It’s a pre-requisite, of anyone who’s asking for help with something, to have a rough idea what it is they’re asking. The thingummy won’t do the whatsit. Every single trade, every small specialism has its coda, its terminology, names for the components unique to this or that moving part, this or that tool.
WordPress is no different. And although it often seems like a monstrous impenetrable engine, it’s actually less of a machine than a tool, or a series of tools. And since it is open-source, made by lots and lots of people all doing it for love, WordPress can sometimes feel cobbled together, patched, slightly worn in some places and with odd bits missing.
After the fear and trembling over the many hacked blogs in version 2.7 a bit back, we were assured that the latest versions are pretty much secure. And we were promised easy-to-do upgrades. One or a couple of clicks.
The devs are absolutely aware how tiresome it is to have to download a new copy of WordPress every time they fix something. Plugins, too. It was okay when we only had to do that once a year, or so. But when these upgrades come as often as one a month, and if you have say 20 Plugins (the add-ons that deliver extra functionality, Share This buttons are an example) and it’s not uncommon to have a lot more than 20 Plugins, phew that’s a lot of messing about at the back end that the average blogger would rather spend blogging.
So, this morning in the boiler room here there were 3 Plugins needing upgrades, and Version 2.8.5 ready and waiting with an alert in pale yellow at the top of my screen.
So that’s 4 distinct lots of messing about downloading and putting files in the right place, powering up the ftp client and uploading, then going into each one and activating. And that’s just the plugins. Has the two-click upgrader ever worked? No. So nowadays when you have a question, you ask Twitter.
@brendadadaWould anyone out there have a simple explanation/solution as to why my #WordPress upgrades & Plugins won’t do it automatically?
Back came the very sensible and helpful reply
@publicenergy@brendadada It might be the folder access rights where the plugins are held – my wp-content & plugins are 755 (write by owner, every1 read)
And
@publicenergy@brendadadaAll Wordpress installation should be 644 – executable by server, except the ones that get uploaded and changed – wp-content
File permissions have change modes – chmod is the abbreviation. These modes set permissions for who can and who cannot read, write and/or execute changes to your WordPress files. Basically, when you’re the owner and signed in, you need to be able to read, write and change almost anything, but visitors perhaps only need to read and/or write.
To make sure the Plugins and the WP versions can be upgraded from within, it’s essential that some things would have to be executable by someone else, so the chmod permissions become more open. With us so far? Yes.
So up with Cyberduck and the file permissions are upped appropriately and within seconds, this blog has disappeared. No 404/403/503 error messages, no dashboard, no sign-in page, nothing, nowt, nada, zilch. As if the tap’s been turned off, nothing.
@brendadadaMagic disappearing blog Can the people with my ftp details please help? And anyone else with advice?
Stef Lewandowski is a web entrepreneur and one of the heroes behind BCCDIY, which if you’ve not been following, is a basically a do-it-yourself and far nicer version of Birmingham City Council’s new £28m website. He makes lots of other nice things too, including a site for daddies, often with a baby on his knee. Here’s his advice, as a list. It’s really helpful.
1. Get your ftp client up and back up ALL the files from the site. Don’t over-write your last backup, you might need that. Do a new one, so you have at least two copies, your previous one and this new one, the one where the problem is.
2. If you think you’ve been hacked (and we thought upping the File permissions might have exposed a bit of nasty script from that previous hack) get a copy of TextMate (which has a helpful 30 day free trial) and use ‘find’ to search for anything containing ‘execute’ or ’script’. It could be that a bit of php script is hidden inside a jpg, so make sure you tell TextMate to see all files.
3. Delete that file. Re-install wordpress and restore from a clean copy, saving only the wp-config file and wp-content.
4. Change all your passwords. Change mysql and FTP user passwords. Goes without saying really, but especially if you suspect a hack.
5. Once the blog’s back up install WP Firewall Plugin and also WP Database Backup ( with settings for amazon S3).
Great advice – do them. Phew.
Except it didn’t all work quite like that, and we really don’t know why. The lovely Josh Hart, creator of Livebrum, sauntered onto the scene, whistling (I think) at about 11.30 and upped the file permissions again, the ones I’d dropped back down earlier. He thinks it’s possible that the original changes didn’t ’stick’ leaving some of the permissions at 000 which of course would mean no read/write/access for anyone.
Luckily there is no sign of a hack.
At least not that we can see…
And the whole thing reminded me of oil and coil, springs and flywheels, gaskets and accumulators, governors and gimlets.
I remember asking my mother why Gracie didn’t know what her thingummybob was called, seemed pretty ludicrous to this enquiring 5 year old. She said it was a wartime secret, that nobody knew what they were making in these huge armaments factories all over the country. And that you’d better not ask because even if you did know, it’d be a secret.
We were down for about two hours altogether this morning, that’s all. Thank you @publicenergyand @stefand @joshhart. WordPress is great. It’s the open source people who make the thingummybobs, I love ‘em all.
So: to the big question, still unanswered:
Would anyone out there have a simple explanation/solution as to why my #WordPress upgrades & Plugins won’t do it automatically?
Similar Posts:
- Testing Embedded Slideshows
- Malicious Hack
- WordPress to Drupal?
- Upgrading to 2.5
- Why Is Your Website Higher Than Mine In Google?
Popularity: 1% [?]
10 Comments
I did wonder what you managed to do. You don’t seem to have a lot of luck with the hosting of sites…
The hosting is actually a rather excellent service. Where else would you get the boss backing up your database for you over Sunday morning coffee?
WordPress is a bit flaky. Maybe if I take @publicenergy and @stef’s advice and do a complete clean re-install of everything, plugins the lot. Find half a day to sit and do it all, that would help? Who knows.
I think a clean install when you get time is the way to go. I have two installations and have never had any of the problems you have described. Upgrades and plugin updates just work.
I think any flakiness will stem from problems with the original installation. It would be nice if there was a diagnostic page that would check some of the finer details and tell you if any file or folder permissions are incorrect or insecure – but ordinarily, they’re all right after an install.
Yesterday’s backup caned my memory. There’s a lot here. I’m probably going to fork out for a HD just for this very purpose, and as you say, clear some time to do the whole thing.
I wonder if there’s a WP diagnostics plugin?
And what are you fellows using for avatars? I installed something a couple of weeks back that was way over the top and put an avatar above every post. A plugin that just fills this grey box will do fine.
About the avatars – why don’t you just use the out the box options in discussion settings that come with WP?
Diagnostics – Though is not primarily a diagnostics tool WP Security Scan will tell you what Chmod settings you need and what you have each directory set to. The home page is http://semperfiwebdesign.com/plugins/wp-security-scan/
Um, there isn’t one for a custom avatar, just the machine made ones. Wondering where to even upload one, tbh. No upload box in the user menu. Strangely stumped.
Will add that Security Scan plugin, ty very much!
Wordpress own Gravatar (they bought it last year) so upload your default avatar here
http://en.gravatar.com and that will fill the grey box. I misunderstood you at first about filling the box. I thought you meant for people without an Avatar not that you never had one in place yourself.
Ah, yes okay that’s helpful. Y’see I thought there was something up. I’ve got one of those. It should come through automatically, right?
Ah bingo! It wasn’t recognising my email address. Brilliant. Thank you. :)