Monthly Archives: September 2009

Relocation of WordPress Subversion Repository

Posted on by
Reply

While on the subject of upgrading, one of the best tips I could offer to someone is to install WordPress via Subversion. I think most people think of using Subversion with trunk, or the “bleeding edge”. Which can be the case, however, it’s just as easy to use a tag. Previously, to check out any version of WordPress via SVN the repository URL was http://svn.automattic.com/wordpress. This always rubbed me the wrong way, as I, like a lot of people, always cringed at the blurring of the line between .org and .com WP entities. Having an automattic URL certainly blurred that line.

However, I noticed today that you can checkout from the .org URL now, specifically, http://core.svn.wordpress.org. If you have been using SVN, and want to change repos, but aren’t familiar with that command, it’s actually quite simple.

Let’s say for example you last checked out the 2.8.3 tag, and want to both switch repos and update. First you need to switch your repository

svn switch --relocate http://svn.automattic.com/wordpress/tags/2.8.3 http://core.svn.wordpress.org/tags/2.8.3, then you simply need to switch to the latest tag, svn switch http://core.svn.wordpress.org/tags/2.8.4

If anyone would like more information on how to do the initial checkout, including switching from a traditional installation to using SVN, please leave a comment and I’ll put together a post.

WordPress Security

Posted on by
Reply

As I’ve ventured back into doing a lot of WordPress development these days, and will be taking on a housekeeper type role for a company that manages hundreds of WP sites, I figure as I begin to more closely follow WP development, I figured it would be a good time to resurrect this site.

On that note, I found that there’s been quite a bit of buzz this weekend about some new found exploits in out of date installations. One in particular it seems manages to create a hidden admin account. Hidden in the sense that when you look at your list of users, you won’t actually see the account. From what I’ve read, part of the genuine pain that this exploit causes users is that even after updating to the latest version, the exploited account will still exist and potentially still wreak havoc.

If you haven’t caught the link from the dashboard (or if like a lot of people, you change/disable the planet feed), Dougal Campbell has provided a SQL query to check for all users who have administer privileges.

As I follow up on these exploits, I may post more information, but in the meantime, if you aren’t running the latest version, I highly recommend taking the time to dust off your backup notes and tackle the sometimes easy, sometimes PITA task of upgrading your site(s).