WP-DB Backup WordPress Plugin

I just finished installing the WP-DB Backup plugin from skippy.net. This plugin allows you to perform a database backup directly from the WordPress admin screens. It’s pretty nice. It allows you to pick which database tables you would like to backup (after preselecting the core WordPress tables for you) and gives you the option of storing the backup file on the server, downloading it, or having it emailed to you. It also has a nice little progress bar that informs you of the progress of the backup.

This is much better than running my mysqldump command every time I want to take a backup of the server and manually secure copying it down from the server and sourcing it. One or two clicks, and I have my MySQL dump file on my local machine ready to be checked in.

If you’ve been looking for an easier way to backup your database, check this plugin out. It makes the task of backing up your database a lot less of a chore than it otherwise is.

Skippy’s also got a lot of other cool looking plugins on his plugin page. You might want to check them out and see if anything grabs you there.

WordPress Statistics Plugin – BAStats

I’ve been looking for quite a while to find a good statistics package that could give me an idea of what is going on on the site over and above the default Analog stats that my web provider provides.

Tonight I came across the beta version of BAStats, by Owen Winkler. The package is a WordPress plugin and as such was installed and functional in minutes.

I’ll have to figure out whether it winds up being useful, but the amount of data it collects for the amount of effort I had to put into installing it is definitely worth it. Currently, through my administration panel I can report on the following metrics:

  • Top Page Hits
  • Top Hosts
  • Top Referring Pages
  • Top Operating Systems
  • Top User Agents
  • Top Search Phrases
  • Recent Page Hits
  • Recent Hosts
  • Recent Referring Pages
  • Recent Operating Systems
  • Recent User Agents
  • Recent Search Phrases
  • Graph Top 5 Page Hits – Segmented
  • Graph Top Page Hits

I don’t have enough data to see what the last two items do, but it looks like I now have quite a bit of information at my fingertips. I’m hoping this stuff is more intelligible than trying to sift through the analog stats. Time will tell. Right now all I see is crawlers.

Update

I was receiving some errors in the control panel and a data type error on the main page. To remove these messages, I did the following:

In the file BAStats_options.php, change the function check_option to look like the following:

function check_option($opt)
{
$settings = get_settings('bas_options');
if (!$settings) { $settings = array(); }
if(in_array($opt, $settings)) echo ' checked="checked"';
}

At line 115 , change the following code

if(in_array('log_spam', $options) && in_array('referer_spam', $settings))
{

to the following:

if(!is_array($options))$options = array();
if(!is_array($settings))$settings = array();
if(in_array('log_spam', $options) && in_array('referer_spam', $settings))
{

These changes should fix the errors you are receiving.

WordPress 1.5.1.3 released.

According to the WordPress Development Blog, the 1.5.1.3 release is now available.

From the announcement:

Development has moved on to some exciting new features for the next major release, but an important security issue was brought to our attention which required an update for our users. The problem is not yet public but you should update your blog as soon as possible to 1.5.1.3. If you are unable to do upgrade in the short-term you may protect yourself by deleting the xmlrpc.php file from your WordPress directory.

This is a security release. I suggest you apply it or you might be the next to suffer the consequences. Don’t be a lazy ass like I was.

The Cost of Laziness

The site was hacked defaced last night at around 4:45pm due to my laziness in not installing a simple one line fix to the WordPress software outlined on the WordPress Development Blog. After exploiting the SQL injection vulnerability that the fix closed, the person was able to log in to WordPress, create a new user, promote themselves to admin level and replace the index page. I found out about it this morning when I hit the site when I woke up.

This should be a lesson to you. Keep an eye on security updates for your software, and apply them as soon as they become available. The WordPress team posted this update 26 days ago (according to the blog entry, 40 minutes after hearing about the exploit) and I blew it off, thinking that this site was too insignificant to actually hit.

I was wrong. It’s insignificant, but apparently not so much so that someone won’t take the small amount of time it takes to use a Perl script to compromise a known hole when they found it by doing a Google search on the term “powered by WordPress 1.5”.

I’m usually pretty good about installing security updates … not sure what I was thinking when I blew this off.

For the record, the WordPress Team has performed a security audit of the code for similar vulnerabilities and found none. Thanks guys. I’ll pay more attention next time around.

WordPress 1.5.1.1 update available

An update is available to WordPress 1.5.1. The text from the release page follows:

In our effort to optimize we made two mistakes in 1.5.1, one related to feeds and one related to trackbacks and pingbacks. We’ve updated the download with 1.5.1.1 which corrects these bugs and a few others.

If you are having trouble with RSS feeds or track/pingbacks, this update is for you.

If you’ve made changes to the existing codebase for your site, the following files were effected, so back them up so you have access to your changes.

wordpress/wp-admin/post.php
wordpress/wp-admin/quicktags.js
wordpress/wp-blog-header.php
wordpress/wp-comments-post.php
wordpress/wp-includes/functions-post.php
wordpress/wp-includes/functions.php
wordpress/wp-includes/pluggable-functions.php
wordpress/wp-includes/template-functions-category.php
wordpress/wp-includes/template-functions-links.php
wordpress/wp-includes/template-functions-post.php
wordpress/wp-includes/version.php
wordpress/wp-includes/wp-db.php
wordpress/xmlrpc.php

Those who use the AuthImage plugin will want to back up wp-comments-post.php.

SVK 1.00 and WordPress 1.5.1 releases.

Chia-liang Kao, author of the SVK source control tool, announced the release of SVK 1.0 final today.

And if that wasn’t enough for you, the WordPress folks have announced the release of WordPress 1.5.1. Download it now. Information on what has changed is available in the ChangeLog on the codex.

Update: 5/10/2005
A quick check of CPAN this morning finds SVK 1.0 out on the mirrors. Go ahead and install it with the following (as root):

perl -MCPAN -e 'install SVK'