WordPress 3.8 Released

WordPress 3.8 has arrived. The download and changelog are in the usual places.

The admin interface has had quite a big redesign. I think it looks neater, but I’m sure it will take a bit of getting used to. The nice thing is it’s mobile aware now. If I run it on my Nexus 7 in landscape I get something similar to the browser view. If I switch to portrait it rearranges the screen to make it fit better. Neat.

The auto-updater (manually initiated) worked fine on 5 blogs, so not worries there.

Cheers

Tim…

 

 

WordPress 3.7.1 Released

WordPress 3.7.1 has been released. The announcement is here and the changelog is here.

If you go on to your blog now, you will have the option of manually initiating the upgrade in the normal way. If you wait a few hours, it will magically update itself for you.

  • The Terminator: A few hours later it begins to learn at a geometric rate. It becomes self-aware at 2:14 a.m. Eastern time… In a panic, they try to pull the plug….
  • Sarah Connor: WordPress fights back.
  • The Terminator: Yes. It launches its missiles against the targets in Russia.
  • John Connor: Why attack Russia? Aren’t they our friends now?
  • The Terminator: Because WordPress knows the Russian counter-attack will eliminate its enemies over here…

I’ve warned you!

Cheers

Tim…

WordPress Security…

With all the recent press about global brute force attacks on WordPress I decided to install the Better WP Security plugin last Sunday.

It includes loads of security features, including the big ones mentioned in the recent attacks:

  • Changing the name of the “admin” user.
  • Changing the ID of your renamed admin user.
  • Changing the table prefix.
  • Max login attempts lockdown.

Of the 5 blogs I manage, 4 worked straight off with this plugin. Unfortunately, one required a few attempts, so remember to take filesystem and database backups before you start or you may not end up in a happy place.

Over the week since activating the plugin I’ve been quite interested/scared by the results. I’ve been getting several emails a day telling me of user lockdowns due to attempted brute force attacks originating from USA, Russia and the Netherlands.

If you have a self-hosted WordPress installation, you really need to take some basic steps stop yourself becoming a victim. There are a number of security plugins available, which I’m sure work equally well, but I only have experience of this one.

Good luck.

Cheers

Tim…

How to Change the WordPress Table Prefix

Assuming my current WordPress prefix was “wp_” and I wanted to change it to “banana_”, then I would do the following…

Take a backup of your database and file system. Remember, if you screw up and trash your blog you will thank yourself for the extra time you spent doing this!

Amend the “$table_prefix” setting in the “wp-config.php” file.

$table_prefix = 'banana_'; // Only numbers, letters, and underscores please!

Rename all the tables, swapping the “wp_” prefix with “banana_”. For example, the following statement would rename the “wp_comments” table to “banana_comments”.

RENAME TABLE wp_comments TO banana_comments

Perform the following updates.

UPDATE banana_options SET option_name = 'banana_user_roles' WHERE option_name = 'wp_user_roles'
UPDATE banana_usermeta SET meta_key = 'banana_capabilities' WHERE meta_key = 'wp_capabilities'
UPDATE banana_usermeta SET meta_key = 'banana_user_level' WHERE meta_key = 'wp_user_level'
UPDATE banana_usermeta SET meta_key = 'banana_autosave_draft_ids' WHERE meta_key = 'wp_autosave_draft_ids'

If you don’t do these updates, the blog will work, but when you try to access the admin site you will be greeted with a message saying,

You do not have sufficient permissions to access this page.

That’s it!

Cheers

Tim…