One thing I loathe about WordPress 2.5 is login cookies only last two weeks. So every two weeks I get prompted to login again. It is extremely disruptive to have to log in again, when just a few hours earlier I was logged in. The cookie logic should be tweaked that if you haven’t logged in over the past two weeks, then (maybe) the cookie should expire. but if I was allowed to work on the blog yesterday, why should I need to log in again today. The two week window should not be based on when I first logged in, but on when I last did administrative functions while logged in.

There aren’t any plugin hooks to the cookie setting functions of WordPress 2.5. But you can edit line number 547 of pluggable.php (which is under wp-includes of your WordPress installation) to lengthen the amount of time a cookie is stored for. Simply change the number at the end of the line
$expiration = $expire = time() + 1209600;
to ever how many seconds you want the cookie to be good for.

Two Weeks: 1209600
One Month (30 days): 2592000
One Year (365 days): 31536000
Ten Years (3650 days): 315360000

Once you’ve made that change, log out (in the top right of the administrative area) and then log in again to create the new cookie with the longer login time. Or simply wait two weeks for your cookie to expire, and then the next time you login, you’ll be all set.

Yes, I can see how this might be a security issue, since an attacker may stay logged in for a long time, and get past any system upgrades. (A system upgrade though should wipe any stored logins. Which doesn’t appear to be possible currently, since the cookie doesn’t store which version of WordPress the cookie is good for.) Or if your machine is compromised, your blog can be compromised. But generally, if that happens, you’re screwed anyways. So in this instance, ease of use is trumping security for me.

If you're new here, you may want to subscribe to my RSS feed. This allows you to read my newer articles without having to visit the site again. Thanks for visiting! Mike

I prefer having the time listed on the “edit posts” page under the WordPress admin area, instead of just the date of the post. Usually the URL you see this is something like (WP-base)/wp-admin/edit.php. I don’t see a hook to manage this format, so I couldn’t write a plugin. (If there is a hook, please let me know what it is!)

To edit the date and time that are displayed, simply edit line #74 in wp-admin/edit-post-rows.php (line 74 in WordPress 2.51, the line number may be different in other versions of WordPress). Change the portion that says “Y/m/d” to “Y/m/d H:i” and you’ll then see the time listed on the edit.php page. You can use any of the date/time formats defined by php.

As I mentioned yesterday when I noticed I passed the 30,000 spam comment threshold, the comment spam rate on the blog has gone through the roof. I dug out some of my old backups of my WordPress database and generated this chart showing how many spam comments I’ve received. This chart is from December 14, 2006 (8,105 spam comments) through today (31,601 spam comments).

This chart shows the daily rate of how many spam comments have been received. The peak before today was December 14-19, when I was getting 143 spam messages per day. Since yesterday the rate has been 1,154 per day.

I just deleted my 30,000th comment spam. I have no idea how high the count would have been had I not put into place several techniques that automatically block bad commenters. Those that fall into my traps don’t even get entered into the Akismet system, and so aren’t counted.

(Addendum 9:32pm: The count is now up to 30,447. That comes to one new spam comment every 63 seconds.)

Has anyone else noticed a large increase in the amount of comment spam that Akismet is missing this week? I’ve tagged and deleted more comment spam in the past week than I have in the past 6 months. I would guess across all of my WordPress sites, I’m manually tagging 10 messages a day. That is a huge increase. Are the spammers simply attacking at a higher rate? Or is Akismet not as effective as it used to be?

And why can’t Akismet learn that a comment in the format of: “eight words, all lowercase, all at least 7 letters long, a link inside an anchor tag, then the close tag, then a URL” is spam?

A setting you can make to help under WordPress 2.5: Go to the Settings tab, then the Discussion sub-tab. Under “Comment Moderation” have a “1″ for “Hold a comment in the queue if it contains __ or more links.”