KeyJ’s Blog 2.0 (or rather, 2.7)

(February 9, 2009)

For a very long time, this blog was run by WordPress 2.0.x – this was the current version when I started it, and I kept updating it for a while, but after I built the captcha, I stopped doing so. The reason is that I implemented my captcha as a direct hack in WordPress’ sources, not as a plugin, not even a my-hacks.php file. In the meantime, I some security holes appeared: I frequently found invisible spam injected into my posts. I have never found the actual hole through which they did this, but I disabled everything that could be problematic (all this Web2.0ey XMLRPC crap, for example). In particular, I excluded all hosts from a certain spam-friendly provider from my site. This helped a lot, until last week, when I suddenly found that my Windows 7 review has not only been altered, but replaced by invisible spam.

This was the point when I finally had enough – I upgraded the blog to WordPress 2.7 yesterday. To my great surprise, the test transition, performed on a local copy of the site, worked absolutely flawlessly. I could even re-use my theme without changes, which was my greatest source of fear. On the real server, there was still the little problem of the PHP memory limit which was too low for WP 2.7 (why on earth do they use more than 8 MiB, even without plugins and locales?!), but this has been fixed with a simple mail to my friendly webspace provider (thanks, Rafayel!).

Everything worked, except the captcha, which I reimplemented as a proper WordPress plugin today and activated just now. By the way, in the 22 hours without the captcha, I already got over a dozen spam posts. Sigh. Let’s see how long this installment of the site works :)

Post a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>