Normally we wait for the breaks in between semesters to deploy feature updates to WordPress core. However, a cross-site scripting (XSS) vulnerability was discovered recently in the WordPress commenting system. A patch was quickly released for the latest feature release (4.2), but not for the release that we were running (4.1.2).
All site networks protected by the Akismet anti-spam plugin (as this one is) should have been protected against this vulnerablity; however, we decided to play it safe and upgrade to WordPress 4.2.1.
The new features for this release are minor. They include support for 4-byte Unicode characters like Han characters and emoji. 🐯🎉🎈 The “Press This” bookmarklet tool was enhanced. Tumblr and Kickstarter were added to the list of supported oEmbed services. You can now switch themes right in the appearance Customizer. Also, the WordPress admin interface has a tweaked default color scheme — consistent cool grays replace the neutral and warm grays.
You can see a full rundown of the new features in this video from WordPress.TV.
Updating WordPress during intersession week (also known as “wintersession”) has become an annual tradition. This year the version is 4.1 “Dinah,” named for jazz singer Dinah Washington.
The headline feature of this version — the blog-focused Twenty Fifteen theme — is not yet active on our network. I have not yet had a chance to create a custom child theme based on that theme. That will arrive in the next couple of weeks.
This version of WordPress has a significantly improved distraction-free writing mode that lets the sidebars fade away while you are composing a post.
If you’ve ever worried you forgot to sign out from a shared computer, you can now go to your profile and log out everywhere. There is a new “Log Out of All Other Sessions” button right above the Avatar section.
There are many under the hood improvements and bug fixes.
Finally, oEmbed support for Vine videos is now baked in. Just paste a Vine URL into a post on its own line. The Vine clip below is from the Princeton University Vine account.
On Saturday, October 18, this WordPress service suffered it longest outage, which lasted approximately 12 hours. On Sunday there was another outage for an hour right before noon.
The reason for this outage was a misconfigured Kace appliance server that was monopolizing all of the http processes on our servers. The Kace server was taken offline Saturday evening, and normal service returned. Then someone brought the same server back up on Sunday morning (without regard for our service), and the outage resumed.
The errant server was moved behind a different firewall, so this exact outage should not happen again. However, we will take steps in the coming weeks to guard against changes to the environment taking down our service again.
I apologize for this outage and the general unreliability of our WordPress service.
Update: Thursday morning I upgraded our network to WordPress 4.0. Everything appears to be running smoothly.
After testing WordPress 4.0 for about a week, the new version looks ready to deploy to our network. Normally we would wait a bit longer; however, we try to avoid feature updates to WordPress core during the semester. That would mean having to wait until late January, and WordPress 4.1 should be out by then.
The jump from version 3.9 to 4.0 is no more significant than the jump from 3.8. They just chose not to use “3.10” as their new number as Drupal or OS X would do. There are three new features that will impact content creators on our network directly.
Media Library Grid. There is a new grid view in the Media library, with the Edit dialog displaying in an overly, rather than a new page. The list view is still there and functions the same as in the previous version.
Seamless Media Embeds. Embeds now preview right in the visual editor. This includes image galleries and media that uses oEmbed (YouTube, Vimeo, Media Central, SlideShare, Twitter). For example, as soon as you paste a YouTube link into the visual editor, a progress bar appears, and a preview of the video is immediately visible. You can even play the video right inside the visual editor. If you have a large number of video embeds in a post, this might slow down the initial rendering when you go to edit a post. There is one huge annoyance with this feature. After the live preview of the embed is rendered, WordPress inserts the cursor before the embed. I would expect the cursor to be inserted after.
Intuitive Editing. The last change auto-expands the visual editor as you type and then keeps the toolbar in a fixed location as you scroll back upward. This feature takes some getting used to, but it does make the visual editor seem more productive. Content authors who dislike this feature can turn it off individually, via the “Screen Options” button at the top of the Add or Edit pages, as depicted in the following screenshot.
[Update] The outage planned for 8/9 was postponed indefinitely.
[Update] The outage planned for 8/2 was postponed to 8/9.
OIT will be upgrading the hardware for the Networked Attached Storage (NAS) devices that the WordPress service uses for all file uploads. The outage is scheduled for 8 am to 2 pm, Eastern Time, on Saturday, August 9, 2014.
During this time, authors will not be able to upload files to their site.
Also, any content images (or other uploaded files) that are not cached will appear broken during the outage. We hope to continue to serve up site pages during this time.
We apologize for the inconvenience.
The upgrade to WordPress 3.8.1 this morning went smoothly. I also activated a Princeton variant of the Twenty Fourteen magazine-style theme. If you are experiencing any problems, please send a message to firstname.lastname@example.org.
Looking forward, the date for the WordPress 3.9 has been set for April 15, and tentative dates for the 4.0 and 4.1 releases are mid-August and early December, respectively. If WordPress development proceeds as scheduled, that means deploying 3.9 the week after Reunions, then 4.0 right before the students come back.
The time between semesters is usually our opportunity to upgrade to major WordPress releases. This Tuesday morning will bring version 3.8, which includes a major overhaul to the admin interface. Light gray, low contrast is out; dark gray, higher contrast is in. Shadowed, multicolor icons are out; flat, scalable icons are in.
Using a responsive design, the interface is newly optimized for smaller device widths and higher resolution displays.
I will be adding a slightly modified version of the Twenty Fourteen magazine theme, as well.
This morning I deployed WordPress 3.7.1 to the network. Besides bug fixes and the latest security updates, the major new features of this version are irrelevant to users of our network. WordPress 3.8, planned for December, will be a release with significant changes to the admin interface.
WordPress 3.7 adds automatic updates and a better password strength checker. However, our WordPress network uses a version control system (Git), and WordPress is smart enough to detect this, and it automatically disables automatic updates. As for passwords, we are not using local WordPress passwords; we are instead using Princeton University’s directory servers to manage passwords.
The new update does include improvements to internal search. Search results for sites are now relevance-sorted, in addition to date-sorted.
If WordPress 3.8 does come out in December, I plan to deploy the new version in between semesters.
Our WordPress network is back to running the latest version of WordPress core. Version 3.6 was released on August 1, so I waited at least a week for any major issues to crop up with WordPress itself with third-party plugins. Everything looks good so far.
Little blue flag windows will show up in the post and page editors to let you know about the new features. The revisions interface is completely redone and has a useful slider to explore the revision history. Autosave now saves a local copy in the client browser if a network connection cannot be established. The Add Media dialog has been slightly refined and now includes a built-in HTML5-based media player for embedded audio and video.
We would ask, though, that you continue to use external services for storing videos. The server has a limited capacity and would fill up quickly with video content.
Audio files are small enough to not be an issue. For audio, we have always used the Audio Player plugin. However, I experienced compatibility issues between the plugin-based player and the new WordPress-based player. I had to disable the plugin. The existing shortcodes that were inserted by the old player should be work fine with the new player. The main downside is that the old player was a bit more customizable. The new player should work great across all devices.
WordPress 3.6 audio player
One feature of 3.6 that is not yet activated across our network is the new Twenty Thirteen theme. I still have some work to do in order to create a “Princetonized” child theme of Twenty Thirteen.
Today’s update is a bit meta. The feed from blogs.princeton.edu now displays in the WordPress administrative dashboard for sites on the network.
We try to avoid mass email communication to users in the WordPress network, so these news updates are the primary method of communicating outages, upgrades, tutorials and new features.
It is possible to hide this dashboard widget by clicking the corresponding checkbox in the Screen Options setting up top.