PlanetMike’s Technology Journal Tips and tricks to get technology to work for you, by Michael Boyd Clark

Earlier today I started upgrading my blogs to the latest and greatest WordPress, version 2.6.1. I did full backups, both the SQL database and the html of the web site. I then tweaked my upgrade script and started plugging away.

After the old files were archived, the new files were in place, I ran the upgrade.php script, which appeared to work just fine. And after the upgrade script completed, I had to log back in. And the headaches began. It was a loop of error messages continually trying to get me to login. I tried on separate browsers (Safari 3, Opera 9, and Firefox 2) and only Firefox would let me in.

I did the password reset procedure several times. No good. I thought it was something related to line breaks not being correctly sanitized in Safari-Mac. Finally, I discovered the fix:

1. You need to add in all three new security password settings to wp-config.php. The setting from version 2.5 (SECRET_KEY) is history. The new values you need are AUTH_KEY, SECURE_AUTH_KEY, and LOGGED_IN_KEY. Each of these should have a different passphrase.
2. You need to clear the cookies for the domain from your browser. Because WordPress does not embed the version of your WordPress into it’s cookies, most browsers get confused and won’t let you log in. This problem could be cleared in the next version of WordPress by simply embedding the WP version number into the cookie name.

The reason that Firefox was working for me is because I use Firefox as a test browser, and it clears the cache, history and cookies every time I exit the application.

Update 2008/08/20 9:40am: I’ve now upgraded ten blogs, and by always including the three new fields in the wp-config.php and by clearing my browser cookies, I haven’t had any other headaches during the upgrade process.

Related Posts

• Setting the WordPress 2.5 Secret Key, March 19, 2008
• How to Make the WordPress Login Cookie Last Longer Than Two Weeks, June 30, 2008

If you're new here, you may want to subscribe to my RSS feed. This allows you to read my newer articles without having to visit the site again. Thanks for visiting! Mike

Posted under WordPress

We’ve gotten past CNN and MSNBC spam. The newest round of spam theme (speme) is pushing ADT home security systems. According to the From field of the messages, “Certified ADT Dealer” or “Authorized ADT Dealer” is now spamming to sell ADT memberships.

All of the messages received at planetmike thus far have had both of these postal addresses listed:

3549 North University Provo, Utah 84604
11915 126th ave Kpn | Gig Harbor, WA 98329

The Utah address is apparently a mail center of some sort, based on the wide range of suites at that address. The Washington state address is in the middle of nowhere, but has been used in other spam messages earlier this month, see Email Spam and Scams Stink! for details.

The ADT spam give two of these links for online unsub requests

• techgetname.info
• technicalschoolfindname.info
• theforwur.info

These domains currently all resolve to 216.153.50.93.

ADT does not have a method to contact them from their web site that would not end up with my postal address, email and phone being besieged with marketing from ADT about their services. So hopefully they will learn of their rogue affiliate (or more likely, someone spamming and scamming in ADT’s name) when they get tons of complaints on Monday morning.

Visiting techgetname.info ends up in a redirect to payoutmedia.com. You also get a meta refresh to marketleverage.com. According to their web site, “Market Leverage is an internet affiliate marketing network.” Javascript on their site is served by cetrk.com. They also link to marketleveragenews.com. That Whois info (which has an invalid state listed, and the domain should be shut down by ICANN) refers to precisionplay.com. What a tangled web of spam.

Posted under Spam