I’m always right   Stefano Forenza - Personal Blog

( as I am still working on adapting Wordpress MU to the site I’m developing, this post is work-in-progress and will be updated every now and then. Be sure to check it back in a few days if the argument interests you)

I am always impressed when even large techy organizations like Mozilla adopt popular tools get their stuff done.

Mozilla recently released their new blog, based on Wordpress MU. I would like very much to know if they like it just because I am recently porting the front end of a personal project onto wordpress mu.

How do they deal with security holes (I find wordpress design quite likely to create holes as development progresses)?

I am asking, just because I am still wondering if adopting a blog-app for a custom site (a network of them, to be precise) can be a good choice I just adopted WPMU as well.

Why did I choose WMU

• Enourmous and gorgeous community. Lot’s of stuff available
• Centralized backend.
• Wonderful theme system. Simple, PHPish, fast, customizable.
• I spent too much time on the frontend when I should have focused more on backend procedures.
• Good for SEO. Even better with plugins.

Caveats I got around

• multiple blogs with one backend. done ( adopting wordpress MU instead of the mainstream’s )
• post bulk import. done ( using an xmlrpc PHP library on the client side ). As importing a thousand of posts per day is a little too much slow I am actually ftping a serialized PHP array and save on db using hand-made queries (I could use Wordpress built-in functions, but I had to add one field more to the posts-table so I am forced to use custom queries)

Solved Problems

Wordpress MU hates WWW.

Wordpress MU definitely wants to have a base domain. As cheap hostings sometime force you to use www I was getting infinite redirections errors. Wordpress MU detects www and redirects me to http://domain.com. My hosting then detects the absence of www and redirects the browser back to http://www.domain.com. None of the two seems willing to give up :). A little hack in wpmu-settings.php did the trick. Another hack to add to the upgrading-todos list of pain.

Sadly, the login had a similar problem, wordpress wasn’t gonna allow me log on other domains apart the www. After some google-struggling I came up with YAH (yet another hack) to add to my bloody upgrading list of pain. You have to change some more code in wpmu-settings.php.

Around line 261 change:

if ( !defined('COOKIE_DOMAIN') )
define('COOKIE_DOMAIN', '.' . $_SERVER['HTTP_HOST']

Into

if ( !defined('COOKIE_DOMAIN') )
define('COOKIE_DOMAIN', '.' . $_SERVER['HTTP_HOST'] );

Thankyou raimond !

To be resolved yet

Altering the post table structure

I need to add a single link (url) reference to each post that get imported into wordpress. In the source database, the link is a unique key, meaning that you can’t have two record with the same link at the same time. This is needed in order to avoid duplication.

• custom fields is not a choice, since records will grow very fast (nearly 200 new posts per day) that would yield to a very large meta table.
• I need a way to pass the link via xmlrpc. Saving a duplicate-url-record should lead to a silent failure of the record import only.
• at 99% /xmlrpc.php will need to be tweaked. This is a pain in the ass when it comes to upgrading. And upgrading is needed because the security-not-in-mind architecture of wordpress.

Setting up a ready 4 live empty blog.

This is something WMU does but I doubt it’s possible to set up every tweak. The best would be having the choice to reply an already configured empty blog. Anyone got around this ?

Disabling blog creation

Maybe because Wordpress MU is designed to allow subscribers to create their own blog, it does not allow disabling the blog creation in the front end. Again, you can just delete the subscription-file. But, again, upgrading becomes a pain.

As a side note the following lines in README.txt are to be found:

4. If you want to restrict blog signups, set the restrict domain email setting in the admin.

This obviously doesn’t apply, cause it affects the whole user signups, not only the blogger wannabees.

WPMU Gotchas

Here’s the things I don’t plan to resolve.

Bad error handling

Wordpress MU throws an unhealty dose of notices. That’s not serious, come on! When you’re the founder of a (hopefully) successful blog community you want be notified of each and every problems in the code. If the software throws notices when everything is allright, how can you expect no notice new errors in the (already polluted) logs ?

I am serious, and I am not talking about plugins, I could understand that. I am talking about core code, what the hell is that ? How do they develop in house ?

For example:

if (! unserialize($value) )

$value = stripslashes( $value );

It’s obvious to anyone with more than 1 year programming that this will throw a notice, when unserialize fails. Putting a @ before unserialize won’t prevent the problem to show in the logs but could at least save your screen when developing on your box. A small regexp or on $value, or a bunch of strpos are likely to save your ass (and the logs) the 90% of times.

Conclusion

Will I ever get online ? Wordpress MU can be a good choice, although, if you’re gonna use it for something which is not a blog, you should think twice. It can be good, anyway, only be sure to consider all the low-downs.