Andy Skelton
Forum Replies Created
-
@photocrati You keep pinging me by accident. I am @andy. He is @andythreecoaching. Cheers!
Forum: Plugins
In reply to: [Jetpack - WP Security, Backup, Speed, & Growth] BreaksI must apologize for the bug. The get_editable_roles function has been there for years but I didn’t realize that it is only loaded in admin, making it potentially unsafe to call from stats_upgrade_options when the next page load after upgrade is a non-admin page. The fix has been committed to the Jetpack plugin. The next bugfix release will include this.
Meanwhile, you should be able to work around the issue by loading just one wp-admin page after upgrading the plugin. This should trigger stats_upgrade_options.
I must apologize for the bug. I didn’t realize that get_editable_roles function is only loaded in admin, making it potentially unsafe to call from stats_upgrade_options when the next page load after upgrade is a non-admin page. The fix has been committed to the Jetpack plugin. The next bugfix release will include this.
Meanwhile, you should be able to work around the issue by loading just one wp-admin page after upgrading the plugin. This should trigger stats_upgrade_options.
Please visit the Jetpack admin page and click to configure Stats. There you will find the options you seek.
I must apologize for the bug. I didn’t realize that get_editable_roles function is only loaded in admin, making it potentially unsafe to call from stats_upgrade_options when the next page load after upgrade is a non-admin page. The fix has been committed to the Jetpack plugin. The next bugfix release will include this.
Meanwhile, you should be able to work around the issue by loading just one wp-admin page after upgrading the plugin. This should trigger stats_upgrade_options.
How long has this been happening? Was it working before? If so, when did you first notice the error?
Actually we do log stats on an hourly basis. It just seems like we don’t because the stats reports only show daily stats.
We added hourly stats recording a few years ago when we added time zone support. You can change your time zone and all of your stats will shift retroactively. This works because stats are stored with UTC time down to the hour and we apply the time zone offset in the reporting script, not during the recording.
There is one place where we do expose hourly stats: the toolbar sparkline. This is a very small chart that shows 48 hours of views in the toolbar at the top of WordPress.com and Jetpack blogs. If you’re running Jetpack you may have to check your stats settings via the Jetpack admin page in your wp-admin; the sparkline is optional there.
Forum: Fixing WordPress
In reply to: Jetpack Stats and Subscribers not working…Hi, Adam,
This issue occurs because Jetpack does not know when it is running in a copy and not the production site.
I found your support request and fixed the database records in the Jetpack service. You should be able to disconnect and reconnect Jetpack on your production site to restore full service.
Please accept my apology. We are aware of this difficult issue and looking for a way to resolve it. In the interim, please avoid running an exact copy of your blog on any other server.
Thanks,
AndyThanks for waiting. I just deployed the fix for three bugs including this one. You do not need to update your plugin. The bugs were all in the WordPress.com service.
We are investigating the cause. Look for a fix tomorrow.
Forum: Everything else WordPress
In reply to: Spam vs. Stats.It’s time to get technical because the answer involves both HTTP and Javascript. A typical visit begins when their browser sends an HTTP GET request to your blog’s server. This request communicates the desired URL and certain details about the visitor: an IP address, a description of the browser, and possible the URL of the page where they clicked a link to the desired URL.
Some stats packages count these GET requests but there is a ton of noise in this raw data. A typical WordPress stats plugin (such as Jetpack) adds a snippet of Javascript to the HTML instructing the browser to make an additional GET request. This allows the stats package to collect more information about the visiting browser and to filter out most of the “visits” from non-humans; most bots don’t process Javascript.
A comment is submitted by a different kind of request: an HTTP POST. (We use capital letters because that’s what the protocol specifies. It’s not an acronym.) A POST request is just like a GET except the POST carries additional data which is intended to be saved by the server. In WordPress, that data includes the commenter’s name, email, URL, and comment text. (If you are using Quiz, it also includes the content of the quiz answer field. Other plugins may add other fields.)
A typical, human commenter would first GET your post, then spend time reading it, then POST a comment. The URL used to GET your post might be anything but the URL of the comment submission script is the same for all WordPress blogs: it’s your blog URL plus a standard file name. The required parameters for the POST data are also standardized throughout the WordPress world.
Thus a spammer can write just one spam script and feed it a list of blog URLs and the script will be able to POST comments without first GETting the articles they intend to spam. (This is an oversimplification. For a comment to be accepted it requires a valid post_id, a number which might not be easy to guess. Therefore some spam scripts will first crawl the blog with GETs to discover valid post_ids. Others might simply guess, or take a list of IDs as part of the input along with the blog URLs.)
Certain plugins and hacks alter the comment script URL as part of an anti-spam strategy. This foils only the most simplistic spammers since the script URL can be discovered with just one GET. The URL is included in every page that contains a comment form.
Quiz works by adding a requirement to the POST data. You can set a different question and answer for each post. This pretty much limits spam to humans being paid to submit comments manually since your questions should not be answerable by any script that a spammer would find affordable. Spammers are still able to send their POST requests but Quiz blocks their data from entering your database. The immediate benefit to you is that you spend less time processing spam.
There are better, more clever plugins that work much harder to foil spammers. Bad Behavior is the name of a famous one that I recall. If I remember correctly it can block spam GETs as well as POSTs. The additional benefit here is that your server spends less time processing spam so that it can be more responsive to your real audience.
Forum: Everything else WordPress
In reply to: Spam vs. Stats.Spammers don’t have to visit your site every time they post spam. They prefer not to.
Every standard WordPress installation uses the same script with the same parameters to accept comments. All the spammer needs to know is your blog’s URL.
There are plugins that change this. For example, I wrote one called Quiz that adds a labeled field to the comment form. The label tells the commenter what they must enter in the field to have their comment accepted. Spammers who are just using the standard parameters won’t be able to post comments. Even if it’s just “What is 2+2?” this stops the vast majority of automated spam.
Forum: Everything else WordPress
In reply to: Email regarding my stats from Jetpack. Have I been hacked?Sorry about that, William. The report doesn’t have access to your entire archive. It only knows about posts that Jetpack has sent to the server. This is to be fixed for next year’s report.
This page has a little bit more detail: http://en.wordpress.com/firehose/
Turning off Enhanced Distribution will prevent your published posts and comments being sent to the companies that consume the WordPress.com firehose. This doesn’t mean they can’t get the data; it’s all available on your site feed. It just means they get it faster and they don’t have to poll your site.
The benefits might not be immediately apparent but they are there. Every company that receives firehose updates has the opportunity to show your content to more people. And they subscribe under terms that basically requires them to flow traffic to you rather than simply steal your content. They are not scrapers.
If you want people on the internet discovering your site, I can’t think of any good reasons to turn it off.
Forum: Plugins
In reply to: [WordPress.com Stats] Manual installation of WordPress.com Stats unsuccessfulI don’t know where the text “follow the instructions it presents” is coming from. What did you install that gave that message? Where did you get it?
Maybe you have some other stats-related plugins. Sometimes you can narrow down the problem by disabling other plugins.