This is HP Lovecraft….
The upgrade process for WordPress has been so seamless the last three or four versions that I didn’t realize how spoiled I’ve been until I finally had an issue (and even that was quite simple to resolve). Between automatic updates for plugins, themes, and core files, WordPress has nailed the convenience end of upgrades, and that’s no small thing—just ask anyone who has to upgrade a Mediawiki install
Warning: array_search() expects parameter 2 to be array, null given in /home/umwblogs/public_html/wp-content/db.php on line 250
Luke Waltzer had the same issue on Blogs@Baruch, so I knew I was in good company And, as is always the case, Ron Rennick (the original author of the plugin) was on it. (Ron and Andrea deserve every bit of kudos they get from the WordPress community and more.) He fixed the issue in the db.php file for the plugin and noted he would update the trunk at some point. But in the interim if you have an issue getting it to work leave a comment and I’ll post the code I’m using.
What’s nice about moving to 3.5 is that we can once again use dsader’s now out-of-print 3-in-1 widget to display recent posts on the front page of UMW Blogs, which is pulling off the http://tags.umwblogs.org blog. We’ve had performance issues with this one before, so we have to watch it pretty close for load spikes.
Another issue that was just brought to my attention is that WordPress 3.5 begins the phase out of the Links Manger. I hadn’t heard about this yet—I need to read up on new releases better —so I installed and network activated Andrew Nacin’s Links Manager plugin in the interim until I figure out how this might effect folks on UWM Blogs. To be clear, if you were using Links Manger before the upgrade that functionality is still intact from what I understand, it is all new blogs that are created won’t have it as a visible option.
Other that that, UMW Blogs is once again running on the latest and greatest for the new semester. If anyone else knows of any issues we should be aware of I’d love to hear em.
For years now we’ve prided ourselves on keeping UMW Blogs outside of the single-sign-on environment using the rationale that it provides just one more layer of separation from the fears surrounding privacy, FERPA, and security. Admittedly part of this stance was born out of the technical challenge of integration, an issue that since then has been figured out pretty effectively for a variety of authentication systems. And given UMW has had Active Directory for the past three years, we could (and most likely will) take Luke Waltzer’s brilliant lead and integrate our UMW Blogs instance seamlessly thanks to Boone Gorges‘ plugin (how much do you love CUNY?).
Integrating with the UMW’s Active Directory is something I’ve been thinking more about recently given it would make certain things a hell of a lot easier. What’s more, we’re already doing this on the umw.edu installation of WordPress, and that works quite well thanks to Curtiss Grymala. So we even have the in-house expertise now, I guess I’ve just been stuck on the idea of creating a bit of a firewall between UMW Blogs and the other enterprise systems around campus, even though UMW Blogs has been an enterprise system for a couple of years now, whether or not I want to admit it. I probably would have dragged this out a bit longer, but a recent meeting I was in about the future of online learning at UMW has been helping to make the decision easy.
We have a new set of forms and policies regarding online classes that were inspired by our preparation for our current SACS review. More specifically, we have an “Online Course Authorization” form (doesn’t it sound so Brazil-like) that caught my attention because according to this form, in order for UMW to remain in “compliance with federal distance education regulations” you have to login through a centralized, campus-wide authentication system. Here is the exact verbiage from the form:
The default expectation is that online UMW courses will be offered through Canvas, the University’s enterprise learning management system. Because Canvas requires a secure UMW login and password authenticated against the University’s active directory, it fulfills the federal requirements for verification and privacy and does so at no additional costs to students.
If this course will be managed through Canvas, check this box, provide the two signatures (below), and submit the form to the Office of the Registrar. Ignore page two of this form.
IF THE INSTRUCTOR WISHES TO USE A SYSTEM OTHER THAN CANVAS FOR MANAGING THIS ONLINE COURSE, THE ALTERNATIVE APPROACH MUST BE APPROVED FIRST. Complete page two of this form, and secure all required signatures.
What else can I say? This pretty much says it all. As of right now UMW Blogs is not authenticating against our university’s active directory and hence cannot be considered one of the default spaces where online learning can happen at UMW without a litany of five or six signatures all the way up to the Chief Information Officer. I don’t know the specific federal regulations this form is referring to and I’ll have to do more research there (anyone know anything about this?), but at the same time I’m not necessarily doubting it. Given how meticulously we’ve been going about our SACS re-accreditation review I’m sure the regulations are quite plain. What gets me in all this is the idea that as a result of these regulations our LMS has become the default mechanism for designing an online course experience at UMW. This seems problematic to me given all the work we’ve done over the last seven years, and one of the reasons I am kicking myself a bit for dragging my feet on active directory authentication.
At the same time we’re lucky we don’t do too many online courses at UMW just yet, and those we are doing are being shaped and developed through a robust community of faculty in the Online Learning Initiative that are interrogating the ideas behind online learning for a liberal arts campus. Nonetheless, the idea that there is a form somewhere that says “the default expectation is that online UMW courses will be offered through Canvas” kills me. The impulse amongst universities to dictate the virtual environment in which online classes can happen will increasingly become a contested and murky reality—folks will “authenticate” through the LMS but that’s not where they’ll teach and learn.
This form is very much a hoop we are having faculty jump though as a way to square ourselves with the SACS review, which I understand but at the same time it does little or nothing to push the vision and possibilities of online learning forward institutionally. On the contrary, it makes it much more difficult for a faculty member to choose an alternative framework, a fact that could be potentially devastating to the culture of innovation in this area cultivated at UMW up and until now. For that reason alone I think it is crucial that we start seriously considering getting UMW Blogs to authenticate against active directory so that it can be yet another default option for online learning that we can offer UMW faculty with little or no hassle.
This is a test of the solutions frame for this.
This is test post that should feed into David Wiley’s edstartup Brainstorm section of his site.
The migration process from WPMu (roughly version 2.9.2) to WordPress Multisite (version 3.4.1) has been well documented already. Two sources I found useful for a straightforward tutorial for doing the migration—which I imagine everyone who is anyone has already done except for me—are here and here.
I recognize this post is probably two years too late, but I’ve recently been working on resurrecting a WPMu site that was offline for a year and a half. In the effort to get it back online I had to update it to the most recent version of Multisite which came with a few issues. I’m gonna outline those issues and how I fixed them in hopes it helps anyone else who stumbles upon this post in need of some advice.
Once I updated the old WPMu files to the latest version of WordPress the public facing site was blank because the theme was 5 years old, but I could login to the Dashboard area—which was amazing to me. What I saw once I logged into the Dashboard was the following:
You’ll notice a few things:
I fixed the theme issue by making the default theme in the wp-config file TwentyTen:
But I couldn’t figure out why the Network Admin was missing, I had put the
in wp-config, but still no go. I got on Twitter and asked around—which I think might come across badly when I impose on the proximity of the genius of @andrea_r, I do apologize—and was pointed to the fact that there’s an issue with this install not recognizing the admin as the Network admin for the multisite. Which, in turn, would explain why I couldn’t access plugins, themes, or the admin menu: It’s elementary, Watson! I’ve been out of the hacking game for far too long, I am getting soft. This was confirmed when I went to siteurl.com/wp-admin/network and got the following error:
You do not have sufficient permissions to access this page.
Anyway, a post on the forum by Andrea about this issue (
which I can’t find now, damn it) led me to the solution. She recommended the person having the issue look in the wp_sitemeta for the site_admins table. Her recommendations was along some other thread, but what I noticed were these crazy slashes cutting up the fields (as Boone suggested, it was like a bad slasher film ).
The site_admins table looked like this:
When I removed the errant slashes…
…my issues were solved. I actually had to clean up slashes that were in the Allowed Themes table as well as a few others. I have to believe that this issue is a hold over from a database issue I had on ELS Blogs when WPMu 1.2.5a to WPMu 1.3 converted text-encoding from latin to UTF-8. I had all kinds of issues with ELS Blogs in this regard, I blogged them here, and I believe this issue is probably going to be extra rare given how old school and particular this issue is—but what can you do? Old habits die hard.
This time 5 years ago we were closing down ELS Blogs, UMW’s first multi-user WordPress experiment (well actually the second if you count Lyceum), to make way for the campus-wide blogging platform that would be known as UMW Blogs. Five years ago at UMW’s DTLT were heady times, there was still a lot of promise and possibility around the ideas of open publishing through open source applications—much of which has dissipated lately. The ability to deliver an open source publishing platform for an entire campus in-house with no coding experience and even less time is a little heralded marvel of the open web.
ELS Blogs had a bunch of amazing blogs on it, with the majority of them being students of Gardner Campbell, whose vision was the reason behind the platform. In fact, part of the push to get ELS Blogs back online came after I recieved an email from one of his students asking about her blog:
I graduated from UMW in 2008. I had a blog through this site for a film class back in 2007 and for years have not been able to login to it but I have been able to view it. Recently I was searching for it, to possibly have one of my posts published, and I can’t seem to find it anywhere….
The name of my article was Fast, Cheap and in Control?
Please let me know if there is anyway to recover this! I really hope to get the piece published. Thank you very much!
What was lost is now found! This isn’t the first email I’ve gotten like this, in fact I get many like it, but usually it is to export their work. This was a rare occasion in that the post was, indeed, offline. The issue was that ELS Blogs was offline for a year and a half (since December 2010) because of deeply annoying Bluehost issues—they started limiting the number and size of database tables threatening to suspend your account if you went over. (As an aside, I am very glad to note DTLT will very shortly be free of supporting any and all Bluehost accounts for departments.) We pride ourselves with archiving everything, and even back in 2007 we pushed students to take ownership of their work—but it’s only now that we can transform that ethos until a full blown pilot project in the form of A Domain of One’s Own.
Fact is, the Domain of One’s Own project has allowed us to archive so much of the work we’ve done in DTLT since 2004-2005. We’re moving all of the domains and webhosting accounts we had strewn all over campus to our own MediaTemple server and reclaiming and cleaning up a ton of work—and saving some money as well. All the while we’re archiving old, one-off WordPress blogs to UMW Blogs and mapping the domains where appropriate (but more on this process in another post). In many ways A Domain of One’s Own is born out of an extremely fertile seven year period of experimentation that has gradually become more centralized and scalable. The Domain of One’s Own pilot helps us manage that reality while at the same time opening up an entirely new period of experimentation at UMW. I feel like UMW is moving from one moment of experimentation to another, and it is doing it cleanly with an archive to show for it.
Finally, let me add that none of this could have been possible without Tim Owens’ undying dedication and genius to making the conception that was A Domain of One’s Own into a hard and fast reality. He has been a godsend for DTLT specifically, and UMW more generally. Tim is nothing short of amazing, I challenge you to show me one better!
Me and UMW Blogs are going on 5 years this Summer, she’s is the baddest of the bad and meanest and leanest of the mean and lean. She’s a veritable titan of her kind, she’s an educational publishing platform of the very best kind, and she’s turning five. Five years ago from roughly May through August we brought together the early MistyLook themed WPMu and MediaWiki hybrid out into this wasteland of bad BlackBoard installs, and we shone a light.
A light of good publishing practices, a site for everyone regardless of his or her class status, and course spaces that actually looked good. We were already dreaming of fancy syndication, course aggregation, and a space attractive and user friendly enough that you would actually want to have a stake in it. It worked, five years later we have more than 6500 sites and 8500 users, and that number has steadily increased over these past five years. We run heavy traffic sites like UMW Bullet and EagleEye, or blogs for alumni 3 and 4 years out. We have aggregated blog posts from more than 40 UMW students who have written about their travels around the world, and some class sites that imagine a whole new use for online space discussion, tags and the community in the virtual. There are student created research sites I’d put up against any university’s publicly open and shared work. Not to mention more than 35 original literary journals created by UMW students.
It’s been an amazing space to watch emerge and grow into a distributed and highly active, yet loosely bound, community of classes, students, faculty and staff. I continue to feel honored to be a part of it. Oddly enough, I also feel further and further away from it, so much happens there in a single day I can’t really keep track, we also have hundreds of plugins and themes, it’s a vertiable laboratory doubling as an enterprise system, it’s truly remarkable in that regard. We had almost 100% uptime this past academic school year, and save some recent brute force attacks these past two weeks, it has been a model for both reliability and possibility within a university platform.
Now I’m gonna talk numbers for a second because I continue to be blown away by them. This year alone we have more than 1.2 million unique visitors from all over the world and 4 million page views! This is mind blowing, umw.edu is a veritable brand with 100 years of history behind the idea and it gets 14 million a year. We’ve been doing open education out in the open for 5 years without packaging it—it’s an ongoing happening that others around the web can tap into, it is a model of online education that is not separated from a time, place, and most importantly the people that shape it. I love this system! It’s the proto-type for our upcoming Domain of One’s Own pilot, and it continues to evolve as an integral space wherein we all work.
What’s more, as Notorious B.I.G. would have said if he was in my shoes, “Mo traffic, mo problems.” We’ve been getting brute force attacked this last week, and Zach Davis, per usual, comes up big and writes us a script to block too many attempts on the login page, which has been pulling us down. Such issues come with age, and it couldn’t have happened at a better time, but it also makes sense to share out Zach’s solution here. And to Zach’s credit, this is a someone trying to hack into WP, and this i where some expertise on our side for sys admining would give him Zach some freedom and force us to take a bit more responsibility. And while I want to in my heart of hearts, I’m not that good—and we can only run enterprise sites like UMW Blogs and the quickly emerging ds106.us successfully for so long until we start needing people who are good, who do it regularly, and know how to admin WordPress properly—I can hack my way through but it is ugly and I’ll be the first to admit that my skills are not world class in this department
If you are having mini-DDOS attacks and your WordPress site is crashing as a result, then what follows may be very useful to you thanks to the great Zach Davis who got the original idea for this wp-login brute force login attack solution from this awesome blog post:
I’ve done a number of things. I’ve tightened the firewall, tweaked the mod_security rules, reduced the number of apache processes available to the server, and installed an apache module called DOS Evasive. All of these will tighten things up, so keep an ear our for users having problems. We may need to loosen restrictions at some point.
I don’t want to have to keep worrying about this server, which is crashing a few times per day, so I’ve gone ahead and implemented a solution to this brute force problem. I’ve added a mod_security rule to apache that looks like this:
# This has to be global, cannot exist within a directory or location clause . . .
# Setup brute force detection.
# React if block flag has been set.
SecRule user:bf_block “@gt 0″ “deny,status:401,log,msg:’ip address blocked for 5 minutes, more than 15 login $
# Setup Tracking. On a successful login, a 302 redirect is performed, a 200 indicates login failed.
SecRule RESPONSE_STATUS “^302″ “phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0″
SecRule RESPONSE_STATUS “^200″ “phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_co$
SecRule ip:bf_counter “@gt 15″ “t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counte$
(for future reference, the rule is stored in /etc/httpd/conf/modsec2.user.conf)
I got the idea here: http://www.frameloss.org/2011/07/29/stopping-brute-force-logins-against-wordpress/
Basically, what this does is assumes that after a successful login, WordPress will redirect the user (and send a 302 header). On an unsuccessful login, WordPress displays the login page with a regular 200 header. The rule tracks how many 302 headers a user gets while visiting the wp-login.php page and, if they exceed
1510, it blocks the IP for 5 minutes. I tailed the mod security log and the request log at the same time and saw another attack come in (they are coming in constantly; within 5 minutes of blocking an IP, I see more requests, often as many as 3-4 per second from the same IP).
We need to watch this closely and make sure people can still login to WordPress. Normally I would want to test this before deploying it to production, but in this case I think it’s more important to get things locked down and then adjust as necessary. Please make sure that logins still work and let me know if you experience any problems.
How many of you get support like that from your host? It’s amazing, and this reminds me just how integral Zach has been to all of UMW’s successes with UMW Blogs, here’s to you hippie—it’s been an awesome 5 years and sooner or later we will let you out of our experimental prisoner. Nobody makes the bava like the Davis, NOBODY!
Yesterday was the last day of the Fall semester so I took a quick screenshot of traffic on UMW Blogs in Google Analytics over the last four months, which looks like this:
Which made me think, how does this compare to traffic from the Fall semester last year? So I did a quick filtering for traffic from 8/16/10 through 12/16/11 and what was interesting was how consistent the traffic was between the two time periods in terms of frequency throughout the week, over the weekends, etc.
What’s more, we had almost exactly 100,000 more visits and unique visitors this Fall than last–with almost 200,000 more pageviews. All of which seems to suggest traffic is settling in given that from Fall 2009 to Fall 2010 trafic almost doubled across the board in terms of visits, unique visitors, and pageviews.
The change in traffic this Fall in comparison to Fall 2010 was a more modest 20% growth in visits, 25% growth in visitors, and a little less than 15% in pageviews. I’m not sure what any of this suggest other than the growth in traffic on UMW Blogs seems to have stabilized a bit over the last year. And I think this has a lot to do with how much UMW Blogs has saturated UMW more generally. I think we would need significantly more students to see significantly more growth at this point. I think we are at a very sustainable moment in terms of hardware, software, and support. What’s more, UMW Blogs has also stabilized considerably given we have had next to no downtime all semester long, which is a first for us and a very proud day indeed.
We’re gonna update to WordPress 3.3 this Wednesday, and I’m pretty confient that will go as smoothly as all the other upgrades on UMW Blogs have been over the last two years. One more thing, we are back on Akismet after trying our hand with TypePad’s Antispam solution for a NY minute. We survived most of the semester with the Cookies or Comments spam solution, which worked surprisingly well, but we were starting to get spam complaints from faculty and students alike so we went back to Akismet. The reason we were resisting Akismet to begin with over the last year was because the quote us a ridiculous $900 a month for the service last December, but that has since come own to about $45 a month for the service ($550 a year) which is both afforable for us and well worth the peace of mind.
We just finished our first week at UMW—-it was an uncharacteristically late start for us. We are usually in week two or three by now, but I am not complaining because the extra spell before game time was nice. That said, the semester has arrived and UMW Blogs held up beautifully the first week (even though it got clobbered traffic wise). Martha Burtis did a site re-design which looks snazzy. What’s more, Martha re-themed the UMW Wiki to match UMW Blogs, which is something we plan on experimenting with and using a lot more this year. After the upgrade in early August, it seems like UMW Blogs has been rock solid. No downtime, and very little in the way of errors, crashing plugins, rogue themes, etc. The system is tight, and I am not afraid to say it these days. With more than 22,000 unique visitors during week one and over 82,000 page views—all I have to say is bring it on. UMW may be small, we may be relatively poor, but we are scrappy as all hell. What’s more we are open education at it’s best and least pedantic.