An update on the upgrade
9 September 2008 |
Thanks to Guy Consolmagno, and to my utter dismay, I discovered that Google.com blocked this site for security reasons. It took me a while to find the problem. There was a very cleverly hidden piece of badware (malicious code) on this blog. Somehow, somebody or something took a completely innocent link, anchored to two words, left it anchored to only one of them, and inserted a new link, anchoring it to the second word. Of course, the new link was not at all innocent.
In general, security breaches are more frequent when you leave your web site running the same version of your software for a long time without upgrading. The upgrades often bring in improved security for the site. Since this site is running on WordPress 2.1.3, and the latest version is 2.6.2, I thought it was high time to do something.
Unfortunately, the upgrade does not work properly. WordPress is supposed to be a very simple system to upgrade (their “famous Three Step Upgrade”, as they call it). Unfortunately, I was unable to make it work.
Of course, I first thought that there was something on my site that was particularly ornery (e.g., a plugin incompatible with the new version of WordPress). After a lot of head-scratching, I decided to experiment (I am an experimental physicist after all). I found a new web hosting service (www.x10hosting.com), offering space plus three mysql databases completely free of charge, and tried installing the WordPress 2.6.2 there, on virgin soil, so to speak.
I have managed to get it to work (you can see for yourself here), but it took some effort. Namely, I had to patch the file class-phpass.php (following some professional advice), and then manually setting the admin password in the mysql database (using the phpmyadmin mysql interface, and manually crypting the new password). Not very straightforward.
The upshot of all this is that I will give the WordPress developers some time before I try upgrading again. This is unfortunate, because I had to turn most of the plug-ins off, including the access to private pages (please, send me an e-mail if you need information from some of the private pages).
– Paul Gabor (p.gabor@jesuit.cz)