Learning the World

I’ve run into a workflow snag with WordPress MU (well, technically the issue is in WordPress; MU just inherits it): authors can’t add or edit pages.

The problem is basically this:

• I have an academic division web site with an administrator or two.
• I have a handful of editors representing the department heads within that division.
• I have authors who need to be able to add and edit (but not publish) pages.

It’s the last part that WordPress doesn’t support. Ideally, I’d love for the “author” role to function like the “contributor” role does for posts, e.g.: a contributor can write and edit their own posts, but they can’t publish anything.  I’d like the author to do the same thing for pages, allowing a second-tier workflow within the site.

Unfortunately WordPress MU doesn’t work this way out of the box, and based on the comments I’ve read online, it seems that WordPress core isn’t interested in changing this functionality because it differs from WordPress traditional blog mindset. Which I understand, but don’t agree with — I think WordPress has grown into a respectable, lightweight content management system, and adding this additional granularity of editorial control would complete that transition.

So the question is: How to do we manage this? One option is to split up a larger site into sub sites; e.g. instead a single division site, you end up with sub sites for each department.

The other option is to go with a third party module. There are two that look good, particularly when used in conjunction with one another:

• Role Scoper: “Assign restrictions and roles to specific pages, posts or categories.”
• Capability Manager: “…provides a simple way to manage role capabilities. Using it, you will be able to change the capabilities of any role, add new roles, copy existing roles into new ones, and add new capabilities to existing roles.”

They look promising, but I haven’t tested either with WordPress MU yet. I’m curious to know how other folks are addressing this problem; if you have any suggestions or experiences to share, please leave a comment!

WordPress MU 2.8.4a refuses to upload .ppsx (PowerPoint Show files for PowerPoint 2007/2008) because the extension hasn’t been defined in the functions “wp_check_filetype” and “wp_ext2type” in /wp-content/functions.php

Not having ppsx defined here causes WordPress? MU to throw the warning “File type does not meet security guidelines. Try another.” when uploading the file (even when the ppsx file type itself is blessed in WPMU’s admin options).

I’ve reported the bug to WordPress MU Track here:

• #1118: PPSX not defined as valid file in functions.php

Update

The fix isn’t quite so straightforward as just adding .ppsx to the list of valid PowerPoint extensions, because technically PowerPoint Shows for 2007 have their own MIME type:

• application/vnd.openxmlformats-officedocument.presentationml.slideshow

As does PowerPoint 2007:

• application/vnd.openxmlformats-officedocument.presentationml.presentation

Specifying the wrong MIME type for PowerPoint Show files caused WordPress to add a .ppt extension to the file, which played havoc with subsequent downloads. The fix was to specify the MIME type in wp_check_filetype:

• ‘ppsx’ => ‘application/vnd.openxmlformats-officedocument.presentationml.slideshow’

My bug report at WordPress MU was closed because this is technically something that needs to be changed in core WordPress; I’ll be reporting it there shortly.

WordPress MU 2.8.1 was just released, and I came across a few bugs while kicking the tires on my MU development site:

• #1037 After upgrade, upgrade banner doesn’t disappear (fixed)
• #1048 WPMU 2.8.1 improperly escaping titles of newly created blogs
• #1049 Editing Blog Settings as Admin fails (fixed)

#1049 was fixed within four minutes of me posting the ticket, which is pretty darn cool.

I also encountered an issue with the Admin-SSL plugin and 2.8.1 that sets up an infinite rerewrite of the blog delete URL; I haven’t had a chance to track it down yet, but the author is working on an update of the plugin to get it working properly with 2.8.

Marketing Pilgrim’s posted their list of the most useful plugins for new bloggers. Of the plugins on this list, I can personally recommend Akismet; no blog should launch with out it. A lot of my friends in the hobby game blogosphere use CommentLuv. I’ve taken advantage of it while posting comments, but have never installed it on one of my own blogs.

NextGEN Gallery, the popular image gallery plugin for WordPress, has a new version out. v1.2.0 includes a couple of tweaks and bug fixes, but the big thing to note is that it no longer includes the JW Image Rotator, which is the Flash image manipulation tool that allows NextGEN to generate slide shows.

It was removed to avoid licensing conflicts, but no fears — it still works with NextGEN, but now site admins (like me) need to go grab a copy of JW Image Rotator when they install/upgrade the plugin. This won’t affect your site or blog at Lafayette; I’ll be sure to include the file when we do the upgrade here.

I’ve had great luck using NextGEN Gallery in my WordPress MU pilot install at work, but we have run into a few MU-specific hiccups with the flash file uploader and the location of the file image rotater. This led me to suggest some site-wide configuration options for the plugin in the WordPress support forums:

http://wordpress.org/support/topic/251863?replies=1

Here’s what I suggested:

The Default Image Rotator location

The plugin attempts to guess the default location for the imagerotator.swf file based on the assumption that the plugin is installed as part of a standard WordPress installation. This makes the path something like:

http://www.example.com/username/wp-content/plugins/nextgen-gallery/imagerotator.swf

Unfortunately, in a WordPress MU install, the plugin is not located in the user’s directory; instead it’s in the main plugins directory. e.g.:

http://www.example.com/wp-content/plugins/nextgen-gallery/imagerotator.swf

It’d be great to have a global option that allows me to specify what the default path should be for all of the NextGEN galleries on the WordPress MU install.

Global “Disable Flash Uploader” option

The Flash uploader has been problematic on and off for a while. While 2.7 got it working on non-secure sites, there’s a known issue with Flash and https that prevents it from working in sites secured with https.

NextGEN allows users to disable the Flash uploader on a per-site basis, which is helpful, but I’d love a global option that would allow me to disable the Flash uploader site-wide.

If these options sound helpful to you, please drop by the forums and add your voice to the conversation.

“You are in a maze of tiny, twisty passages, all a like”.

That line shows up in Zork and its variants when you get lost in a labyrinth, and it’s how I feel right now trying to puzzle through the best way (or hell, ANY way of securing WordPress Mu in directory mode).

What I’m trying to do is this:

• I want to enable secure logins and admin pages (so that these pages are protected via SSL and have https addresses).

I’ve got a WordPress Mu install setup in directory mode, e.g.:

• The main blog is at wordpress.foo.edu.
• The daughter blogs will appear in subdirectory format, e.g. wordpress.foo.edu/bar

In normal WordPress, this goal can be accomplished by setting two constants in the config file:

• define('FORCE_SSL_LOGIN', true);

• define('FORCE_SSL_ADMIN', true);

Another option is to make use of the Admin-SSL plugin:

• Admin-SSL: http://www.kerrins.co.uk/blog/admin-ssl/

With WordPress Mu, it seems things are a bit trickier. Ok, a lot trickier.

Both methods will protect the main blog at wordpress.foo.edu, I get nothing but 404s when I try and access any of the daughter blog admin pages at wordpress.foo.edu/bar/wp-admin. Traffic is successfully redirected to https, but the server simply spits out a 404 page, saying there’s nothing there to load.

This is the same thing that happens when you, ahem, forget to include the htaccess file with the various mod_rewrite commands that allow for clean urls in WordPress, so my assumption was I’d just need some more mod_rewrite magic to get WordPress to properly serve these pages.

This led me on a mad chase to try and figure out the best way to do that. Instructions in the following post seem like they should work:

• SSL/LDAP/password security questions

And yet not. More 404s. More headaches. It could just be that I’ve been working on this too long, and need to let it simmer overnight. It seems to me that there must be a way to use mod_rewrite to force Wordpress Mu to resolve these https addressses the same as it does http, but I’m just not seeing it.

My guess is that this all would work just fine using the subdomain method, but we really want to use the directory one.

So yes. There’s a maze. With tiny twisty passages. And they are all alike. Time to hit the reset button, and tackle it with new eyes tomorrow. In the mean time, if anyone has any bright ideas, please let me know.

Update: 2/2/2009

You knew it was going to be something small and obscure right? And you new it was going to be something that prevent the .htaccess file from firing, right?

When last I wrote on Friday, sub-blogs failed to load whenever you tried to access an https-enabled page. I couldn’t help having this gut feeling that my issue had NOTHING to do with .htaccess/mod_rewrite and everything to do with a server configuration issue.

On Sunday, I did some experiments, and I discovered that when I tried to load an SSL-enabled daughter blog, the htaccess file was never even executed.  I tested this by purposefully breaking the htaccess file so it would cause a server error; when I loaded https://wordpress.foo.edu”, I got a “page not found” not a “you idiot, you broke the server” error.

So I switched gears and started looking at issues with httpd.conf and ssl.conf. That’s when I came across the very nifty “Installing WordPress Mu” ebook [pdf], where I saw this bit of advice: 

Permalinks do not work or Can’t find subblogs in subfolder install
If everything looks like it installed okay, but when you start clicking on links and you get 404’s or server errors, you need to do a little Apache configuration. Even if you have mod_rewrite enabled, and the htaccess file is there, on some setups the web account is set to not let these settings through. You’ll need to go to terminal mode and edit the httpd.conf file. See back on page 5, and while you’re in there, look for the directive of your virtual host, find this line “AllowOverride None” and change it to “AllowOverride FileInfo Options”. With no quotes.

Sounds familiar … doesn’t it?

So I look at the wordpress entry in httpd.conf and see that yeah, AllowOverride is configured as “AllowOverride FileInfo Option”. But ssl.conf? THAT was set to “AllowOverride None” As a result, WordPress MU worked just fine on regular pages, but failed on secure ones.

Changing ssl.conf so that AllowOverride was set to “AllowOverride FileInfo Options” fixed the problem. Apache, htaccess and Wordpress are on speaking terms again, login/admin traffic is automagically routed to https, and the freaking page LOADS.

[sigh]. It’s only obvious in hindsight.

After talking with a faculty member and brainstorming how classes might use WordPress MU, one of the must-have tools we’ve decided we need is an author list. While we anticipate that we’ll have a number of one-person blogs if/when WordPress Mu is in production, there will also be goodly amount of multi-author blogs for classes, student organizations, etc.

We identified two needs:

• Hyperlink an author’s name to a page with all of their posts on the site.
• Include a widget listing all of the authors (with links to their individual posts)

After doing some research this morning, I’ve come up with a few solutions.

1. Linking to author names & listing authors through WP functions: The “Author Templates” page of the WordPress Codex lists a number of useful functions that can be used as part of the Loop to link to individual author pages as well as displaying post counts and author lists. 
   • The specific function is “the_author_posts_link()”, and it inserts the author’s name with a hyperlink to his/her “author” page, which lists everything they’ve written.
   • You can also use “wp_list_authors()” to list all the authors associated with the blog.
   • These options require you to modify the theme’s template file(s). 
2. Listing Authors with the Authors Widget: “Authors Widget” allows you to add a sidebar widget that lists all of the authors associated with the blog with links to their individual author pages (there’s also an optional link for their RSS feeds).

One of the big concerns I have going into this spring’s Wordpress Mu pilot is data portability. If we decide not to go ahead with Wordpress, what will happen to the piloter’s blogs? That led me to experiment with WordPress’ import/export options. I knew that you could pull in data from a variety of sources (RSS, Blogger, other Wordpress installs) but I wasn’t sure how well it would deal with exporting.

Last week I decided to put that option to the test, dumping this “Learning the World” blog as a WordPress XML archive and then importing it into a WordPress Mu test install. It came over perfectly, with only two possible hiccups: matching user accounts (e.g. author accounts, commenter accounts, etc.) and files.

With accounts, WordPress wants to map existing accounts in the archive to accounts on the new blog; if you don’t have matching accounts on the new blog, you’re going to either need to map them to one of the accounts you do have, or you are going to have to stop the import, create the necessary accounts, and then do the import.

With files, WordPress gives you the option to suck down files from the original blog, but only as part of the import process. It doesn’t include that data in its initial export, which means if your original blog goes away (and takes the files with it) then you are out of luck. I’d love to see an inclusive export option that grabs everything. 

That said, the export does work pretty well as is; it was fantastic to see Learning the World instantly resurrected in a new install (Cylons anyone?), and it bodes well for moving the trial-run blogs into production at the end of the pilot.

By default, WordPress Mu wants to serve sites in one of two ways: using a “folder” methodology (e.g. wordpress.foo.edu/[site name]) or subdomains (e.g.  [site name].blogs.foo.edu). The problem is that out of the box, the subdomain approach wants you to rely on wildcard DNS entries to send traffic to WordPress.

This works fine if you’re serving up something like blogs.foo.edu, in which you expect each blog to be part of a larger subdomain, but it’s problematic when you want to serve sites one step up the food chain (e.g. [site name].foo.edu). (if for no other reason than all the extra MySQL work that gets created as WordPress tries to resolve traffic to non-existent subdomains).

Ideally, I want an admin blog account installed at something like wordpress.foo.edu, but then subdomains for every thing else.

Out of the box, WordPress doesn’t want to work like this (since it wants all of its subdomains to appear off of wordpress.foo.edu, rather than foo.edu). Fortunately, you can tweak the Mu database to get around the limitation.

1. Install WordPress Mu with subdomain support to wordpress.foo.edu
2. Configure the admin blog.
3. In MySQL, change the “wp_site” table, changing the route domain (in the “domain” column” to “foo.edu” from “wordpress.foo.edu”
4. Create a C name in DNS for the subdomain you want to serve (e.g. bar. foo.edu) that points to wordpress.foo.edu)