go in and nuke them one at a time, so I run this…

Delete files: rm -rf !(wp-config.php|wp-content) wp-content/!(uploads|blogs.dir|themes|mu-plugins)

Now we can move on, knowing our personal files are clean.

Copy it back: cp -r ../wordpress/* .

Clean it up: rm -rf ../wordpress ../latest.zip

And now you’re done! When you want to reinstall plugins and themes, I do via wp-cli because it’s faster: wp plugin install NAME and wp theme install NAME

Then I activate as needed and I’m off to the races. If I deleted my mu-plugins, I copy those back from my backup zip, one at a time, checking each file for hacks.

The best thing about this is you can apply the logic to any CMS out there. Just know what you have to delete and keep. The downside? It doesn’t touch your database. Rarely is this an issue for me, except in the case of the Pharma hack. I’ve not had a DB infected yet.

Do you have a solid methodology for cleaning it up?
25 November, 2013
Plugin Wish: Login With Google

Now I know what you’re thinking. “Mika, there are a hundred plugins that let you log in via Google!”

That’s not what I mean. Let me explain with a story.

You have a business, example.com, and you use Google Apps for everything. Then you start tying this into other companies, like a time sheet company, that let’s you ‘Login with Google’ and redirects you to the right company settings. Cool, right? Kind of like this:

And you think you’d like an internal, private, blog, where people can post cat pictures. Or whatever. What if you could just have the login screen be that Google button? And you know there’s a bajillion plugins for it, but you want to have it be only people on example.com. So you@gmail.com can’t login, but me@example.com and dad@example.com can too!

I want that.

I have not yet seen it, but I think that would be an amazing plugin. By default, the domain it ‘validates’ would be the one on which it’s installed (so here it’d be halfelf.org), but you could override it (which is good, since I’d want to use ipstenu.org). Then you’d want it to ‘generate’ new users if they don’t exist, since you don’t want to have to add every single new person, right?

Oh and you don’t have to terribly worry about that fired guy, bob@example.com, because once he’s fired and you disable the email account, he can’t log in!

Some concerns of course would be Two-Factor Authentication. Also how do you handle multisite? I would envision a default nothing-set option for Multisite, where the network admin could network activate, and set the default domain there. Add in a check box for “Allow individual sites to override?” at the very least. Maybe a sneaky “Always allow the super admin to log in” setting too, though that gets complicated fast.

Cliff Seal pinged me about this and said he’d been fidddling with https://github.com/logoscreative/wordpress-openid but he never finished. Who’s up for the challenge?

And no, it did not escape me the hilarity of me, a loud “I don’t like Google owning all my data!” person suggesting this.

22 November, 2013
SEO Slides Is A Pie
This review is of the FREE version during the beta release!

I wanted to love you. All my friends rave about you and tease me for using PowerPoint. “Don’t you want to own your data!” they harangue me. And it’s true, I do! So the idea of having my slides on my server, embedable into posts? Hey that sounds great!

The cake, is, alas, a pie.

It’s not really a ‘lie’, but there are points that I just don’t love like they do. This is not to say I don’t like it, in fact I am happily using it, and I’m going to keep using it, and for a lot of people, this will be perfect to make slides. It’s not (quite) perfect for me, but that’s because of my current usage. I can see the future of slides and WordPress, and it really is going to be SEO Slides for many (if not all) of us.

Before I get deep into this, you have to register to import PDFs. This is perfectly fair and understandable. They’re converting a PDF into images on their server and importing. Okay, I’m jiggy with that. I could conceivably make the images myself, but this is fine. The problem, or rather the part I don’t like, is that they really all just images. And they’re named things like c6ddd0b82e5a45c70fb2718869cad3e1-7. So once I import, I have to go back and change all the titles and (if I want) copy in my notes.

So why not just write it in SEO Slides? Because of Presenter View.

Say what you want about PowerPoint, but the fact that I get a presenter view, filled with my notes, is actually very important to me. I make notes, as you may have noticed reading my post from WordCamp Portland, 2013. Sometimes they’re exactly what I’m going to say, sometimes they’re slightly different bullet points than my slide has. Sometimes I have NO bullet points on the slide, so they’re all in the text. I really try to use that aspect of Power Point. I don’t really script my talks to 100% detail, but I treat those notes as flashcards to keep me on topic and on pace. They even will have time notations.

As a presenter, keeping to my time limit and topic is important to me. Since I do give similar talks a lot (example: I used ‘A Tale of Two Servers’ to talk about Managed WP hosting in Boston, but I also have a Degrassi themed one called ‘Whatever it Takes’), the notes are often the same, but the pacing will be different. I try to cater to my audience. For now, this is the absolute number one reason I’m sad-panda about the plugin. But if that’s not your thing? You have no worries!

The important factor to me is embed-ability. I have to be able to embed my content on a page. I use that page with a custom shortlink and put it in my slidedeck. Now with SEO Slides, I can just use the page, but it doesn’t let me put text or notes around it, so I’ll still want this to be embedded. Problem? Embedding with SEO Slides is not as obvious as you’d think. I read the Embedding FAQ and this just did not happen for me:

When you “Publish” your presentation, you will be provided a link to “Use presentation in a new post.” This option will embed your presentation directly into a new blog post.

I thought I was doing something wrong, but finally I realized the ONLY way to get this “Use in presentation” link was to save the post once published. Gah. Why not a nice button? Still, this was not insurmountable, and in the end, I really did like the look of the embed way better than the Slideshare one.

Except … I’m not really thrilled with having to upload all my media. It makes me want to make a dedicated SEO Slides site on my network so I can isolate content. Part of the issue is with how I like to write my slides. I know for a WordCamp where I speak for 45 minutes, in order to leave room for questions, I should have no more than 30 slides, and that’s only if I’m doing roughly a slide a minute! I try to keep it closer to 20-25 honestly. A 45 minute talk should have at least 5 minutes for questions. I like to keep the text on my slides minimal, so I have a lot more to actually talk about.

I hate slides that are pretty much what the person reads off… thanks. And that’s really a totally personal thing, but it means my slides are really image heavy. So that adds a lot of weight to a site. It’s not a plus or minus, just something I have to consider.

The other problem with embeds is the embed CODE. You get a lot of parameters but the ones that jump out at me is this:
```
site_src="http://slides.ipstenu.org/site_title="Slideshows"
```
It looks cool, and I can change the site_src and site_title…. What I can’t do is change the output. I mean, I can’t remove that ‘source and title’ at all. I can’t change the default so it’s always ‘halfelf.org’ instead of my placeholder site. And worse? I can’t turn it OFF so other people can’t embed my stuff. I mean, what if I don’t want them to embed my warez? This means if someone looks at my slides, clicks the slick plus-sign, they get the code for embedding and they get my slides.ipstenu.org link. Now if you go there, you get redirected, but that’s not the point! Why have this customizable if I can’t… customize it? There are no settings options save entering my API key and allowing for tracking (which I turned off). Why not have an option for customizing output!

A final minor note with SEO Slides, the title is also wonky. This may be because I’m running Trunk but I get this weird title thing in my … well … title:

Not really super happy about that. I did report it though. Also I reported that I ‘ran out’ of uploads of PDFs. In the free version, you get three free PDF conversions. I did it once. I tried a second time and it said “Upload Error: Your subscription has exhausted the use of this service.” So I filed tickets for both of those on November 14th.

On the good side? These guys are WAY responsive to my enquiry about something (which they changed promptly), and helpful when I said “DaFUQ?” about embedding.

I’m not sure if I want to use it going on. I may end up using it for embedding, though, but it won’t be a replacement for PowerPoint for me any time soon. Now I just have to decide if I want to pony up the $200 a year just to convert my PDFs. There are enough ‘little’ things missing that frustrate me, like no quick-edit if you just want to change titles, no categories, no tags, no main ‘slides’ page (that is – the custom post type has no archive page).

Of note! Since this initial review was written, but before it was posted, SEO Slides upgraded me, so I’ll have to come back and re-review once I bang on the Premium Version: Is it worth it? Since, clearly, the brunt of why I’m ‘meh’ about this is the presenter mode, I may fall in love with Premium! The software’s only been out for two months at the time I wrote this, there’s a LOT of room for growth and I’m probably just being really really impatient.

As this moves from Beta to Live, I expect a lot of great things from SEO Slides. Do I love them? Not yet. But I like them a hell of a lot more than I like PowerPoint, with that sole exception. The presenter view. God help ’em, no idea how you’d tackle that! Can’t wait to see how they do it.
15 November, 2013