Tuesday 12 August 2014

Why is it every new WordPress update causes me nightmares!

Why is it every new WordPress update causes me nightmares!

By Strictly-Software

Why is every time I upgrade to the latest version of either WordPress or Jetpack (a tool built by WP) I end up with a big bag of shit lumped all over me?

I never upgrade on the first new main version but when it's 3.9.2 you would think it would be safe to upgrade however the problem is that even though WordPress may have updated a load of their code plugin authors would have no idea of the changes until too late to make the changes.

Unless they have the urge to run round like headless chickens re-writing code and trying to work out what has gone on they might be left with their own plugins not working or causing issues.

The number of times I have updated WordPress or Jetpack to find
-Statistics not showing - another plugins dashboard shows instead
-Omnisearch breaking the site.
-Share buttons causing JS errors due to cross protocol scripting and other issues.
-Cloudlflares "SmartErrors" interfering with the automatic plugin update functions and causing /404 urls instead of nice "update plugin" options.

I could go on.

This weekend was one of those weekends as I stupidly decidided to upgrade on Saturday morning. Ever since I have had:
-Emails not being sent out and posted on the site through the Postie plugin.
-My own tagging plugin not tagging for some unknown reason, I think it is a memory issue where if you have over 5,000 tags the number of regular expressions done could be a problem. I always now keep the number of tags under that limit with a clean out now and then.
-Incorrectly formatted content in posts.

It has been a nightmare and in future I am thinking of just keeping to the versions of the plugins and WordPress codebase that I know works instead of constantly upgrading - unless due to security issues which should be easily sorted with some decent .htaccess rules, firewall, CloudFlare and some tools on your server like DenyHosts and Fail2Ban etc.

Plus the odd plugin like Limit Login Attempts helps prevents those bad boys knocking on your admin door all the time!

As a WordPress developer actually said to me once whilst chatting over a discussion on the WP forums - "they are not going to re-write the code from the ground up as there are not enough developers to do it" Instead they spend their time making funky widgets and little wizbang "ooh look at that" type of tools.

Even though a big team like Automatic with such a widely used program, yet full of crap code, and if you have looked at the WordPress codebase you will know how crap it is. And this comes from the mouth of a WordPress developer as well as myself after a long discussion on the forums.

Apparently they won't create a new version to the side of the old one whilst carrying on with the current one due to not having enough developers who know the code well enough to build it from scratch.

It seems to have started off as a small CMS project like a lot of systems then grew like a monster out of all control and now it is uncontrollable so to speak.

So I am fed up with debugging other peoples plugins, hacking WordPress and trying to work out what is going on with serious analysis of mail / error / access logs. So I might just stick to what is working and safe - plus keeps me sane!

It seems WordPress themselves have been hacked recently with a mobile porn vector recently: BaDoink Website RedirectMalicious Redirections to Porn Websites on Mobile Devices and I cannot even get to the plugin site at the moment to complain about the 4 things I have on my current list so maybe their site is down as well.

Who knows. If it wasn't free and such a commonly used tool people wouldn't use it if they knew what code lay beneath the surface!

Tuesday 5 August 2014

Cloudlfare SmartErrors Causes 404 Errors On WordPress Plugin Updates

Cloudlfare's SmartErrors Causes 404 Errors On WordPress Plugin Updates

By Strictly-Software

The other week I wrote a message on the forum on WordPress about an error I was getting when I tried to do an automatic plugin update from one of my sites: Getting A 404 When I Try To Auto Update A Plugin.

The question was:

I am using the latest software and I haven't had to update a plugin for a while now but tonight I noticed Jetpack was out of date on one site and not on another (both on same server, same plugins and behind CloudFlare with WP Super Cache - which has been having issues lately??)
Anyway when I try to auto update a plugin on this one site the following happens.
1. The password field is full to the brim with *********** on my other site I just have the same number of **** as the word beneath it (inspect and change type="password" to "text" to prove it.
2. When I hit update it goes straight to a /404 page e.g mysite.com/404
3. It then shows a greenish page that says "sorry we couldn't find what you were looking for" here are some suggestions. A cloudflare page.
4. I have asked Cloudflare about this but I have had problems before with Omnisearch being enabled causing similar issues and also I cannot use any JetPack stats as the URL /wp-admin/admin.php?page=stats just takes me to WP-O-Matics dashboard.
I have checked WP-O-Matics source code and CANNOT see anything about going to that URL.
Is this to do with something WP has done or Cloudflare or both. The password box full to the brim with ****** on one site but not the other suggest something with WP is going on.
Thanks for your help

Now that I have just gone through Cloudflares settings to check what I had on I have realised that the site I didn't have the problem on (also behind Cloudflare) didn't have SmartErrors enabled.

The site that didn't let me auto update plugins from Wordpress DID have SmartErrors enabled.

I disabled the SmartErrors app and then tried an auto update on the broken site. It worked!

So that is the cause of any problems you may get if you try and update your plugins from within WordPress and get a /404 error and a greenish Clouflare page with some links to other pages.

I don't know if it's a Cloudflare issue or a WP issue but if SmartErrors are on it's an issue!