Order of the Bath

I thought it was about time that I created a theme that suited the blog title and incorporated all (and only) the features I wanted. Subject to change in the future, this is it.

It is

• Mimimalist—so a lot of things that I don’t want/like are missing. Like calendar, monthly archives (what is the point) etc.
• Fluid—it works to any (reasonable) screen size
• Extensible header image—one that stretches with the screen
• There is built-in (but optional) support for my favourite plugins—Akismet, Custom Comments, Get Recent Comments, Gravatar and Paged Comments.

If you like it, I have made it available as a download. It should be fairly easy to adapt.

Please report any problems here and I will do my best to fix them, otherwise, what-you-see-is-what-you-get (except the logo at the bottom which is not included in the download).

A while ago someone pointed out that there was an anomaly with WordPress in that the web pages were displayed in UTF-8 character set but the database was stored in a Latin charset and that was causing a few problems. They worked out in detail how this should be corrected.

Unfortunately it seems that the authors took on board that it needed to be changed but ignored the method. The consequence is that people updating to version 2.2 using the default config file are in a bit of a mess if they use a text containing non US-ASCII characters, especially foreign languages (wrt English)

I noticed first because my British blog (this one) frequently uses the pound sterling character £. Having corrected all those I have noticed a few others, for example ô became Ã` and — became –.

Note that this does not affect new blogs at all.

For blogs upgrading from an earlier version to 2.2 the lines to watch in wp-config.php are define('DB_CHARSET', 'utf8'); and define('DB_COLLATE', '');. They didn’t use to be there. I think the mistake was taking any notice of the sample file—silly me, I thought it was necessary to keep all files up to date.

At least there should be some warning about it as it is a natural mistake—I only found the trac entry after the event, the announcement didn’t mention it. There is some documentation about it but that is not something you would naturally look for. Now I have the problem that I have fixed some by hand and made some posts with the new system so how do I fix it—change them all by hand or revert and change those ones I have done back?

A while ago I mentioned that I had installed the Akismet spam blocker on this blog. I still think it does a wonderful job, but over Christmas another problem appeared. Akismet certainly traps all the spam still, over 2000 items in a few days when I wasn’t watching closely and then 2-300 per day since, but it parks it all in a holding queue. The default action is to hang onto it for 15 days then it drops off, lost forever. The idea is that it gives you time to spot any false positive identifications and retrieve them. In practice there is just so much of the unsavoury stuff that it was not possible to go through it—it is actually quite depressing trying.

As an improvement I have installed the Firefox Greasemonkey script called “Akismet Auntie spam for WordPress.” What this does is reduce each spam item to just two lines which contain the essential information—the name, email, URL, IP address and the beginning of the comment. This makes it much quicker to scan through and detect any possible mistakes, particularly reducing the huge link infested ones to a manageable size. Yet, with a few days away, even this was not enough and I had noticed that the comment URL on the blog was now the most referenced page on the web server and there was a risk that the web host may complain.

It was with great pleasure that I discovered the answer in the WordPress “Akismet Worst-offenders” plugin—this is sort of a plugin to a plugin, it provides additional admin functions. It is very much a work in progress but it does a great job. The first thing it does is to categorise spam into types based on things like IP address (where it came from) and URL (what it is advertising) and content (number of links). This allows you to delete stuff in related chunks rather than an all or nothing approach which is the default for Akismet. If you have 25 comments all from the same IP address in a very short period then you can reasonably assume they are rubbish and dump them. Using this it is possible to reduce the queue to a single page which it is not difficult to go through by hand.

A recently added feature, however, is even stronger. Having identified where the spam comes from it can add a “Deny” clauses to .htaccess, the file that controls the web server, so that addresses are completely blocked from your site. Now the rouges are completely locked out, the spam doesn’t even get as far as WordPress, and the load on the server and database is considerably reduced. The block list is continually reviewed so that only currently active spammers are blocked and, in case you were worried about potential readers being blocked from the site, however innocent they may be, the chances that the owner of an infected spambot actually wants to read your blog are immeasurably slim, unless of course you are on the A list.

Now the negative bit—the documentation is pretty poor. The guy is at the end of his doctorate so is rather busy at the moment, but I trust that things will improve. The basic function is easy to set up. Just download the file, rename it to .php, install it in the plugins directory and activate it. There is a configuration panel which can be left at the defaults and that is it.

The .htaccess bit is not descibed anywhere that I can find. What you need to do it download your existing .htaccess file and add the following lines to the end.

Order Allow,Deny
# BEGIN worst-offenders
# END worst-offenders
Allow from all

then upload it again. That will tell it where to insert the deny messages and then that just works as well.

I took a bit of a break over Christmas and didn’t do much with the blog at all, in particular I took my eye off the spam queue maintained by the Akismet plugin. The baddies must have skipped all the parties because I find this morning that there are 2174 items in there waiting for my attention. Now I know that if I leave them for 15 days then they will be deleted automatically but I like to be sure there are no false positives. Unfortunately the page only displays the last 150 and there is only one button “Delete all” so there is no way to review them. I am sure I have seen someone else comment about this and perhaps a solution but I can’t find it now.

[added later – the latest version (1.2.1) improves things a bit. At least I can see the rest of them now, but it still needs a facility to delete them a page at a time. Anyway, I got bored so just killed the lot!]

I am getting some spam comments on this blog which I fail to understand the reason for. To be accurate I am getting a flood of spam at the moment and 99.9% of it is being caught by Akismet and most of that is standard link promotion and advertising stuff, but a few are beyond logic.

They contain some innocuous comment such as “Hi, I have a similar topic on my blog” and then a URL —but that URL is www.google.com, there is no other link back to anything that may be proffitable to the spammer. I am perplexed.

I have decided to relax the requrements for commenting on this blog a little. My experience with Akismet spam blocker has been very good so I have adjuusted the options so that there is now no requirement to register and login first. I will review this in a couple of weeks and see how it goes.

I got fed up with it—77 in the last week so I have installed Akismet. It was quite easy really.

But I was still curious how they were getting through, even though I require registration and signin before commenting. I found the answer is this forum message by Otto42. It seems they are not comments but trackbacks so a panic turning off comments won’t stop it as some people have tried. In fact turning off trackbacks won’t work either because each individual old post will still have them enabled. The recommended answer is Akismet—done that, so let’s hope it works.

Well that was dead simple. Those guys are really great, breaking it all down into five easy steps so it only took half an hour and that was deliberating each step carefully.

Now I really need to update the theme. I hacked the default one and I see that the upgrade made a few changes to that as well. This reveals a well known rule of programming—documentation only gets done on the first revision when you can’t remember how it works.

Unfortunately the upgrade hasn’t stopped the spam so phase two will be getting to grips with plugins.