After reading about Donncha’s experiences with the Limit Login Attempts plugin I decided it would be a good idea to implement it on my blog. It’s extremely simple to set up, but I couldn’t work out how to solve the security warning the plugin generated telling me that my ‘user_nicename’ was the same as my username.
It turns out that ‘user_nicename’ parameter is used to construct a permalink to an Author Archive. By default it is set to your username, allowing an attacker to obtain a valid username from the Post Author permalink that is commonly included in themes. Luckily the problem can be easily resolved through a simple database modification:
- Fire up phpMyAdmin.
- Select your WordPress database from the menu on the left.
- Select the ‘wp_users table’, and then click the ‘Browse’ tab.
- Locate the row that has your username in the user_login column. Click the Edit button (the pencil icon) on that row.
- Enter the desired URL version of your name into the user_nicename field, e.g. ‘firstname-lastname’.
- Click “Go” to save your changes.
To check that the process has worked, visit ‘http://yourblogurl/author/firstname-lastname/’, replacing ‘firstname-lastname’ with whatever you picked in step 5; you should now see your Author Archive page. On checking the Limit Login Attempts options page, you should see that the security warning has disappeared. Props to WordPress Hacks for the solution.
When re-hosting WordPress, deactivate and delete WP Super Cache first. If you don’t then your site might just show blank pages. There’s 7 hours of my life I won’t see again…
As part of a recent upgrade on this site I installed the latest version of the excellent K2 theme, taken from the nightly builds. Following the upgrade I noticed that although comments were still intact on posts, they were missing from pages. All the old comments still existed in the admin backend, but they were not shown on any pages, and neither was the comment form. I discovered that since revision 747 of K2 it is necessary to have a custom field called ‘comments’ associated with a page in order for any comments or the comments form to be displayed. This leads to a problem in itself; if you try to add an empty custom field to a page then a rather unhelpful error message is displayed and the operation fails. The solution is to give the ‘comments’ field a dummy value, anything will do as it is never displayed. Save the page and voilà: any existing comments and the comments form will resurrected below the content.
The moral of the story? If you want the latest and greatest version, at least spend five minutes reading the changelog!
Bad musical puns aside, you may notice a few design changes on the site. As part of an effort to speed up the site I have implemented the excellent WP Super Cache plugin and removed the Twitter and Last.fm widgets from the sidebar. Dynamic content and caching don’t work too well together, and although it’s possible to set the cache to expire each time the sidebar changes it rather negates the point of caching as I use Last.fm and Twitter rather a lot!
It seems like there’s a real problem with the auto save function on WordPress at the moment, if you let the auto save kick in before pressing ‘Save’ or ‘Publish’ then all your musings are lost. Unfortunately for me I only found this out after spending about 20 mins writing a post 
It seems to be ok if you hit ‘Save’ before the first auto save hits, you’ve got about 2 minutes as far as I can tell. So the moral of this story is get in there first and press ‘Save’ yourself! Or you could always resort to offline authoring instead…
Hopefully this’ll be fixed in 2.5, I’ve seen at least 10 threads on WordPress.org complaining about it, so it seems to be quite a common problem. Roll on the 10th of March!
Edit: Dydd Gwyl Dewi hapus! | Happy Saint David’s Day!