…nothing quite like the stress of upgrading and finding that something has broken.
So true. I’m just happy nothing broke during our recent upgrade to WPMU 2.9.1, because apparently the upgrade function can choke when creating all those tables. We have over 160 blogs and all went well, but Admins for large MU sites should take care to run the script Donncha provides before upgrading. Then they should also skip ahead to WordPress 2.9.1.1.1.1.1.1.1.1.1.1.1.1. Supposedly this will be the last release before the big merge.
WordPress MU 2.9.1 New Feature Overview
What does all this mean for Tripawds community members? Just that we are successfully running on WPMU 2.9.1 now, which includes some great new features in addition to various bug fixes.
Video embedding made simple
WordPress 2.9 introduces native video embedding! Now all Tripawds Bloggers can easily insert a video from sharing sites like YouTube, simply by adding the video URL to their post …
See! It’s that simple. Just copy and paste the video page URL onto a new line in your post and the video will be automatically embedded. It is important that the video URL be on a line by itself and that the text is not wrapped in any tags, so don’t style it or link it to the video page itself. Native video embedding supports the following video sharing web sites: YouTube, Vimeo, DailyMotion, blip.tv, Flickr (both videos and images), Viddler, Hulu, Qik, Revision3, Scribd, Photobucket, PollDaddy, Google Video, WordPress.tv.
Viper’s Video Quicktags Enhance Embedded Videos
So what does this mean for Tripawds Supporters who have been using the Viper’s Video Tags plugin? Just that they now have advanced control over how their videos appears if they choose to continue using it. Viper wrote the new native object embed code, so his plugin is completely compatible. Supporter blogs can still embed movies and have additional video sharing sources to choose from. Supporters also have the ability to embed raw Flash video files, and have much more control over how their videos display …
Viper’s Video Quicktags plugin allows embedding from the following video sharing web sites: YouTube, Google Video, DailyMotion, Vimeo, Veoh, Viddler, Metacafe, Blip.tv, Flickr Video, IFILM/Spike, MySpaceTV, Flash Video (FLV).
WordPress MU Blog Dashboard Trash Can
Tripawds Bloggers will also now notice a Trash link when managing posts and comments on their blog. This allows for the removal of items without immediately deleting them. The Trash can (and should) then be emptied periodically to permanently deleting the unwanted items. This protects bloggers from inadvertently deleting valid comments or valuable post drafts.
Issues with New Wordpress Image Editor
One of the most anticipated feature enhancements has to be the new Image Editor built right into the WordPress Media Library. There have been a number of reports, however, regarding difficulties so we will report back with an update on that. For now, feel free to provide feedback in the forums.
I wonder just how many Tripawds Bloggers might consider upgrading with a Supporter subscription if they could have their very own custom domain mapped to their blog. And by that, I mean how many would like the idea of blogging about their pups at yourblog.com instead of yourblog.tripawds.com.
The answer will determine whether or not we implement the Domain Mapping plugin from WPMU Dev Premium here. It integrates with the Premium Supporter plugin we use, and would enable Tripawds Supporters to enter their registered domain name and have their blog appear online at that address instead of here at theirblog.tripawds.com. Domain registration would be necessary of course, with just minor edits to the DNS record at the registrar.
So, really cool new feature? Or, more hassle than it’s worth?
In the meantime, I’ll explain what I did to redirect our parked domains to this WPMU install. Any WordPres MU site admin who searched and found this post may now be saying, “You can’t do that” and they are right. That’s why we’re considering the Premium Domain Mapping plugin. At which point they may now be saying, what about Donncha’s free Wordpress MU Domain Mapping plugin? Well, as I mentioned, we’re considering adding this to our list of Supporter Blog features. But there I go digressing again …
How to Redirect Parked Domains to WMPU Site
After discovering that our parked domains were redirecting to the WPMU sign-up page instead of the primary blog index as expected, I searched the WordPress MU support forums and discovered that this was actually expected behavior after all. So I did some homework and figured out a work around.
Remove parked domains…
The first thing to do when redirecting parked domains to a WPMU site is to unpark them. Access your your cPanel account and remove the parked domains you want to redirect to your primary blog, assuming they are already parked there.
Next, click the Addon Domains button in your cPanel account. Here you will create add-on domains for all those you have registered and want to redirect to your primary blog.
Once you have added the domain, return to Addon Domains and select Manage Redirection. Redirect the new domain you just added to the root of your primary blog (or wherever you desire) and click Save. That’s it!
You will notice in the screenshot that I renamed the file directories in my document root to keep folders for all the addon domains nice and tidy together. They will all reside in the public_html directory where you installed WordPress MU.
This method proved quick and simple for me. And you will now notice that tripawds.org and tripaws.org now both successfully redirect to tripawds.com. It’s a workaround, and it’s not true domain mapping as you will notice in the address bar, but it does the trick for us. If more than a handful of members are interested in upgrading to have custom domains for their blogs, I can just remove these Addon domains and install the Domain Mapping plugin.
How to automatically redirect web pages
Another option I considered before figuring out this workaround, was to set up hosting accounts for the parked domains and add static pages for auto redirection. Below are a few methods for doing that if anyone is so inclined.
Manual URL Redirect…
The simplest way to redirect visitors from any web page to another is with a manual URL redirect, forcing them to click a link to proceed:
Using the “meta refresh” method, it is possible to specify the URL of the redirect page, thus replacing one page after a specified time by any other. A timeout of 0 seconds means an immediate redirect:
In PHP, header() is used to send a raw HTTP header to the browser. Using the location function, this can be used for auto-redirection. Note that header() must be called before any actual output is sent:
Tripawds Supporter Blog subscriptions are automatically renewed via PayPal, based on the renewal term selected when upgrading the blog. If a PayPal subscription is canceled before the renewal date, enhanced Supporter blog functions will be deactivated upon the renewal date, no sooner.
This is all made possible using the Supporter plugin available with our WPMU Dev Premium membership. But it puts site administrators – that’s me – in a position to wonder about how to handle early cancellation of a Supporter subscription if the blogger has been generous enough to contribute to Tripawds with a separate donation. This happened recently – thank you Maggie! And here’s what I did to modify the renewal date that appears in the Supporter tab of her dashboard.
Any WordPress MU site administrator who wishes to extend a Supporter subscription for longer than the 365 day maximum allowed via the Admin panel:
Access your WPMU database with PHP MyAdmin
Find the wp_supporters table and click Browse
Find the blog ID* with the date you want to modify and click Edit
Enter your desired Unix timestamp** in the expire field and click Go
*The blog ID is the first digit(s) of the Custom Number field in the Supporter subscription announcement email. For example, blog ID #294 with a 3 month $10 subscription is identifed by Custom Number: 294_3_10.00_USD_1234567890
**The Supporter Subscription expiration date is identified by Unix time, or POSIX time, which is a system for describing points in time, defined as the number of seconds elapsed since midnight of January 1, 1970. Many Unix Time Conversion tools can be found online.
The fight against Spam Blog registrations for any WordPress MU site administrator – that’s me – is an ongoing battle, that often seems to have no end. But at the risk of jinxing things I would like to think we are finally winning the war against these splogs, which are much worse than any old Spam.
Tripawds members can feel free to report questionable blogs here in the Tech Support discussion forum. Just keep in mind, that said blogs may very well be deleted by the time you do so since we are always doing our best to immediately get rid of any that actually get created. We just can’t do so in our sleep. Thank Dog there are tactics that can!
WPMU site administrators may be interested in the available anti-splog options and these steps we took to slow the flow of splogs here at Tripawds …
Restrict WPMU User and Blog Registration
The only bulletproof way to keep splogs out of your WPMU site is to disable registration, and require users to email requests for signup. We’re not about to do that since we want all new users to have immediate access to our canine cancer discussion forums, and be able to start sharing their three legged dog stories right away.
The Secure Invitations WPMU plugin stops access to your signup page, except where the visitor has been invited and clicked the link in their invitation email. This seems like a great solution for stopping automated splog signups on private or corporate installations, but it would not work for us. Too many people find Tripawds when searching for help to allow registration on an invitation only basis.
Edit .htaccess to Stop Automated Spam Blogs
One sure fire way to stop automated spam blog registrations is to ban any signups resulting from POST requests (form submissions) for wp-signup.php that have not been sent from a web page within the WPMU site itself. D’arcy Norman makes this easier than it sounds.
For complete details, or to ask any related questions, please visit his original post about how to stop WPMU spam blogs with .htaccess file edit. Be sure to read the comments there as many concerns have been addressed.
To summarize, however, adding the following to your .htaccess file will indeed stop most if not all automated spam blog registrations:
# BEGIN ANTISPAMBLOG REGISTRATION
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-signup\.php*
RewriteCond %{HTTP_REFERER} !.*yourdomain.tld.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://die-spammers.com/ [R=301,L]
# END ANTISPAMBLOG REGISTRATION
All you need to do is change yourdomain.tld to the domain of your WPMU website, and change die-spammers.com to wherever you want potential spammers redirected. We send them here for an explanation, since there may be a rare occasion when legitimate users might get blocked – if they clicked the signup link from an email they were sent, for instance.
Another more serious tactic to deploy is banning any spam blog registrations from specific ip addresses. This can also be done by editing your .htaccess file. Check your server logs or new registration emails to find out where they’re coming from and then block their IP addresses in your .htaccess file by adding the following:
# BEGIN IP ADDRESS BAN
order allow,deny
deny from 192.168.44.201
deny from 224.39.163.12
deny from 172.16.7.92
allow from all
# END IP ADDRESS BAN
Or, block a range of IP addresses:
# BEGIN BAN IP ADDRESS RANGE
order allow,deny
deny from 192.168.
deny from 10.0.0.
allow from all
# END BAN IP ADDRESS RANGE
Please note that the IP addresses shown are examples only! Special thanks to Sarah over at WPMU.org for this one, and other tips to get rid of spam blogs once and for all.
Stop Common Spam Users in Their Tracks
Using cPanel …
At this point, I thought we had defeated the sploggers. But alas, before long we had more Money Making Tips for Tripawds. After getting tired of editing our .htaccess file, I took to banning IP addresses directly from cPanel using the Quick Deny feature of csf – ConfigServer Firewall. This is much quicker, and enables me to easily search for banned IP addresses should a legitimate user get blocked, which has not happened yet.
Banning known spammers …
Some of the most common spam blog registrations come from easily identifiable sploggers. One such known malicious username format is fullname#### – such as geraldmason1976. No such users will ever register for Tripawds Blogs ever again thanks to our WPMU Dev Premium membership. With our membership, I am able to particiapte in the WPMU Dev Premium Support Forums where I helped test this Splog Check for Known WPMU Spammers…
Within the wpmu_validate_user_signup function, I added the following hack to disallow any username ending in four digits:
// BEGIN 4-DIGIT USERNAME BAN
$tmp_user_name = substr($user_name, -4);
if (is_numeric($tmp_user_name)) {
$errors->add('user_name', __("Username not allowed"));
}
// END 4-DIGIT USERNAME BAN
Special thanks to Dr. Mike for this one. For detailed instructions, and to take advantage of many other benefits including Premium WPMU plugins and themes, please sign up for a WPMU Dev Premium membership. And if anyone is wondering why they couldn’t join Tripawds with a username ending in four digits, that’s why!
But it still wasn’t enough to keep me from deleting far too many spam blogs every morning. It was time to edit some core files…
Reword Signup Page to Confuse Sploggers
Many sploggers use Google to find WPMU signup pages by searching for their default content. Once they find pages including phrases like “Gimme a blog!” or “Just a username, please.” they know where to go to create their next blog for stretch mark creams or making money online.
By rewording the content within our wp-signup.php file, we were able to thwart some more spam blog registrations. Here is the default content from the lines I edited to re-phrase:
#157:'Get <em>another</em> %s blog in seconds'
#178:"If you’re not going to use a great blog domain, leave it for a new user. Now have at it!"
#241:'Get your own %s account in seconds'
#254:'Gimme a blog!'
#257:'Just a username, please.'
Be sure to use proper HTML entities where necessary, and do not edit any PHP code – like %s whatever that means. Keep a copy of the original file to be safe! And for the record, this information is based on WPMU 2.8.6 – line numbers and code may or may not change in future revisions!
This alone was still not quite enough to keep the sploggers at bay. More extreme measures measures were necessary…
Rename WPMU Signup Page to Stop Splogs
Savvy sploggers know to search for the signup page by its file name. A simple Google search like “Gimme a blog!” inurl:wp-signup.php will result in numerous sites to attack, for instance. Nefarious automated spam bots also know to go directly to wp-signup.php for immediate registration. Renaming the WPMU signup page was the final step we took to slow splog registrations to a crawl here at the Tripawds Blogs community.
There are a few important steps, however, to keep in mind when taking this measure to stop spam blogs.
If you rename wp-signup.php there are five core file locations where the link must be updated:
wp-signup.php: rename file and update link to match on lines #26, #179, #242, #311, & #391
wp-login.php: update link to match on line #390
wpmu-settings.php: update link to match on line #154
Again, these are the line numbers in WPMU 2.8.6 – future revisions might differ. Now, the reason I put off doing this for so long was because we had linked directly to our signup page in numerous blog posts and discussion forum topics. Had I renamed the signup page to anything other than wp-signup.php all these existing links would be broken.
So, after discovering the following SQL query to easily search and replace terms via PHP MyAdmin, I went for it:
UPDATE wp_{id}_posts SET post_content = REPLACE (post_content, 'wp-signup.php', 'wp-renamed.php')
Simply replace {id} with the ID number of the blog you want to search. And replace ‘wp-renamed.php’ with whatever you renamed your signup page. To run the same search and replace query within SimplePress Forum posts, just replace wp_{id}_posts with wp_{id}_sfposts. Also, be sure to edit any theme files or sidebar widgets you may have that point directly to your signup page.
Recommended solution for stopping spam blogs
The single best suggestion I have to stop all WPMU splog registrations forever is: all of the above. And I recommend implementing these steps immediately after installation of WordPress MU – before you enable registrations.
Whatever you do, don’t give up and disable registration. Do that and the sploggers win!
You may have noticed the Save Draft button in your Tripawds Blog post editor. This will do just that – save a current working draft of your post. Actually doing so, however, is unnecessary considering WordPress has it’s own auto-save function built right in. But if you are writing an important post and concerned about losing your work, go ahead and save your drafts. I am no longer concerned about database bloat!
Scroll down beneath your post editor after saving a draft and you will notice a section called Post Revisions. Clicking the link there will allow you to review the latest draft you saved, compare it to the most recent auto-save, and restore whichever one you prefer.
Why only one revision, and How?
Anyone familiar with WordPress may wonder why only one revision shows, no matter how many times the post is saved. Those very familiar might be asking how we did that.
Every saved post revision is stored in the WordPress database. Over time, especially in a Wordpress MU environment, and particularly with users who tend to frequently save drafts, this can create excessive unnecessary database entries – said bloat I eluded to earlier. By limiting revisions to one draft, we are still allowing members to save important drafts and compare that draft with the current auto-save, while keeping unnecessary entries out of the database. FYI: Every draft manually saved will replace the most recent revision.
How did we do it? We are running the Limit Post Revisions WordPress MU plugin from the wpmudev.org project repository. I know, I know, limiting post revisions will not delete old drafts from the database, and that’s what truly enquiring minds want to know. We’re getting to that.
What use this is for WPMU Site Administrators
Limiting post revisions can also be done with this simple hack to your wp-config file, immediately following the db_collate definition, as in…
/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');
/** Number of saved revisions; false acts as 0 */
define('WP_POST_REVISIONS', 1);
But I like to avoid editing core files whenever possible, and much prefer to use awesome WPMU plugins. But I digress, back to the task at hand – how to delete all those old revisions in the MySQL database driving your WordPress installation…
Here is the query I used, edited for use with WordPress MU:
DELETE a,b,c
FROM wp_{id}_posts a
LEFT JOIN wp_{id}_term_relationships b ON (a.ID = b.object_id)
LEFT JOIN wp_{id}_postmeta c ON (a.ID = c.post_id)
WHERE a.post_type = 'revision'
Simply replace {id} with the id for the blog on which you want to delete old post revisions. Backup your database first! To be safe, I also exported copies of the affected tables so I could restore them quickly if anything broke. But nothing did, at least not that I can tell, yet.
In our case, I reduced file size of our wp_1_posts export from more than 11 MB to less than 2MB! Please note, this worked for me. No promises, and good luck!
Many thanks to Andrei for providing this query, and explaining how it will remove related entries from the postmeta and term_relationship (i.e.: tags, categories, etc.) tables. I found many references to the following query for deleting post revisions, but Andrei’s solution gave me the confidence that all unnecessary data would be deleted from the database.
DELETE FROM wp_posts WHERE post_type = "revision";
While we’re at it, for anyone looking to delete all old post revisions from a basic WordPress install, here ya go…
DELETE a,b,c
FROM wp_posts a
LEFT JOIN wp_term_relationships b ON (a.ID = b.object_id)
LEFT JOIN wp_postmeta c ON (a.ID = c.post_id)
WHERE a.post_type = 'revision'
Every Tripawds Blog is now linked together in a true Blogger style Ring of Blogs. Users can now stumble upon another totally random three legged dog blog by following the links now found site-wide here at Tripawds. Each Tripawds Blog now has a common navigation strip, something like this…
For those wondering just who might be blogging about their dogs here, this is a easy way to discover what you’re missing. The top 100 active Tripawds Blogs are always listed on the directory page, but cruising the blogs this way should be more fun. We hope you enjoy it.
The only problem I see so far, is that many Tripawds members create a blog upon signup, but never actually start blogging.
So why not drop on comment on those blogs to let them know what they are missing? The more stories we can share here, the better a resource this community becomes for those facing cancer or amputation with their dogs.
So, how did I do this?
For anyone interested, I implemented this Blogger style blog ring for WorPress MU using these two free plugins available from the WPMUDev.org project repository:
WPMU Footer HTML
This WPMU Plugin enables you to insert any HTML into the footer of all blogs posted within a single WPMU install. With a little hacking, it will place inserts in the header too. Sure, it’s takes a little hardcode effort to customize, but for a CSS neophyte like me it just worked better than Global Header which had the sweet Admin interface I preferred.
I am always cautious about installing old WPMU plugins, especially those that appear to be no longer maintained or supported. I much prefer to install the plug and play plugins available with our WPMU Dev Premium membership. But I wanted to make this specific functionality work, and I carefully tested things first on our development installation.
This version of Random Blog may be two years old, but it is apparently working fine. And since the discussion about WPMU Footer that helped me get it working seems to have disappeared into the ether, I’ll share how to ad header inserts in this global footer plugin…
First, I’m using v. 1.0 since v. 1.1 had some issues with the header inserts, which I just added right before the final php function:
add_action(‘wp_head’,'jas_wpmu_css_footer’)
Correct, the header insert code goes after that for the footer. Whatever, it works for me! No promises for anyone else.
But your saying Jim, banner ads are in the header too? Using the WPMU Dev Premium Supporter plugin, we are able to automatically remove banner ads from all blogs while keeping the community navigation strip. I did this by wrapping the ad code within an optional Supporter script and placing HTML for the navigation after that.
Hope this helps clear up any questions about the new Random Tripawds Blogs navigation strip, and how it got there.
Tripawds community members may have some questions about the enhanced features enabled for Supporter blogs. WordPress MU site administrators might be interested in how the upgrade function works.
As a reminder, all free Tripawds Blogs include basic comment spam protection – using the TypePad anti-spam plugin – and 25MB of upload space for storing photos. Free blogs also show banner ads at the top and bottom of every page. The Supporter mu-plugin allows us to automatically increase a Supporter’s upload quota to 1GB and turn on enhanced blog features by activating additional plugins on that blog. It also immediately removes the banner ads from upgraded blogs, and allows Supporters to turn off ads on other Tripawds blogs. Best of all this is all done automatically upon upgrade, which can be done via single payment or recurring subscription.
I would like to think I was at least a little helpful in identifying certain issues with the new Supporter v. 2.0, but I can take absolutely no credit for the amazing development work and quick update release. We are now running Supporter v. 2.0.2 and I am happy to say it’s new features are impressive. How does it work? The mu-plugin includes various files, some required, others optional, all of which are simple to install if you can follow the clear instructions. Let’s take one feature at a time…
Hiding Ads on Supporter Blogs
For Site Administrators: a small snippet of code is used in conjunction with an optional component (supporter-ads.php) to show or hide whatever text you want, wherever you want. We use it to hide Google ads in the header and footer of Supporter blogs. Simply wrap the AdSense HTML within this snippet where indicated, and it will only display if the the blog is not a Supporter. The exact opposite can be done with a different bit of code, showing any desired text only on Supporter blogs. There are also admin settings for the number of blogs – from 0 to 100 – on which ads that can be disabled by Supporters.
For Tripawds Members: There is no need to anything to remove ads from your blog, other than upgrade to Supporter status via the Supporter tab in your blog dashboard. Ads will immediately disappear upon upgrade. An added plus for Supporters is the ability to turn off ads from displaying on up to 10 of their favorite other Tripawds blogs. After becoming a Supporter, simply visit your Blog Dashboard -> Supporter -> Disable Ads. Simply follow the instructions there to search for blogs on which you wish to turn off the ads. Add them to your list, and you will no longer see ads when visiting those blogs.
Activating Premium Pugins
For Site Administrators: The new Supporter admin menu now includes plugin management features very similar to the free WPMU Plugin Managermu-plugin. No surprise really, considering it was built by the same developer. Many kudos to Aaron for adding functionality for admins to enable plugins on non-supporter blogs. But using the Premium Plugins menu, admins can simply select which plugins they want Supporters to have, with the following options:
None: Plugin is available for activation by site admins only
Anyone: Plugin can be activated by any member blog
Supporters: Plugin is only available on Supporter blog
Supporters (Auto-Activate): Plugin is automatically activated on Supporter blogs upon upgrade
For Tripawds Members: For non-supporters, the Blog Dashboard -> Plugins tab will show the TypePad Anti-Spam plugin, which should be activated if it is not already. This will help reduce the spam comments received through your blog. There will also be a list other plugins available upon Supporter upgrade. Here is a rundown of the plugins we currently offer Supporters, and their status upon upgrade:
WP-SpamFree (Auto Activated): This powerful anti-spam plugin will virtually eliminate comment spam. Includes a spam-free contact form that can be easily added to your blog. Visit plugin website
Viper’s Video Quicktags (Auto Activated): Easily embed videos from various video websites such as YouTube, DailyMotion, and Vimeo into your posts. Visit plugin website
Subscribe To Comments (Auto Activated): Allows readers to receive notifications of new comments that are posted to an entry after they have commented on the post. Visit plugin site
All In One SEO Pack (Requires Activation): Comprehensive Search Engine Optimization options for your blog. Visit plugin website
Offering Premium Themes for Supporters
For Site Administrators: Much like Premium Plugins, the new version of Supporter now allows site admins to make certain blog themes only available to supporters. All members would be able to preview how their blog looks in the Premium theme, but they would be presented with a message about upgrading upon an attempt to activate it.
For Tripawds Members: We have not yet implemented Premium Themes as we are still seeking feedback about which themes might be considered, well … premium! We offer more than 100 blog themes and in all honesty have only tried out a handful. A whole bunch of new themes are in the works so stay tuned.
What does it cost?
For Site Administrators: All of the WPMU Dev Premium plugins, themes, videos, and support are included with a WPMU Dev Premium membership subscription. Site admins can set the price for Supporter upgrades for one, three, and twelve month subscriptions or for the single payment method. An option for setting the number of free days blogs have with Supporter features is also available. The new Supporter sign-up page even includes daily cost calculations to show members what they can save by upgrading for longer periods.
For Tripawds Members: A Tripawds Supporter blog upgrade subscription costs only $25 a year. A one month subscription costs $5, and we offer three months for $10, so savings are clearly realized with the annual option. We chose the subscription method (over single payment) since Supporter features are automatically disabled upon the expiration date. We don’t want any members getting surprised by deactivated plugins, so we went with the automatic renewal.
NOTE: Be sure to cancel your PayPal subscription before it expires if you do not want to pay for another year of enhanced blog features!
Believe it or not, this just brushes the surface of all the new features available in Supporter 2.0, but hopefully it explains a few things for our members. We would love to hear your feedback, so please leave a comment below. Or, feel free to ask any questions in the Tripawds Technical Support discussion forum. We’re especially interested in what Tripawds members think about the subscription vs. single payment method for Supporter upgrades, and whether anyone is interested in using the new optional Amazon payment gateway.
For the record, as of today there are eight active Tripawds Supporter blogs. With nearly a thousand members, and operational expenses in the thousands of dollars, please don’t think we actually making money here. We offer plenty of tips to make the most of free Tripawds Blogs, and use these Supporter features to thank those members who generously show their support.
This update addresses various administrative bugs and security fixes. If you experience any technical difficulties or unexpected anomalies, please report them in the Tripawds Technical Support discussion forum.
Sometimes it feels lie we are always tinkering behind the scenes and upgrading things around here. But after the ordeal we went through making a major version leap earlier this year, it’s the least we can do to keep things operating smoothly around here for all our members. Thank you all for your continued support.
Upgrading core files for the Tripawds Blogs community is always nerve-wracking. But I actually find it easier than upgrading our regular WordPress blog. Perhaps just because between this site and the RVblogz free travel blog community, I just have more practice. But the steps for upgrading WPMU are pretty simple. It’s just the need to follow them exactly, and the potential for data loss if you don’t that greys my hair. As if it isn’t grey enough already!
One thing about the WordPress development community, is that they are on top of things when it comes to potential exploits of the system. Just this morning there were numerous reports of Denial of Service (DoS) attacks upon hosted WordPress websites and WPMU blog communities, like this one. Steve Fortuna quickly posted a fix. Within minutes I found the detailed WordPress DoS Attack Script Solutions described in the HashBangCode blog and implemented them on all our sites. The last thing we need is another mysterious server load spike bringing down the Tripawds server.
For anyone interested, and daring enough to follow my directions — note this blog’s tagline — the fix is relatively simple:
Just insert the following to your wp-trackback.php file at line 47:
// DoS attack fix.
if ( strlen($charset) > 50 ) {
die;
}
The HashBangCode blog goes one step further and recommends adding the following at line 57 (assuming you added the above already):
// DoS attack fix.
if ( strlen($title) > 200 ) {
die;
}
I understand this all may mean absolutely nothing to Tripawds Bloggers, except to know that we too are on top of things when it comes to keeping Tripawds Blogs Community up and running. But I figure the faster news of fixes like this can be spread, the more likely we are to stop spammers and hackers in their tracks.
It came to my attention that the Unfiltered MU plugin we were using to allow Tripawds Supporters to embed YouTube movies in their blogs, posed a security risk for the entire Tripawds Blogs Community. Apparently it could be used to embed rogue code for the nefarious purpose of stealing login cookies, among other things. And we don’t want any impersonated impersonated users running around here wreaking havoc. It’s not that we don’t trust our members, but we do spend an awful lot of time fighting spam blog registrations.
So, Supporters won’t find Unfiltered MU in their plugins menu anymore. But don’t worry, we’ve already implemented an even easier way to embed movies from all your favorite video sharing sites. And you no longer need to copy the entire embed code or use the HTML editor. Just visit your blog Dashboard -> Plugins -> Installed -> and Select Viper’s Video QuickTags -> then click Activate. You will then notice a new row of buttons in your Post Editor the next time you update your blog. Simply put your cursor where you want the video to appear — in a new paragraph by itself is recommended — and click the button for your video sharing website. You can then enter the view page and and click Okay. The Viper’s Video QuickTags plugin will do the rest, inserting a quicktag where the video will appear.
A quicktag is a simple snippet of code. In this case, one that will embed a movie from the video’s view page URL entered using the embed buttons. This code will show in your post editor where the video will appear. The video will then display once the post is previewed or published.
Viper’s plugin has detailed online help on your Dashboard -> Settings -> Video Quicktags page which lets you configure preferences for all the different video sharing websites, including what buttons you want displayed in your editor, the default size of embedded videos, and much more. If you still have questions after reading the online help, or need assistance getting the plugin working, please ask in this Tech Support forum topic about how to embed videos.
Please note that all previous blog posts you may have that include an embedded Flash object, like a YouTube or MySpace video, will continue to display the video just fine. That is, until you edit the post! Editing any existing post will strip out the object embed code. You would then need to re-embed the video using the new, easier Quicktags method.
Embedding videos in blog posts is just one of the many enhanced features available to Tripawds Supporter Blogs, made possible with the WPMU Dev Premium Supporter plugin. More details about that coming soon, like how it lets us automatically remove banner ads from Supporter blogs upon upgrade. Any Tripawds Blog can be upgraded via PayPal subscription by visiting your blog Dashboard -> Supporter Tab. Thank you for your continued Support.
What use this is for WPMU Site Administrators
By clicking the 
Tripawds community members may have some questions about the enhanced features enabled for Supporter blogs. WordPress MU site administrators might be interested in how the upgrade function works.
Embedding videos in blog posts is just one of the many enhanced features available to 
