Tag Archives: WordPress

Aaron Brazell

Tribute Craigslist Theme for WordPress

At Mesh this week, I had the pleasure of attending Jim Buckmaster’s keynote. Jim is the CEO of Craigslist, a completely user powere company. It is the anti-web 2.0 with no frills websites, no typical business structure, a disdain for meetings, marketing and PR – yet, one of the craziest success stories of the late 20th and early 21st centuries.

After listening to Jim at Mesh, I decided a tribute WordPress theme was in order. This is WP Craigslist weighing in in true CL fashion at a mere 5.3kb.

Rock on.
WP Craigslist Theme 1
WP Craigslist Theme 2

Aaron Brazell

Guide to Disaster: How The Tech Team Handled WordPress Security Flaw

By now, the news has spread rapidly in security circles and on mailing lists about an exploit to the WordPress software less than or equal to version 2.1.3. To give you some background, we had held off on upgrading to version 2.2 that came out last week due to bugs in the software that we felt were unacceptable to our company. Nothing critical, but as we are nearly finished rolling out new themes that are all widgetized to the network, I felt that lingering widget bugs were pretty critical to our platform. The decision was made on release day that we would not upgrade until WP 2.2.1 was released next month sometime.

That was the plan as recently as Monday evening. But something changed quickly and I want to give you a window into how the team worked together to avert a crisis. As this timeline is fairly raw, I hope it gives some perspective on how we are able to react and triage situations quickly and put issues to rest all the time. We don’t always have critical security flaws, but we do work together to problem solve on a daily basis. This is how we roll.

Monday, May 21 – 10:52PM EDT
An email is sent to the WordPress hackers mailing list alerting the community of a posted exploit to all versions of WordPress under version 2.1.3.

Monday, May 21 – 11:17PM EDT
Exercising caution as with all security alerts, I carefully setup a test and run proof of concept script against one of our blogs. Threat confirmed.

Tuesday, May 22 – 12:07AM EDT
I forward the notice to the tech team for them to digest in the morning.

Tuesday, May 22 – 8:21AM EDT
Brian Layman confirms threat and indicates that our upgrade timeframe decision has been made. I agree.

Tuesday, May 22 – 9:22AM EDT
Sean Walberg, our systems administrator, suggests we delay upgrade until peak traffic time is passed. Already, we were under a Digg storm and we did not need to exacerbate issues with an upgrade.

Tuesday, May 22 – 9:40AM EDT
Channel Editors notified of the problem and the impending upgrades and are given instructions to change passwords after the upgrade.

Tuesday, May 22 – 2:30PM EDT
Brian Layman and I work up more verification of the exploit by analyzing and executing the code against further targets on our next work. Re-confirmed.

Tuesday, May 22 – 4:30PM EDT
Upgrade script and subversion repositories prepped for switch to WordPress 2.2. We chose revision 5505 as most of the widget issues we were initially concerned with were addressed prior to this revision. Core plugin set re-evaluated by team. Eliminated one plugin due to security.

Tuesday, May 22 – 6:00PM EDT
Upgraded Tech channel and verified functionality of widgets, in particular.

Tuesday, May 22 – 9:00PM EDT
Upgraded entire network to r5505.

Tuesday, May 22 – 9:30PM EDT
Support, support, support. Reports roll in regarding broken this and that – mostly having to do with plugins and widgets. Solve almost all except a weird database error on one blog.

Tuesday, May 22 – 10:40PM EDT
Major bug discovered – well, not major for WordPress, but certainly for us from a user experience perspective.

Wednesday, May 23 – 12:35AM EDT
Reupgraded network to r5520 which included further fixes for widgets.

All in all, because we have created tools and standardized everything we do, we are able to avert problems before they become problems. We do it all the time for big problems and small. Folks who run networks, whether blog networks like b5media or simply groups of blogs that are maintained by the same person or group can choose to upgrade blogs by hand, one by one, or sit on the problem hoping to not be attacked “until the weekend”, or they can take attacks seriously, use tools that assist in upgrading (Brian’s upgrade script is very good too) and be done very quickly and efficiently.

Our upgrade of over 200 blogs was completed in 30 minutes and 6 seconds – a slowdown from earlier reported times based on instituting a pause between each upgrade. Our time of execution from problem introduction to problem solution? Less than 24 hours.

Aaron Brazell

The Well Defined Lines of Blogging

This article was originally published on March 24, 2005 and is being republished as part of the Technosailor 3-year Blogiversary series. Enjoy! A timeless quote…

Blogging is a developing medium, but at the same time it is well established. The players that were in existence in 2003 have now been changed due to acquisitions and splits. b2 became WordPress. Typepad and LiveJournal became flavors of MovableType. Blogger was acquired by Google. And the list continues.

The fact is that WordPress is now the dominant self-hosted blog software followed shortly thereafter by MovableType when in 2003, MovableType was the software of choice.

Jeremy makes a good point when he points out that:

WordPress will come to be the de-facto choice in the world of self-hosted personal weblogs and low-end webhosting “value added” package. MovableType will be the blogware of choice in the corporate blogging world, both for internal weblogs and those that face the outside world.

I don’t know that I necessarily agree with his view about MT’s role, but the argument can definitely be made.

Aaron Brazell

10 Things You Should Know About WordPress 2.2

Ah, the time has come again. So soon at that. Imminently, a new WordPress release comes to our doorsteps (It’s being given a final once over by testers – Update: It’s here). Since WordPress has gone into a 120-day release cycle (plus a few weeks in this case), the feature list is shorter but more power packed. Still, though, there are (at least) ten things you should know about WordPress 2.2 – and you may want to figure out if this release is right for you.

Native Widgets

Since Automattic released their Widgets plugin, the public has widely adopted them. Personally, I was a late adopter but yet I drank the kool-aid and can’t live without them. In fact, all our new themes at b5media are widgetized. They are low maintenance, though still a pain in the royal rear for theme designers who don’t understand how to take WordPress themes to that next level, but that’s certainly not the fault of WordPress. I digress. Widgets are now fully integrated into the core. It was this feature that has been worked on almost exclusively outside of bug fixes for the final weeks before release. Hope you enjoy them!

Added: Please make note of the fact that native widgeting is not yet compatible with IE as reported in this ticket that went unpatched before release. If you use widgets, you will be unable to remove widgets beyond a certain hierarchy of the “available widgets” queue. Be warned or use Firefox or an alternative.

Also Added: Folks using multiple ExecPHP widgets may run into difficulty with only the first widget contents being echoed on the blog. It is a bug, will require an upgrade to the widget, but there is good news. Ryan Boren comes up with the workaround.

Atom 1.0 Feeds

Another war that has been fought for quite some time is WordPress support for the Atom 1.0 feed. Up until now, there has only beenm native Atom 0.3 support and RSS 2.0 was the preferred feed. Now, advocates of Atom can be happy with the standard XML that is produced by Atom 1.0 making it more portable in other environments.

WP-Admin powered by jQuery

I admit to not knowing much about the various Ajax javascript libraries, but I’m assured that the introduction of reliance on jQuery in wp-admin makes for a faster and lighter administrative panel. The previously favored Prototype library, while heavily favored for its multipurpose abilities, will continue to be bundled with WordPress for the sake of plugins that rely on its existence, but will cease to power the bulk of the administrative functions of WordPress.

Update: Ilfiloso clarifies in comments and on his very cool post that delves deeper into things developers will like about WP 2.2, that jQuery is still not implemented across the board. We can expect more transitions in future releases.

Atom API Support

Bloggers using API editors (external desktop editors, for instance) may be interested to know that WordPress has introduced Atom API support. To this time, bloggers were forced to use the MovableType or the MetaWeblog API to write posts with an API editor. Benefits of Atom API is, among other things, security. Passwords are not transmitted in clear text as with other APIs. Mark Pilgrim has an older, yet still relevant, article about the technical benefits of the Atom API. Feel free to give it a read.

New Blogger Importer

And the world breathed a collective ‘w00t!’. Blogger is still by far one of the most popular platforms for blogging in the world. Beats me why, but I can’t argue with the numbers. Naturally, I (as many others) encourage people to migrate from Blogger to WordPress. The old WordPress importer for Blogger sucked horrible. It basically did a page scrape in multiple cycles that could bomb at any point. The more posts in Blogger, the higher the chances of an interrupted import. And it would take all day.

Then Google decided to do the whole “new Blogger” thing and tied blogs to Google accounts instead of the old-style Blogger accounts. This was fine for everyone except people trying to migrate their blogs away. The old Blogger import (bundled with even WordPress 2.1 despite the fact it didn’t work anymore) simply no longer functioned properly. Fortunately, a new Blogger importer (much smoother) was developed and has been in action on WordPress.com for some time, but those in the WordPress.org world were up a creek. The only solution was to import to a temporary WordPress.com blog, then export a WordPRess export file that could be imported into your own blog.

Now however, Blogger bloggers can move directly, and more seamlessly, straight to WordPress. Good times.

Plugin Sandbox

Ever had one of those times where you install a plugin that you didn’t know had code errors. You activate and go and view your site just to find it completely blank. You go back to your plugin page and it too is blank. The only remedy was to FTP into the site (or SSH if you choose, Mr. Ninja!) and delete the plugin.

Now that is no longer an issue. Plugins are sandboxed upon activation. By that, I mean, the code in the plugin is evaluated on activation for code with fatal errors – the kind that make your site blank – and if the code doesn’t pass the test, it is simply not activated. This prevents an errant plugin from taking down your whole site.

New Hooks for Plugin Authors

Plugin authors, rejoice! More hooks than ever are available to you in WordPress 2.2. You can now change the comment form using the


hook. You can even hook on




for some potentialy dangerous and/or creative plugins. ;-)

Return of the Preview Link

Many people noticed that in WordPress 2.1, the Preview link that was available on the Write screen disappeared. WordPress developers have heard the groanings of the masses and returned it, albeit in a different form. Now the link actually opens the site in a new window (no more slow loading iframe below the edit area). this should make many people very happy. :-)

Comment Feeds

There has always been a way to subscribe to the comments of a post. Just like everywhere in WordPress, adding /feed or, if you don’t use friendly permalinks, &feed=rss2 to the end of a single post will bring up the feed for the comments. It’s a great way to monitor conversation on a post you’ve commented on.

In WordPress 2.2, you can get comment feeds wherever you go – archives, categories, etc. So if you like James Joyner’s sports stuff but not so much his political or celebrity blogging, you can subscribe to just the commenting surrounding sports topics. This feed should be autodiscoverable by RSS feeds, but if not, theme authors will have to expose that to the world while designing their themes.

Mail Enhancements

Another thing you may or may not want to know know about WordPress 2.2 is an under the hood enhancement but solves historical quirkiness with emails generated by WordPress. As rudimentary as email is, it is still finnicky at a system level. If headers are not correct, ISPs may reject it. Spam filters like eating email for no good reason, and sometimes don’t eat the email it should. WordPress has integrated PHPMailer as the email class of choice to solve some of these issues. Again, under the hood, but hopefully addresses some problems encountered by some users on some platforms with some server configurations.

Under the Hood Optimization

Other under-the-hood enhancements that in some cases may not visible to the naked eye include better HTTP protocol support, enhanced PHP 5 support, and the TinyMCE upgraded version (it’s the Visual Text Editor, silly!). Here’s a complete set of changesets between version 2.1 and 2.2, for those curious among you.

As WordPress development is on a 120-day release schedule now, fewer BIG features will be implemented as less time is available. Releases will tend to be quicker. Development on WordPress 2.3 will begin immediately and if you have a desire for a feature not yet available in WordPress, you should make your voice heard through the feature wish list.

Aaron Brazell

The Technosailor Design Process

Last week, I launched the new and improved layout of this blog. I mentioned Lisa Sabin created the look. She deserves a lot of credit for taking very vague conceptual ideas and turning them into the layout and design that is being showed off here. Lisa describes the process of doing the Technosailor design work here.

As much as there some fantastic designers out there that everyone knows about, there are really great designers who alot fewer people know about. Lisa is one of those. I love finding diamonds in the rough and Lisa is one of those. Thanks, again, Lisa!

Aaron Brazell

Technosailor Version 7 Hits the Street

I’m really, really happy right now because we’re begininning the three year anniversary celebration a little early here. Back in March, I started to discuss the possibility of a professional theme with the fantabulous Lisa Sabin. I gave her some of my ideas and in essence let her go to town creating something suitably professional and refreshing for this blog. I had only a few specific ground rules:

  • Whitespace
  • Home Page NOT being the blog – more room for pulling together content in a better and more useful way than a linear blog
  • Done before May 20, in time for my three year blogging anniversary

So I’m very, very happy to launch version 7 hitting all of those points and delivering a month early! We have taken a departure from the historically consistent nautical theme, grouped content better more effectively, implemented a del.icio.us powered link blog. And Chad, our director of sales, loves the ad placements, so there’s an added bonus! Commenting and posts look nicer too!

Your thoughts? Lisa is scared, but I think she did a smash-up job! :-)

Aaron Brazell

My Script for Auto WordPress Upgrade

I like posting scripts. I am proud of most of them. I mentioned before that I run WordPress trunk and that every day, the auto upgrade script runs, upgrades this blog and sends me a detailed email regarding the upgrade. Not only does this help me keep track of changes from revision to revision without having to go browsing the repository, it gives me a handy reference in case I have to roll back.

Here is the script I run. It is a PHP command line script (I do most of my CLI scripting in PHP as I’m fluent in it). Continue reading

Aaron Brazell

Ninjafying WordPress

In case you’re looking to have WordPress related work done, or want to find WordPress related tips, I’m blogging (and consulting) back over at Emmense. I’ve found that there is a tremendous market for people who understand the nuances and intricacies of WordPress. Since I have been using it for over 2 1/2 years and am intimately acquainted with the development process and advanced uses of the software (I work at b5media, one of the largest WordPress deployments on the face of the planet!), a lot of people come and ask me for advice and ask for my assistance with their WordPress blogs.

While Emmense is geared toward dissemination of WordPress knowledge, it is also my professional site and as so will continue to go through improvements.

It’s all about ninjafying WordPress.

Update: Yes, I know it’s not IE compatible yet. Patience, grasshoper.