I don’t like the automated plugin installer. I don’t know why, I just don’t. I have this stupid simple script I use instead. I cleaned it up before posting here. It’s a lot more complicated than my WordPress Upgrade Script because it has to check for the latest release of the plugin via the subversion repository and clean up weird characters (because people write code on Windows, Linux and Mac and everything else!). This is one of the few times I assume that if you don’t specify a version, you probably want the latest and greatest.
#!/bin/bash
####################################################################
# WORDPRESS-PLUGIN.SH - WordPress Plugin Script for BASH SHELL #
# #
# This script will download and copy up the specified WordPress #
# plugin to the account. By default it gets the latest version, #
# but you CAN specify trunk or whatever version you want. #
# #
# Author: Mika Epstein #
# URL: https://halfelf.org/scripts/wordpress-plugin-script/ #
# #
# Usage: ./wordpress-plugin.sh plugin [version] #
# #
# plugin == the 'ugly' name of the plugin (i.e. wp-super-cache) #
# version == the FULL version number (i.e. 0.1.2) #
# #
# This program is free software; you can redistribute it and/or #
# modify it under the terms of the GNU General Public License as #
# published by the Free Software Foundation; either version 2 of #
# the License, or (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
####################################################################
if [ "$1" = "" ]
then
echo "EXIT: FAILURE! You didn't specify a plugin name. Kinda need that."
echo "Syntax is ./wordpress-plugin.sh plugin [version] "
exit
fi
if [ "$2" = "" ]
then
# We're getting the readme from the repo and using that to calculate the latest stable release.
wget -qO $1-readme.txt http://plugins.svn.wordpress.org/$1/trunk/readme.txt
if ! [ -f $1-readme.txt ]
then
echo "FAILURE: The plugin is goobered in the WordPress repository, so we can't determine the latest stable release."
exit 1
else
tr -cd '$2' < $1-readme.txt > $1-readme-tr.txt
VERSION=.`awk '/Stable/ {print $3}' $1-readme-tr.txt`
rm $1-readme.txt $1-readme-tr.txt
fi
else
# Quick check if someone wants the trunk build with a 'You sure?'
# double check.
if [ "$2" = "trunk" ] # start trunk check
then
read -p "Are you sure you want to install the TRUNK version? (y/n) " -n 1
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
echo
echo "You have opted NOT to install the trunk build of $1."
exit 1
else
echo
VERSION=
fi
else
VERSION=.$2
fi # end trunk check
fi
# Download the plugin
wget http://downloads.wordpress.org/plugin/$1$VERSION.zip
# If the file didn't download, then you probably got the URL wrong. Fail.
if ! [ -f $1$VERSION.zip ]
then
echo "EXIT: FAILURE! Could not download $1$VERSION.zip - Did you get the version and plugin name right?"
exit
else
echo
unzip -q $1$VERSION.zip
fi
# This is ONE LAST CHANCE. If you say anything other than yes, then it cleans up.
read -p "Last chance. You sure you want to install the plugin $1 v$VERSION for $USER? (y/n) " -n 1
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
rm -rf $1/
rm $1$VERSION.zip
echo
echo "EXIT: You have chosen NOT to install WordPress $1 at this time."
exit 1
else
echo
fi
# This is a quick check to make the directory if it's not there.
# Change this if you want to install to a subfolder or whatever.
if ! [ -d public_html/wp-content/plugins/$1 ]
then
mkdir public_html/wp-content/plugins/$1
fi
# Copy the files up to root public_html
# Again! Change this if you want to install to a subfolder or whatever.
cp -r $1/* public_html/wp-content/plugins/$1/
# Post install clean up with a 'I don't know what you did!' error.
if [ -f $1$VERSION.zip ]
then
rm -rf $1/
rm $1$VERSION.zip
echo "SUCCESS! You've downloaded the plugin $1 (version $VERSION). Now go activate it!"
else
echo "POSSIBLE FAILURE. Could not clean up the files, so there's a chance everything went pear shaped."
echo "Please review your WordPress plugins and remember: Blame Nacin."
fi
exit


I did a quick run through my plugins, and everything is ready for 3.1, even the tricky wicket of Register IP – MultiSite, which is now Version 1.0.

No matter what type of tool you use for spam-trapping, remember that the best tool you have is your eyes, your brain, and your common sense. YOU are the number one, best defense, against spammers. Yes, this means you have to give up of your free time to maintain the site, to monitor the new blogs, to monitor the new comments and users, and stop them. While some posts can be hard to determine if their spam, if you check the email, the URLs and the context, usually you can sort them out.
Set up a good firewall. I use ConfigServer Security & Firewall, which checks against Mod Security and bans people who hit it too hard. This prevents a lot of automated spammers and also stops them, once they GET in, from being able to send out spam emails. A good firewall does wonders for other reasons too, but only if you configure it correctly. ConfigServer has a test it can run to see if your setup is good or middlin’ or poor, and I check it every time I upgrade. Oh yeah, keep current with your firewall tool, too!
Blacklists are simple. Here is a list of people I don’t want to have access my site. Done. There are the usual caveats for this and the same warning applies as with .htaccess IP blocking: you may block legit users. Personally I prefer moderation lists versus delete blacklists. They put the possible spammer into a bin for me to review and approve or not. Blacklists and mod lists work best, I’ve found, for spam comments rather than splogs. I know, normally, no one on my site will be talking about viagra, but what happens if they have a question about it? The term is on my moderation list. (Funny but true story. I had the word ‘sex’ on a mod filter on another site. Suddenly people were talking about how sexy someone was, and all the posts hit my mod filter. Sometimes these terms are great to block out, but sometimes you forget how they’re really used.)







There are two WordPresses. This confuses lots of people, to the point that Matt Mullenweg has implied he’ll never name something like this again. It’s almost as confusing as pages vs posts, which is a whole different post.