WordPress 4.4 Arrives 39
An anonymous reader with news of the newest release of open source WordPress, which adds a slew of new features to the blog management tool that will "make your site more connected and responsive." You can download the new release now from WordPress.org/Download (7.3MB). WordPress is a content management system (CMS) that powers 25 percent of the Web. The latest version is dubbed "Clifford" in honor of jazz trumpeter Clifford Brown.
Why is that the goal of a new release? (Score:5, Insightful)
Why is the goal of a new release to make a site "more connected and responsive?" Neither of those are the real issue with Wordpress. I'd like to see an emphasis on security and making it much harder to compromise an install of Wordpress. This tells me that the Wordpress devs might not be taking the issue seriously enough. How about at least not exposing internal paths, having separate administrator accounts that aren't logged into like normal users, and otherwise hardening the system? That should be the goal of new releases, otherwise 25% of the internet is full of massive security holes.
Re: (Score:2, Funny)
You'll take your crapified, phone centric UI changes and you'll LIKE THEM!
Re:Why is that the goal of a new release? (Score:5, Funny)
Ah, a member of the Gnome 3 team speaks out!
Re: (Score:3)
Heh... I saw "more connected and responsive" and my first thought was, "connected and responsive to whom?"
Re: (Score:2)
Why Joomla, exactly? Why not Drupal or something else?
Re: (Score:2)
Drupal is so old school, I hear the cool kids are using http://modx.com/ [modx.com] now.
Re: (Score:2)
I'd like to see an emphasis on security and making it much harder to compromise an install of Wordpress.
WordPress powers one fourth of the entire web. Something around 100 million websites. A number hardly imaginable. I don't know about you but I'd be hard-pressed to find a system that is so widespread and offers that level of security. It may be a patchy mess, but so are many other successful projects. WP security is just fine, if you ask me.
Aren't most WordPress vulnerabilities... (Score:2)
Remote admin features (Score:5, Funny)
I love the remote administration features of wordpress. Infact the owners have no idea I am even remoting in with the sql commands
Just-in-time exploits (Score:2)
This was timed well with the FBI's announcement that they routinely use zero-day exploits.
Re: (Score:1)
I work for a shared hosting company. Updated WordPress sites aren't the problem - the crappy home-made plugins, disabled automatic updates, and premium themes without update notifications are.
Re: (Score:1)
Re: (Score:2)
...and sites with Wordfence :-) The latest Wordfence release outrageously renames a core WP file (/readme.html) by default which breaks the official WP API used to verify checksums of core WP files (tools such as WP-CLI use this). I posted up to the Wordfence forum about this and got a useless reply and my thread marked as "resolved" despite nothing being done about the breakage!
I've now had to go around all WP sites with Wordfence installed, manually turning off this renaming of /readme.html (which was tur
Upgrade hell (Score:2, Insightful)
Between keeping the core WP system up to date, and keeping all the plugins up to date, the maintenance needs for a WP system discounts it for most of my customers. If you fail to keep the updates in place - almost daily, then your site quickly becomes owned and requires even more maintenance to fix. There are times and places for WP, but if all "fixes" and content updates are going to the consultants and tech team anyway, then why not just use static HTML?
Shocked the World (Score:1)
That's why the Wordpress goons decided to enable automatic updating a while back.
They really shocked the world with the auto-update's default use of FTP and innovative taking of the FTP credentials over unsecured wp-admin connections.
Re:Upgrade hell (Score:4, Interesting)
This is not as hard a problem as you would think. Step one was installing the update notifier plugin and loading a cron job to ping the Wordpress cron script a couple of times a day (not needed on higher traffic sites) so I know when updates need to happen.
Then I installed the "wp-cli" script [wp-cli.org] and added a script that grabs a backup of the database and web files before running the following commands:
wp core update
wp core update-db
wp theme update --all
wp plugin update --all
Then.. wrap that in another script that cycled through all of the sites on my system and Wordpress becomes completely painless as long as no one has done anything crazy like mod the actual Wordpress php files..
Re: (Score:1)
the problem with wordpress (and joomla, for that matter, which is also a huge target for hackers) is 99% of its users who read your comment here would go 'huh?' and have absolutely no clue what you said.
Re: (Score:2)
I, too, have an ever-growing script that wraps around WP-CLI, but there's a *lot* of gotchas you've got to deal with:
* Use "wp core verify-checksums" to make sure no-one's modded core files before you do a WP core update.
* Check at least the Web site home page is returning a 200 success code before attempting any updates.
* If the home page fails to return 200 after an update, auto-rollback the Web/DB from the pre-update backup you took.
* You need the ability to exclude specific plugin updates if they break
Re:Upgrade hell (Score:4, Insightful)
the maintenance needs for a WP system discounts it for most of my customers.
You mean like the whole 7 updates released this year not included bug fixes for legacy systems? The same 7 updates which can be applied automagically with a click of a button and even check the compatibility of plugins as it goes?
Do your customers also have problems tying their shoelaces and do you get paid by the hour to help them eat their meals?
Re: (Score:2)
WP-CLI is your friend - lets you do all the admin pointy-clicky stuff via the command line instead (cue a cron'ed wrapper script!). Even manually updating WordPress is painless compared to pretty well any other CMS out there. If I mention "Umbraco updates" (yes, I know, it's Windows only) to anyone within earshot, they run away screaming. Umbraco has *no* updating facility at all (manual clicking in admin interface or automated) and it can literally take days to update just one Umbraco site following a horr
Re:Upgrade hell, not (Score:2)
Well I for one handle various WP sites and upgrading is absolutely not a hell. I have less than a dozen plugins on each, and just update them before upgrading the core. Never found an issue, for a couple of years on.
BTW, I went here to check if some new issues would have appeared when switching to 4.4, and I see none.
Security built right in (Score:2)
Absolute URLs in the WP DB drive me nuts (Score:2)
One of the major pains in the backside of WordPress is its use of absolute URLs for pages on the site thousands of times in the WP database. PHP is always had $_SERVER variables to dynamically find the top level component of your URL (e.g. http://www.joebloggs.com/ [joebloggs.com] if you need to (does WP ever need to know it anyway?), yet if you dump the SQL DB, you'll see that URLs are pretty well all absolute rather then relative. This is horrible because:
* HTML generated by WordPress contains absolute URLs all over the