Andrew Nacin
Forum Replies Created
-
Forum: Alpha/Beta/RC
In reply to: Twenty Fifteen: crashes after updating an existing post(No need to reinstall the core files, FYI.)
Forum: Alpha/Beta/RC
In reply to: Twenty Fifteen: crashes after updating an existing postHi @ofallthebars,
Could you share your PHP and PCRE versions with us? Do do that, it’ll require this code, which you can temporarily insert into a plugin or even just
wp-config.php:var_dump( PHP_VERSION, PCRE_VERSION );Thanks for the report.
Are you unable to update at all? Even when pressing “Update Now”?
Forum: Plugins
In reply to: [Akismet Anti-spam: Spam Protection] Akismet and WP_DEBUG_LOGFixed that issue and deleted the duplicate comments.
Forum: Hacks
In reply to: Is prepare needed for insert query?If you’re using
$wpdb->query( "INSERT INTO ..." )then you need to prepare things. But nearly all insertions can simply be done by$wpdb->insert(), which does not require a prepare as that is done internally.Forum: Requests and Feedback
In reply to: Add the padding/margin feature back to imagesIf your theme doesn’t adequately handle border and padding for you, please try this plugin: http://ww.wp.xz.cn/plugins/advanced-image-styles/.
Forum: Requests and Feedback
In reply to: Yo, Bring Back Old Image Attributes!If your theme doesn’t adequately handle border and padding for you, please try this plugin: http://ww.wp.xz.cn/plugins/advanced-image-styles/.
Forum: Fixing WordPress
In reply to: Can't access dashboard after 3.8.3 updateAlso, a note, if this occurred for an auto update, it would have occurred for a manual update (clicking “Update Now”), too. Not that it makes it any better.
Forum: Fixing WordPress
In reply to: Can't access dashboard after 3.8.3 updateIf this is happening for you, then you definitely have a persistent object cache in place, and that the cache is definitely out of date. I’m still trying to wrap my head around exactly how this could occur, though — WordPress definitely clears the cache, and this definitely doesn’t affect everyone with a persistent cache.
If you need to get back in before your systems person can empty memcached or APC or whatever object cache you are using (most likely, one of those): Rename the
wp-content/object-cache.phpfile to some thing else (likewp-content/object-cache-disabled.php) and you’ll be able to get right in. (Note this won’t necessarily fix your cache issue, and if you turn off caching obviously your site would be slower.)Both. Akismet will first send a pingback attempt to its API to check it, the same way it would evaluate a would-be spam comment. If the pingback clears the check, the real IP would be passed along.
Requiring moderation won’t help. Pingbacks get verified as part of receiving them, because we need the information in a pingback in order to provide you the source and excerpt (the pingback “author” and pingback “content”). Everything we do here happens to be per the pingback specification.
To answer other questions: If you have Akismet 2.6.0, then yes, your site will be prevented from participating in “distributed denial of service” situations they have identified. Note these have been fairly minor in nature and do not actually affect your site; they only had the potential to affect other sites. It was also a very weak attack — there are much easier and more effective ways to “DDoS” a site. The reason why hackers were using it is because it “cloaked” the person behind it. So, Akismet 2.6.0 and WordPress 3.8.2 both included code to pass along information about who requested the pingback (by forwarding along their IP address) which makes this easier to be stopped at the network and host level and removes the “cloaked” aspect.
There is really no valid reason to disable XML-RPC. It is a set of remote APIs in WordPress that require authentication with a username and password, same as the dashboard.
If you did want to disable XML-RPC, then there are other plugins that will do it. Preferences have a cost. Having this plugin will not slow down your site in any way, will never need to be updated (it’s one line of code), and doesn’t even have any UI. Just activate or deactivate.
This is unfortunately an improper fix and has no tangible benefit for WordPress users.
The changelog says “Disable XML-RPC in WordPress to prevent your site from being used as a drone in a DDoS attack.” The problem is this “attack” affects pingbacks. But the fix actually disables everything in XML-RPC except pingbacks, thus breaking mobile apps and anything else relying on XML-RPC, but allowing pingbacks through.
If you want to disable pingbacks, then disable pingbacks. Don’t do this. Or don’t do anything, as these attacks are not particularly effective and more recent versions of WordPress and Akismet both pass along better information when verifying pingbacks; and Akismet additionally detects abuse.
Forum: Alpha/Beta/RC
In reply to: Editor has no tinyMCE icons or add media buttonIf you were to deactivate TinyMCE Advanced, do things work again? What version of TinyMCE Advanced?
Forum: Alpha/Beta/RC
In reply to: WP 3.9 Beta 1 – Gallery live previewThe point is to show a live preview of the images to be shown, but I’ll look into the columns part.